mkdir -p /usr/local/virus/iptables
cd /usr/local/virus/iptables

#!/bin/bash

EXTIF="eth0"
export EXTIF

echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "1" > $i
done
for i in /proc/sys/net/ipv4/conf/*/log_martians; do
echo "1" > $i
done
for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo "0" > $i
done
for i in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo "0" > $i
done
for i in /proc/sys/net/ipv4/conf/*/send_redirects; do
echo "0" > $i
done

PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT

if [ -f /usr/local/virus/iptables/iptables.deny ]; then
sh /usr/local/virus/iptables/iptables.deny
fi
if [ -f /usr/local/virus/iptables/iptables.allow ]; then
sh /usr/local/virus/iptables/iptables.allow
fi
if [ -f /usr/local/virus/httpd-err/iptables.http ]; then
sh /usr/local/virus/httpd-err/iptables.http
fi
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

AICMP="0 3 3/4 4 11 12 14 16 18"
for tyicmp in $AICMP
do
iptables -A INPUT -i $EXTIF -p icmp --icmp-type $tyicmp -j ACCEPT
done

iptables -A INPUT -p TCP -i $EXTIF --dport 22 -j ACCEPT # SSH
# iptables -A INPUT -p TCP -i $EXTIF --dport 25 -j ACCEPT # SMTP
# iptables -A INPUT -p UDP -i $EXTIF --sport 53 -j ACCEPT # DNS
# iptables -A INPUT -p TCP -i $EXTIF --sport 53 -j ACCEPT # DNS
iptables -A INPUT -p TCP -i $EXTIF --dport 80 -j ACCEPT # WWW
# iptables -A INPUT -p TCP -i $EXTIF --dport 110 -j ACCEPT # POP3
# iptables -A INPUT -p TCP -i $EXTIF --dport 443 -j ACCEPT # HTTPS

#!/bin/bash
# iptables -A INPUT -i $EXTIF -s xxx.xxx.xxx.xxx -j ACCEPT

#!/bin/bash
# iptables -A INPUT -i $EXTIF -s xxx.xxx.xxx.xxx -j DROP

chmod 700 /usr/local/virus/iptables/iptables.* #设置权限
/usr/local/virus/iptables/iptables.rule #开启防火墙

yum -y install patch make gcc gcc-c++ autoconf libjpeg libjpeg-devel
libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib
zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel
ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5
krb5-devel libidn libidn-devel openssl openssl-devel readline-devel

yum install wget
#下载ruby 1.8.7-p72.tar.gz和MBARIp72patches.tar.gz(没有下载) 
wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz
tar zxvf ruby-1.8.7-p72.tar.gz
cd ruby-1.8.7-p72
./configure --prefix=/usr/local/system/ruby-1.8.7-p72
make && make install

export RUBY_HOME=/usr/local/system/ruby-1.8.7-p72
PATH=$RUBY_HOME/bin:$PATH

tar zxvf rubygems-1.3.4.tgz
cd rubygems-1.3.4
ruby setup.rb
如果有下面的错误:
/usr/local/lib/ruby1.8.7/lib/ruby/1.8/openssl/ssl.rb:26: uninitialized constant
 OpenSSL::SSL::VERIFY_PEER (NameError)
        from /usr/local/lib/ruby1.8.7/lib/ruby/1.8/openssl.rb:23:in `require'
        from /usr/local/lib/ruby1.8.7/lib/ruby/1.8/openssl.rb:23
这是ruby1.8.7的一个bug
牛人已经给我们提交了ticket

It's caused by recursive require.  There must be TRUE reason behind
why recursive require happens, e.g. RUBYOPT environment variable, but
the following patch stops recursive calls.  Could you see if the patch
works?

                                                        matz.

diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c
index 5bb55af..eac6541 100644
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@@ -233,7 +233,6 @@ ossl_digest_block_length(VALUE self)
 void
 Init_ossl_digest()
 {
-    rb_require("openssl");
     rb_require("digest");
 
 #if 0 /* let rdoc know about mOSSL */

然后重新编译安装ruby,
很简单!!
gem -v #查看gem版本

cd ruby-1.8.7-p72/ext/zlib
ruby extconf.rb --with-zlib-include=/usr/include --with-zlib-lib=/usr/lib
make && make install 如果出错，可能需要进行yum install zlib-devel
#结果出错信息如下:
make: Nothing to be done for `all'.
/usr/bin/install -c -m 0755 zlib.so /usr/local/system/ruby-1.8.7-
p72/lib/ruby/site_ruby/1.8/i686-linux
/usr/bin/install: cannot stat `zlib.so': No such file or directory
make: *** [/usr/local/system/ruby-1.8.7-p72/lib/ruby/site_ruby/1.8/
i686-linux/zlib.so] Error 1
#这种方法可能在centos下不好使，这个可能是因为动态链接库找不到
#在这里我们采用下面的方法来安装ruby的zlib支持：
wget 
tar zxvf ruby-zlib-0.6.0.tar.gz
cd ruby-zlib-0.6.0
ruby extconf.rb
make && make install

or

apt-get install zlib1g-dev(ubuntu) then back to ext/zlib ruby extconf.rb make && make install

cd ruby-1.8.7-p72/ext/readline #可能需要进行yum install readline-devel
ruby extconf.rb
make && make install
进入到
irb，
irb(main):001:0> require 'readline'
irb(main):004:0> Readline::readline('> ')
> djkjsdf
=> "djkjsdf" #成功

cd ruby-1.8.7-p72/ext/openssl
ruby extconf.rb
make && make install
#结果报错如下:
make: Nothing to be done for `all'.
/usr/bin/install -c -m 0755 openssl.so /usr/local/system/ruby-1.8.7-
p72/lib/ruby/site_ruby/1.8/i686-linux
/usr/bin/install: cannot stat `openssl.so': No such file or directory
make: *** [/usr/local/system/ruby-1.8.7-p72/lib/ruby/site_ruby/
1.8/i686-linux/openssl.so] Error 1

gem source -a 
gem install rails --version "2.3.4" --no-rdoc --no-ri
gem install rspec

yum install httpd mod_ssl
/etc/init.d/httpd start #启动httpd
#这个时候，访问网站就可以看到apache的欢迎页面了
/sbin/chkconfig httpd on #让httpd随开机启动
/sbin/chkconfig --list httpd #查看httpd开机启动情况，输出如下：
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@li96-10 httpd-2.2.14]# wget 
[root@li96-10 httpd-2.2.14]# tar zxvf httpd-2.2.14.tar.gz
[root@li96-10 httpd-2.2.14]# cd httpd-2.2.14
[root@li96-10 httpd-2.2.14]# ./configure --prefix=/usr/local/system/httpd
[root@li96-10 httpd-2.2.14]# make
[root@li96-10 httpd-2.2.14]# make install
[root@li96-10 httpd-2.2.14]# cp /usr/local/system/httpd/bin/apachectl /etc/init.d/httpd
[root@li96-10 httpd-2.2.14]# vim /etc/profile #加入下面这行
export PATH=$PATH:/usr/local/system/httpd/bin
[root@li96-10 httpd-2.2.14]# vim /usr/local/system/httpd/conf/httpd.conf 
#这个是httpd的配置文件啊
[root@li96-10 httpd-2.2.14]# netstat -tulnp | grep :80
tcp        0      0 :::80         :::*           LISTEN      16952/httpd

[root@li96-10 ~]# vim /etc/init.d/httpd #在第二行加入以下内容:
# Comments to support chkconfig on Centos
# chkconfig:3 92 10
# description:http server
[root@li96-10 ~]# chkconfig --add httpd
[root@li96-10 ~]# chkconfig --level 3 httpd on
[root@li96-10 ~]# chkconfig --list #这样就可以查看到httpd了

六，安装Phusion's Passenger (mod_rails)
--- LinuxShell
gem update #没必要吧？
gem install passenger
passenger-install-apache2-module #然后安装Apache2 module，按照指示往下装就行了

Welcome to the Phusion Passenger Apache 2 module installer, v2.2.8.

This installer will guide you through the entire installation process. It
shouldn't take more than 3 minutes in total.

Here's what you can expect from the installation process:

1. The Apache 2 module will be installed for you.
2. You'll learn how to configure Apache.
3. You'll learn how to deploy a Ruby on Rails application.

Don't worry if anything goes wrong. This installer will advise you on how to
solve any problems.

Press Enter to continue, or Ctrl-C to abort.

+++++++++++++++++++++++++++++++++++++++

Checking for required software...

* GNU C++ compiler... found at /usr/bin/g++
* Ruby development headers... found
* OpenSSL support for Ruby... found
* RubyGems... found
* Rake... found at /usr/local/system/ruby-1.8.7-p72/bin/rake
* rack... found
* Apache 2... found at /usr/sbin/httpd
* Apache 2 development headers... not found
* Apache Portable Runtime (APR) development headers... not found
* Apache Portable Runtime Utility (APU) development headers... not found

Some required software is not installed.
But don't worry, this installer will tell you how to install them.

Press Enter to continue, or Ctrl-C to abort.

++++++++++++++++++++++++++++++++++++++++++++++

Installation instructions for required software

* To install Apache 2 development headers:
Please run yum install httpd-devel as root.

* To install Apache Portable Runtime (APR) development headers:
Please run yum install apr-devel as root.

* To install Apache Portable Runtime Utility (APU) development headers:
Please download it from 
(APR Utility is an integrated part of Apache.)

If the aforementioned instructions didn't solve your problem, then please take
a look at the Users Guide:

/usr/local/system/ruby-1.8.7-p72/lib/ruby/gems/1.8/gems/passenger-2.2.8/
doc/Users guide Apache.html

#由以上信息可以发现，有几个需要安装一下：
yum install httpd-devel apr-devel apr-util-devel
#然后继续：
passenger-install-apache2-module

。。。
。。。
+++++++++++++++++++++++++++++++++++++++++++++++
The Apache 2 module was successfully installed.

Please edit your Apache configuration file, and add these lines:

LoadModule passenger_module /usr/local/system/ruby-1.8.7-
p72/lib/ruby/gems/1.8/gems/passenger-2.2.8/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/system/ruby-1.8.7-p72/lib/ruby/gems/1.8/gems/passenger-2.2.8
PassengerRuby /usr/local/system/ruby-1.8.7-p72/bin/ruby

After you restart Apache, you are ready to deploy any number of Ruby on Rails
applications on Apache, without any further Ruby on Rails-specific
configuration!

Press ENTER to continue.


+++++++++++++++++++++++++++++++++++++++++++++++++
Deploying a Ruby on Rails application: an example

Suppose you have a Rails application in /somewhere. Add a virtual host to your
Apache configuration file and set its DocumentRoot to /somewhere/public:

   
      ServerName 
      DocumentRoot /somewhere/public    # <-- be sure to point to 'public'!
      
         AllowOverride all              # <-- relax Apache security settings
         Options -MultiViews            # <-- MultiViews must be turned off
      
   

And that's it! You may also want to check the Users Guide for security and
optimization tips, troubleshooting and other useful information:

  /usr/local/system/ruby-1.8.7-p72/lib/ruby/gems/1.8/gems/passenger-2.2.8/doc/
Users guide Apache.html

Enjoy Phusion Passenger, a product of Phusion () :-)

vim /usr/local/system/httpd/conf/httpd.conf

LoadModule passenger_module /usr/local/system/ruby-1.8.7-
p72/lib/ruby/gems/1.8/gems/passenger-2.2.8/ext/apache2/mod_passenger.so
   PassengerRoot /usr/local/system/ruby-1.8.7-p72/lib/ruby/gems/1.8/gems/passenger-2.2.8
   PassengerRuby /usr/local/system/ruby-1.8.7-p72/bin/ruby


      ServerName 
      DocumentRoot /usr/local/system/blog/public
      
         AllowOverride all
         Options -MultiViews
      
   
#下面两行需要替换，而不是放在文件的最后
User apache
Group apache

cd /usr/local/system/good
chown -R apache public
chgrp -R apache public
/etc/init.d/httpd restart
如果有下面的错误:
Forbidden
You don't have permission to access /admin on this server.
就先将
< Directory / >
     Options FollowSymLinks
     AllowOverride None
     #Order deny,allow #两行注释掉
     #Deny from all  #两行注释掉
< /Directory >
就可以了
--- LinuxShell
到此，mod_rails就安装成功了啊！

六，安装mysql服务器
--- LinuxShell
wget http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-
5.0.88.tar.gz/from/
tar zxvf mysql-5.0.88.tar.gz
cd mysql-5.0.88
./configure --prefix=/usr/local/system/mysql #将mysql安装到/usr/local/system/mysql

# if  "No curses/termcap library found", 编译时加上路径即可解决，即
# wget ncurses-5.5.tar.gz, compile install and add to PATH

make && make install #漫长的等待....
#for exec: g++: 未找到
#apt-get install build-essential
# re ./configure and make && make install

cp support-files/my-medium.cnf /etc/my.cnf
cd /usr/local/system/mysql/
groupadd mysql #新建一个名为mysql的用户组
useradd -g mysql mysql #在mysql用户组下新建一个名为mysql的用户
chown -R mysql . #将该目录设置为mysql拥有
chgrp -R mysql . #将该目录设置为mysql组 拥有
bin/mysql_install_db --user=mysql #创建mysql资料库，var等等目录
bin/mysqld_safe --user=mysql &　#启动mysql daemon
bin/mysqladmin -u root password ******** #设置root的密码
cd - #回到刚才的mysql源文件目录
cp support-files/mysql.server /etc/rc.d/init.d/mysqld
chmod +x /etc/init.d/mysqld
/sbin/chkconfig --add mysqld

vim /etc/profile
#在该文件里面添加一行:
export PATH=$PATH:/usr/local/system/mysql/bin
source /etc/profile #使更改有效

cd /usr/local/system/
rails good #创建rails项目在： /usr/local/system/good
vim /etc/httpd/conf/httpd.conf #http创建一个虚拟主机，增加如下内容：



ServerName xxx.com
ServerAlias 

DocumentRoot /usr/local/system/good/public



/etc/init.d/httpd restart
http:// #访问试试看

cd /usr/local/system/good
vim config/database.yml

development:
adapter: mysql
encoding: utf8
reconnect: false
database: blog
pool: 5
username: mysql
password: ********
socket: /tmp/mysql.sock

rake db:create #创建数据库，结果出现如下错误：

(in /usr/local/system/good)
rake aborted!
no such file to load -- cucumber/rake/task
/usr/local/system/good/Rakefile:10
(See full trace by running task with --trace)

#经过google，缺少cucumber，很明显吧！
gem install cucumber

#继续错误：

(in /usr/local/system/good)
** Invoke db:create (first_time)
** Invoke db:load_config (first_time)
** Invoke rails_env (first_time)
** Execute rails_env
** Execute db:load_config
** Execute db:create
!!! The bundled mysql.rb driver has been removed from Rails 2.2. 
Please install the mysql gem and try again: gem install mysql.
rake aborted!
no such file to load -- mysql

#看来是缺少mysql的ruby支持，

wget 
tar zxvf mysql-ruby-2.8.1.tar.gz
cd mysql-ruby-2.8.1
ruby extconf.rb --with-mysql-dir=/usr/local/system/mysql
make && make install

#然后继续
cd /usr/local/system/good
rake db:create

(in /usr/local/system/blog)
Couldn't create database for {"reconnect"=>false, "encoding"=>"utf8",
"username"=>"mysql", "adapter"=>"mysql", "database"=>"good", "pool"=>5,
"password"=>"*******", "socket"=>"/tmp/mysql.sock"},
charset: utf8, collation: utf8_unicode_ci
(if you set the charset manually, make sure you have a matching collation)

rake db:create
rake db:migrate

(in /usr/local/system/good)
Missing these required gems:
RedCloth ~> 4.0
ruby-openid ~> 2.1.0
chronic ~> 0.2.0
coderay ~> 0.8.0
lesstile ~> 0.3
will_paginate ~> 2.3
ruby-openid >= 2.0.4

You're running:
ruby 1.8.7.72 at /usr/local/system/ruby-1.8.7-p72/bin/ruby
rubygems 1.3.4 at /root/.gem/ruby/1.8, /usr/local/system/ruby-1.8.7-p72
/lib/ruby/gems/1.8
Run `rake gems:install` to install the missing gems.

  # Specify gems that this application depends on and have them installed with rake gems:install


  config.gem "RedCloth",    :lib => "redcloth", :version => "~> 4.0"
  config.gem "ruby-openid", :lib => "openid",   :version => "~> 2.1.0"


  config.gem "chronic",  :version => "~> 0.2.0"
  config.gem "coderay",  :version => "~> 0.8.0"
  config.gem "lesstile", :version => "~> 0.3"


  config.gem "will_paginate", :version => "~> 2.3", :source => 'http://gemcutter.org'

rake gems:install
/etc/init.d/httpd restart

Ruby on Rails application could not be started
There appears to be a database problem.

*Your config/database.yml may not be written correctly. Please check it and 
fix any errors.
*Your database schema may be out of date or nonexistant. 
Please run rake db:migrate to ensure that the database schema is up-to-date.
*The database server may not be running. Please check whether it's running, 
and start it if it isn't.

Error message:
production database is not configured (ActiveRecord::AdapterNotSpecified)
Exception class:
ActiveRecord::AdapterNotSpecified
Application root:
/usr/local/system/blog

vim config/database.yml 进行修改
/etc/init.d/httpd restart #重新启动并访问，结果报错，
tail -f log/production.log #观察错误，结果找到下面一些错误:

ActiveRecord::StatementInvalid 
(Mysql::Error: Table 'good.blogs' doesn't exist: SELECT * FROM `blogs` 
WHERE (published_at < '2009-12-18 08:36:38')  
ORDER BY blogs.published_at DESC LIMIT 15):

Errno::ECONNREFUSED (Connection refused - connect(2)):

rake db:migrate
/etc/init.d/httpd restart #重启