南溟丷

我想在那里最蓝的大海扬帆

0%

关于服务器的一些配置

服务器使用时的一些服务配置。

习惯使用CentOS7.4

更新

1
yum -y update

LAMP环境

安装Apachessl

1
yum -y install httpd mod_ssl

启动/关闭/开机自启。

1
systemctl start/stop/enable httpd

安装PHP和一堆拓展包。

1
yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel libjpeg* php-bcmath php-mhash php-mysql php

安装MYSQL

1
yum -y install mariadb mariadb-server

启动/关闭/开机自启。

1
systemctl start/stop/enable mariadb

数据库初始设置。

1
mysql_secure_installation

登陆数据库。

1
mysql -u root -p

LNMP环境

安装Nginx

1
yum -y install nginx

启动/关闭/开机自启。

1
systemctl start/stop/enable nginx

安装PHP和一堆拓展包。

1
yum -y install php php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel libjpeg* php-bcmath php-mhash php-mysql

这个时候需要开启NginxPHP的支持,先启动PHP-FPM

1
systemctl start/stop/enable php-fpm

然后把这一段编辑一下。

1
2
3
4
5
6
7
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

测试能否使用的话就编辑一个index.php然后写个phpinfo

1
2
3
<?php  
phpinfo();
?>

安装MYSQL

1
yum -y install mariadb mariadb-server

启动/关闭/开机自启。

1
systemctl start/stop/enable mariadb

数据库初始设置。

1
mysql_secure_installation

登陆数据库。

1
mysql -u root -p

Apache下二级域名的HTTPS配置

如果我折腾了一个二级域名——miao.southsea.st

然后想把它放在网站根目录的miao文件夹里面,同时想把主域名放在blog里。

那么在根目录下创建一个.htaccess文件,然后写入如下代码。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} southsea.st$
RewriteCond %{REQUEST_URI} !^/blog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /blog/$1
RewriteCond %{HTTP_HOST} southsea.st$
RewriteRule ^(/)?$ /blog/ [L]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} miao.southsea.st$
RewriteCond %{REQUEST_URI} !^/miao/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /miao/$1
RewriteCond %{HTTP_HOST} miao.southsea.st$
RewriteRule ^(/)?$ /miao/login.php [L]
</IfModule>

然后,对于https的设置,打开httpd/conf.d下的ssl.conf

这里我使用的是通配符证书,Let’s Encrypt的野卡XD

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<VirtualHost *:443>
DocumentRoot /var/www/html/blog
ServerName southsea.st:443
ErrorLog "/var/www/html/blog/error_log"
CustomLog "/var/www/html/blog/access_log" common
SSLEngine on
SSLCertificateFile /root/.acme.sh/southsea.st/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/southsea.st/southsea.st.key
<Directory "/var/www/html/blog">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html index.php
</Directory>
</VirtualHost>

<VirtualHost *:443>
DocumentRoot /var/www/html/miao
ServerName miao.southsea.st:443
ErrorLog "/var/www/html/miao/error_log"
CustomLog "/var/www/html/miao/access_log" common
SSLEngine on
SSLCertificateFile /root/.acme.sh/southsea.st/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/southsea.st/southsea.st.key
<Directory "/var/www/html/miao">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex admin.php login.php index.html index.php
</Directory>
</VirtualHost>

然后service httpd restart重启就好啦。

泛域名证书和Nginx的HTTPS配置

这个是申请证书的脚本。

1
curl https://get.acme.sh | sh

获取一下阿里云的AccessKey,然后输入Ali_KeyAli_Secret

1
2
export Ali_Key=""
export Ali_Secret=""

接下来再申请证书。

1
~/.acme.sh/acme.sh --issue --dns dns_ali -d southsea.st -d *.southsea.st

然后证书就下载下来了,具体路径看自己打印在控制台上的内容,接下来配置Nginx的二级域名跳转至子目录。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
server {
listen 80;
server_name southsea.st;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}

server {
listen 80;
server_name [二级域名].southsea.st;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}

server {
listen 443 ssl;
server_name southsea.st;
ssl_certificate /root/.acme.sh/southsea.st/fullchain.cer;
ssl_certificate_key /root/.acme.sh/southsea.st/southsea.st.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm index.php;
}

location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

server {
listen 443 ssl;
server_name [二级域名].southsea.st;
ssl_certificate /root/.acme.sh/southsea.st/fullchain.cer;
ssl_certificate_key /root/.acme.sh/southsea.st/southsea.st.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html/[子目录名];
index index.html index.htm index.php;
}

location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

详细就不多说了,如果要多增加几个二级域名就先去阿里云控制台添加一下解析。

然后把上面80端口和443端口的内容复制一份再做修改就行。

L2TP服务

安装必要的工具。

1
yum install vim net-tools wget unzip -y

下载安装脚本。

1
wget -O StackScript.zip http://files.cnblogs.com/files/think8848/StackScript.zip

解压文件。

1
unzip StackScript.zip

执行安装文件。

1
2
3
chmod +x StackScript

./StackScript

先修改PSK

1
vim /etc/ipsec.secrets

修改用户名和密码。

1
vim /etc/ppp/chap-secrets

重启IPsecxl2tpd

1
systemctl restart ipsec xl2tpd

Docker-compose

1
2
3
4
5
yum -y install epel-release
yum install python-pip
pip install --upgrade pip
pip install --upgrade setuptools
pip --default-timeout=200 install -U docker-compose

私钥登陆

1
ssh-keygen -t rsa -C"i@southsea.st"

Refer

CentOS 7.2 1511部署L2TP/IPsec服务器及客户端