本文旨在用OPENBSD自己提供的軟件安裝包來搭建服務(wù)器環(huán)境,當然你也可以下載原代碼包編譯安裝,但這樣就費時費力了。實際上OPENBSD給我們提供了大量的編譯好的二進制安裝包,利用這些二進制安裝包我們可以快速部署我們需要的服務(wù)器環(huán)境,不僅省時還可以保障OPENBSD的安全性,還可以自動解決各個安裝包之間的包依賴問題(用pkg_add來安裝遠程服務(wù)器上的軟件包,包依賴問題會自動處理不需要認為干預(yù),這個有點像通過PORT安裝)。下面的文檔在一個E文的文檔基礎(chǔ)上經(jīng)過整理補充后形成的,那個E文檔找不到了。
設(shè)立網(wǎng)絡(luò)安裝服務(wù)器的地址:
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/
1. 配置APACHE服務(wù)器:
因為APACHE是系統(tǒng)默認安裝的,這里就省去了安裝過程,下面配置APACHE這樣就可以開機運行HTTP了因為在/ETC/RC腳本中已經(jīng)有了HTTPD服務(wù)的啟動設(shè)置
# vi /etc/rc.conf
改:
httpd_flags=NO
為:
httpd_flags=""
對apache做一初步設(shè)置
# vi /var/www/conf/httpd.conf
ExtendedStatus On
ServerAdmin llzqq@126.com
ServerName llzqq.3322.org
ServerTokens Prod
ServerSignature Off
Options Indexes FollowSymLinks 改為 Options FollowSymLinks
2. 安裝mysql-server-4.0.24p1:
# pkg_add -v mysql-server-4.0.24p1.tgz
# cp /usr/local/share/mysql/my-medium.cnf /etc/my.cnf
如果不想讓其他機器連接MYSQL,可以通過下面的操作實現(xiàn):
# vi /etc/my.cnf
bind-address = 127.0.0.1
啟動MYSQL-SERVER服務(wù)器:
# /usr/local/bin/mysqld_safe &
設(shè)置ROOT的MYSQL密碼:
# /usr/local/bin/mysqladmin -u root password mypass
對于chroot下的 mysql:
#mkdir /var/www/var
#chmod -R 1777(或者777) /var/www/var
#vi /etc/my.conf
mysql啟動后會產(chǎn)生/var/www/var/run目錄,還需要chmod -R 777 /var/www/var/run
自行建立/var/www/var/run
[client]
socket = /var/www/var/run/mysql/mysql.sock
[mysqld]
socket = /var/www/var/run/mysql/mysql.sock
open-files-limit = 8192
open-files = 1000
了方便啟動和關(guān)閉MYSQL服務(wù)建立了下面的腳本:
# vi /etc/rc.d/mysqld.sh
========================================================
#!/bin/sh
# made by llzqq
# mail:openbsd@163.com
# mysql startup scripts
case "$1" in
start)
if [ -x /usr/local/bin/mysqld_safe ]; then
/usr/local/bin/mysqld_safe &
fi
;;
stop)
pkill mysqld &
rm -f /var/run/mysql/mysql.sock &
;;
*)
echo "$0 start | stop"
;;
esac
exit 0
========================================================
# chmod 555 /etc/rc.d/mysqld.sh
設(shè)置開機啟動MYSQL
# vi /etc/rc.local
if [ -f /etc/my.cnf ]; then
/etc/rc.d/mysqld.sh start
fi
3. 安裝配置PHP-4.4.1
# pkg_add -v php4-core-4.4.1p0.tgz
運行下面的命令使其生效
# cp /usr/local/share/examples/php4/php.ini-recommended /var/www/conf/php.ini
# /usr/local/sbin/phpxs -s
由于OPENBSD上的APACHE采用了CHROOT機制,要保證PHP正常工作就要建下面的目錄PHP工作目錄:
# mkdir /var/www/tmp
# chmod 1777 /var/www/tmp
下面選擇安裝幾個PHP組件:
# pkg_add -v php4-gd-4.4.1p0-no_x11.tgz
# /usr/local/sbin/phpxs -a gd
# pkg_add -v php4-mysql-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a mysql
# pkg_add -v php4-ncurses-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a ncurses
# pkg_add -v php4-imap-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a imap
# pkg_add -v php4-curl-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a curl
# pkg_add -v php4-dbx-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a dbx
# pkg_add -v php4-ldap-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a ldap
# pkg_add -v php4-pdf-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a pdf
# pkg_add -v php4-snmp-4.4.1p0.tgz
# /usr/local/sbin/phpxs -a snmp
設(shè)置apache支持PHP:
# vi /var/www/conf/httpd.conf
DirectoryIndex index.html index.php
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
# vi /var/www/conf/php.ini
doc_root= "/htdocs"
register_globals = On
建立測試php頁面
# vi /var/www/htdocs/test.php
?php phpinfo(); ?>
測試一下:
# pkill httpd
# /usr/sbin/httpd
在瀏覽器中輸入http://IP/test.php實驗一下
4. 安裝mod_limitipconn模塊來限制單IP的并發(fā)連接數(shù)
# wget http://dominia.org/djao/limit/mod_limitipconn-0.04.tar.gz
# tar xzf mod_limitipconn-0.04.tar.gz
# cd mod_limitipconn-0.04
# vi Makefile
APXS = /usr/sbin/apxs
# make
# make install
讓APACHE支持這個模塊:
# vi /var/www/conf/httpd.conf
IfModule mod_limitipconn.c>
Location />
MaxConnPerIP 5
/Location>
/IfModule>
到次整個安裝過程結(jié)束。
附件部分:
我們?yōu)樽孉PACHE支持SSL傳輸配置APACHE:
# vi /var/www/conf/httpd.conf
添加下面兩行:
SSLCertificateFile /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
為了使APACHE啟動時啟用SSL,設(shè)置一下APACHE啟動選項:
# vi /etc/rc.conf.local
改:
httpd_flags="" # or it could have httpd_flags=NO
為:
httpd_flags="-DSSL # or it could have httpd_flags=NO
手動啟動和關(guān)閉APACHE這樣做就可以了:
# apachectl startssl
# apachectl stop
下面是設(shè)置APACHE+SSL的過程:
1. 創(chuàng)建服務(wù)器KEY文件 (1024 bit) :
# /usr/sbin/openssl genrsa -out /etc/ssl/private/server.key 1024
2. 創(chuàng)建服務(wù)器CSR文件(certificate signing request)
# /usr/sbin/openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr
這里自己填寫一些注冊信息
3. 生成簽名證書(365天有效證書):
# /usr/sbin/openssl x509 -req -days 365 -in /etc/ssl/private/server.csr -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt
4. 虛擬主機部分:
NameVirtualHost 192.168.10.1:*
VirtualHost 192.168.10.1:443>
ServerAdmin llzqq@126.com
DocumentRoot /var/www/llzqq
ServerName llzqq.home.com
ErrorLog logs/llzqq.home.com-error_log
CustomLog logs/llzqq.home.com-access_log common
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/ssl/virtualsite.com.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
/VirtualHost>
VirtualHost 192.168.10.1:80>
ServerAdmin llzgg@126.com
DocumentRoot /var/www/llzgg
ServerName llzgg.home.com
ErrorLog logs/llzgg.home.com-error_log
CustomLog logs/llzgg.home.com-access_log common
/VirtualHost>
其他部分待續(xù)(現(xiàn)在沒PC裝OPENBSD了有些資料不好整理了)