作者:丁令 由于工作原因,需要搭建linux环境。 选择Ubuntu7.1 server的原因是比较干净,生产服务器上不要搞那么多乱七八糟的东西。 Ubuntu7.1 server是一个非常干净的系统,连图形界面都没有,于是鼠标用不上了。 安装Ubuntu非常简单,不再多述。注意几点: 1、安装之前先插上网线 2、除了OpenSSH,不装其它任何的服务器软件,Apache/Mysql/PHP都不装,后面使用源码自己编译安装 Ubuntu安装后的配置: 1、启用root用户 sudo passwd root 输入密码后: su 即可用root用户完成后面的配置与维护。 2、配置网络 如果在安装时没有配置好网络环境,可手工配置: vi /etc/network/interfaces 根据环境正确配置即可。重启网络: /etc/init.d/networking restart 3、配置apt-get的更新位置 如果想使用最新版本的各种包,此步必须。 vi /etc/apt/sources.list 编辑文件,主要是禁止从cdrom安装软件,而从网上下载最新的版本。 # # deb cdrom:[Ubuntu-Server 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/ gutsy main restricted #deb cdrom:[Ubuntu-Server 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/ gutsy main restricted # See http://help./community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://ubuntu./ubuntu/ gutsy main restricted deb-src http://ubuntu./ubuntu/ gutsy main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://ubuntu./ubuntu/ gutsy-updates main restricted deb-src http://ubuntu./ubuntu/ gutsy-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## universe WILL NOT receive any review or updates from the Ubuntu security ## team. deb http://ubuntu./ubuntu/ gutsy universe deb-src http://ubuntu./ubuntu/ gutsy universe deb http://ubuntu./ubuntu/ gutsy-updates universe deb-src http://ubuntu./ubuntu/ gutsy-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://ubuntu./ubuntu/ gutsy multiverse deb-src http://ubuntu./ubuntu/ gutsy multiverse deb http://ubuntu./ubuntu/ gutsy-updates multiverse deb-src http://ubuntu./ubuntu/ gutsy-updates multiverse ## Uncomment the following two lines to add software from the ‘backports’ ## repository. ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. # deb http://ubuntu./ubuntu/ gutsy-backports main restricted universe multiverse # deb-src http://ubuntu./ubuntu/ gutsy-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical’s ## ‘partner’ repository. This software is not part of Ubuntu, but is ## offered by Canonical and the respective vendors as a service to Ubuntu ## users. # deb http://archive./ubuntu gutsy partner # deb-src http://archive./ubuntu gutsy partner deb http://security./ubuntu gutsy-security main restricted deb-src http://security./ubuntu gutsy-security main restricted deb http://security./ubuntu gutsy-security universe deb-src http://security./ubuntu gutsy-security universe deb http://security./ubuntu gutsy-security multiverse deb-src http://security./ubuntu gutsy-security multiverse 4、更新Ubuntu: apt-get update apt-get upgrade 此步需要花费大概30分钟,如果出现网络错误可重新执行或加上–fix-missing参数重新执行。 5、安装各种软件包 可一次安装N个: apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential 上面的命令要放在一行执行。这些包基本都是后面需要使用的或者平时也经常可以用到的,可根据自己需要选择。 6、安装libncurses5-dev 很多朋友在使用源码安装软件时在make时出现错误,就是因为没有安装这个包: checking for termcap functions library… configure: error: No curses/termcap library found 解决办法: apt-get install libncurses5-dev 7、增加ll别名 以前用fedora core时都有ll命令,Ubuntu下没有,很不习惯,只好自己设置: vi ~/.bashrc 此文件中其实已经有别名的配置,只是已经注释掉了,去掉注释即可,同时为vi设置别名为vim。 alias ll=’ls -l’ alias la=’ls -A’ alias l=’ls -CF’ alias vi=’vim’ Ubuntu 7.1 server从无到有搭建全能WEB生产环境(二) 正式开始安装软件,这部分主要是mysql/apache的安装。 一、安装mysql mysql使用utf-8作为默认编码: groupadd mysql useradd -g mysql mysql tar -zxvf mysql-5.0.45.tar.gz cd mysql-5.0.45 ./configure –prefix=/usr/local/mysql –with-charset=utf8 –with-collation=utf8_general_ci –with-extra-charsets=latin1 make make install cp support-files/my-medium.cnf /etc/my.cnf cd /usr/local/mysql bin/mysql_install_db –user=mysql chown -R root . chown -R mysql var chgrp -R mysql . bin/mysqld_safe –user=mysql & 将mysql加入PATH: vi /etc/profile 增加: PATH=/usr/local/mysql/bin:”${PATH}” 让mysql随系统一起启动 cp support-files/mysql.server /etc/init.d/mysqld cd /etc/init.d update-rc.d mysqld defaults 重启服务器,验证mysql是否能随系统正常启动,启动后: mysql 如果能直接进入则说明启动成功。 为了安全,修改root密码: mysql>use mysql mysql>UPDATE user SET password=PASSWORD(’new_password’) WHERE user=’root’; mysql>FLUSH PRIVILEGES; mysql>exit 二、安装apache 1、安装apache前,先安装openssl,因为后面要配置apache支持https协议: tar -zxvf openssl-0.9.8e.tar.gz cd openssl-0.9.8e ./config –prefix=/usr/local/ssl make make test make install 2、安装apache,configure参数可根据需要调整。 tar -zxvf httpd-2.2.6.tar.gz cd httpd-2.2.6 ./configure –prefix=/usr/local/apache –enable-modules=all –enable-rewrite –enable-forward –enable-ssl –with-ssl=/usr/local/ssl –enable-mods-shared=all –enable-deflate –enable-proxy –enable-proxy-balancer –enable-proxy-http make make install 修改conf/httpd.conf的ServerName: ServerName 127.0.0.1:80 测试apache是否正常 让apache随系统一起启动 cp /usr/local/apache/bin/apachectl /etc/init.d/httpd cd /etc/init.d update-rc.d httpd defaults Ubuntu 7.1 server从无到有搭建全能WEB生产环境(三) 三、安装PHP 先安装php需要的一些包。 1、安装libxml2: apt-get install libxml2 libxml2-dev tar -zxvf zlib-1.2.3.tar.gz cd zlib-1.2.3 ./configure –prefix=/usr/local/zlib make make install 2、安装jpeg: tar -zxvf jpegsrc.v6b.tar.gz cd jpeg-6b mkdir /usr/local/jpeg mkdir /usr/local/jpeg/bin mkdir /usr/local/jpeg/lib mkdir /usr/local/jpeg/include mkdir /usr/local/jpeg/man mkdir /usr/local/jpeg/man/man1 ./configure –prefix=/usr/local/jpeg –enable-shared –enable-static make make install 3、安装libpng: tar -zxvf libpng-1.2.16.tar.gz cd libpng-1.2.16 ./configure –prefix=/usr/local/libpng make make install 4、安装freetype: tar -zxvf freetype-2.3.3.tar.gz cd freetype-2.3.3 ./configure –prefix=/usr/local/freetype make make install 5、安装gd: tar -zxvf gd-2.0.33.tar.gz cd gd-2.0.33 ./configure –prefix=/usr/local/gd –with-jpeg=/usr/local/jpeg –with-freetype=/usr/local/freetype –with-png –with-zlib make make install 6、安装curl: tar -zxvf curl-7.16.1.tar.gz cd curl-7.16.1 mkdir -p /usr/local/curl ./configure –prefix=/usr/local/curl –with-ssl make make install 7、安装libiconv: tar -zxvf libiconv-1.11.tar.gz cd libiconv-1.11 ./configure –prefix=/usr/local/iconv make make install 8、正式安装PHP: 参数比较多,可根据需要安装,一般情况下这些已经够了。 tar -zxvf php-5.2.5.tar.gz cd php-5.2.5 ./configure –prefix=/usr/local/php –with-apxs2=/usr/local/apache/bin/apxs –with-config-file-path=/usr/local/apache/conf –enable-magic-quotes –with-openssl=/usr/local/ssl –with-zlib=/usr/local/zlib –with-zlib-dir=/usr/local/zlib –with-curl=/usr/local/curl –enable-ftp –with-openssl-dir=/usr/local/ssl –with-gd=/usr/local/gd –with-jpeg-dir=/usr/local/jpeg –with-png-dir=/usr/local/libpng –with-freetype-dir=/usr/local/freetype –enable-gd-native-ttf –enable-mbstring –with-mysql=/usr/local/mysql –with-pdo-mysql=/usr/local/mysql –enable-soap –enable-sockets –enable-zip –with-iconv –enable-zend-multibyte –with-mysql-sock=/tmp/mysql.sock –enable-sqlite-utf8 make make test make install cp php.ini-dist /usr/local/apache/conf/php.ini 9、安装ZendOptimizer-3.3.0a tar -zxvf ZendOptimizer-3.3.0a-linux-glibc21-i386.tar.gz cd ZendOptimizer-3.3.0a-linux-glibc21-i386 ./install.sh 安装过程中指定ZendOptimizer的安装目录及php.ini所在的路径即可 10、让apache支持PHP: vi /usr/local/apache/conf/httpd.conf 在最后加上: AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps 将<Directory “/usr/local/apache/htdocs”>修改为: <Directory “/home/dingl/php-web/test”> 修改DocumentRoot为”/home/dingl/php-web/test” 在此目录下新建index.php文件,内容如下: <?php phpinfo()?> 打开http://192.168.1.xx/index.php即可看到php的信息,说明php安装成功 重启服务器即可看到Apache与Resin同时启动了,使用http://www./即可正常访问! Ubuntu 7.1 server从无到有搭建全能WEB生产环境(四) 四、JAVA环境的安装 JSP容器我推荐使用Resin,一是作为生产环境Resin比Tomcat更加优秀,二是我对Resin比较熟,使用已经有6年之久。 当然,也可以同时安装Resin和Tomcat与Apache一起使用。此次安装同时也安装了Tomcat,不过没有与Apache结合,直接使用非80端口提供服务。鉴于Tomcat安装更加简单,此系列文章不包含Tomcat的安装。 1、安装jdk chmod 755 jdk-1_5_0_11-linux-i586.bin ./jdk-1_5_0_11-linux-i586.bin cp -r jdk1.5.0_11 /usr/local/java 2、修改环境变量: vi /etc/profile 在最后加上: JAVA_HOME=/usr/local/java export JAVA_HOME PATH=”${JAVA_HOME}”/bin:/usr/local/mysql/bin:”${PATH}” export PATH 3、安装resin: tar -zxvf resin-pro-3.1.3.tar.gz cd resin-pro-3.1.3 ./configure –with-apache=/usr/local/apache make make install cp -r /home/dingl/soft/resin-pro-3.1.3 /usr/local/resin cd /usr/local/resin 4、修改环境变量: vi /etc/profile JRE_HOME=”${JAVA_HOME}”/jre export JRE_HOME CLASSPATH=.:”${JAVA_HOME}”/lib/tools.jar:”${JAVA_HOME}”/lib/dt.jar export CLASSPATH RESIN_HOME=/usr/local/resin export RESIN_HOME CLASSPATH=”${RESIN_HOME}”/lib/resin.jar:”${CLASSPATH} export CLASSPATH PATH=”${JAVA_HOME}”/bin:/usr/local/mysql/bin:”${PATH}” export PATH 5、配置resin启动环境: 退出重新用root登陆ssh vi /usr/local/resin/bin/httpd.sh 修改 exec $java -jar ${RESIN_HOME}/resin.jar $* 为 exec $java -jar ${RESIN_HOME}/lib/resin.jar $* 并在此行上面加: JAVA_HOME=/usr/local/java export JAVA_HOME RESIN_HOME=/usr/local/resin export RESIN_HOME PATH=${JAVA_HOME}/bin:${PATH} export PATH 6、测试resin: /usr/local/resin/bin/httpd.sh 如果能正常打开http://www.:8080/ 则说明resin安装成功 vi /usr/local/resin/conf/resin.conf 修改 <web-app id=”/” root-directory=”webapps/ROOT”/> 为 <web-app id=”/” root-directory=”/home/dingl/jsp-web/test/”/> 在/home/dingl/jsp-web/test/下新建一个index.jsp文件,内容如下: 2+2=<%=2+2%> 7、结合Apache和Resin: vi /usr/local/apache/conf/httpd.conf 将DocumentRoot “/home/dingl/php-web/test”修改为DocumentRoot “/home/dingl/jsp-web/test” 再加上以下一段: <Directory “/home/dingl/jsp-web/test”> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> 增加welcome文件列表,修改 <IfModule dir_module> DirectoryIndex index.html </IfModule> 为 <IfModule dir_module> DirectoryIndex index.html index.jsp index.php index.htm </IfModule> 重启resin及apache(注意一个重启顺序,先Resin再Apache): /usr/local/resin/bin/httpd.sh restart /usr/local/apache/bin/apachectl -k restart 分别访问: http://www.:8080/index.jsp http://www./index.jsp 浏览器显示2+2=4说明apache与resin整合成功 8、让resin随系统一起启动 resin在Ubuntun下的自启动按照官方文档是不行的,但是fedora core下是可以的。具体如下: cp /usr/local/resin/bin/httpd.sh /usr/local/resin/bin/resin-a.sh 然后测试使用resin-a.sh是否能正常启动并停止服务: /usr/local/resin/bin/resin-a.sh start /usr/local/resin/bin/resin-a.sh stop 如果不行,则路径配置有误。 cp /usr/local/resin/bin/resin-a.sh /etc/init.d/resin cd /etc/init.d update-rc.d resin defaults 重启服务器即可看到Apache与Resin同时启动了,使用http://www./即可正常访问! Ubuntu 7.1 server从无到有搭建全能WEB生产环境(五) 五、安装Rails环境 Rails环境使用Mongrel架设。 1、安装ruby tar -zxvf ruby-1.8.6.tar.gz cd ruby-1.8.6 ./configure –prefix=/usr/local/ruby make make install 将ruby加入PATH vi /etc/profile RUBY_HOME=/usr/local/ruby PATH=”${RUBY_HOME}”/bin:”${JAVA_HOME}”/bin:/usr/local/mysql/bin:”${PATH}” export PATH 退出root,重新用root登陆,验证ruby是否安装成功 ruby -v 显示版本号,说明安装成功 2、安装gem tar -zxvf rubygems-0.9.4.tgz cd rubygems-0.9.4 ruby setup.rb rubygems-0.9.5好像有问题,无论gem什么包都说ssl没有安装,重新安装个rubygems-0.9.4就没问题了。 3、安装rails/mongrel/termios apt-get install libssl-dev gem install rake –include-dependencies gem install rails –include-dependencies gem install termios –include-dependencies gem install mongrel –include-dependencies gem install mongrel_cluster –include-dependencies 生成一个默认站点(或者将已经开发的网站上传,并配置好数据库)后,转到站点目录 mongrel_rails cluster::configure -e production -p 8000 -N 3 -c /home/dingl/rails-web/ -a 127.0.0.1 在database.yml中配置好数据库,这里是生产环境,配置production段。 如果需要使用socket方式连接mysql,增加: socket: /tmp/mysql.sock 同时还可以指定数据传输编码: encoding: utf8 4、启动mongrel: mongrel_rails cluster::start 如果出现以下错误: Cannot find gem for Rails ~>1.2.3.0: Install the missing gem with ‘gem install -v=1.2.3 rails’ 则修改config/environment.rb里rails的版本号即可 5、配置Apache与Mongrel: 修改apache的配置文件: vi /usr/local/apache/conf/httpd.conf 在文件最后增加一个虚拟主机: <VirtualHost *:80> ServerName http://www./ RewriteEngine On DocumentRoot /home/dingl/rails-web/ ProxyRequests Off <Proxy balancer://mongrel_cluster> BalancerMember http://127.0.0.1:8000/ BalancerMember http://127.0.0.1:8001/ BalancerMember http://127.0.0.1:8002/ </Proxy> ProxyPass balancer://mongrel_cluster/images ! ProxyPass balancer://mongrel_cluster/stylesheets ! ProxyPass balancer://mongrel_cluster/javascrits ! ProxyPass / balancer://mongrel_cluster/ ProxyPassReverse / balancer://mongrel_cluster/ ProxyPreserveHost on </VirtualHost> 重启Mongrel_cluster和Apache,然后在IE中打开http://www./就可以正常访问了。 注意,这里不能使用http://www.:8000等直接访问,因为Mongrel配置为127.0.0.1,只能使用http://127.0.0.1:8000访问。 6、将mongrel设为随系统一同启动: ln -s /home/dingl/rails-web/config/mongrel_cluster.yml /etc/mongrel_cluster/app.yml cp /usr/local/ruby/lib/ruby/gems/1.8/gems/mongrel_cluster-1.0.5/resources/mongrel_cluster /etc/init.d/mongrel_cluster cd /etc/init.d chmod +x mongrel_cluster vi /etc/init.d/mongrel_cluster 在CONF_DIR之上加入一行: PATH=/usr/local/ruby/bin:/usr/local/ruby/lib/ruby/gems/1.8/gems/mongrel_cluster-1.0.5/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local:/usr/local/sbin:/usr/local/bin 这里要写完整的路径,不要引入另外一个变量 下面的USER=mongrel一行可根据需要设置一个用来启动的用户,如果没有创建mongrel用户,可修改为USER=root update-rc.d -f mongrel_cluster defaults 重启服务器后,能正常使用http://www./访问Rails应用了。 Ubuntu 7.1 server从无到有搭建全能WEB生产环境(六) 作为生产环境,经常需要使用SSL来支持https协议,这部分主要为Apache增加SSL支持。 六、配置apache支持ssl: 1、修改Apache配置文件: vi /usr/local/apache/conf/httpd.conf 确保两面这行没有被注释: LoadModule ssl_module modules/mod_ssl.so Include conf/extra/httpd-ssl.conf 再配置一个虚拟主机(可配置成xxx.,根据购买的SSL证书设置): <VirtualHost *:80> ServerName www. DocumentRoot /home/dingl/jsp-web ResinConfigServer localhost 6800 AddHandler caucho-request jsp AddHandler caucho-request xtp AddHandler caucho-request vm </VirtualHost> 2、修改ssl配置文件: vi /usr/local/apache/conf/extra/httpd-ssl.conf 修改成如下形式: Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache “shmcb:/usr/local/apache/logs/ssl_scache(512000)” SSLSessionCacheTimeout 300 SSLMutex “file:/usr/local/apache/logs/ssl_mutex” ## ## SSL Virtual Host Context ## <VirtualHost _default_:443> # General setup for the virtual host DocumentRoot “/home/dingl/jsp-web” ServerName www.:443 ServerAdmin you@example.com ErrorLog “/usr/local/apache/logs/error_log” TransferLog “/usr/local/apache/logs/access_log” # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile “/usr/local/apache/conf/.crt” #SSLCertificateFile “/usr/local/apache/conf/server-dsa.crt” SSLCertificateKeyFile “/usr/local/apache/conf/.key” #SSLCertificateKeyFile “/usr/local/apache/conf/server-dsa.key” #SSLCertificateChainFile “/usr/local/apache/conf/server-ca.crt” #SSLCACertificatePath “/usr/local/apache/conf/ssl.crt” #SSLCACertificateFile “/usr/local/apache/conf/ssl.crt/ca-bundle.crt” #SSLCARevocationPath “/usr/local/apache/conf/ssl.crl” #SSLCARevocationFile “/usr/local/apache/conf/ssl.crl/ca-bundle.crl” #SSLVerifyClient require #SSLVerifyDepth 10 ResinConfigServer 127.0.0.1 6800 AddHandler caucho-request jsp AddHandler caucho-request xtp AddHandler caucho-request vm <FilesMatch “\.(cgi|shtml|phtml|php)$”> SSLOptions +StdEnvVars </FilesMatch> <Directory “/usr/local/apache/cgi-bin”> SSLOptions +StdEnvVars </Directory> BrowserMatch “.*MSIE.*” \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog “/usr/local/apache/logs/ssl_request_log” \ “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b” </VirtualHost> 这时即可通过http://www./访问了。 Ubuntu 7.1 server从无到有搭建全能WEB生产环境(七) 作为服务器对外提供服务,不能不安装防火墙,这部分为Ubuntu7.1配置iptables。 在网上查看了很多关于Ubuntu下防火墙配置的文章,感觉都很麻烦。 在desktop版下,可以使用firestarter来配置iptables。 在server中也有shorewall工具来配置。 仔细研究了一下iptables的配置,发现都是使用iptables命令来配置规则,同时发现网上有朋友直接使用脚本配置规则。于是,依样画葫芦也搞了个脚本,这样省事,而且与Fedora Core命令行下的配置类似。 创建/etc/init.d/firewall文件: vi /etc/init.d/firewall 放到/etc/init.d下的原因是方便自动启动。 脚本如下: #!/bin/bash # This program is used to use start my iptables. #History : # Sat Jun 17 23:22:01 CST 2006 Jerry Second realease PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:~/bin export PATH case “$1″ in start) echo -n “Staring FireWall … ” # /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT /sbin/iptables -A INPUT -p tcp -m tcp –dport 22 -j ACCEPT /sbin/iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT /sbin/iptables -A INPUT -p all -m state –state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A INPUT -p all -m state –state INVALID,NEW -j DROP echo “OK” ;; stop) echo -n “Stop FireWall … ” /sbin/iptables -F /sbin/iptables -X /sbin/iptables -Z echo “OK” ;; restart) /etc/init.d/firewall stop /etc/init.d/firewall start echo “Restart FireWall OK” ;; *) echo “Usage: $0 {start|stop|restart}” esac exit 0 如果想新开端口,直接修改start部分即可。 测试firewall是否能正常工作: /etc/init.d/firewall restart 没有问题。 配置firewall随系统自动启动: cd /etc/init.d update-rc.d firewall defaults 01 01表示启动优先级,让系统刚启动时就立即启动防火墙规则,可修改所有的K01为K99,在关机或重启服务器时最后停止防火墙服务。 至此,本系统文章全部完毕。 作为生产环境,以上配置基本足够了,能跑目前流行的各种应用,包括N多的开源或免费的应用,如BBS、CMS、Blog等。 完 ... |
|
来自: yangchaojiao > 《技术》