新_CentOS 6下搭建Apache+MySQL+PHP+SSL

CentOS 6下搭建Apache+MySQL+PHP+SSL
網上的一些文章都已經比較老了，現在版本高了之後，其實配置是很省力的（不考慮什麼負載的話）

分享全過程，出了文中提到的安裝epel rpmfushion 源指令不同外，其他的過程也適用與Centos 5


1.安裝CentOS 6 ,可以選擇最小安裝，也可以安裝桌面

2.升級系統

?yum update
3.安裝mysql,並設置mysql開機自啓動，同時啓動mysql

?yum install mysql yum install mysql-server chkconfig --levels 35 mysqld on service mysqld start
4.配置mysql的root密碼

?mysql_secure_installation

Enter current password for root (enter for none): ( 回車)
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] (Y)

New password: (123456)
Re-enter new password: (123456)
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]

(是否移出數據庫的默認帳戶，如果移出，那麼在終端中直接輸入mysql是會提示連接錯誤的)Y

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]

(是否禁止root的遠程登錄)Y
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

5.安裝apache,並設置開機啓動

?yum install httpd chkconfig --levels 35 httpd on service httpd start
這時候可以測試apache是否正常工作

直接瀏覽器訪問localhost應該沒問題，但是如果別的機子訪問不了的話，是因爲防火牆的關係，配置防火牆

（後面的ssl還會有這個問題的）

6.安裝php

?yum install php yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc
這個時候php就安裝完成拉，寫個腳本測試一下

?vi /var/www/html/info.php
輸入

?<?php phpinfo();?>
訪問localhost/info.php即可～

7.安裝phpMyAdmin

首先先給系統安裝epel 和rpmfushion兩個軟件大倉庫

?rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm rpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/6/i386/rpmfusion-free-release-6-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/6/i386/rpmfusion-nonfree-release-6-0.1.noarch.rpm
如果是centos 5 的話執行下面

?rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm rpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/5/i386/rpmfusion-free-release-5-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/5/i386/rpmfusion-nonfree-release-5-0.1.noarch.rpm


接着安裝起來就很方便拉，～根本不需要去下載就可以獲得最新的版本

?yum install phpmyadmin
安裝完成後還需要配置一下訪問權限，使得出了本機外，其他機子也能訪問phpMyAdmin

?vi /etc/httpd/conf.d/phpMyAdmin.conf
找到兩個directory的權限設置，Allow from 改成All

<Directory /usr/share/phpMyAdmin/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from All
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from All
</Directory>


重啓服務器

?service httpd restart

測試localhost/phpMyAdmin

用戶名密碼:root 123456

OK～ LAMP搭建完畢,


8.搭建SSL,讓apache支持https

?yum install mod_ssl
其實安裝完這個模塊後，重啓完apache 就可以用https://localhost測試了，因爲他創建了默認的證書

在/etc/pki/tls下

當然我們也可以用openssl創建自己的證書

?yum install openssl

生成證書文件
創建一個rsa私鑰,文件名爲server.key

?openssl genrsa -out server.key 1024

Generating RSA private key, 1024 bit long modulus
............++++++
............++++++
e is 65537 (0x10001)


用 server.key 生成證書籤署請求 CSR

?openssl req -new -key server.key -out server.csr
Country Name:兩個字母的國家代號
State or Province Name:省份名稱
Locality Name:城市名稱
Organization Name:公司名稱
Organizational Unit Name:部門名稱
Common Name:你的姓名
Email Address:地址
至於 'extra' attributes 不用輸入.直接回車

生成證書CRT文件server.crt。

?openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
修改ssl.conf指定我們自己生成的證書

?vi /etc/httpd/conf.d/ssl.conf
找到如下位置，修改路徑

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key


OK

?service httpd restart

一切都搞定拉～～


整個過程我們不需要修改/etc/httpd/conf/httpd.conf 這就是版本高了的好處阿
[url=http://www.idouye.com/]http://www.idouye.com 愛豆葉資料分享[/url]