- 论坛徽章:
- 0
|
RHEL AS5 LAMP + SSL安装于配置
2008年9月5日
14:29
1 、环境
软件
版本
Redhat
5.1
Apache
2.2.3
php
5.1.6
mysql
5.0.22
openssl
0.9.8b
2、安装需要的软件,并测试。这里我用的都是rpm包安装的。
apache需要的rpm包
rpm -ivh httpd-2.2.3-6.el5.i386.rpm
rpm -ivh httpd-devel-2.2.3-6.el5.i386.rpm
php需要的rpm包
rpm -ivh php-mysql-5.1.6-5.el5
rpm -ivh php-5.1.6-5.el5
mysql需要的rpm包
rpm -ivh mysql-5.0.22-2.1
rpm -ivh mysql-devel-5.0.22-2.1
rpm -ivh mysql-server-5.0.22-2.1
rpm -ivh mod_auth_mysql-3.0.0-3.1
rpm -ivh libdbi-dbd-mysql-0.8.1a-1.2.2
ssl需要的rpm包
rpm -ivh openssl-0.9.8b-8.3.el5
rpm -ivh mod_ssl-2.2.3-7.el5
rpm -ivh subversion-1.4.2-2.el5
rpm -ivh mod_dav_svn-1.4.2-2.el5.i386.rpm
启动apache服务
/etc/init.d/httpd start
启动mysql服务
/etc/init.d/mysqld start
添加到系统启动时自动启动
Chkconfig --level 35 httpd mysqld on
在apache的主目录下新建一个index.php,来测试apache、php、mysql又没有安装好。其内容如下:
phpinfo();
?>
保存退出,这时就可以在浏览器上打开php测试页了
3、初始化repository.
创建配置管理库的主目录(服级目录)
mkdir /repository
创建测试库
svnadmin create /repository/test
更改权限
chown apache.apache repository/ -R
拷贝权限认证文件
mkdir /repository/auth
cp /repository/test/conf/authz /repository/auth/ -p
4、配置apache的配置文件
Vi /etc/httpd/conf/httpd.conf 文件中添加下面的配置
DAV svn
SVNParentPath /repositorySVNPath /path
#这个就是SVN的父级目录,如果你只有一个库可以写
AuthzSVNAccessFile /repository/auth/authz
#权限配置文件
AuthName "Please Login.."
#连接框提示
AuthType Basic
#连接类型设置
AuthMYSQLEnable on
AuthMySQLUser authuser
#访问mysql的用户名
AuthMySQLPassword "Your Password Here"
#访问mysql的密码
AuthMySQLDB auth
AuthMySQLUserTable users
#用户验证的数据库
AuthMySQLNameField user_name
#用户验证数据库的用户名字段
AuthMySQLPasswordField user_passwd
#用户验证数据库的密码字段
require valid-user
#采用何种验证
5.创建用户的认证数据库 ,这里你可以参考/etc/httpd/conf.d/auth_mysql.conf
mysql -u root -p
连接到mysql数据库
Enter password:
输入密码
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8 to server version: 5.0.22
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> create database auth;
创建一个数据库
Query OK, 1 row affected (0.00 sec)
mysql> use auth;
用auth这个数据库
Database changed
mysql> CREATE TABLE users (
创建一个表
-> user_name CHAR(30) NOT NULL,
-> user_passwd CHAR(20) NOT NULL,
-> PRIMARY KEY (user_name)
-> );
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT SELECT
#创建一个数据库的用户
-> ON auth.users
-> TO authuser@'localhost'
-> IDENTIFIED BY 'Your Password ';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
#刷新数据库,使更改生效
Query OK, 0 rows affected (0.00 sec)
mysql> INSERT INTO users VALUES ('test', ENCRYPT('your password '));
#添加测试帐号
Query OK, 1 row affected (0.00 sec)
mysql> exit
退出
Bye
6、创建用户认证所需要的证书
cd /etc/pki/tls/
rm -rf private/localhost.key
#删除旧的证书文件
[root@rep tls]# openssl genrsa 1024 > private/localhost.key
#生成服务器测试密钥,下面会提示输入密码
Generating RSA private key, 1024 bit long modulus
...............++++++
.....................................................++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
输入一个密码
Verifying - Enter pass phrase for ca.key:
再输入一次密码
......
Self-sign the root CA...
签署根证书)
Enter pass phrase for ca.key:
输入刚刚设置的密码
cd certs/
make testcert
#生成测试证书
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0
you are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:BeiJing
Locality Name (eg, city) [Newbury]:BeiJing
Organization Name (eg, company) [My Company Ltd]:RTS InfoTech
Organizational Unit Name (eg, section) []:System Management
Common Name (eg, your name or your server's hostname) []:"***.****.***" #这里填写的内容一定要与你域名相符,否则证书会显示不合法
Email Address []:admin@admin.com
7.赋予测试用户权限.
vi/repository/auth/authz 在最后添加
[test:/]
这表示,仓库test的根目录下的访问权限
testuser= rw
#这里的测试用户帐户就是刚才我在上面的那个
* =
重新启动一下apache的服务
/etc/init.d/httpd restart
现在就可以开始测试了.
首先你可以来验证一下ssl是否已经ok.打开一个浏览器,地址栏输入
https://YourServerName
或者
https://serverip
看能不能打开网站,这里就不多说了。
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u3/93926/showart_1873741.html |
|