新_CentOS 6下搭建Apache+MySQL+PHP+SSL

三里屯摇滚

新_CentOS 6下搭建Apache+MySQL+PHP+SSL

phpapachecentos.

CentOS 6下搭建Apache+MySQL+PHP+SSL
网上的一些文章都已经比较老了，现在版本高了之后，其实配置是很省力的（不考虑什么负载的话）

分享全过程，出了文中提到的安装epel rpmfushion 源指令不同外，其他的过程也适用与Centos 5


1.安装CentOS 6 ,可以选择最小安装，也可以安装桌面

2.升级系统

?yum update
3.安装mysql,并设置mysql开机自启动，同时启动mysql

?yum install mysql yum install mysql-server chkconfig --levels 35 mysqld on service mysqld start
4.配置mysql的root密码

?

1. mysql_secure_installation
   
2. 
   
3. Enter current password for root (enter for none): ( 回车)
   
4. OK, successfully used password, moving on...
   
5. 
   
6. Setting the root password ensures that nobody can log into the MySQL
   
7. root user without the proper authorisation.
   
8. 
   
9. Set root password? [Y/n] (Y)
   
10. 
    
11. New password: (123456)
    
12. Re-enter new password: (123456)
    
13. Password updated successfully!
    
14. Reloading privilege tables..
    
15. ... Success!
    
16. 
    
17. By default, a MySQL installation has an anonymous user, allowing anyone
    
18. to log into MySQL without having to have a user account created for
    
19. them.  This is intended only for testing, and to make the installation
    
20. go a bit smoother.  You should remove them before moving into a
    
21. production environment.
    
22. 
    
23. Remove anonymous users? [Y/n]

复制代码

(是否移出数据库的默认帐户，如果移出，那么在终端中直接输入mysql是会提示连接错误的)Y

1. Normally, root should only be allowed to connect from 'localhost'.  This
   
2. ensures that someone cannot guess at the root password from the network.
   
3. 
   
4. Disallow root login remotely? [Y/n]

复制代码

(是否禁止root的远程登录)Y

1. By default, MySQL comes with a database named 'test' that anyone can
   
2. access.  This is also intended only for testing, and should be removed
   
3. before moving into a production environment.
   
4. 
   
5. Remove test database and access to it? [Y/n] Y
   
6. Reload privilege tables now? [Y/n] Y

复制代码

5.安装apache,并设置开机启动

?yum install httpd chkconfig --levels 35 httpd on service httpd start
这时候可以测试apache是否正常工作

直接浏览器访问localhost应该没问题，但是如果别的机子访问不了的话，是因为防火墙的关系，配置防火墙

（后面的ssl还会有这个问题的）

6.安装php

?yum install php   yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc
这个时候php就安装完成拉，写个脚本测试一下

?vi /var/www/html/info.php
输入

?<?php phpinfo();?>
访问localhost/info.php即可～

7.安装phpMyAdmin

首先先给系统安装epel 和rpmfushion两个软件大仓库

?

1. rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm rpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/6/i386/rpmfusion-free-release-6-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/6/i386/rpmfusion-nonfree-release-6-0.1.noarch.rpm
   
2. 如果是centos 5 的话执行下面
   
3. 
   
4. ?rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm rpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/5/i386/rpmfusion-free-release-5-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/5/i386/rpmfusion-nonfree-release-5-0.1.noarch.rpm
   

复制代码

接着安装起来就很方便拉，～根本不需要去下载就可以获得最新的版本

?yum install phpmyadmin
安装完成后还需要配置一下访问权限，使得出了本机外，其他机子也能访问phpMyAdmin

?vi /etc/httpd/conf.d/phpMyAdmin.conf
找到两个directory的权限设置，Allow from 改成All

1. <Directory /usr/share/phpMyAdmin/>
   
2.    Order Deny,Allow
   
3.    Deny from All
   
4.    Allow from 127.0.0.1
   
5.    Allow from All
   
6. </Directory>
   
7. <Directory /usr/share/phpMyAdmin/setup/>
   
8.    Order Deny,Allow
   
9.    Deny from All
   
10.    Allow from 127.0.0.1
    
11.    Allow from All
    
12. </Directory>

复制代码

重启服务器

?service httpd restart

测试localhost/phpMyAdmin

用户名密码:root 123456

OK～ LAMP搭建完毕,


8.搭建SSL,让apache支持https

?yum install mod_ssl
其实安装完这个模块后，重启完apache 就可以用https://localhost测试了，因为他创建了默认的证书

在/etc/pki/tls下

当然我们也可以用openssl创建自己的证书

?yum install openssl

生成证书文件
创建一个rsa私钥,文件名为server.key

?openssl genrsa -out server.key 1024

Generating RSA private key, 1024 bit long modulus
............++++++
............++++++
e is 65537 (0x10001)


用 server.key 生成证书签署请求 CSR

1. ?openssl req -new -key server.key -out server.csr
   
2. Country Name:两个字母的国家代号
   
3. State or Province Name:省份名称
   
4. Locality Name:城市名称
   
5. Organization Name:公司名称
   
6. Organizational Unit Name:部门名称
   
7. Common Name:你的姓名
   
8. Email Address:地址

复制代码

至于 'extra' attributes 不用输入.直接回车

生成证书CRT文件server.crt。

?openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
修改ssl.conf指定我们自己生成的证书

?vi /etc/httpd/conf.d/ssl.conf
找到如下位置，修改路径

1. #   Server Certificate:
   
2. # Point SSLCertificateFile at a PEM encoded certificate.  If
   
3. # the certificate is encrypted, then you will be prompted for a
   
4. # pass phrase.  Note that a kill -HUP will prompt again.  A new
   
5. # certificate can be generated using the genkey(1) command.
   
6. SSLCertificateFile /etc/pki/tls/certs/localhost.crt
   
7. 
   
8. #   Server Private Key:
   
9. #   If the key is not combined with the certificate, use this
   
10. #   directive to point at the key file.  Keep in mind that if
    
11. #   you've both a RSA and a DSA private key you can configure
    
12. #   both in parallel (to also allow the use of DSA ciphers, etc.)
    
13. SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    
14. 
    
15. 
    
16. OK
    
17. 
    
18. ?service httpd restart

复制代码

一切都搞定拉～～

如果有一天21

谢谢分享

逍遥UNIX

谢谢分享~~~~~~~~~