CentOS 6安装apache+mysql+php+ssl(转)

4r4dn5h3js

　　
　　网上的一些文章都已经比较老了，现在版本高了之后，其实配置是很省力的（不考虑什么负载的话）
　　分享全过程，出了文中提到的安装epel rpmfushion 源指令不同外，其他的过程也适用与Centos 5
　　
　　1.安装CentOS 6 ,可以选择最小安装，也可以安装桌面
　　2.升级系统
view sourceprint?

yum update

　　3.安装mysql,并设置mysql开机自启动，同时启动mysql
view sourceprint?

yum install mysql

yum install mysql-server

chkconfig --levels 35 mysqld on

service mysqld start

　　4.配置mysql的root密码
view sourceprint?

mysql_secure_installation

　　
Enter current password for root (enter for none): ( 回车)
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] (Y)

New password: (123456)
Re-enter new password: (123456)
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
　　(是否移出数据库的默认帐户，如果移出，那么在终端中直接输入mysql是会提示连接错误的)Y

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
　　(是否禁止root的远程登录)Y
By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
　　5.安装apache,并设置开机启动
view sourceprint?

yum install httpd

chkconfig --levels 35 httpd on

service httpd start

　　这时候可以测试apache是否正常工作
　　直接浏览器访问localhost应该没问题，但是如果别的机子访问不了的话，是因为防火墙的关系，配置防火墙
　　（后面的ssl还会有这个问题的）
　　6.安装php
view sourceprint?

yum install php

yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc

　　这个时候php就安装完成拉，写个脚本测试一下
view sourceprint?

vi /var/www/html/info.php

　　输入
view sourceprint?

<?php

phpinfo();?>

　　访问localhost/info.php即可～
　　7.安装phpMyAdmin
　　首先先给系统安装epel 和rpmfushion两个软件大仓库
view sourceprint?

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm

rpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/6/i386/rpmfusion-free-release-6-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/6/i386/rpmfusion-nonfree-release-6-0.1.noarch.rpm

　　如果是centos 5 的话执行下面
view sourceprint?

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

rpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/5/i386/rpmfusion-free-release-5-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/5/i386/rpmfusion-nonfree-release-5-0.1.noarch.rpm

　　
　　
　　接着安装起来就很方便拉，～根本不需要去下载就可以获得最新的版本
view sourceprint?

yum install phpmyadmin

　　安装完成后还需要配置一下访问权限，使得出了本机外，其他机子也能访问phpMyAdmin
view sourceprint?

vi /etc/httpd/conf.d/phpMyAdmin.conf

　　找到两个directory的权限设置，Allow from 改成All
　　<Directory /usr/share/phpMyAdmin/>
   Order Deny,Allow
   Deny from All
   Allow from 127.0.0.1
   Allow from All
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
   Order Deny,Allow
   Deny from All
   Allow from 127.0.0.1
   Allow from All
</Directory>
　　
　　重启服务器
view sourceprint?

service httpd restart

　　
　　测试localhost/phpMyAdmin
　　用户名密码:root 123456
　　OK～ LAMP搭建完毕,
　　
　　8.搭建SSL,让apache支持https
view sourceprint?

yum install mod_ssl

　　其实安装完这个模块后，重启完apache 就可以用https://localhost测试了，因为他创建了默认的证书
　　在/etc/pki/tls下
　　当然我们也可以用openssl创建自己的证书
view sourceprint?

yum install openssl

　　
　　生成证书文件
创建一个rsa私钥,文件名为server.key
view sourceprint?

openssl genrsa -out server.key 1024

　　
Generating RSA private key, 1024 bit long modulus
............++++++
............++++++
e is 65537 (0x10001)


用 server.key 生成证书签署请求 CSR
view sourceprint?

openssl req -new -key server.key -out server.csr

　　Country Name:两个字母的国家代号
State or Province Name:省份名称
Locality Name:城市名称
Organization Name:公司名称
Organizational Unit Name:部门名称
Common Name:你的姓名
Email Address:地址
至于 'extra' attributes 不用输入.直接回车

生成证书CRT文件server.crt。
view sourceprint?

openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt

　　修改ssl.conf指定我们自己生成的证书
view sourceprint?

vi /etc/httpd/conf.d/ssl.conf

　　找到如下位置，修改路径
　　#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
　　
　　OK
view sourceprint?

service httpd restart

　　
　　一切都搞定拉～～
　　
　　整个过程我们不需要修改/etc/httpd/conf/httpd.conf 这就是版本高了的好处阿～