标签:apach attribute ln -s sig http water 角度 生效 att
LAMP模式解析LAMP平台的构成组件:
本文讲解Linux+apache+mariadb+PHP组合的架构,架构图如下:
如图所示,一次完整的访问过程服务器主要经历:Apache处理请求—>通过CGI接口访问PHP的的应用程序—>PHP应用程序调用PHP解释器执行PHP代码—>PHP程序访问调用数据库—>最后给客户端返回响应。
apache主要实现如下功能:
mariadb主要实现如下功能:
php主要实现如下功能:
环境准备:
[root@centos7 ~]# yum -y install httpd php mariadb-server php-mysql
[root@centos7 ~]# systemctl stop firewalld; setenforce 0
[root@centos7 ~]# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
DocumentRoot "/app/blog/htdocs" #访问的根目录
CustomLog "logs/blog.com_access_log" combined #开启日志
<Directory "/app/blog/htdocs">
Require all granted #所有人可以访问
</Directory>
</VirtualHost>
[root@centos7 ~]# systemctl restart httpd
[root@centos7 ~]# vim /etc/my.cnf
[mysqld]
……
skip_name_resolve #禁止域名解析,解决远程主机访问慢
[root@centos7(nanyibo) ~]# systemctl restart mariadb.service
[root@centos7 blog]# mkdir -pv /app/blog
[root@centos7 blog]# tar xvf wordpress-4.9.4-zh_CN.tar.gz -C /app/blog/
[root@centos7 blog]# mv wordpress wordpress-4.9.4
[root@centos7 blog]# ln -sv wordpress-4.9.4 htdocs #创建链接方便以后项目变更
[root@centos7 ~]# cd /app/blog/
[root@centos7 blog]# setfacl -m u:apache:rwx htdocs/ #设置期望值
[root@centos7 ~]# mysql
MariaDB [(none)]> create database wpdb;
MariaDB [(none)]> grant all on wpdb.* to ‘wpuser‘@‘172.18.153.%‘ identified by ‘wppass‘;
在浏览器输入IP地址测试
搭建到这里你点击安装即可,不演示。
我们现在用的http协议,网页显示不安全,那么我们自己模拟做CA中心,自己给自己签网页证书
8.本机模拟搭建CA中心
[root@centos7 ~]# yum -y install mod_ssl #安装依赖包
[root@centos7 ~]# cd /etc/pki/CA
[root@centos7 ~]# (umask 066;openssl genrsa -out private/cakey.pem 4096) #生成CA的公钥
[root@centos7 ~]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650 #生成CA的私钥
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HeNan
Locality Name (eg, city) [Default City]:ZhengZhou
Organization Name (eg, company) [Default Company Ltd]:cyn.com
Organizational Unit Name (eg, section) []:opt
Common Name (eg, your name or your server‘s hostname) []:ca.cyn.com #这一项不一样即可,其他随意写
Email Address []:
[root@centos7 ~]# touch index.txt
[root@centos7 ~]# echo 00 > serial
9.自己给自己颁发证书
[root@centos7 ~]# mkdir /etc/httpd/conf.d/ssl
[root@centos7 ~]# cd /etc/httpd/conf.d/ssl
[root@centos7 ~]# (umask 066;openssl genrsa -out httpd.key 1024)
[root@centos7 ~]# openssl req -new -key httpd.key -out httpd.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HeNan
Locality Name (eg, city) [Default City]:ZhengZhou
Organization Name (eg, company) [Default Company Ltd]:cyn.com
Organizational Unit Name (eg, section) []:opt
Common Name (eg, your name or your server‘s hostname) []:bbs.cyn.com#这一项与CA不一样
Email Address []:
Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@centos7 ~]# openssl ca -in httpd.csr -out httpd.crt -days 365
Certificate Details: #证书信息
...
Subject:
countryName = CN
stateOrProvinceName = HeNan
organizationName = cyn.com
organizationalUnitName = opt
commonName = bbs.cyn.com
...
Certificate is to be certified until Jun 30 12:47:06 2032 GMT (5000 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@centos7 ~]# cp /etc/pki/CA/cacert.pem .
10.配置https
[root@centos7 ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
SSLCACertificateFile /etc/pki/CA/cacert.pem
11.浏览器再次测试
这个时候说明我们自己的证书已经生效(红色警告是因为自己做自己的CA中心,人家正宗的不承认。。。所以红色警告)
12.现在把cacert.pem,放在window里,该后缀名为cacert.crt,把httpd.crt也放到window上,双击安装证书
再去浏览器设置里把证书设置为信任证书
再去查看证书的详细信息
12.浏览器输入再次检查https,不出现“不安全”字样,则说明我们做的CA证书生效
13.既然是个人博客,我们也可以给这个网页加密码
[root@centos7 ~]# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
DocumentRoot "/app/blog/htdocs"
CustomLog "logs/blog.com_access_log" combined
AllowOverride none
AuthType Basic
AuthName "Please login"
AuthUserfile "/etc/httpd/conf/.htpasswd"
Require user xiaofan #登陆用户
<Directory "/app/blog/htdocs">
Require all granted #所有人可以访问
</Directory>
</VirtualHost>
[root@centos7 ~]# htpasswd -b -c -m /etc/httpd/conf/.htpasswd xiaofan centos #给yong‘hu‘she‘zhi‘m
Adding password for user xiaofan
你再次登陆就会提示你输入用户账号和密码
至此完成了lamp模式的个人博客搭建,完成https的认证
标签:apach attribute ln -s sig http water 角度 生效 att
原文地址:http://blog.51cto.com/13805636/2307604