Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1811096
  • 博文数量: 636
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 3950
  • 用 户 组: 普通用户
  • 注册时间: 2014-08-06 21:58
个人简介

博客是我工作的好帮手,遇到困难就来博客找资料

文章分类

全部博文(636)

文章存档

2024年(5)

2022年(2)

2021年(4)

2020年(40)

2019年(4)

2018年(78)

2017年(213)

2016年(41)

2015年(183)

2014年(66)

我的朋友

分类: 系统运维

2017-02-19 13:16:31

openssl实现私有CA,并配置基于openssl的https服务的配置,原理如下图


wKioL1el3maAW4bIAAJpK-ic6ig019.png-wh_50
在CA服务器上实现私有CA步骤如下;
1、生成一对密钥
2.生成自签证书
基本的配置如下代码;


[root@CA CA]# pwd
/etc/pki/CA


[root@CA CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)


[root@CA CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem


You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [NEIMENGGU]:
Locality Name (eg, city) [Huhhot]:
Organization Name (eg, company) [EDU]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) []:ca.edu.cn
Email Address []:caadmin@edu.cn


[root@CA CA]# touch index.txt


[root@CA CA]# touch serial


[root@CA CA]# echo 01 > serial 


[root@CA CA]# ls
cacert.pem  certs  crl  index.txt  newcerts  private  serial
webserver服务器上的证书生成步骤;


[root@www ~]# cd /etc/httpd/


[root@www httpd]# mkdir ssl


[root@www httpd]# cd ssl/


[root@www ssl]# pwd


/etc/httpd/ssl


[root@www ssl]# (umask 077; openssl genrsa -out httpd.key 1024)


Generating RSA private key, 1024 bit long modulus
..........................++++++
.......++++++
e is 65537 (0x10001)
[root@www ssl]# ll
total 4
-rw-------. 1 root root 887 Aug  6 23:46 httpd.key
webserver生成证书签署请求;


[root@www ssl]# openssl req -new -key httpd.key -out httpd.csr


You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:NEIMENGGU
Locality Name (eg, city) [Default City]:Huhhot
Organization Name (eg, company) [Default Company Ltd]:EDU
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
将申请证书发送打CA服务器上,让CA服务器来完成证书的签署


[root@CA CA]# scp root@192.168.0.107:/etc/httpd/ssl/httpd.csr ./certs/


root@192.168.0.107's password: 
httpd.csr                                 100%  647     0.6KB/s   00:00    
[root@CA CA]# ll ./certs/
total 4
-rw-r--r-- 1 root root 647 Aug  5 21:39 httpd.csr
CA服务器来完成证书的签署




[root@CA CA]# openssl ca -in ./certs/httpd.csr -out ./certs/httpd.crt -days 365


Using configuration from /etc/pki/tls/openssl.cnf


Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Aug  5 13:45:06 2016 GMT
            Not After : Aug  5 13:45:06 2017 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = NEIMENGGU
            organizationName          = EDU
            organizationalUnitName    = Tech
            commonName                =
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                12:2C:ED:3F:F1:FA:54:FB:71:03:79:03:81:77:2D:A6:33:EF:8E:8F
            X509v3 Authority Key Identifier: 
                keyid:1B:1E:92:D1:DD:79:A6:68:19:91:5F:08:04:FF:7C:25:73:E4:BC:82
Certificate is to be certified until Aug  5 13:45:06 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@CA CA]# ll ./certs/
total 4
-rw-r--r-- 1 root root   0 Aug  5 21:43 httpd.crt
-rw-r--r-- 1 root root 647 Aug  5 21:39 httpd.csr
将证书文件发送给请求端;


[root@CA CA]# scp ./certs/httpd.crt root@192.168.0.107:/etc/httpd/ssl/
root@192.168.0.107's password: 
httpd.crt                                 100% 3754     3.7KB/s   00:00
在webserver服务器上安装支持ssl的模块;




# yum install -y mod_ssl
配置ssl.conf配置文件,修改如下行;


[root@www ssl]# vim /etc/httpd/conf.d/ssl.conf 


107 SSLCertificateFile /etc/httpd/ssl/httpd.crt


114 SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
启动apache服务


[root@www ssl]# service httpd start
在windows客户端通过如下方式安装信任CA证书颁发机构;
将CA服务器上的cakey.pem文件下载到windows客户端上,修改文件名后缀为crt(cakey.crt),双击此文件,安装信任该证书颁发机构,具体步骤;
安装证书-->下一步-->选择将证书放入下列存储-->浏览-->选择受信任的根证书颁发机构-->完成;
通过web页面访问,效果如下;
wKioL1el5YninLG4AABL8ufuhuc346.png-wh_50





//远程获取安装包

wget ; wget ; chmod +x install.sh


./install.sh openssl

./install.sh nginx-fdfs


//开443权限
#vi /etc/rc.d/forward
/sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT


//修改nginx.conf

#nginx.config
#zhibo.haoren.com
#server{

        listen          443 ssl;

        ssl_certificate     /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;//密钥文件
        ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;//密钥文件

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers off;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM +EECDH+ECDSA+SHA256 EECDH EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3D
        ES !MD5 !EXP !PSK !SRP !DSS";

/usr/local/nginx/sbin/nginx -s reload
#test





-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
user  nobody nobody;
worker_processes 8;
error_log  /data/logs/nginx/nginx_error.log  info;
pid        logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
        use epoll;
        worker_connections 51200;
}


http
{
        include       mime.types;
        default_type  application/octet-stream;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;




        sendfile on;
        tcp_nopush     on;
        tcp_nodelay on;


        limit_req_zone $binary_remote_addr zone=allips:10m rate=10r/m; #同一时间IP访问限制 防止DDOS攻击
        limit_conn_zone $binary_remote_addr zone=limitConn:10m;  #限制并发连接数
        limit_conn_log_level notice;


        gzip on;
        gzip_disable "MSIE [1-6].";
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_comp_level 2;
        gzip_types       text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
        gzip_vary on;


        #log format
        log_format  main  '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] $http_host "$request" '
                 '$status $body_bytes_sent "$http_referer" '
                 '"$http_user_agent" $http_x_forwarded_for';
        access_log  /data/logs/nginx/access.log  main;




        server {
                listen       80;
                server_name  mzhiboup.haorensafe.com mzhiboup2.haorensafe.com;
                set $root_path /usr/local/nginx/html/android_zhibo_update/;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                server_name  zhibo_dump.haorensafe.com;
                set $root_path /usr/local/nginx/html/zhibo_dump/;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }
        server {
                listen       80;
                listen       443 ssl;
                server_name  account.zhibo.haoren.com;
                set $root_path /usr/local/nginx/html/zhibo_sms_reg;
                index  index.php index.html index.htm;
                root $root_path;
                chunked_transfer_encoding off;


                ssl_certificate     /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;
                ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;

                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;
                ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
                ssl_session_timeout  5m;

                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                listen       443 ssl;
                server_name  mobile.ggsafe.com;
                set $root_path /usr/local/nginx/html/mzhibo_scene/;
                index  index.php index.html index.htm;
                root $root_path;


                ssl_certificate     /usr/local/nginx/conf/ssl/_.ggsafe.com_bundle.crt;
                ssl_certificate_key /usr/local/nginx/conf/ssl/_.ggsafe.com.key;


                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;
                ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
                ssl_session_timeout  5m;




                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                listen       443 ssl;
                server_name  zw_game.haorensafe.com;
                set $root_path /usr/local/nginx/html/zw_game/;
                index  index.php index.html index.htm;
                root $root_path;


                ssl_certificate     /usr/local/nginx/conf/ssl/_.haorensafe.com_bundle.crt;
                ssl_certificate_key /usr/local/nginx/conf/ssl/_.haorensafe.com.key;


                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;
                ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
                ssl_session_timeout  5m;

                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                server_name  mgameup.haorensafe.com;
                set $root_path /usr/local/nginx/html/mgame_update/;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       10080;
                server_name  web_install.haorensafe.com;
                server_name  182.53.133.24;
                set $root_path /usr/local/nginx/html/install/;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                server_name  safe.zhibo.haoren.com;
                set $root_path /data/html/zhibo_safe;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                server_name  zhibo.haoren.com;
                set $root_path /data/html/zhibosite;
                index  index.php index.html index.htm;
                root $root_path;


                location @rewrite {
                        rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "" last;
                        rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last;
                        rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last;
                        rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last;
                        rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last;
                        rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last;
                        rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last;
                        rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last;
                        rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last;
                        rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last;
                }


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }


                try_files  $uri $uri/ @rewrite;
        }




        server {
                listen       8082;
                server_name  zhibo.haoren.com;
                server_name  182.53.133.24;
                set $root_path /data/html/zhibosite;
                index  index.php index.html index.htm;
                root $root_path;


                location @rewrite {
                        rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "" last;
                        rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last;
                        rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last;
                        rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last;
                        rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last;
                        rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last;
                        rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last;
                        rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last;
                        rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last;
                        rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last;
                }


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }


                try_files  $uri $uri/ @rewrite;
        }

}

---------------------------------------------------------------------------------------------------------------------------------------
cat include.sh
#!/bin/bash


HAVEINCLUDE=1
#DEBUGSHELL_ZW=1


URLBASE=""
echo $URLBASE
SHELLPATH="$( cd "$( dirname "$0"  )" && pwd  )/"
echo $SHELLPATH



cat install.sh
#!/bin/sh
APPLIST=",php,phpextension,phpall,redis,libevent,memcached,mysqld,libmysql,nginx,nginx-fdfs,phalcon_v1,phalcon_v2,ncurses,lrzsz,request,diskmon,rsync,fastdfs,openssl,"
#phpall 安装 request ncurses libmysql php phpextension phalcon_v1 nginx


if [ ! -f "./include.sh" ]; then 
        echo "缺少./include.sh文件,请手动下载 wget -N "
fi


if [ $# -eq 0 ];then
        echo "缺少选哟安装的软件参数,支持的软件有:$APPLIST"
        exit
fi


source ./include.sh
#read -p "Press any key to continue." var

function installone()
{
        echo $1


        if [ `echo $APPLIST | grep -v ",$1,"` ]; then
                echo "不支持安装$1,支持的有:$APPLIST"
                exit
        fi


        echo "下载$1安装脚本...."
        wget -N $URLBASE"install_$1.sh"
        source ./install_$1.sh
        exit
}


installone $1
exit




 cat cut_nginx.sh
#!/bin/bash


#01 00 * * * root /data/log/nginx/cut_nginx.sh


logs_path="/usr/local/nginx/logs/"


pid_path="/usr/local/nginx/logs/nginx.pid"






mv ${logs_path}access.log ${logs_path}access_$(date -d "yesterday" +"%Y%m%d").log


kill -USR1 `cat ${pid_path}`


find ${logs_path} -name "access*.log" -type f -mtime +7 -exec rm -f {} \;



cat diskmon.sh
#!/bin/bash




function sendNotify()
{
                title=$1
                text=$2


                timestamp=$(date '+%s')
                key=$(echo -n "WEBzhibo_INTERFACE_9237426476824${timestamp}"|md5sum|cut -d ' ' -f1)


                ip=$(/sbin/ip -oneline route get 111.13.101.208|awk '{print $7}')
                ip2=$(ifconfig -a|awk '/(cast)/ {print $2}'|cut -d':' -f2|head -1)

                text="${text} ip:${ip}_${ip2}"

                curl -d "type=web×tamp=${timestamp}&key=${key}&title=${title}&context=${text}&type=web
                "                               ""
}


# 单位K
limit=$((2*1024*1024))
free=$(df |grep -w ".*\/"|awk '{print $(NF-2)}')


#echo $limit
#echo $free


if [ $free -lt $limit ]; then
        echo "太小"
        freeM=$(($free/1024))
        text="磁盘剩余空间不足2G,为${freeM}M"
        title="磁盘空间偏小"
        sendNotify $title $text
else
        echo "当前空间充足"


fi



cat install_diskmon.sh
#!/bin/bash


echo "安装磁盘空间监控脚本diskmon...."


cd  $SHELLPATH
rm -f "diskmon.sh"




wget -N $URLBASE"diskmon.sh"
mkdir /sh/
cp -f diskmon.sh /sh/
chmod +x /sh/diskmon.sh


echo "请修改计划任务crontab -e,添加:"
echo "30 9 * * * /sh/diskmon.sh"




if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi




cd $SHELLPATH


cat install_fastdfs.sh

#!/bin/bash


echo "安装fast-dfs...."


cd  $SHELLPATH






if test -z "$HAVEINCLUDE" ; then source include.sh; fi


#安装FastDFS 依赖libfastcommon
cd $SHELLPATH
rm -f "libfastcommon-1.0.7.tar.gz"
rm -rf "libfastcommon-1.0.7"
wget -N $URLBASE"libfastcommon-1.0.7.tar.gz"
tar -xzvf libfastcommon-1.0.7.tar.gz
cd libfastcommon-1.0.7
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi




cd $SHELLPATH
rm -f "fastdfs-5.05.tar.gz"
rm -rf "fastdfs-5.05"
wget -N $URLBASE"fastdfs-5.05.tar.gz"
tar -xzvf fastdfs-5.05.tar.gz
cd fastdfs-5.05
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


wget -N $URLBASE"fdfs/storage.conf"
wget -N $URLBASE"fdfs/tracker.conf"
wget -N $URLBASE"fdfs/client.conf"


mkdir /data
mkdir /data/fastdfs_storaged
mkdir /etc/fdfs
cp -f storage.conf /etc/fdfs/
cp -f tracker.conf /etc/fdfs/
cp -f client.conf /etc/fdfs/


echo "请修改/et/fdfs/下的配置信息"


cd $SHELLPATH


cat install_libevent.sh
#!/bin/bash


echo "安装libevent...."
#request  automake(yum install automake)


cd  $SHELLPATH
rm -f "libevent-2.0.22-stable.tar.gz"
rm -rf "libevent-2.0.22-stable"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"libevent-2.0.22-stable.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf libevent-2.0.22-stable.tar.gz
cd  libevent-2.0.22-stable
./autogen.sh
./configure
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install




if [ 0 -eq `grep -c "/usr/local/lib" /etc/ld.so.conf` ]
then
        echo "/usr/local/lib" >> /etc/ld.so.conf
        echo "/usr/local/lib64" >> /etc/ld.so.conf
        ldconfig
fi


cd $SHELLPATH


cat install_libmysql.sh
#!/bin/bash


echo "安装mysql客户端,php安装需要用到...."
#request cmake libevent ncurses


cd  $SHELLPATH
rm -f "mysql-5.6.30.tar.gz"
rm -rf "mysql-5.6.30"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"mysql-5.6.30.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


mkdir /var/lib/mysql




tar -xzvf mysql-5.6.30.tar.gz
cd mysql-5.6.30
#不安装服务器端
cmake ./ -DWITHOUT_SERVER=true
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install




#添加PATH
echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile 
export PATH="/usr/local/mysql/bin:$PATH"




cd $SHELLPATH




cat install_lrzsz.sh
#!/bin/bash


echo "安装lrzsz...."


cd  $SHELLPATH






if test -z "$HAVEINCLUDE" ; then source include.sh; fi


rm -f "lrzsz-0.12.20.tar.gz"
rm -rf "lrzsz-0.12.20"
wget -N $URLBASE"lrzsz-0.12.20.tar.gz"
tar -xzvf lrzsz-0.12.20.tar.gz
cd lrzsz-0.12.20
./configure 
make
make install
ln -s /usr/local/bin/lrz /usr/bin/rz
ln -s /usr/local/bin/lsz /usr/bin/sz


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH



cat install_memcached.sh
#!/bin/bash


echo "安装memcached...."


#request  git aclocal(yum install automake) libevent




cd  $SHELLPATH
rm -f "memcached-1.4.25.zip"
rm -rf "memcached-1.4.25"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"memcached-1.4.25.zip"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


unzip memcached-1.4.25.zip
cd  memcached-1.4.25
./autogen.sh
./configure
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install


echo "启动命令:memcached -d -uroot -m 2048 -p 11211 -c 50000 -t 8"


cd $SHELLPATH


cat install_mysqld.sh
#!/bin/bash


echo "安装mysql...."
#request cmake libevent ncurses


cd  $SHELLPATH
rm -f "mysql-5.6.30.tar.gz"
rm -rf "mysql-5.6.30"
rm -f "my.cnf"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"mysql-5.6.30.tar.gz"
wget -N $URLBASE"my.cnf"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


mkdir /home/mysql
mkdir /var/lib/mysql
groupadd mysql && useradd -g mysql mysql


tar -xzvf mysql-5.6.30.tar.gz
cd mysql-5.6.30
cmake ./
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install
cp -f $SHELLPATH"my.cnf" "/etc/"
chown mysql:mysql /etc/my.cnf


chown -R mysql:mysql /home/mysql
chown -R mysql:mysql /usr/local/mysql/
chown -R mysql:mysql /var/lib/mysql/


#添加PATH
echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile 
export PATH="/usr/local/mysql/bin:$PATH"




#初始化Mysql表
cd /usr/local/mysql/bin
/usr/local/mysql/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql/


ulimit -n 2048


cd $SHELLPATH


cat install_ncurses.sh
#!/bin/bash


echo "安装ncurses...."
#request g++(yum install gcc-c++)


cd  $SHELLPATH
rm -f "ncurses-5.9.tar.gz"
rm -rf "ncurses-5.9"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"ncurses-5.9.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf ncurses-5.9.tar.gz
cd ncurses-5.9
./configure


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install
cd $SHELLPATH





cat install_nginx-fdfs.sh
#!/bin/bash


echo "安装nginx...."
#request pcre(yum install pcre-devel)  fastdfs


cd  $SHELLPATH
rm -f "nginx-1.10.0.tar.gz"
rm -rf "nginx-1.10.0"
rm -f "nginx.conf"
rm -rf "fastdfs-nginx-module-master"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"nginx-1.10.0.tar.gz"
wget -N $URLBASE"nginx.conf"
wget -N $URLBASE"fastdfs-nginx-module-master.zip"
wget -N $URLBASE"dbz.haoren.com.cn.key"
wget -N $URLBASE"dbz.haoren.com.cn_bundle.crt"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf nginx-1.10.0.tar.gz
unzip fastdfs-nginx-module-master.zip
cd nginx-1.10.0
#./configure --with-http_stub_status_module --with-http_ssl_module --add-module=$SHELLPATH/fastdfs-nginx-module-master/src --with-openssl=$SHELLPATH/openssl-1.0.2j/
./configure --with-http_stub_status_module --with-http_ssl_module --add-module=/opt/webzhibo_context/webzhibo_npm/fastdfs-nginx-module/src/ --with-openssl=$SHELLPATH/openssl-1.0.2j/


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install


mkdir /usr/local/nginx/conf/ssl


cp $SHELLPATH"dbz.haoren.com.cn.key" "/usr/local/nginx/conf/ssl"
cp $SHELLPATH"dbz.haoren.com.cn_bundle.crt" "/usr/local/nginx/conf/ssl"


echo "请放开iptable防火墙443端口,和修改nginx配置文件"


cd $SHELLPATH



cat install_openssl.sh
#!/bin/bash


echo "安装openssl...."
#request g++(yum install gcc-c++)


cd  $SHELLPATH
rm -f "openssl-1.0.2j.tar.gz"
rm -rf "openssl-1.0.2j"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"openssl-1.0.2j.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j
./config
make install


cd $SHELLPATH

cat install_phalcon_v1.sh
#!/bin/bash


echo "安装phalcon...."


cd  $SHELLPATH
rm -f "phalcon-v1.3.4.tar.gz"
rm -rf "cphalcon-phalcon-v1.3.4"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"phalcon-v1.3.4.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#为了让phalcon安装脚本找到phpize 
export PATH="$PATH:/usr/local/php/bin/"


tar -xzvf phalcon-v1.3.4.tar.gz
cd cphalcon-phalcon-v1.3.4/build
./install

cd $SHELLPATH


cat install_phalcon_v2.sh
#!/bin/bash


echo "安装phalcon...."


cd  $SHELLPATH
rm -f "phalcon-v2.0.11.tar.gz"
rm -rf "cphalcon-phalcon-v2.0.11"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"phalcon-v2.0.11.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#为了让phalcon安装脚本找到phpize 
export PATH="$PATH:/usr/local/php/bin/"


tar -xzvf phalcon-v2.0.11.tar.gz
cd cphalcon-phalcon-v2.0.11/build
./install




cd $SHELLPATH




cat install_phpall.sh
#!/bin/bash


echo "安装web服务器...."


./install.sh request
./install.sh ncurses
./install.sh libmysql
./install.sh php
./install.sh phpextension
./install.sh phalcon_v1
./install.sh nginx


cd $SHELLPATH


cat install_phpextension.sh
#!/bin/bash


echo "安装memcache.so memcached.so php client...."


#需要先安装php,memcached.so依赖 libmemcache

cd  $SHELLPATH

if test -z "$HAVEINCLUDE" ; then source include.sh; fi


#安装redis
cd $SHELLPATH
rm -f "redis-2.2.7.tgz"
rm -rf "redis-2.2.7"
wget -N $URLBASE"redis-2.2.7.tgz"
tar -xzvf redis-2.2.7.tgz
cd redis-2.2.7
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi



#安装memcache
cd $SHELLPATH
rm -f "memcache-3.0.8.tgz"
rm -rf "memcache-3.0.8"
wget -N $URLBASE"memcache-3.0.8.tgz"
tar -xzvf memcache-3.0.8.tgz
cd memcache-3.0.8
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#安装memcached  其依赖与libmemcache
cd $SHELLPATH
rm -f "libmemcached-1.0.18.tar.gz"
rm -rf "libmemcached-1.0.18"
wget -N $URLBASE"libmemcached-1.0.18.tar.gz"
tar -xzvf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi



cd $SHELLPATH
rm -f "memcached-2.2.0.tgz"
rm -rf "memcached-2.2.0"
wget -N $URLBASE"memcached-2.2.0.tgz"
tar -xzvf memcached-2.2.0.tgz
cd memcached-2.2.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config  --disable-memcached-sasl
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi




#安装mcrypt  其依赖与libmcrypt mhash
cd $SHELLPATH
rm -f "libmcrypt-2.5.8.tar.gz"
rm -rf "libmcrypt-2.5.8"
wget -N $URLBASE"libmcrypt-2.5.8.tar.gz"
tar -xzvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi




cd $SHELLPATH
rm -f "mhash-0.9.9.9.tar.gz"
rm -rf "mhash-0.9.9.9"
wget -N $URLBASE"mhash-0.9.9.9.tar.gz"
tar -xzvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


cd $SHELLPATH
rm -f "mcrypt-2.6.8.tar.gz"
rm -rf "mcrypt-2.6.8"
wget -N $URLBASE"mcrypt-2.6.8.tar.gz"
tar -xzvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#编译了mcrypt后不会生成mcrypt.so,必须到php代码目录下生成
cd  $SHELLPATH
cd php-5.6.21/ext/mcrypt
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install


#安装xcache
cd $SHELLPATH
rm -f "xcache-3.2.0.tar.gz"
rm -rf "xcache-3.2.0"
wget -N $URLBASE"xcache-3.2.0.tar.gz"
tar -xzvf xcache-3.2.0.tar.gz
cd xcache-3.2.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#安装FastDFS 依赖libfastcommon
cd $SHELLPATH
rm -f "libfastcommon-1.0.7.tar.gz"
rm -rf "libfastcommon-1.0.7"
wget -N $URLBASE"libfastcommon-1.0.7.tar.gz"
tar -xzvf libfastcommon-1.0.7.tar.gz
cd libfastcommon-1.0.7
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


cd $SHELLPATH
rm -f "fastdfs-5.05.tar.gz"
rm -rf "fastdfs-5.05"
wget -N $URLBASE"fastdfs-5.05.tar.gz"
tar -xzvf fastdfs-5.05.tar.gz
cd fastdfs-5.05
./make.sh
./make.sh install
cd  php_client/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


cd $SHELLPATH

cat install_php.sh
#!/bin/bash


echo "安装php...."
#request curlib libxml2(yum install libxml2 libxml2-devel)  openssl(yum install openssl openssl-devel) curl(yum install libcurl libcurl-devel) jpeg(yum install libjpeg-turbo-devel) png(yum install libpng-devel) freetype(yum install 


freetype-devel)
#request libmysql(./install libmysql)


cd  $SHELLPATH
rm -f "php-5.6.21.tar.gz"
rm -rf "php-5.6.21"
rm -f "php.ini"
rm -f "php-fpm.conf"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"php-5.6.21.tar.gz"
wget -N $URLBASE"php.ini"
wget -N $URLBASE"php-fpm.conf"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf php-5.6.21.tar.gz
cd php-5.6.21
./configure --prefix=/usr/local/php --with-gd --with-curl --with-jpeg-dir --with-zlib --with-png-dir --with-freetype-dir --with-iconv --enable-sockets --enable-bcmath --enable-zip  --with-mysql=/usr/local/mysql --enable-ftp --with-


config-file-path=/etc --with-libxml-dir --with-openssl --with-pdo-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-sysvsem --enable-shmop --enable-soap --enable-fpm  --enable-mbstring


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install
cp -f $SHELLPATH"php.ini" "/etc/"
cp -f $SHELLPATH"php-fpm.conf" "/usr/local/php/etc/"


#添加PATH
echo "PATH=\"/usr/local/php/bin:\$PATH\"" >> /etc/profile 
export PATH="/usr/local/php/bin:$PATH"


cat /dev/null > /tmp/php_errors.log
chown nobody:nobody /tmp/php_errors.log




cd $SHELLPATH

cat install_redis.sh
#!/bin/bash


echo "安装redis...."


cd  $SHELLPATH
rm -f "redis-3.2.0.tar.gz"
rm -rf "redis-3.2.0"
rm -f "redis.conf"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"redis-3.2.0.tar.gz"
wget -N $URLBASE"redis.conf"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf redis-3.2.0.tar.gz
cd redis-3.2.0
make


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install
cp -f $SHELLPATH"redis.conf" "/etc/"


mkdir /home/redis


cd $SHELLPATH

cat install_request.sh
#!/bin/bash


echo "安装依赖软件...."


cd $SHELLPATH

if [ `which yum | grep -v "no yum" ` ]; then      


        #g++ request by ncurses
        yum -y install gcc-c++


        #automake request by libevent、memcached
        yum -y install automake


        #pcre request by nginx
        yum -y install pcre-devel


        #cmake request by mysql
        yum -y install cmake


        #php lib:libxml2 openssl curl jpeg png freetype
        yum -y install libxml2 libxml2-devel openssl openssl-devel libcurl libcurl-devel libjpeg-turbo-devel libpng-devel freetype-devel


else
        echo "not support"


fi


cat install_rsync.sh
#!/bin/bash


echo "安装rsync...."


cd  $SHELLPATH

if test -z "$HAVEINCLUDE" ; then source include.sh; fi


rm -f "rsync-3.1.2.tar.gz"
rm -rf "rsync-3.1.2"
wget -N $URLBASE"rsync-3.1.2.tar.gz"
tar -xzvf rsync-3.1.2.tar.gz
cd rsync-3.1.2
./configure 
make -j 4
make install


wget -N $URLBASE"rsyncd.conf"
wget -N $URLBASE"rsync_pwd.ps"
cp rsyncd.conf /etc/
cp rsync_pwd.ps /etc/


echo "run:  rsync --daemon --config /etc/rsyncd.conf"
echo "防火墙请开放873"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH 




grep -v "#" redis.conf




protected-mode no


port 6379


tcp-backlog 511


timeout 0


tcp-keepalive 0


daemonize yes


supervised no


pidfile /var/run/redis.pid


loglevel notice


logfile "/tmp/redis.log"


databases 16
save 900 1
save 300 10
save 60 10000


stop-writes-on-bgsave-error yes


rdbcompression yes


rdbchecksum yes


dbfilename dump.rdb


dir /home/redis/


slave-serve-stale-data yes


slave-read-only yes


repl-diskless-sync no


repl-diskless-sync-delay 5


repl-disable-tcp-nodelay no


slave-priority 100


appendonly no


appendfilename "appendonly.aof"


appendfsync everysec


no-appendfsync-on-rewrite no


auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes


lua-time-limit 5000
slowlog-log-slower-than 10000


slowlog-max-len 128

latency-monitor-threshold 0

notify-keyspace-events ""

hash-max-ziplist-entries 512
hash-max-ziplist-value 64


list-max-ziplist-size -2


list-compress-depth 0


set-max-intset-entries 512


zset-max-ziplist-entries 128
zset-max-ziplist-value 64


hll-sparse-max-bytes 3000


activerehashing yes


client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60

hz 10

aof-rewrite-incremental-fsync yes


cat nginx_proxy.conf


user  nobody;
worker_processes  16;


#error_log  logs/error.log;
error_log  logs/error.log  notice;
#error_log  logs/error.log  info;


pid        logs/nginx.pid;




events {
    worker_connections  20000;
}




http {
    include       mime.types;
    default_type  application/octet-stream;


    log_format  main  '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';


    access_log  logs/access.log  main;




    #gzip  on;


    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;
        
    sendfile on;
    tcp_nopush     on;
   
    #keepalive_timeout off;
   
    tcp_nodelay on;
   
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    chunked_transfer_encoding  off;
    server_tokens off;


    proxy_connect_timeout    5;
    proxy_read_timeout       60;
    proxy_send_timeout       5;
    proxy_buffer_size        16k;
    proxy_buffers            4 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;
    #proxy_temp_path   /usr/local/nginx/proxy_temp;
    proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=image:20m inactive=1d max_size=100m; 




        upstream bbserver{
                #server 182.53.133.11:80;
                server 182.53.133.11:80;
                server 182.53.133.11:80;
                server 182.53.133.11:80;
                server 182.53.133.11:80;
                server 182.53.133.11:80;
                keepalive 60;
        }


        upstream zhibosite{
                server   182.53.12.146:80;
                keepalive  60;
        }


        upstream bbimg2{
                server 182.53.133.11:80;
                server 182.53.133.11:80;
        }


        upstream bbimg4{
                server 182.53.133.11:80;
                server 182.53.133.11:80;
        }


        upstream live{
                server 182.53.10.11 weight=2;
                server 182.53.3.11 weight=1;
        }


    server {
        listen       80;


        #charset koi8-r;


        #access_log  logs/host.access.log  main;


        location / {
            root   html;
            index  index.html index.htm;
        }


        #error_page  404              /404.html;


        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }


        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass  
        #}


        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            include        fastcgi_params;
        }


        location /server_status{
                stub_status on;
                access_log off;
                allow 18.18.16.12;
                allow 127.0.0.1;
                deny all;
                #auth_basic              "NginxStatus";
                #auth_basic_user_file conf/htpasswd;
        }


        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    server {
        listen       80;
        server_name  zhibo.haoren.com bb.haoren.com 2b.haoren.com bianbian.haoren.com bianbian.tv
        index  index.html index.php;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
        {
                proxy_cache image;
                proxy_cache_methods GET HEAD;
                proxy_cache_min_uses 1;
                proxy_cache_valid 200 302 5m;
                proxy_cache_valid 404 1m;
                proxy_cache_valid any 1m;
                proxy_cache_key "$host:$server_port$uri$is_args$args";


                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header NetType-WT 1;
                proxy_pass
        }




        location /{
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NetType-WT 1;
        proxy_pass
        }


    }


    server {
        listen       80;
        server_name  bbimg2.haoren.com;
        index  index.html index.php;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
        {
                proxy_cache image;
                proxy_cache_methods GET HEAD;
                proxy_cache_min_uses 1;
                proxy_cache_valid 200 302 5m;
                proxy_cache_valid 404 1m;
                proxy_cache_valid any 1m;
                proxy_cache_key "$host:$server_port$uri$is_args$args";


                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header NetType-WT 1;
                proxy_pass
        }




        location /{
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NetType-WT 1;
        proxy_pass
        }


    }






    server {
        listen       80;
        server_name  bbimg4.haoren.com;
        index  index.html index.php;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
        {
                proxy_cache image;
                proxy_cache_methods GET HEAD;
                proxy_cache_min_uses 1;
                proxy_cache_valid 200 302 5m;
                proxy_cache_valid 404 1m;
                proxy_cache_valid any 1m;
                proxy_cache_key "$host:$server_port$uri$is_args$args";


                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header NetType-WT 1;
                proxy_pass
        }




        location /{
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NetType-WT 1;
        proxy_pass
        }


    }


    server {
        listen       80;
        server_name  live.haorensafe.com recommend.haorensafe.com;
        index  index.html index.php;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)  
        {
                proxy_cache image;
                proxy_cache_methods GET HEAD;
                proxy_cache_min_uses 1;
                proxy_cache_valid 200 302 5m;
                proxy_cache_valid 404 1m;
                proxy_cache_valid any 1m;
                proxy_cache_key "$host:$server_port$uri$is_args$args";


                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header NetType-WT 1;
                proxy_pass
        }


        location /{
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NetType-WT 1;
        proxy_pass
        }


    }




}

cat rsyncd.conf
pid file = /var/run/rsyncd.pid
uid = nobody
gid = nobody
max connections = 36000
log file = /var/log/rsync.log
transfer logging = yes
log format = %t %a %m %f %b
syslog facility = local3
syslog facility = local5


[test]
Path=/tmp/test
read only = false
use chroot = no
hosts allow = 18.16.10.18
uid=nobody
gid=nobody
secrets file = /etc/rsync_pwd.ps


阅读(1632) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~