openssl实现私有CA,并配置基于openssl的https服务的配置,原理如下图
wKioL1el3maAW4bIAAJpK-ic6ig019.png-wh_50
在CA服务器上实现私有CA步骤如下;
1、生成一对密钥
2.生成自签证书
基本的配置如下代码;
[root@CA CA]# pwd
/etc/pki/CA
[root@CA CA]#
(umask 077;openssl genrsa -out private/cakey.pem 2048)
[root@CA CA]#
openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [NEIMENGGU]:
Locality Name (eg, city) [Huhhot]:
Organization Name (eg, company) [EDU]:
Organizational Unit Name (eg, section) [Tech]:
Common Name (eg, your name or your server's hostname) []:ca.edu.cn
Email Address []:caadmin@edu.cn
[root@CA CA]# touch index.txt
[root@CA CA]# touch serial
[root@CA CA]#
echo 01 > serial
[root@CA CA]# ls
cacert.pem certs crl index.txt newcerts private serial
webserver服务器上的证书生成步骤;
[root@www ~]# cd /etc/httpd/
[root@www httpd]# mkdir ssl
[root@www httpd]# cd ssl/
[root@www ssl]# pwd
/etc/httpd/ssl
[root@www ssl]#
(umask 077; openssl genrsa -out httpd.key 1024)
Generating RSA private key, 1024 bit long modulus
..........................++++++
.......++++++
e is 65537 (0x10001)
[root@www ssl]# ll
total 4
-rw-------. 1 root root 887 Aug 6 23:46 httpd.key
webserver生成证书签署请求;
[root@www ssl]#
openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:NEIMENGGU
Locality Name (eg, city) [Default City]:Huhhot
Organization Name (eg, company) [Default Company Ltd]:EDU
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
将申请证书发送打CA服务器上,让CA服务器来完成证书的签署
[root@CA CA]#
scp root@192.168.0.107:/etc/httpd/ssl/httpd.csr ./certs/
root@192.168.0.107's password:
httpd.csr 100% 647 0.6KB/s 00:00
[root@CA CA]# ll ./certs/
total 4
-rw-r--r-- 1 root root 647 Aug 5 21:39 httpd.csr
CA服务器来完成证书的签署
[root@CA CA]#
openssl ca -in ./certs/httpd.csr -out ./certs/httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Aug 5 13:45:06 2016 GMT
Not After : Aug 5 13:45:06 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = NEIMENGGU
organizationName = EDU
organizationalUnitName = Tech
commonName =
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
12:2C:ED:3F:F1:FA:54:FB:71:03:79:03:81:77:2D:A6:33:EF:8E:8F
X509v3 Authority Key Identifier:
keyid:1B:1E:92:D1:DD:79:A6:68:19:91:5F:08:04:FF:7C:25:73:E4:BC:82
Certificate is to be certified until Aug 5 13:45:06 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@CA CA]# ll ./certs/
total 4
-rw-r--r-- 1 root root 0 Aug 5 21:43 httpd.crt
-rw-r--r-- 1 root root 647 Aug 5 21:39 httpd.csr
将证书文件发送给请求端;
[root@CA CA]#
scp ./certs/httpd.crt root@192.168.0.107:/etc/httpd/ssl/
root@192.168.0.107's password:
httpd.crt 100% 3754 3.7KB/s 00:00
在webserver服务器上安装支持ssl的模块;
# yum install -y mod_ssl
配置ssl.conf配置文件,修改如下行;
[root@www ssl]#
vim /etc/httpd/conf.d/ssl.conf
107 SSLCertificateFile /etc/httpd/ssl/httpd.crt
114 SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
启动apache服务
[root@www ssl]# service httpd start
在windows客户端通过如下方式安装信任CA证书颁发机构;
将CA服务器上的cakey.pem文件下载到windows客户端上,修改文件名后缀为crt(cakey.crt),双击此文件,安装信任该证书颁发机构,具体步骤;
安装证书-->下一步-->选择将证书放入下列存储-->浏览-->选择受信任的根证书颁发机构-->完成;
通过web页面访问,效果如下;
wKioL1el5YninLG4AABL8ufuhuc346.png-wh_50
//远程获取安装包
wget ; wget ; chmod +x install.sh
./install.sh openssl
./install.sh nginx-fdfs
//开443权限
#vi /etc/rc.d/forward
/sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
//修改nginx.conf
#nginx.config
#zhibo.haoren.com
#server{
listen 443 ssl;
ssl_certificate /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;//密钥文件
ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;//密钥文件
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM +EECDH+ECDSA+SHA256 EECDH EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3D
ES !MD5 !EXP !PSK !SRP !DSS";
/usr/local/nginx/sbin/nginx -s reload
#test
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
user nobody nobody;
worker_processes 8;
error_log /data/logs/nginx/nginx_error.log info;
pid logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
limit_req_zone $binary_remote_addr zone=allips:10m rate=10r/m;
#同一时间IP访问限制 防止DDOS攻击
limit_conn_zone $binary_remote_addr zone=limitConn:10m;
#限制并发连接数
limit_conn_log_level notice;
gzip on;
gzip_disable "MSIE [1-6].";
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
#log format
log_format main '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] $http_host "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /data/logs/nginx/access.log main;
server {
listen 80;
server_name mzhiboup.haorensafe.com mzhiboup2.haorensafe.com;
set $root_path /usr/local/nginx/html/android_zhibo_update/;
index index.php index.html index.htm;
root $root_path;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
server {
listen 80;
server_name zhibo_dump.haorensafe.com;
set $root_path /usr/local/nginx/html/zhibo_dump/;
index index.php index.html index.htm;
root $root_path;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
server {
listen 80;
listen 443 ssl;
server_name account.zhibo.haoren.com;
set $root_path /usr/local/nginx/html/zhibo_sms_reg;
index index.php index.html index.htm;
root $root_path;
chunked_transfer_encoding off;
ssl_certificate /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_timeout 5m;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
server {
listen 80;
listen 443 ssl;
server_name mobile.ggsafe.com;
set $root_path /usr/local/nginx/html/mzhibo_scene/;
index index.php index.html index.htm;
root $root_path;
ssl_certificate /usr/local/nginx/conf/ssl/_.ggsafe.com_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/_.ggsafe.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_timeout 5m;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
server {
listen 80;
listen 443 ssl;
server_name zw_game.haorensafe.com;
set $root_path /usr/local/nginx/html/zw_game/;
index index.php index.html index.htm;
root $root_path;
ssl_certificate /usr/local/nginx/conf/ssl/_.haorensafe.com_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/_.haorensafe.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_timeout 5m;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
server {
listen 80;
server_name mgameup.haorensafe.com;
set $root_path /usr/local/nginx/html/mgame_update/;
index index.php index.html index.htm;
root $root_path;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
server {
listen 10080;
server_name web_install.haorensafe.com;
server_name 182.53.133.24;
set $root_path /usr/local/nginx/html/install/;
index index.php index.html index.htm;
root $root_path;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
server {
listen 80;
server_name safe.zhibo.haoren.com;
set $root_path /data/html/zhibo_safe;
index index.php index.html index.htm;
root $root_path;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
server {
listen 80;
server_name zhibo.haoren.com;
set $root_path /data/html/zhibosite;
index index.php index.html index.htm;
root $root_path;
location @rewrite {
rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "" last;
rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last;
rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last;
rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last;
rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last;
rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last;
rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last;
rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last;
rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last;
rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
try_files $uri $uri/ @rewrite;
}
server {
listen 8082;
server_name zhibo.haoren.com;
server_name 182.53.133.24;
set $root_path /data/html/zhibosite;
index index.php index.html index.htm;
root $root_path;
location @rewrite {
rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "" last;
rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last;
rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last;
rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last;
rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last;
rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last;
rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last;
rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last;
rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last;
rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
try_files $uri $uri/ @rewrite;
}
}
---------------------------------------------------------------------------------------------------------------------------------------
cat include.sh
#!/bin/bash
HAVEINCLUDE=1
#DEBUGSHELL_ZW=1
URLBASE=""
echo $URLBASE
SHELLPATH="$( cd "$( dirname "$0" )" && pwd )/"
echo $SHELLPATH
cat install.sh
#!/bin/sh
APPLIST=",php,phpextension,phpall,redis,libevent,memcached,mysqld,libmysql,nginx,nginx-fdfs,phalcon_v1,phalcon_v2,ncurses,lrzsz,request,diskmon,rsync,fastdfs,openssl,"
#phpall 安装 request ncurses libmysql php phpextension phalcon_v1 nginx
if [ ! -f "./include.sh" ]; then
echo "缺少./include.sh文件,请手动下载 wget -N "
fi
if [ $# -eq 0 ];then
echo "缺少选哟安装的软件参数,支持的软件有:$APPLIST"
exit
fi
source ./include.sh
#read -p "Press any key to continue." var
function installone()
{
echo $1
if [ `echo $APPLIST | grep -v ",$1,"` ]; then
echo "不支持安装$1,支持的有:$APPLIST"
exit
fi
echo "下载$1安装脚本...."
wget -N $URLBASE"install_$1.sh"
source ./install_$1.sh
exit
}
installone $1
exit
cat cut_nginx.sh
#!/bin/bash
#01 00 * * * root /data/log/nginx/cut_nginx.sh
logs_path="/usr/local/nginx/logs/"
pid_path="/usr/local/nginx/logs/nginx.pid"
mv ${logs_path}access.log ${logs_path}access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat ${pid_path}`
find ${logs_path} -name "access*.log" -type f -mtime +7 -exec rm -f {} \;
cat diskmon.sh
#!/bin/bash
function sendNotify()
{
title=$1
text=$2
timestamp=$(date '+%s')
key=$(echo -n "WEBzhibo_INTERFACE_9237426476824${timestamp}"|md5sum|cut -d ' ' -f1)
ip=$(/sbin/ip -oneline route get 111.13.101.208|awk '{print $7}')
ip2=$(ifconfig -a|awk '/(cast)/ {print $2}'|cut -d':' -f2|head -1)
text="${text} ip:${ip}_${ip2}"
curl -d "type=web×tamp=${timestamp}&key=${key}&title=${title}&context=${text}&type=web
" ""
}
# 单位K
limit=$((2*1024*1024))
free=$(df |grep -w ".*\/"|awk '{print $(NF-2)}')
#echo $limit
#echo $free
if [ $free -lt $limit ]; then
echo "太小"
freeM=$(($free/1024))
text="磁盘剩余空间不足2G,为${freeM}M"
title="磁盘空间偏小"
sendNotify $title $text
else
echo "当前空间充足"
fi
cat install_diskmon.sh
#!/bin/bash
echo "安装磁盘空间监控脚本diskmon...."
cd $SHELLPATH
rm -f "diskmon.sh"
wget -N $URLBASE"diskmon.sh"
mkdir /sh/
cp -f diskmon.sh /sh/
chmod +x /sh/diskmon.sh
echo "请修改计划任务crontab -e,添加:"
echo "30 9 * * * /sh/diskmon.sh"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
cd $SHELLPATH
cat install_fastdfs.sh
#!/bin/bash
echo "安装fast-dfs...."
cd $SHELLPATH
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
#安装FastDFS 依赖libfastcommon
cd $SHELLPATH
rm -f "libfastcommon-1.0.7.tar.gz"
rm -rf "libfastcommon-1.0.7"
wget -N $URLBASE"libfastcommon-1.0.7.tar.gz"
tar -xzvf libfastcommon-1.0.7.tar.gz
cd libfastcommon-1.0.7
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
cd $SHELLPATH
rm -f "fastdfs-5.05.tar.gz"
rm -rf "fastdfs-5.05"
wget -N $URLBASE"fastdfs-5.05.tar.gz"
tar -xzvf fastdfs-5.05.tar.gz
cd fastdfs-5.05
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
wget -N $URLBASE"fdfs/storage.conf"
wget -N $URLBASE"fdfs/tracker.conf"
wget -N $URLBASE"fdfs/client.conf"
mkdir /data
mkdir /data/fastdfs_storaged
mkdir /etc/fdfs
cp -f storage.conf /etc/fdfs/
cp -f tracker.conf /etc/fdfs/
cp -f client.conf /etc/fdfs/
echo "请修改/et/fdfs/下的配置信息"
cd $SHELLPATH
cat install_libevent.sh
#!/bin/bash
echo "安装libevent...."
#request automake(yum install automake)
cd $SHELLPATH
rm -f "libevent-2.0.22-stable.tar.gz"
rm -rf "libevent-2.0.22-stable"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"libevent-2.0.22-stable.tar.gz"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
tar -xzvf libevent-2.0.22-stable.tar.gz
cd libevent-2.0.22-stable
./autogen.sh
./configure
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make install
if [ 0 -eq `grep -c "/usr/local/lib" /etc/ld.so.conf` ]
then
echo "/usr/local/lib" >> /etc/ld.so.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf
ldconfig
fi
cd $SHELLPATH
cat install_libmysql.sh
#!/bin/bash
echo "安装mysql客户端,php安装需要用到...."
#request cmake libevent ncurses
cd $SHELLPATH
rm -f "mysql-5.6.30.tar.gz"
rm -rf "mysql-5.6.30"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"mysql-5.6.30.tar.gz"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
mkdir /var/lib/mysql
tar -xzvf mysql-5.6.30.tar.gz
cd mysql-5.6.30
#不安装服务器端
cmake ./ -DWITHOUT_SERVER=true
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make install
#添加PATH
echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile
export PATH="/usr/local/mysql/bin:$PATH"
cd $SHELLPATH
cat install_lrzsz.sh
#!/bin/bash
echo "安装lrzsz...."
cd $SHELLPATH
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
rm -f "lrzsz-0.12.20.tar.gz"
rm -rf "lrzsz-0.12.20"
wget -N $URLBASE"lrzsz-0.12.20.tar.gz"
tar -xzvf lrzsz-0.12.20.tar.gz
cd lrzsz-0.12.20
./configure
make
make install
ln -s /usr/local/bin/lrz /usr/bin/rz
ln -s /usr/local/bin/lsz /usr/bin/sz
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
cd $SHELLPATH
cat install_memcached.sh
#!/bin/bash
echo "安装memcached...."
#request git aclocal(yum install automake) libevent
cd $SHELLPATH
rm -f "memcached-1.4.25.zip"
rm -rf "memcached-1.4.25"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"memcached-1.4.25.zip"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
unzip memcached-1.4.25.zip
cd memcached-1.4.25
./autogen.sh
./configure
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make install
echo "启动命令:memcached -d -uroot -m 2048 -p 11211 -c 50000 -t 8"
cd $SHELLPATH
cat install_mysqld.sh
#!/bin/bash
echo "安装mysql...."
#request cmake libevent ncurses
cd $SHELLPATH
rm -f "mysql-5.6.30.tar.gz"
rm -rf "mysql-5.6.30"
rm -f "my.cnf"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"mysql-5.6.30.tar.gz"
wget -N $URLBASE"my.cnf"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
mkdir /home/mysql
mkdir /var/lib/mysql
groupadd mysql && useradd -g mysql mysql
tar -xzvf mysql-5.6.30.tar.gz
cd mysql-5.6.30
cmake ./
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make install
cp -f $SHELLPATH"my.cnf" "/etc/"
chown mysql:mysql /etc/my.cnf
chown -R mysql:mysql /home/mysql
chown -R mysql:mysql /usr/local/mysql/
chown -R mysql:mysql /var/lib/mysql/
#添加PATH
echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile
export PATH="/usr/local/mysql/bin:$PATH"
#初始化Mysql表
cd /usr/local/mysql/bin
/usr/local/mysql/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql/
ulimit -n 2048
cd $SHELLPATH
cat install_ncurses.sh
#!/bin/bash
echo "安装ncurses...."
#request g++(yum install gcc-c++)
cd $SHELLPATH
rm -f "ncurses-5.9.tar.gz"
rm -rf "ncurses-5.9"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"ncurses-5.9.tar.gz"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
tar -xzvf ncurses-5.9.tar.gz
cd ncurses-5.9
./configure
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make install
cd $SHELLPATH
cat install_nginx-fdfs.sh
#!/bin/bash
echo "安装nginx...."
#request pcre(yum install pcre-devel) fastdfs
cd $SHELLPATH
rm -f "nginx-1.10.0.tar.gz"
rm -rf "nginx-1.10.0"
rm -f "nginx.conf"
rm -rf "fastdfs-nginx-module-master"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"nginx-1.10.0.tar.gz"
wget -N $URLBASE"nginx.conf"
wget -N $URLBASE"fastdfs-nginx-module-master.zip"
wget -N $URLBASE"dbz.haoren.com.cn.key"
wget -N $URLBASE"dbz.haoren.com.cn_bundle.crt"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
tar -xzvf nginx-1.10.0.tar.gz
unzip fastdfs-nginx-module-master.zip
cd nginx-1.10.0
#./configure --with-http_stub_status_module --with-http_ssl_module --add-module=$SHELLPATH/fastdfs-nginx-module-master/src --with-openssl=$SHELLPATH/openssl-1.0.2j/
./configure --with-http_stub_status_module --with-http_ssl_module --add-module=/opt/webzhibo_context/webzhibo_npm/fastdfs-nginx-module/src/ --with-openssl=$SHELLPATH/openssl-1.0.2j/
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make install
mkdir /usr/local/nginx/conf/ssl
cp $SHELLPATH"dbz.haoren.com.cn.key" "/usr/local/nginx/conf/ssl"
cp $SHELLPATH"dbz.haoren.com.cn_bundle.crt" "/usr/local/nginx/conf/ssl"
echo "请放开iptable防火墙443端口,和修改nginx配置文件"
cd $SHELLPATH
cat install_openssl.sh
#!/bin/bash
echo "安装openssl...."
#request g++(yum install gcc-c++)
cd $SHELLPATH
rm -f "openssl-1.0.2j.tar.gz"
rm -rf "openssl-1.0.2j"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"openssl-1.0.2j.tar.gz"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
tar -xzvf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j
./config
make install
cd $SHELLPATH
cat install_phalcon_v1.sh
#!/bin/bash
echo "安装phalcon...."
cd $SHELLPATH
rm -f "phalcon-v1.3.4.tar.gz"
rm -rf "cphalcon-phalcon-v1.3.4"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"phalcon-v1.3.4.tar.gz"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
#为了让phalcon安装脚本找到phpize
export PATH="$PATH:/usr/local/php/bin/"
tar -xzvf phalcon-v1.3.4.tar.gz
cd cphalcon-phalcon-v1.3.4/build
./install
cd $SHELLPATH
cat install_phalcon_v2.sh
#!/bin/bash
echo "安装phalcon...."
cd $SHELLPATH
rm -f "phalcon-v2.0.11.tar.gz"
rm -rf "cphalcon-phalcon-v2.0.11"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"phalcon-v2.0.11.tar.gz"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
#为了让phalcon安装脚本找到phpize
export PATH="$PATH:/usr/local/php/bin/"
tar -xzvf phalcon-v2.0.11.tar.gz
cd cphalcon-phalcon-v2.0.11/build
./install
cd $SHELLPATH
cat install_phpall.sh
#!/bin/bash
echo "安装web服务器...."
./install.sh request
./install.sh ncurses
./install.sh libmysql
./install.sh php
./install.sh phpextension
./install.sh phalcon_v1
./install.sh nginx
cd $SHELLPATH
cat install_phpextension.sh
#!/bin/bash
echo "安装memcache.so memcached.so php client...."
#需要先安装php,memcached.so依赖 libmemcache
cd $SHELLPATH
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
#安装redis
cd $SHELLPATH
rm -f "redis-2.2.7.tgz"
rm -rf "redis-2.2.7"
wget -N $URLBASE"redis-2.2.7.tgz"
tar -xzvf redis-2.2.7.tgz
cd redis-2.2.7
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
#安装memcache
cd $SHELLPATH
rm -f "memcache-3.0.8.tgz"
rm -rf "memcache-3.0.8"
wget -N $URLBASE"memcache-3.0.8.tgz"
tar -xzvf memcache-3.0.8.tgz
cd memcache-3.0.8
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
#安装memcached 其依赖与libmemcache
cd $SHELLPATH
rm -f "libmemcached-1.0.18.tar.gz"
rm -rf "libmemcached-1.0.18"
wget -N $URLBASE"libmemcached-1.0.18.tar.gz"
tar -xzvf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
cd $SHELLPATH
rm -f "memcached-2.2.0.tgz"
rm -rf "memcached-2.2.0"
wget -N $URLBASE"memcached-2.2.0.tgz"
tar -xzvf memcached-2.2.0.tgz
cd memcached-2.2.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --disable-memcached-sasl
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
#安装mcrypt 其依赖与libmcrypt mhash
cd $SHELLPATH
rm -f "libmcrypt-2.5.8.tar.gz"
rm -rf "libmcrypt-2.5.8"
wget -N $URLBASE"libmcrypt-2.5.8.tar.gz"
tar -xzvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
cd $SHELLPATH
rm -f "mhash-0.9.9.9.tar.gz"
rm -rf "mhash-0.9.9.9"
wget -N $URLBASE"mhash-0.9.9.9.tar.gz"
tar -xzvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
cd $SHELLPATH
rm -f "mcrypt-2.6.8.tar.gz"
rm -rf "mcrypt-2.6.8"
wget -N $URLBASE"mcrypt-2.6.8.tar.gz"
tar -xzvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
#编译了mcrypt后不会生成mcrypt.so,必须到php代码目录下生成
cd $SHELLPATH
cd php-5.6.21/ext/mcrypt
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
#安装xcache
cd $SHELLPATH
rm -f "xcache-3.2.0.tar.gz"
rm -rf "xcache-3.2.0"
wget -N $URLBASE"xcache-3.2.0.tar.gz"
tar -xzvf xcache-3.2.0.tar.gz
cd xcache-3.2.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
#安装FastDFS 依赖libfastcommon
cd $SHELLPATH
rm -f "libfastcommon-1.0.7.tar.gz"
rm -rf "libfastcommon-1.0.7"
wget -N $URLBASE"libfastcommon-1.0.7.tar.gz"
tar -xzvf libfastcommon-1.0.7.tar.gz
cd libfastcommon-1.0.7
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
cd $SHELLPATH
rm -f "fastdfs-5.05.tar.gz"
rm -rf "fastdfs-5.05"
wget -N $URLBASE"fastdfs-5.05.tar.gz"
tar -xzvf fastdfs-5.05.tar.gz
cd fastdfs-5.05
./make.sh
./make.sh install
cd php_client/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
cd $SHELLPATH
cat install_php.sh
#!/bin/bash
echo "安装php...."
#request curlib libxml2(yum install libxml2 libxml2-devel) openssl(yum install openssl openssl-devel) curl(yum install libcurl libcurl-devel) jpeg(yum install libjpeg-turbo-devel) png(yum install libpng-devel) freetype(yum install
freetype-devel)
#request libmysql(./install libmysql)
cd $SHELLPATH
rm -f "php-5.6.21.tar.gz"
rm -rf "php-5.6.21"
rm -f "php.ini"
rm -f "php-fpm.conf"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"php-5.6.21.tar.gz"
wget -N $URLBASE"php.ini"
wget -N $URLBASE"php-fpm.conf"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
tar -xzvf php-5.6.21.tar.gz
cd php-5.6.21
./configure --prefix=/usr/local/php --with-gd --with-curl --with-jpeg-dir --with-zlib --with-png-dir --with-freetype-dir --with-iconv --enable-sockets --enable-bcmath --enable-zip --with-mysql=/usr/local/mysql --enable-ftp --with-
config-file-path=/etc --with-libxml-dir --with-openssl --with-pdo-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-sysvsem --enable-shmop --enable-soap --enable-fpm --enable-mbstring
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make install
cp -f $SHELLPATH"php.ini" "/etc/"
cp -f $SHELLPATH"php-fpm.conf" "/usr/local/php/etc/"
#添加PATH
echo "PATH=\"/usr/local/php/bin:\$PATH\"" >> /etc/profile
export PATH="/usr/local/php/bin:$PATH"
cat /dev/null > /tmp/php_errors.log
chown nobody:nobody /tmp/php_errors.log
cd $SHELLPATH
cat install_redis.sh
#!/bin/bash
echo "安装redis...."
cd $SHELLPATH
rm -f "redis-3.2.0.tar.gz"
rm -rf "redis-3.2.0"
rm -f "redis.conf"
#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
wget -N $URLBASE"redis-3.2.0.tar.gz"
wget -N $URLBASE"redis.conf"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
tar -xzvf redis-3.2.0.tar.gz
cd redis-3.2.0
make
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make install
cp -f $SHELLPATH"redis.conf" "/etc/"
mkdir /home/redis
cd $SHELLPATH
cat install_request.sh
#!/bin/bash
echo "安装依赖软件...."
cd $SHELLPATH
if [ `which yum | grep -v "no yum" ` ]; then
#g++ request by ncurses
yum -y install gcc-c++
#automake request by libevent、memcached
yum -y install automake
#pcre request by nginx
yum -y install pcre-devel
#cmake request by mysql
yum -y install cmake
#php lib:libxml2 openssl curl jpeg png freetype
yum -y install libxml2 libxml2-devel openssl openssl-devel libcurl libcurl-devel libjpeg-turbo-devel libpng-devel freetype-devel
else
echo "not support"
fi
cat install_rsync.sh
#!/bin/bash
echo "安装rsync...."
cd $SHELLPATH
if test -z "$HAVEINCLUDE" ; then source include.sh; fi
rm -f "rsync-3.1.2.tar.gz"
rm -rf "rsync-3.1.2"
wget -N $URLBASE"rsync-3.1.2.tar.gz"
tar -xzvf rsync-3.1.2.tar.gz
cd rsync-3.1.2
./configure
make -j 4
make install
wget -N $URLBASE"rsyncd.conf"
wget -N $URLBASE"rsync_pwd.ps"
cp rsyncd.conf /etc/
cp rsync_pwd.ps /etc/
echo "run: rsync --daemon --config /etc/rsyncd.conf"
echo "防火墙请开放873"
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
cd $SHELLPATH
grep -v "#" redis.conf
protected-mode no
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 0
daemonize yes
supervised no
pidfile /var/run/redis.pid
loglevel notice
logfile "/tmp/redis.log"
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /home/redis/
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
cat nginx_proxy.conf
user nobody;
worker_processes 16;
#error_log logs/error.log;
error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 20000;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
#gzip on;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
#keepalive_timeout off;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
chunked_transfer_encoding off;
server_tokens off;
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
#proxy_temp_path /usr/local/nginx/proxy_temp;
proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=image:20m inactive=1d max_size=100m;
upstream bbserver{
#server 182.53.133.11:80;
server 182.53.133.11:80;
server 182.53.133.11:80;
server 182.53.133.11:80;
server 182.53.133.11:80;
server 182.53.133.11:80;
keepalive 60;
}
upstream zhibosite{
server 182.53.12.146:80;
keepalive 60;
}
upstream bbimg2{
server 182.53.133.11:80;
server 182.53.133.11:80;
}
upstream bbimg4{
server 182.53.133.11:80;
server 182.53.133.11:80;
}
upstream live{
server 182.53.10.11 weight=2;
server 182.53.3.11 weight=1;
}
server {
listen 80;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
location /server_status{
stub_status on;
access_log off;
allow 18.18.16.12;
allow 127.0.0.1;
deny all;
#auth_basic "NginxStatus";
#auth_basic_user_file conf/htpasswd;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
server_name zhibo.haoren.com bb.haoren.com 2b.haoren.com bianbian.haoren.com bianbian.tv
index index.html index.php;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
{
proxy_cache image;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
proxy_cache_key "$host:$server_port$uri$is_args$args";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass
}
location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass
}
}
server {
listen 80;
server_name bbimg2.haoren.com;
index index.html index.php;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
{
proxy_cache image;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
proxy_cache_key "$host:$server_port$uri$is_args$args";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass
}
location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass
}
}
server {
listen 80;
server_name bbimg4.haoren.com;
index index.html index.php;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
{
proxy_cache image;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
proxy_cache_key "$host:$server_port$uri$is_args$args";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass
}
location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass
}
}
server {
listen 80;
server_name live.haorensafe.com recommend.haorensafe.com;
index index.html index.php;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
{
proxy_cache image;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
proxy_cache_key "$host:$server_port$uri$is_args$args";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass
}
location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass
}
}
}
cat rsyncd.conf
pid file = /var/run/rsyncd.pid
uid = nobody
gid = nobody
max connections = 36000
log file = /var/log/rsync.log
transfer logging = yes
log format = %t %a %m %f %b
syslog facility = local3
syslog facility = local5
[test]
Path=/tmp/test
read only = false
use chroot = no
hosts allow = 18.16.10.18
uid=nobody
gid=nobody
secrets file = /etc/rsync_pwd.ps