馬哥教育網絡班19期第十二周課程練習

1、請描述一次完整的http請求處理過程；

一次完整的http請求處理過程如下：

(1) 建立或處理連接：接收客戶端的請求，建立連接，或是拒絕其請求

(2) 接收請求：

接收來自于網絡的請求報文中對某資源的一次請求的過程時，web服務器也分幾種模型對并發請求進行響應：

               a. 單進程I/O結構：啟動一個進程處理用戶請求，而且一次只處理一個；多個請求被串行響應；實質就是排隊機制，第一個用戶的請求處理完再處理第二個，其它排隊等待。這種方式串行執行，效率不高。

  b. 多進程I/O結構：并行啟動多個進程，每個進程響應一個請求；

  c. 復用I/O結構：一個進程響應n個請求；

  d. 多線程模型：一個進程生成N個線程，每個線程響應一個用戶請求；

  e. 復用的多進程I/O結構：啟動多個（m）進程，每個進程響應n個請求；此模式實質上為事件驅動：event-driven，效率最高。

(3) 處理請求：對請求報文進行解析，并獲取請求的資源及請求方法等相關信息

(4) 訪問資源：獲取請求報文中請求的資源

(5) 拿到需要的資源之后，就會構建響應報文，準備向用戶回復

(6) 發送響應報文，回復請求

(7) 記錄日志：對每個請求資源，詳細記錄訪問日志信息，以便于以后的安全審查或數據分析。

以上就是一次完整的http請求的處理過程。

2、httpd所支持的處理模型有哪些，他們的分別使用于哪些環境。

httpd所支持的事務處理模型主要有：

prefork

worker

event

他們分別使用于以下場景：、

prefork: 多進程模型，每個進程負責響應一個請求。prefork模型在工作時，由一個主進程負責生成n個子進程，即工作進程。每個工作進程

響應一個用戶請求，即使當前沒有用戶請求，它亦會預先生成多個空閑進程，隨時等待請求連接，這樣的好處是，服務器不用等到請求到達時，

才去臨時建立進程，縮短了進程創建的時間。提高連接效率。但受限于linux的特性，工作進程數上限為1024個，如超出該數量，服務器性能會急劇降低。

因而，prefork模型的最大并發連接數量最大為1024。由于每個工作進程相對獨立，就算崩潰了，也不會對其它進程有明顯影響。所以，該模型的特點是穩定可靠，

適合于并發量適中而又追求穩定的用戶使用。

worker：多線程模型，每個線程響應一個請求。worker模型在工作時，也有一個主進程負責生成多個子進程，同時每個子進程負責生個多個線程，每個線程響應一個用戶

請求。同理，worker模型也會預先創建一些空閑線程來等待用戶連接。并發連接數，如果生成進程數為m，線程為n，則并發數可達到m*n個。但由于在linux中，原生不支持

線程，且進程本身就足夠輕量化，與線程的區別不是十分巨大，因而，worker模型在linux環境中的實際性能表現與prefork相差無幾。

event：事件驅動模型，每個線程響應n個用戶請求。event模型工作時，由主進程生成m個子進程，每個單獨的子進程可響應n個用戶請求。因而，event的并發數量可達到m*n

個，同時，因為event的子進程為一對多，節省了大量CPU進程間切換上下文的時間，也沒有了linux系統的1024個進程限制，所以,event模型是三種模型中效率最高的一種。

可以實破c10k的限制(即并發數1w)，對海量并發的系統特別適用。

3、源碼編譯安裝LAMP環境（基于wordpress程序），并寫出詳細的安裝、配置、測試過程。

以CentOS7,httpd2.4.23,mariadb10.1.16,php5.6.23為例，源碼編譯安裝LAMP，詳細步驟如下：

首先，編譯安裝httpd

    編譯安裝httpd，先要準備好安裝環境，需要升級apr(apache portable runtime)及apr-util組件到較新版本(1.5以上)

    ##首先裝上開發工具

[root@localhost LAMP]#yum groupinstall -y "Development Tools"

##解壓apr，并安裝

[root@localhost LAMP]# tar xzvf apr-1.5.2.tar.gz

[root@localhost LAMP]# cd apr-1.5.2/

[root@localhost apr-1.5.2]# ./configure –prefix=/usr/local/apr

[root@localhost apr-1.5.2]# make && make install 

##解壓apr-util,并安裝 

[root@localhost LAMP]# tar xzvf apr-util-1.5.4.tar.gz 

[root@localhost LAMP]# cd apr-util-1.5.4/

[root@localhost apr-util-1.5.4]# ./configure –prefix=/usr/local/apr-util –with-apr=/usr/local/apr

[root@localhost apr-util-1.5.4]# make && make install

##解壓httpd 

[root@localhost LAMP]# tar xzvf httpd-2.4.23.tar.gz

[root@localhost LAMP]# cd httpd-2.4.23/

##再安裝幾個必備軟件

[root@localhost httpd-2.4.23]# yum install -y openssl openssl-devel pcre pcre-devel 

[root@localhost httpd-2.4.23]# ./configure –prefix=/usr/local/apache –sysconfdir=/etc/httpd –enable-so –enable-ssl –enable-cgi –enable-rewrite –with-zlib –with-pcre –with-apr=/usr/local/apr –with-apr-util=/usr/local/apr-util –enable-modules=most –enable-mpms-shared=all –with-mpm=event

[root@localhost httpd-2.4.23]# make && make install 

##將apache的bin加入PATH變量中

[root@localhost httpd-2.4.23]# vim /etc/profile.d/httpd.sh

   export PATH=/usr/local/apache/bin:$PATH

##輸出頭文件

[root@localhost apache]# ln -sv /usr/local/apache/include/ /usr/include/apache 

‘/usr/include/apache’ -> ‘/usr/local/apache/include/’

##輸出幫助文件

[root@localhost apache]# vim /etc/man_db.conf 

MANPATH_MAP     /usr/local/apache/bin   /usr/local/apache/man

##啟動httpd,檢查正常與否

[root@localhost httpd]# apachectl start 

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message

[root@localhost httpd]# ss -ntlp | grep httpd

LISTEN     0      128                      :::80                      :::*      users:(("httpd",71402,4),("httpd",71401,4),("httpd",71400,4),("httpd",71399,4))

[root@localhost httpd]#

[root@localhost httpd]# curl http://172.16.100.100

<html><body><h1>It works!</h1></body></html>

[root@localhost httpd]# 

##網站正常啟動

然后，安裝mariadb

    ##mariadb編譯安裝需要cmake，先安裝cmake

[root@lamp mariadb-10.1.16]# yum install -y cmake

##解壓:

[root@lamp LAMP]# tar xzvf mariadb-10.1.16.tar.gz -C /usr/local/

##創建專用用戶及用戶組

[root@lamp local]# groupadd -r -g 3306 mysql 

[root@lamp local]# useradd -r -g 3306 -u 3306 mysql

[root@lamp local]# id mysql

uid=3306(mysql) gid=3306(mysql) groups=3306(mysql)

##開始編譯mariadb

[root@lamp local]# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mariadb -DMYSQL_DATADIR=/usr/local/mariadb/data  -DSYSCONFDIR=/etc -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DWITH_SSL=system -DWITH_ZLIB=system -DWITH_LIBWRAP=0 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci

CMake Error at cmake/readline.cmake:85 (MESSAGE):

 Curses library not found.  Please install appropriate package,

 remove CMakeCache.txt and rerun cmake.On Debian/Ubuntu, package name is libncurses5-dev, on Redhat and derivates it is ncurses-devel.

Call Stack (most recent call first):

 cmake/readline.cmake:196 (FIND_CURSES)

 CMakeLists.txt:334 (MYSQL_CHECK_READLINE)

— Configuring incomplete, errors occurred!

##報錯了，這里提示缺少了ncurses-devel，馬上裝上

[root@lamp mariadb-10.1.16]# yum install -y ncurses-devel

##重新cmake,這次沒問題了。

##通過之后make && make install 

[root@lamp mariadb-10.1.16]# make && make install

##安裝完成之后，同樣需要設置環境參數

[root@lamp local]# chmod 660 -R mariadb/

[root@lamp local]# chown mysql.mysql -R mariadb/

##安裝管理數據庫

[root@lamp mariadb]# ./scripts/mysql_install_db 

##安裝完畢后，啟動數據庫

[root@lamp /]# /usr/local/mariadb/bin/mysqld_safe –user=mysql &

    ##檢查端口有沒有監聽

[root@lamp mariadb]# ss -ntlp | grep mysqld

LISTEN     0      80                       :::3306                    :::*      users:(("mysqld",3436,20))

##使用客戶端連接，并修改默認的root密碼，將其空密碼更改為redhat

[root@lamp /]# mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.16-MariaDB Source distribution

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

MariaDB [mysql]> update user set password=password('redhat');

Query OK, 6 rows affected (0.00 sec)

Rows matched: 6  Changed: 6  Warnings: 0

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> select user,host,password from user ;

+——+—————+——————————————-+

| user | host          | password                                  |

+——+—————+——————————————-+

| root | localhost     | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

| root | lamp.test.net | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

| root | 127.0.0.1     | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

| root | ::1           | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

|      | localhost     | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

|      | lamp.test.net | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

+——+—————+——————————————-+

6 rows in set (0.00 sec)

MariaDB [mysql]> 

安裝php 

##數據庫正常，接著，安裝php 

    ##解壓

[root@LAMP setup]# tar xf  php-5.6.23.tar.bz2 

##編譯 

[root@localhost php-5.6.23]# ./configure –prefix=/usr/local/php –with-mysql=mysqlnd –with-openssl –with-mysqli=mysqlnd –enable-mbstring –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr/lib64 –enable-xml  –enable-sockets –with-apxs2=/usr/local/apache/bin/apxs –with-mcrypt=/usr/local/libmcrypt  –with-config-file-path=/etc –with-config-file-scan-dir=/etc/php.d –with-bz2  –enable-maintainer-zts

## vim /etc/httpd/httpd.conf

##添加php網頁類型

AddType application/x-httpd-php  .php

AddType application/x-httpd-php-source  .phps

##定位至DirectoryIndex index.html 

修改為：

    DirectoryIndex  index.php  index.html

    

##重啟httpd服務

##安裝phpMyAdmin

##解壓phpMyAdmin-4.6.3-all-languages 到 htdoc目錄下,創建鏈接文件

[root@localhost htdocs]# ln -sv phpMyAdmin-4.6.3-all-languages pma

‘pma’ -> ‘phpMyAdmin-4.6.3-all-languages’

##訪問phpMyAdmin

##配置wordpress 

   ##連接mairadb,創建用于wordpress連接的數據庫用戶wpuser,密碼為redhat

   [root@localhost htdocs]# mysql -p

Enter password: 

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 8

Server version: 10.1.16-MariaDB Source distribution

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> grant all on wpdb.* TO 'wpuser'@'127.0.0.1' IDENTIFIED by 'redhat';

Query OK, 0 rows affected (0.09 sec)

MariaDB [(none)]> create database wpdb;

Query OK, 1 row affected (0.04 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit

Bye

   ##解壓

[root@localhost LAMP]# unzip wordpress-4.5.3-zh_CN.zip 

##移到htdoc目錄下

[root@localhost LAMP]# mv wordpress /usr/local/apache/htdocs/

[root@localhost wordpress]# mv wp-config-sample.php wp-config.php

##編輯wp-config.php，修改數據庫連接相關的參數

[root@localhost wordpress]# vim wp-config.php

define('DB_NAME', 'wpdb');

/** MySQL數據庫用戶名 */

define('DB_USER', 'wpuser');

/** MySQL數據庫密碼 */

define('DB_PASSWORD', 'redhat');

/** MySQL主機 */

define('DB_HOST', '127.0.0.1');

/** 創建數據表時默認的文字編碼 */

define('DB_CHARSET', 'utf8');

/** 數據庫整理類型。如不確定請勿更改 */

define('DB_COLLATE', '');

##重啟httpd服務

完成  

4、建立httpd服務器(基于編譯的方式進行)，要求：

     提供兩個基于名稱的虛擬主機:

    (a)www1.stuX.com，頁面文件目錄為/web/vhosts/www1；錯誤日志為/var/log/httpd/www1.err，訪問日志為/var/log/httpd/www1.access；

    (b)www2.stuX.com，頁面文件目錄為/web/vhosts/www2；錯誤日志為/var/log/httpd/www2.err，訪問日志為/var/log/httpd/www2.access；

    (c)為兩個虛擬主機建立各自的主頁文件index.html，內容分別為其對應的主機名；

    (d)通過www1.stuX.com/server-status輸出httpd工作狀態相關信息，且只允許提供帳號密碼才能訪問(status:status)；

編譯安裝httpd 

首先編譯apr apache portable runtime,

[root@www LAMP]# cd apr-1.5.2/

[root@www apr-1.5.2]# ./configure –prefix=/usr/local/apr

[root@www apr-1.5.2]# make && make install

然后編譯apr-util

[root@www LAMP]# cd apr-util-1.5.4/

[root@www apr-util-1.5.4]# ./configure –prefix=/usr/local/apr-util –with-apr=/usr/local/apr

[root@www apr-util-1.5.4]# make && make install

開始編譯httpd2.4.16

[root@www LAMP]# cd httpd-2.4.16/

[root@www httpd-2.4.16]# groupadd -r apache 

[root@www httpd-2.4.16]# useradd -r -g apache apache

##mpm選擇prefork方式，編譯安裝

[root@www httpd-2.4.16]# ./configure –prefix=/usr/local/apache –sysconf=/etc/httpd24 –enable-so –enable-ssl –enable-cgi –enable-rewrite –with-zlib –with-pcre –with-apr=/usr/local/apr –with-apr-util=/usr/local/apr-util/ –enable-modules=most –enable-mpms-shared=all –with-mpm=prefork

[root@www httpd-2.4.16]# make && make install

##關閉selinux

[root@www bin]# setenforce 0

[root@www bin]# getenforce

Permissive

##關閉防火墻

[root@www selinux]# systemctl stop  firewalld.service

[root@www selinux]# systemctl disable firewalld.service

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[root@www selinux]# 

##將apache的bin加入PATH變量中

[root@www profile.d]# vim /etc/profile.d/httpd.sh 

PATH=$PATH:/usr/local/apache/bin

##輸出頭文件

[root@www apache]# ln -sv /usr/local/apache/include/ /usr/include/apache

a/usr/include/apachea -> a/usr/local/apache/include/a

[root@www apache]# 

##檢查幫助文件

[root@www etc]# vim man_db.conf 

MANDB_MAP       /usr/local/apache/man

##啟動apache

[root@www httpd]# apachectl start

[root@www httpd]# ss -ntlp | grep :80

LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=26283,fd=4),("httpd",pid=26282,fd=4),("httpd",pid=26281,fd=4),("httpd",pid=26280,fd=4))

##配置網站，添加兩個虛擬主機

[root@www httpd]# vim /etc/httpd/httpd.conf

##禁用主站的目錄

#DocumentRoot "/usr/local/apache/htdocs"

##啟用虛擬主機

# Virtual hosts

Include /etc/httpd/extra/httpd-vhosts.conf

##測試配置

[root@www httpd]# httpd -t

AH00112: Warning: DocumentRoot [/web/vhosts/www1] does not exist

AH00112: Warning: DocumentRoot [/web/vhosts/www2] does not exist

(2)No such file or directory: AH02291: Cannot access directory '/var/log/httpd/' for error log of vhost defined at /etc/httpd/extra/httpd-vhosts.conf:48

(2)No such file or directory: AH02291: Cannot access directory '/var/log/httpd/' for error log of vhost defined at /etc/httpd/extra/httpd-vhosts.conf:41

AH00014: Configuration check failed

[root@www httpd]# 

##建好相應的目錄

[root@www httpd]# mkdir -pv /web/vhosts/{www1,www2} 

mkdir: created directory a/weba

mkdir: created directory a/web/vhostsa

mkdir: created directory a/web/vhosts/www1a

mkdir: created directory a/web/vhosts/www2

[root@www httpd]# mkdir /var/log/httpd -pv 

mkdir: created directory a/var/log/httpda

##編輯httpd.conf主配置文件，添加兩個虛擬主機目錄的訪問權限

[root@www httpd]# vim  /etc/httpd/httpd.conf

###############################

<Directory "/web/vhosts/www1">

  options none

  allowoverride none

  Require all granted

</Directory>

<Directory "/web/vhosts/www2">

  options none

  allowoverride none

  Require all granted

</Directory>

###############################

##編輯httpd-vhosts.conf文件，添加以下內容

[root@www extra]# vim /etc/httpd/extra/httpd-vhosts.conf 

<VirtualHost *:80>

    DocumentRoot "/web/vhosts/www1"

    ServerName www1.stuX.com

    ErrorLog "/var/log/httpd/www1.err"

    CustomLog "/var/log/httpd/www1.access" common

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/web/vhosts/www2"

    ServerName www2.stuX.com

    ErrorLog "/var/log/httpd/www2.err"

    CustomLog "/var/log/httpd/www2.cacess" common

</VirtualHost>

[root@www httpd]# 

[root@www httpd]# httpd -t

Syntax OK

##重啟服務

[root@www httpd]# apachectl stop

[root@www httpd]# apachectl start

[root@www httpd]# 

##構建網站主頁文件

[root@www www2]# vim /web/vhosts/www1/index.html

<h1>www1.stuX.com</h1>

[root@www www2]# vim /web/vhosts/www2/index.html

<h1>www2.stuX.com</h1>

##在其它電腦訪問這臺主機，檢驗網站能否正常工作

[root@www httpd]# curl http://www1.stuX.com

<h1>www1.stuX.com</h1>

[root@www httpd]# curl http://www2.stuX.com

<h1>www2.stuX.com</h1>

[root@www httpd]# 

##構建Server-Status設置

##在www1.stuX.com里，增加server-status的設置，具體內容如下：

<VirtualHost *:80>

    DocumentRoot "/web/vhosts/www1"

    ServerName www1.stuX.com

    ErrorLog "/var/log/httpd/www1.err"

    CustomLog "/var/log/httpd/www1.access" common

  <Location /server-status>

    SetHandler server-status

    AuthType Basic

    AuthName "Server-Status"

    AuthUserFile "/etc/httpd/.htpasswd"

    Require valid-user

  </Location>

</VirtualHost>

##生成.htpasswd密碼驗證文件

[root@www httpd]# htpasswd -c -m .htpasswd status

New password: 

Re-type new password: 

Adding password for user status

##重啟服務后訪問驗證

5、為第4題中的第2個虛擬主機提供https服務，使得用戶可以通過https安全的訪問此web站點；

   (1)要求使用證書認證，證書中要求使用的國家(CN)、州(HA)、城市(ZZ)和組織(MageEdu)；

   (2)設置部門為Ops，主機名為www2.stuX.com，郵件為admin@stuX.com；

##演示目的，CA與Web在同一主機上   

[root@www CA]# touch index.txt

[root@www CA]# echo 01 > serial

[root@www CA]# 

[root@www CA]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

Generating RSA private key, 2048 bit long modulus

………………………………………+++

…………………………………………………………………………………………………+++

e is 65537 (0x10001)

[root@www CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.epm -days 7300 -out /etc/pki/CA/cacert.pem

Error opening Private Key /etc/pki/CA/private/cakey.epm

140239236687776:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/CA/private/cakey.epm','r')

140239236687776:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:

unable to load Private Key

[root@www CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 7300 -out /etc/pki/CA/cacert.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:HA

Locality Name (eg, city) [Default City]:ZZ

Organization Name (eg, company) [Default Company Ltd]:MageEdu

Organizational Unit Name (eg, section) []:Ops

Common Name (eg, your name or your server's hostname) []:ca.stuX.com

Email Address []:admin@stuX.com

[root@www CA]#    

   

[root@www CA]# cd /etc/httpd/

[root@www httpd]# mkdir ssl

[root@www httpd]# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)

Generating RSA private key, 2048 bit long modulus

……………………………………………………………………………………………………………………………………………………………………………+++

………………………………………………………………………………………………………………………………+++

e is 65537 (0x10001)

[root@www httpd]# openssl req -new -key /etc/httpd/ssl/httpd.key -days 365 -out /etc/httpd/ssl/httpd.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:HA

Locality Name (eg, city) [Default City]:ZZ

Organization Name (eg, company) [Default Company Ltd]:MageEdu

Organizational Unit Name (eg, section) []:Ops

Common Name (eg, your name or your server's hostname) []:www2.stuX.com

Email Address []:admin@stuX.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@www httpd]# 

[root@www httpd]# openssl ca -in /etc/httpd/ssl/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 1 (0x1)

        Validity

            Not Before: Jul 29 10:01:20 2016 GMT

            Not After : Jul 29 10:01:20 2017 GMT

        Subject:

            countryName               = CN

            stateOrProvinceName       = HA

            organizationName          = MageEdu

            organizationalUnitName    = Ops

            commonName                = www2.stuX.com

            emailAddress              = admin@stuX.com

        X509v3 extensions:

            X509v3 Basic Constraints: 

                CA:FALSE

            Netscape Comment: 

                OpenSSL Generated Certificate

            X509v3 Subject Key Identifier: 

                AB:81:27:C8:00:58:44:0E:56:5C:AD:2D:10:4F:5C:0B:02:29:A8:BB

            X509v3 Authority Key Identifier: 

                keyid:37:98:CA:7C:F9:75:5B:5A:40:4F:95:28:7B:7D:BB:25:BB:26:FC:5B

Certificate is to be certified until Jul 29 10:01:20 2017 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

[root@www httpd]# 

[root@www httpd]# ls /etc/pki/CA/certs/httpd.crt

/etc/pki/CA/certs/httpd.crt

[root@www httpd]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/

[root@www httpd]# ls /etc/httpd/ssl/

httpd.crt  httpd.csr  httpd.key

[root@www httpd]# 

#<VirtualHost _default_:443>

<VirtualHost 172.16.100.100:443>

#   General setup for the virtual host

#DocumentRoot "/usr/local/apache/htdocs"

#ServerName www.example.com:443

#ServerAdmin you@example.com

#ErrorLog "/usr/local/apache/logs/error_log"

#TransferLog "/usr/local/apache/logs/access_log"

DocumentRoot "/web/vhosts/www2"

ServerName www2.stuX.com:443

ErrorLog "/var/log/httpd/www2_ssl.err"

SSLCertificateFile "/etc/httpd/ssl/httpd.crt"

SSLCertificateKeyFile "/etc/httpd/ssl/httpd.key"

##啟用ssl模塊

LoadModule ssl_module modules/mod_ssl.so

     

6、在LAMP架構中，請分別以php編譯成httpd模塊形式和php以fpm工作為獨立守護進程的方式來支持httpd，列出詳細的過程。

LAMP架構中php以模塊形式或以fpm模式，LAM都是不變的，因而本文重點關注php的安裝方法。

PHP以模塊方式運行：

安裝php 

##解壓

[root@LAMP setup]# tar xf  php-5.6.23.tar.bz2 

##編譯 

[root@localhost php-5.6.23]# ./configure –prefix=/usr/local/php –with-mysql=mysqlnd –with-openssl –with-mysqli=mysqlnd –enable-mbstring –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr/lib64 –enable-xml  –enable-sockets –with-apxs2=/usr/local/apache/bin/apxs –with-mcrypt=/usr/local/libmcrypt  –with-config-file-path=/etc –with-config-file-scan-dir=/etc/php.d –with-bz2  –enable-maintainer-zts

##php是以模塊方式運行，所以需要在編譯時指定apache的apxs2的目錄路徑 –with-apxs2=/usr/local/apache/bin/apxs

##copy配置文件到/etc目錄

[root@LAMP php-5.6.23]# cp php.ini-production /etc/php.ini

## vim /etc/httpd/httpd.conf

##添加php網頁類型

AddType application/x-httpd-php  .php

AddType application/x-httpd-php-source  .phps

##定位至DirectoryIndex index.html 

修改為：

    DirectoryIndex  index.php  index.html

    

##重啟httpd服務

##安裝phpMyAdmin

##解壓phpMyAdmin-4.6.3-all-languages 到 htdoc目錄下,創建鏈接文件

[root@localhost htdocs]# ln -sv phpMyAdmin-4.6.3-all-languages pma

‘pma’ -> ‘phpMyAdmin-4.6.3-all-languages’

##訪問phpMyAdmin進行測試

    

##以fpm模式運行

##解壓

[root@LAMP setup]# tar xf  php-5.6.23.tar.bz2 

##編譯 

[root@LAMP php-5.6.23]#./configure –prefix=/usr/local/php5 –with-mysql=mysqlnd –with-openssl –with-mysqli=mysqlnd –enable-mbstring –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml  –enable-sockets –enable-fpm –with-mcrypt  –with-config-file-path=/etc –with-config-file-scan-dir=/etc/php.d –with-bz2

##以fpm模式運行，使能fpm選項，–enable-fpm， –with-apxs2一項就不需要啟用了

[root@LAMP php-5.6.23]#make 

[root@LAMP php-5.6.23]#make install

##copy配置文件到/etc目錄

[root@LAMP php-5.6.23]# cp php.ini-production /etc/php.ini

##php-fpm配置文件,取消pid的注釋

[root@LAMP etc]# cp /usr/local/php5/etc/php-fpm.conf.default  /usr/local/php5/etc/php-fpm.conf

pid = /usr/local/php5/var/run/php-fpm.pid

    ## 

[root@LAMP fpm]# cp php-fpm.service /lib/systemd/system/

 

    ## 

[root@LAMP system]# systemctl enable php-fpm.service

Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.

[root@LAMP system]# systemctl enable php-fpm.service

##./php-fpm –nodaemonize –fpm-config /usr/local/php5/etc/php-fpm.conf

##更改httpd.conf配置文件,取消proxy_module及proxy_fcgi_module的注釋

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so

    AddType application/x-httpd-php .php

    AddType application/x-httpd-php-source .phps

##重啟httpd服務即可