搜索到
8
篇与
的结果
-
-
centos7 php 7源码编译安装 下载php7源码 wget https://www.php.net/distributions/php-7.4.30.tar.gz tar -zxvf php-7.4.30.tar.gz由于php安装须要编译,因此服务器应该保证gcc和g++环境的安装安装php编译相关依赖 yum -y install gcc gcc-c++ libxml2 libxml2-devel openssl openssl-devel curl curl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel pcre pcre-devel libxslt libxslt-devel bzip2 bzip2-devel sqlite-devel oniguruma oniguruma-devel创建php编译脚本设置编译参数 #!/bin/bash CURRDIR=`dirname "$0"` BASEDIR=`cd "$CURRDIR"; pwd` VERSION=7.4.30 cd $BASEDIR/php-$VERSION ./configure --prefix=/usr/local/php/php-7.4.30 \ --with-curl \ --with-freetype-dir \ --with-gd \ --with-gettext \ --with-iconv-dir \ --with-kerberos \ --with-libdir=lib64 \ --with-libxml-dir \ --with-mysqli \ --with-openssl \ --with-pcre-regex \ --with-pdo-mysql \ --with-pdo-sqlite \ --with-pear \ --with-png-dir \ --with-jpeg-dir \ --with-xmlrpc \ --with-xsl \ --with-zlib \ --with-bz2 \ --with-mhash \ --enable-fpm \ --enable-bcmath \ --enable-libxml \ --enable-inline-optimization \ --enable-gd-native-ttf \ --enable-mbregex \ --enable-mbstring \ --enable-opcache \ --enable-pcntl \ --enable-shmop \ --enable-soap \ --enable-sockets \ --enable-sysvsem \ --enable-sysvshm \ --enable-xml \ --enable-zip make && make install编译安装php sudo sh build.sh配置php参数
-
centos7 nginx编译安装lua模块 lua作为一个小巧轻量的脚本语言,可以快速的嵌入到c/c++程序中,扩展程序的功能。lua有一个同时进行的JIT项目,提供在特定平台上的即时编译功能。编译安装luajit wget -O LuaJIT-2.0.5.tar.gz http://luajit.org/download/LuaJIT-2.0.5.tar.gz tar -zxvf LuaJIT-2.0.5.tar.gz cd LuaJIT-2.0.5 make && make install PREFIX=/usr/local/luajit配置lua环境变量打开系统设置 sudo vi /etc/profile增加luajit的环境变量 LUAJIT_HOME=/usr/local/luajit export PATH=$PATH:$LUAJIT_HOME/bin export LUAJIT_LIB=$LUAJIT_HOME/lib export LUAJIT_INC=$LUAJIT_HOME/include/luajit-2.0使系统环境变量生效 source /etc/profile下载源码包并解压新建目录,将下载的源码存放到该目录下(方便后续编译) mkdir ${dir} cd ${dir}下载nginx扩展依赖 #下载nginx lua扩展模块 wget -O lua-nginx-module-0.10.20.tar.gz https://github.com/openresty/lua-nginx-module/archive/refs/tags/v0.10.20.tar.gz tar -zxvf lua-nginx-module-0.10.20.tar.gz #下载nginx开发工具包 wget -O ngx_devel_kit_v0.3.1.tar.gz https://github.com/vision5/ngx_devel_kit/archive/refs/tags/v0.3.1.tar.gz tar -zxvf ngx_devel_kit_v0.3.1.tar.gz #下载rtmp模块 wget -O nginx-rtmp-module-1.2.2.tar.gz https://git.photonbarrier.com/arut/nginx-rtmp-module/archive/refs/tags/v1.2.2.tar.gz tar -zxvf nginx-rtmp-module-1.2.2.tar.gz下载nginx编译相关依赖 #下载openssl源码包 wget https://www.openssl.org/source/old/1.1.0/openssl-1.1.0i.tar.gz tar -zxvf openssl-1.1.0i.tar.gz #下载pcre源码包 wget https://webwerks.dl.sourceforge.net/project/pcre/pcre/8.45/pcre-8.45.tar.gz tar -zxvf pcre-8.45.tar.gz #下载zlib源码包 wget http://www.zlib.net/fossils/zlib-1.2.11.tar.gz tar -zxvf zlib-1.2.11.tar.gz #下载nginx源码包 wget http://nginx.org/download/nginx-1.20.2.tar.gz tar -zxvf nginx-1.20.2.tar.gz安装相关依赖 #安装perl依赖 yum install gcc-c++ gcc perl-devel perl-ExtUtils-Embed设置nginx编译参数 #创建build.sh脚本 vi build.sh #!/bin/bash CURRDIR=`dirname "$0"` BASEDIR=`cd "$CURRDIR"; pwd` VERSION=1.20.2 cd $BASEDIR/nginx-$VERSION ./configure --prefix=/usr/local/nginx/nginx-1.20.2 \ --conf-path=/usr/local/nginx/nginx-1.20.2/conf/nginx.conf \ --sbin-path=/usr/local/nginx/nginx-1.20.2/sbin/nginx \ --pid-path=/usr/local/nginx/nginx-1.20.2/logs/nginx.pid \ --error-log-path=/usr/local/nginx/nginx-1.20.2/logs/error.log \ --http-log-path=/usr/local/nginx/nginx-1.20.2/logs/access.log \ --http-client-body-temp-path=/usr/local/nginx/nginx-1.20.2/client_body_temp \ --http-proxy-temp-path=/usr/local/nginx/nginx-1.20.2/proxy_temp \ --http-fastcgi-temp-path=/usr/local/nginx/nginx-1.20.2/fastcgi_temp \ --http-uwsgi-temp-path=/usr/local/nginx/nginx-1.20.2/uwsgi_temp \ --http-scgi-temp-path=/usr/local/nginx/nginx-1.20.2/scgi_temp \ --user=root \ --group=root \ --with-http_ssl_module \ --with-http_realip_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_secure_link_module \ --with-http_v2_module \ --with-http_stub_status_module \ --with-http_sub_module \ --with-http_perl_module \ --with-mail \ --with-mail_ssl_module \ --with-stream \ --with-stream_ssl_module \ --with-file-aio \ --with-ipv6 \ --with-pcre=../pcre-8.45 \ --with-perl_modules_path=/usr/local/nginx/nginx-1.20.2/modules \ --with-zlib=../zlib-1.2.11 \ --with-openssl=../openssl-1.1.0i \ --with-ld-opt="-Wl,-rpath,/usr/local/luajit/lib" \ --add-module=../lua-nginx-module-0.10.20 \ --add-module=../ngx_devel_kit_v0.3.1 \ --add-module=../nginx-rtmp-module-1.2.2 make && make install chmod +s /usr/local/nginx/nginx-1.20.2/sbin/nginx注意:nginx编译参数中的模块路径如果相对路径找不到,可以写成系统的绝对路径进行编译编译安装nginx sudo sh build.sh成功后测试nginx的版本 /usr/local/nginx/nginx-1.20.2/sbin/nginx -v
-
免费DV数字证书申请及ssl配置 注册用户并下载配置 Let's Encrypt 数字证书创建存放 ssl dv 证书目录 #指定目录名称 mkdir ${dir}创建 Let's Encrypt 账号 openssl genrsa 4096 > account.key创建域名的CSR #创建普通域名私钥 openssl genrsa 4096 > domain.key #单个域名 openssl req -new -sha256 -key domain.key -subj "/CN=www.photonshalo.com" > domain.csr #多个域名(如果你有多个域名,比如:www.photonshalo.com 和 www.photonshalo.net,使用这种方式) openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:www.photnshalo.com,DNS:www.photonshalo.net")) > domain.csr配置域名验证 server { listen 80; server_name www.photonshalo.com; location ^~ /.well-known/acme-challenge/ { alias $证书路径/; try_files $uri =404; } ...the rest of your config }获取网站证书a. 下载 acme-tiny 脚本 wget https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.pyb. 指定账户私钥、CSR 以及验证目录,执行脚本 python acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir ./ > ./signed.crt安装证书a. Nginx需要追加一个Let's Encrypt的中间证书,把中间证书和网站证书合并 wget -O - https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem > intermediate.pem cat signed.crt intermediate.pem > chained.pemb. 修改 Nginx 中有关证书的配置并 reload 服务 server { listen 443 ssl; server_name www.photonshalo.com; ssl_certificate $path/chained.pem; ssl_certificate_key $path/domain.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA; ssl_session_cache shared:SSL:50m; ssl_prefer_server_ciphers on; ...the rest of your config }定期更新证书(Let’s Encrypt 签发的证书有90天有效期,需要脚本定期更新)a. 新建脚本 renew_cert.sh #编辑 shell 脚本 vi renew_cert.sh #!/usr/bin/sh #定义脚本根路径 path="/home/application/ssl_www" dt=$(date +%Y_%m_%d) if [ -d $path ];then if [ -f "${path}/acme_tiny.py" ];then if [ -f "${path}/account.key" ];then if [ -f "${path}/domain.csr" ];then if [ -d "${path}/tmp/" ];then python ${path}/acme_tiny.py --account-key ${path}/account.key --csr ${path}/domain.csr --acme-dir $path > ${path}/tmp/signed_${dt}.crt || exit if [ -f "${path}/tmp/signed_${dt}.crt" ];then wget -O - https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem > ${path}/tmp/intermediate_${dt}.pem cat ${path}/tmp/signed_${dt}.crt ${path}/tmp/intermediate_${dt}.pem > ${path}/chained.pem nginx -s reload else echo "文件 ${path}/tmp/signed_${dt}.crt 拉取不成功" fi else mkdir ${path}/tmp python ${path}/acme_tiny.py --account-key ${path}/account.key --csr ${path}/domain.csr --acme-dir $path > ${path}/tmp/signed_${dt}.crt || exit if [ -f "${path}/tmp/signed_${dt}.crt" ];then wget -O - https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem > ${path}/tmp/intermediate_${dt}.pem cat ${path}/tmp/signed_${dt}.crt ${path}/tmp/intermediate_${dt}.pem > ${path}/chained.pem nginx -s reload else echo "文件 ${path}/tmp/signed_${dt}.crt 拉取不成功" fi fi else echo "必要文件 ${path}/domain.csr 不存在" fi else echo "必要文件 ${path}/account.key 不存在" fi else echo "必要文件 ${path}/acme_tiny.py 不存在" fi else echo "文件夹不存在" fib. 设置 crontab 定时任务 #查看当前用户下的所有定时任务 crontab -l #编辑定时任务 crontab -e #每个月执行一次 0 0 1 * * /home/application/ssl_www/renew_cert.sh 2>> /home/application/ssl_www/acme_tiny.log参考教程地址:Let's Encrypt参考教程链接地址https://foofish.net/https-free-for-lets-encrypt.htmllinux 定时任务https://www.cnblogs.com/intval/p/5763929.html
-
