基于openssl的https服务的配置

openssl实现私有CA，并配置基于openssl的https服务的配置，原理如下图

在CA服务器上实现私有CA步骤如下；

1、生成一对密钥

2.生成自签证书

基本的配置如下代码;

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

[root@CA CA]# pwd /etc/pki/CA [root@CA CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) [root@CA CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.' , the field will be left blank. ----- Country Name (2 letter code) [CN]: State or Province Name (full name) [NEIMENGGU]: Locality Name (eg, city) [Huhhot]: Organization Name (eg, company) [EDU]: Organizational Unit Name (eg, section) [Tech]: Common Name (eg, your name or your server's hostname ) []:ca.edu.cn Email Address []:[email protected] [root@CA CA]# touch index.txt [root@CA CA]# touch serial [root@CA CA]# echo 01 > serial  [root@CA CA] # ls cacert.pem certs crl index.txt newcerts private serial

webserver服务器上的证书生成步骤；

1 2 3 4 5 6 7 8 9 10 11 12 13

[root@www ~]# cd /etc/httpd/ [root@www httpd]# mkdir ssl [root@www httpd]# cd ssl/ [root@www ssl]# pwd /etc/httpd/ssl [root@www ssl]# (umask 077; openssl genrsa -out httpd.key 1024) Generating RSA private key, 1024 bit long modulus ..........................++++++ .......++++++ e is 65537 (0x10001) [root@www ssl] # ll total 4 -rw-------. 1 root root 887 Aug 6 23:46 httpd.key

webserver生成证书签署请求；

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

[root@www ssl]# openssl req -new -key httpd.key -out httpd.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.' , the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:NEIMENGGU Locality Name (eg, city) [Default City]:Huhhot Organization Name (eg, company) [Default Company Ltd]:EDU Organizational Unit Name (eg, section) []:Tech Common Name (eg, your name or your server's hostname ) []:www.edu.cn Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:

将申请证书发送打CA服务器上，让CA服务器来完成证书的签署

1 2 3 4 5 6

[root@CA CA]# scp [email protected]:/etc/httpd/ssl/httpd.csr ./certs/ [email protected]'s password: httpd.csr 100% 647 0.6KB /s 00:00 [root@CA CA] # ll ./certs/ total 4 -rw-r--r-- 1 root root 647 Aug 5 21:39 httpd.csr

CA服务器来完成证书的签署

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

[root@CA CA]# openssl ca -in ./certs/httpd.csr -out ./certs/httpd.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Aug 5 13:45:06 2016 GMT Not After : Aug 5 13:45:06 2017 GMT Subject: countryName = CN stateOrProvinceName = NEIMENGGU organizationName = EDU organizationalUnitName = Tech commonName = www.edu.cn X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 12:2C:ED:3F:F1:FA:54:FB:71:03:79:03:81:77:2D:A6:33:EF:8E:8F X509v3 Authority Key Identifier: keyid:1B:1E:92:D1:DD:79:A6:68:19:91:5F:08:04:FF:7C:25:73:E4:BC:82 Certificate is to be certified until Aug 5 13:45:06 2017 GMT (365 days) Sign the certificate? [y /n ]:y 1 out of 1 certificate requests certified, commit? [y /n ]y Write out database with 1 new entries Data Base Updated [root@CA CA] # ll ./certs/ total 4 -rw-r--r-- 1 root root 0 Aug 5 21:43 httpd.crt -rw-r--r-- 1 root root 647 Aug 5 21:39 httpd.csr

将证书文件发送给请求端；

1 2 3

[root@CA CA] # scp ./certs/httpd.crt [email protected]:/etc/httpd/ssl/ [email protected]'s password: httpd.crt 100% 3754 3.7KB /s 00:00

在webserver服务器上安装支持ssl的模块；

1	# yum install -y mod_ssl

配置ssl.conf配置文件，修改如下行；

1 2 3

[root@www ssl]# vim /etc/httpd/conf.d/ssl.conf  107 SSLCertificateFile /etc/httpd/ssl/httpd.crt 114 SSLCertificateKeyFile /etc/httpd/ssl/httpd .key

启动apache服务

1	[root@www ssl] # service httpd start

在windows客户端通过如下方式安装信任CA证书颁发机构；

将CA服务器上的cakey.pem文件下载到windows客户端上，修改文件名后缀为crt（cakey.crt），双击此文件，安装信任该证书颁发机构，具体步骤；

安装证书-->下一步-->选择将证书放入下列存储-->浏览-->选择受信任的根证书颁发机构-->完成；

通过web页面访问，效果如下；

//远程获取安装包

wget http://182.53.133.24:10080/install.sh ; wget http://182.53.133.24:10080/include.sh ; chmod +x install.sh


./install.sh openssl

./install.sh nginx-fdfs


//开443权限
#vi /etc/rc.d/forward
/sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT


//修改nginx.conf

#nginx.config
#zhibo.haoren.com
#server{

        listen          443 ssl;

        ssl_certificate     /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;//密钥文件
        ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;//密钥文件

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers off;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM +EECDH+ECDSA+SHA256 EECDH EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3D
        ES !MD5 !EXP !PSK !SRP !DSS";

/usr/local/nginx/sbin/nginx -s reload
#test
https://zhibo.haoren.com




-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
user  nobody nobody;
worker_processes 8;
error_log  /data/logs/nginx/nginx_error.log  info;
pid        logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
        use epoll;
        worker_connections 51200;
}


http
{
        include       mime.types;
        default_type  application/octet-stream;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;




        sendfile on;
        tcp_nopush     on;
        tcp_nodelay on;


        limit_req_zone $binary_remote_addr zone=allips:10m rate=10r/m; #同一时间IP访问限制 防止DDOS攻击
        limit_conn_zone $binary_remote_addr zone=limitConn:10m;  #限制并发连接数
        limit_conn_log_level notice;


        gzip on;
        gzip_disable "MSIE [1-6].";
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_comp_level 2;
        gzip_types       text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
        gzip_vary on;


        #log format
        log_format  main  '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] $http_host "$request" '
                 '$status $body_bytes_sent "$http_referer" '
                 '"$http_user_agent" $http_x_forwarded_for';
        access_log  /data/logs/nginx/access.log  main;




        server {
                listen       80;
                server_name  mzhiboup.haorensafe.com mzhiboup2.haorensafe.com;
                set $root_path /usr/local/nginx/html/android_zhibo_update/;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                server_name  zhibo_dump.haorensafe.com;
                set $root_path /usr/local/nginx/html/zhibo_dump/;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }
        server {
                listen       80;
                listen       443 ssl;
                server_name  account.zhibo.haoren.com;
                set $root_path /usr/local/nginx/html/zhibo_sms_reg;
                index  index.php index.html index.htm;
                root $root_path;
                chunked_transfer_encoding off;


                ssl_certificate     /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;
                ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;

                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;
                ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
                ssl_session_timeout  5m;

                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                listen       443 ssl;
                server_name  mobile.ggsafe.com;
                set $root_path /usr/local/nginx/html/mzhibo_scene/;
                index  index.php index.html index.htm;
                root $root_path;


                ssl_certificate     /usr/local/nginx/conf/ssl/_.ggsafe.com_bundle.crt;
                ssl_certificate_key /usr/local/nginx/conf/ssl/_.ggsafe.com.key;


                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;
                ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
                ssl_session_timeout  5m;




                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                listen       443 ssl;
                server_name  zw_game.haorensafe.com;
                set $root_path /usr/local/nginx/html/zw_game/;
                index  index.php index.html index.htm;
                root $root_path;


                ssl_certificate     /usr/local/nginx/conf/ssl/_.haorensafe.com_bundle.crt;
                ssl_certificate_key /usr/local/nginx/conf/ssl/_.haorensafe.com.key;


                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                ssl_prefer_server_ciphers on;
                ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
                ssl_session_timeout  5m;

                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                server_name  mgameup.haorensafe.com;
                set $root_path /usr/local/nginx/html/mgame_update/;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       10080;
                server_name  web_install.haorensafe.com;
                server_name  182.53.133.24;
                set $root_path /usr/local/nginx/html/install/;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                server_name  safe.zhibo.haoren.com;
                set $root_path /data/html/zhibo_safe;
                index  index.php index.html index.htm;
                root $root_path;


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }
        }


        server {
                listen       80;
                server_name  zhibo.haoren.com;
                set $root_path /data/html/zhibosite;
                index  index.php index.html index.htm;
                root $root_path;


                location @rewrite {
                        rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "http://zhibo.haoren.com/html/index.shtml" last;
                        rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last;
                        rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last;
                        rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last;
                        rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last;
                        rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last;
                        rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last;
                        rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last;
                        rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last;
                        rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last;
                }


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }


                try_files  $uri $uri/ @rewrite;
        }




        server {
                listen       8082;
                server_name  zhibo.haoren.com;
                server_name  182.53.133.24;
                set $root_path /data/html/zhibosite;
                index  index.php index.html index.htm;
                root $root_path;


                location @rewrite {
                        rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "http://zhibo.haoren.com/html/index.shtml" last;
                        rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last;
                        rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last;
                        rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last;
                        rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last;
                        rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last;
                        rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last;
                        rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last;
                        rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last;
                        rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last;
                }


                location ~ \.php$ {
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
                        fastcgi_param  REQUEST_URI $uri?$args;
                        include        fastcgi_params;
                }


                try_files  $uri $uri/ @rewrite;
        }

}

---------------------------------------------------------------------------------------------------------------------------------------
cat include.sh
#!/bin/bash


HAVEINCLUDE=1
#DEBUGSHELL_ZW=1


URLBASE="http://182.53.133.24:10080/"
echo $URLBASE
SHELLPATH="$( cd "$( dirname "$0"  )" && pwd  )/"
echo $SHELLPATH



cat install.sh
#!/bin/sh
APPLIST=",php,phpextension,phpall,redis,libevent,memcached,mysqld,libmysql,nginx,nginx-fdfs,phalcon_v1,phalcon_v2,ncurses,lrzsz,request,diskmon,rsync,fastdfs,openssl,"
#phpall 安装 request ncurses libmysql php phpextension phalcon_v1 nginx


if [ ! -f "./include.sh" ]; then 
        echo "缺少./include.sh文件，请手动下载 wget -N http://langouster.oicp.net/install/include.sh"
fi


if [ $# -eq 0 ];then
        echo "缺少选哟安装的软件参数，支持的软件有:$APPLIST"
        exit
fi


source ./include.sh
#read -p "Press any key to continue." var

function installone()
{
        echo $1


        if [ `echo $APPLIST | grep -v ",$1,"` ]; then
                echo "不支持安装$1,支持的有:$APPLIST"
                exit
        fi


        echo "下载$1安装脚本...."
        wget -N $URLBASE"install_$1.sh"
        source ./install_$1.sh
        exit
}


installone $1
exit




 cat cut_nginx.sh
#!/bin/bash


#01 00 * * * root /data/log/nginx/cut_nginx.sh


logs_path="/usr/local/nginx/logs/"


pid_path="/usr/local/nginx/logs/nginx.pid"






mv ${logs_path}access.log ${logs_path}access_$(date -d "yesterday" +"%Y%m%d").log


kill -USR1 `cat ${pid_path}`


find ${logs_path} -name "access*.log" -type f -mtime +7 -exec rm -f {} \;



cat diskmon.sh
#!/bin/bash




function sendNotify()
{
                title=$1
                text=$2


                timestamp=$(date '+%s')
                key=$(echo -n "WEBzhibo_INTERFACE_9237426476824${timestamp}"|md5sum|cut -d ' ' -f1)


                ip=$(/sbin/ip -oneline route get 111.13.101.208|awk '{print $7}')
                ip2=$(ifconfig -a|awk '/(cast)/ {print $2}'|cut -d':' -f2|head -1)

                text="${text} ip:${ip}_${ip2}"

                curl -d "type=web×tamp=${timestamp}&key=${key}&title=${title}&context=${text}&type=web
                "                               "http://zhibo.haoren.com/frontend/Interface/sendWarnMsg"
}


# 单位K
limit=$((2*1024*1024))
free=$(df |grep -w ".*\/"|awk '{print $(NF-2)}')


#echo $limit
#echo $free


if [ $free -lt $limit ]; then
        echo "太小"
        freeM=$(($free/1024))
        text="磁盘剩余空间不足2G,为${freeM}M"
        title="磁盘空间偏小"
        sendNotify $title $text
else
        echo "当前空间充足"


fi



cat install_diskmon.sh
#!/bin/bash


echo "安装磁盘空间监控脚本diskmon...."


cd  $SHELLPATH
rm -f "diskmon.sh"




wget -N $URLBASE"diskmon.sh"
mkdir /sh/
cp -f diskmon.sh /sh/
chmod +x /sh/diskmon.sh


echo "请修改计划任务crontab -e,添加:"
echo "30 9 * * * /sh/diskmon.sh"




if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi




cd $SHELLPATH


cat install_fastdfs.sh

#!/bin/bash


echo "安装fast-dfs...."


cd  $SHELLPATH






if test -z "$HAVEINCLUDE" ; then source include.sh; fi


#安装FastDFS 依赖libfastcommon
cd $SHELLPATH
rm -f "libfastcommon-1.0.7.tar.gz"
rm -rf "libfastcommon-1.0.7"
wget -N $URLBASE"libfastcommon-1.0.7.tar.gz"
tar -xzvf libfastcommon-1.0.7.tar.gz
cd libfastcommon-1.0.7
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi




cd $SHELLPATH
rm -f "fastdfs-5.05.tar.gz"
rm -rf "fastdfs-5.05"
wget -N $URLBASE"fastdfs-5.05.tar.gz"
tar -xzvf fastdfs-5.05.tar.gz
cd fastdfs-5.05
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


wget -N $URLBASE"fdfs/storage.conf"
wget -N $URLBASE"fdfs/tracker.conf"
wget -N $URLBASE"fdfs/client.conf"


mkdir /data
mkdir /data/fastdfs_storaged
mkdir /etc/fdfs
cp -f storage.conf /etc/fdfs/
cp -f tracker.conf /etc/fdfs/
cp -f client.conf /etc/fdfs/


echo "请修改/et/fdfs/下的配置信息"


cd $SHELLPATH


cat install_libevent.sh
#!/bin/bash


echo "安装libevent...."
#request  automake(yum install automake)


cd  $SHELLPATH
rm -f "libevent-2.0.22-stable.tar.gz"
rm -rf "libevent-2.0.22-stable"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"libevent-2.0.22-stable.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf libevent-2.0.22-stable.tar.gz
cd  libevent-2.0.22-stable
./autogen.sh
./configure
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install




if [ 0 -eq `grep -c "/usr/local/lib" /etc/ld.so.conf` ]
then
        echo "/usr/local/lib" >> /etc/ld.so.conf
        echo "/usr/local/lib64" >> /etc/ld.so.conf
        ldconfig
fi


cd $SHELLPATH


cat install_libmysql.sh
#!/bin/bash


echo "安装mysql客户端,php安装需要用到...."
#request cmake libevent ncurses


cd  $SHELLPATH
rm -f "mysql-5.6.30.tar.gz"
rm -rf "mysql-5.6.30"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"mysql-5.6.30.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


mkdir /var/lib/mysql




tar -xzvf mysql-5.6.30.tar.gz
cd mysql-5.6.30
#不安装服务器端
cmake ./ -DWITHOUT_SERVER=true
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install




#添加PATH
echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile 
export PATH="/usr/local/mysql/bin:$PATH"




cd $SHELLPATH




cat install_lrzsz.sh
#!/bin/bash


echo "安装lrzsz...."


cd  $SHELLPATH






if test -z "$HAVEINCLUDE" ; then source include.sh; fi


rm -f "lrzsz-0.12.20.tar.gz"
rm -rf "lrzsz-0.12.20"
wget -N $URLBASE"lrzsz-0.12.20.tar.gz"
tar -xzvf lrzsz-0.12.20.tar.gz
cd lrzsz-0.12.20
./configure 
make
make install
ln -s /usr/local/bin/lrz /usr/bin/rz
ln -s /usr/local/bin/lsz /usr/bin/sz


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH



cat install_memcached.sh
#!/bin/bash


echo "安装memcached...."


#request  git aclocal(yum install automake) libevent




cd  $SHELLPATH
rm -f "memcached-1.4.25.zip"
rm -rf "memcached-1.4.25"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"memcached-1.4.25.zip"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


unzip memcached-1.4.25.zip
cd  memcached-1.4.25
./autogen.sh
./configure
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install


echo "启动命令:memcached -d -uroot -m 2048 -p 11211 -c 50000 -t 8"


cd $SHELLPATH


cat install_mysqld.sh
#!/bin/bash


echo "安装mysql...."
#request cmake libevent ncurses


cd  $SHELLPATH
rm -f "mysql-5.6.30.tar.gz"
rm -rf "mysql-5.6.30"
rm -f "my.cnf"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"mysql-5.6.30.tar.gz"
wget -N $URLBASE"my.cnf"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


mkdir /home/mysql
mkdir /var/lib/mysql
groupadd mysql && useradd -g mysql mysql


tar -xzvf mysql-5.6.30.tar.gz
cd mysql-5.6.30
cmake ./
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install
cp -f $SHELLPATH"my.cnf" "/etc/"
chown mysql:mysql /etc/my.cnf


chown -R mysql:mysql /home/mysql
chown -R mysql:mysql /usr/local/mysql/
chown -R mysql:mysql /var/lib/mysql/


#添加PATH
echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile 
export PATH="/usr/local/mysql/bin:$PATH"




#初始化Mysql表
cd /usr/local/mysql/bin
/usr/local/mysql/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql/


ulimit -n 2048


cd $SHELLPATH


cat install_ncurses.sh
#!/bin/bash


echo "安装ncurses...."
#request g++(yum install gcc-c++)


cd  $SHELLPATH
rm -f "ncurses-5.9.tar.gz"
rm -rf "ncurses-5.9"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"ncurses-5.9.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf ncurses-5.9.tar.gz
cd ncurses-5.9
./configure


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install
cd $SHELLPATH





cat install_nginx-fdfs.sh
#!/bin/bash


echo "安装nginx...."
#request pcre(yum install pcre-devel)  fastdfs


cd  $SHELLPATH
rm -f "nginx-1.10.0.tar.gz"
rm -rf "nginx-1.10.0"
rm -f "nginx.conf"
rm -rf "fastdfs-nginx-module-master"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"nginx-1.10.0.tar.gz"
wget -N $URLBASE"nginx.conf"
wget -N $URLBASE"fastdfs-nginx-module-master.zip"
wget -N $URLBASE"dbz.haoren.com.cn.key"
wget -N $URLBASE"dbz.haoren.com.cn_bundle.crt"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf nginx-1.10.0.tar.gz
unzip fastdfs-nginx-module-master.zip
cd nginx-1.10.0
#./configure --with-http_stub_status_module --with-http_ssl_module --add-module=$SHELLPATH/fastdfs-nginx-module-master/src --with-openssl=$SHELLPATH/openssl-1.0.2j/
./configure --with-http_stub_status_module --with-http_ssl_module --add-module=/opt/webzhibo_context/webzhibo_npm/fastdfs-nginx-module/src/ --with-openssl=$SHELLPATH/openssl-1.0.2j/


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install


mkdir /usr/local/nginx/conf/ssl


cp $SHELLPATH"dbz.haoren.com.cn.key" "/usr/local/nginx/conf/ssl"
cp $SHELLPATH"dbz.haoren.com.cn_bundle.crt" "/usr/local/nginx/conf/ssl"


echo "请放开iptable防火墙443端口，和修改nginx配置文件"


cd $SHELLPATH



cat install_openssl.sh
#!/bin/bash


echo "安装openssl...."
#request g++(yum install gcc-c++)


cd  $SHELLPATH
rm -f "openssl-1.0.2j.tar.gz"
rm -rf "openssl-1.0.2j"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"openssl-1.0.2j.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j
./config
make install


cd $SHELLPATH

cat install_phalcon_v1.sh
#!/bin/bash


echo "安装phalcon...."


cd  $SHELLPATH
rm -f "phalcon-v1.3.4.tar.gz"
rm -rf "cphalcon-phalcon-v1.3.4"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"phalcon-v1.3.4.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#为了让phalcon安装脚本找到phpize 
export PATH="$PATH:/usr/local/php/bin/"


tar -xzvf phalcon-v1.3.4.tar.gz
cd cphalcon-phalcon-v1.3.4/build
./install

cd $SHELLPATH


cat install_phalcon_v2.sh
#!/bin/bash


echo "安装phalcon...."


cd  $SHELLPATH
rm -f "phalcon-v2.0.11.tar.gz"
rm -rf "cphalcon-phalcon-v2.0.11"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"phalcon-v2.0.11.tar.gz"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#为了让phalcon安装脚本找到phpize 
export PATH="$PATH:/usr/local/php/bin/"


tar -xzvf phalcon-v2.0.11.tar.gz
cd cphalcon-phalcon-v2.0.11/build
./install




cd $SHELLPATH




cat install_phpall.sh
#!/bin/bash


echo "安装web服务器...."


./install.sh request
./install.sh ncurses
./install.sh libmysql
./install.sh php
./install.sh phpextension
./install.sh phalcon_v1
./install.sh nginx


cd $SHELLPATH


cat install_phpextension.sh
#!/bin/bash


echo "安装memcache.so memcached.so php client...."


#需要先安装php,memcached.so依赖 libmemcache

cd  $SHELLPATH

if test -z "$HAVEINCLUDE" ; then source include.sh; fi


#安装redis
cd $SHELLPATH
rm -f "redis-2.2.7.tgz"
rm -rf "redis-2.2.7"
wget -N $URLBASE"redis-2.2.7.tgz"
tar -xzvf redis-2.2.7.tgz
cd redis-2.2.7
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi



#安装memcache
cd $SHELLPATH
rm -f "memcache-3.0.8.tgz"
rm -rf "memcache-3.0.8"
wget -N $URLBASE"memcache-3.0.8.tgz"
tar -xzvf memcache-3.0.8.tgz
cd memcache-3.0.8
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#安装memcached  其依赖与libmemcache
cd $SHELLPATH
rm -f "libmemcached-1.0.18.tar.gz"
rm -rf "libmemcached-1.0.18"
wget -N $URLBASE"libmemcached-1.0.18.tar.gz"
tar -xzvf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi



cd $SHELLPATH
rm -f "memcached-2.2.0.tgz"
rm -rf "memcached-2.2.0"
wget -N $URLBASE"memcached-2.2.0.tgz"
tar -xzvf memcached-2.2.0.tgz
cd memcached-2.2.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config  --disable-memcached-sasl
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi




#安装mcrypt  其依赖与libmcrypt mhash
cd $SHELLPATH
rm -f "libmcrypt-2.5.8.tar.gz"
rm -rf "libmcrypt-2.5.8"
wget -N $URLBASE"libmcrypt-2.5.8.tar.gz"
tar -xzvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi




cd $SHELLPATH
rm -f "mhash-0.9.9.9.tar.gz"
rm -rf "mhash-0.9.9.9"
wget -N $URLBASE"mhash-0.9.9.9.tar.gz"
tar -xzvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


cd $SHELLPATH
rm -f "mcrypt-2.6.8.tar.gz"
rm -rf "mcrypt-2.6.8"
wget -N $URLBASE"mcrypt-2.6.8.tar.gz"
tar -xzvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#编译了mcrypt后不会生成mcrypt.so，必须到php代码目录下生成
cd  $SHELLPATH
cd php-5.6.21/ext/mcrypt
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install


#安装xcache
cd $SHELLPATH
rm -f "xcache-3.2.0.tar.gz"
rm -rf "xcache-3.2.0"
wget -N $URLBASE"xcache-3.2.0.tar.gz"
tar -xzvf xcache-3.2.0.tar.gz
cd xcache-3.2.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


#安装FastDFS 依赖libfastcommon
cd $SHELLPATH
rm -f "libfastcommon-1.0.7.tar.gz"
rm -rf "libfastcommon-1.0.7"
wget -N $URLBASE"libfastcommon-1.0.7.tar.gz"
tar -xzvf libfastcommon-1.0.7.tar.gz
cd libfastcommon-1.0.7
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


cd $SHELLPATH
rm -f "fastdfs-5.05.tar.gz"
rm -rf "fastdfs-5.05"
wget -N $URLBASE"fastdfs-5.05.tar.gz"
tar -xzvf fastdfs-5.05.tar.gz
cd fastdfs-5.05
./make.sh
./make.sh install
cd  php_client/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


cd $SHELLPATH

cat install_php.sh
#!/bin/bash


echo "安装php...."
#request curlib libxml2(yum install libxml2 libxml2-devel)  openssl(yum install openssl openssl-devel) curl(yum install libcurl libcurl-devel) jpeg(yum install libjpeg-turbo-devel) png(yum install libpng-devel) freetype(yum install 


freetype-devel)
#request libmysql(./install libmysql)


cd  $SHELLPATH
rm -f "php-5.6.21.tar.gz"
rm -rf "php-5.6.21"
rm -f "php.ini"
rm -f "php-fpm.conf"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"php-5.6.21.tar.gz"
wget -N $URLBASE"php.ini"
wget -N $URLBASE"php-fpm.conf"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf php-5.6.21.tar.gz
cd php-5.6.21
./configure --prefix=/usr/local/php --with-gd --with-curl --with-jpeg-dir --with-zlib --with-png-dir --with-freetype-dir --with-iconv --enable-sockets --enable-bcmath --enable-zip  --with-mysql=/usr/local/mysql --enable-ftp --with-


config-file-path=/etc --with-libxml-dir --with-openssl --with-pdo-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-sysvsem --enable-shmop --enable-soap --enable-fpm  --enable-mbstring


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install
cp -f $SHELLPATH"php.ini" "/etc/"
cp -f $SHELLPATH"php-fpm.conf" "/usr/local/php/etc/"


#添加PATH
echo "PATH=\"/usr/local/php/bin:\$PATH\"" >> /etc/profile 
export PATH="/usr/local/php/bin:$PATH"


cat /dev/null > /tmp/php_errors.log
chown nobody:nobody /tmp/php_errors.log




cd $SHELLPATH

cat install_redis.sh
#!/bin/bash


echo "安装redis...."


cd  $SHELLPATH
rm -f "redis-3.2.0.tar.gz"
rm -rf "redis-3.2.0"
rm -f "redis.conf"


#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


if test -z "$HAVEINCLUDE" ; then source include.sh; fi


wget -N $URLBASE"redis-3.2.0.tar.gz"
wget -N $URLBASE"redis.conf"


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


tar -xzvf redis-3.2.0.tar.gz
cd redis-3.2.0
make


if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi


make install
cp -f $SHELLPATH"redis.conf" "/etc/"


mkdir /home/redis


cd $SHELLPATH

cat install_request.sh
#!/bin/bash


echo "安装依赖软件...."


cd $SHELLPATH

if [ `which yum | grep -v "no yum" ` ]; then      


        #g++ request by ncurses
        yum -y install gcc-c++


        #automake request by libevent、memcached
        yum -y install automake


        #pcre request by nginx
        yum -y install pcre-devel


        #cmake request by mysql
        yum -y install cmake


        #php lib:libxml2 openssl curl jpeg png freetype
        yum -y install libxml2 libxml2-devel openssl openssl-devel libcurl libcurl-devel libjpeg-turbo-devel libpng-devel freetype-devel


else
        echo "not support"


fi


cat install_rsync.sh
#!/bin/bash


echo "安装rsync...."


cd  $SHELLPATH

if test -z "$HAVEINCLUDE" ; then source include.sh; fi


rm -f "rsync-3.1.2.tar.gz"
rm -rf "rsync-3.1.2"
wget -N $URLBASE"rsync-3.1.2.tar.gz"
tar -xzvf rsync-3.1.2.tar.gz
cd rsync-3.1.2
./configure 
make -j 4
make install


wget -N $URLBASE"rsyncd.conf"
wget -N $URLBASE"rsync_pwd.ps"
cp rsyncd.conf /etc/
cp rsync_pwd.ps /etc/


echo "run:  rsync --daemon --config /etc/rsyncd.conf"
echo "防火墙请开放873"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH 




grep -v "#" redis.conf




protected-mode no


port 6379


tcp-backlog 511


timeout 0


tcp-keepalive 0


daemonize yes


supervised no


pidfile /var/run/redis.pid


loglevel notice


logfile "/tmp/redis.log"


databases 16
save 900 1
save 300 10
save 60 10000


stop-writes-on-bgsave-error yes


rdbcompression yes


rdbchecksum yes


dbfilename dump.rdb


dir /home/redis/


slave-serve-stale-data yes


slave-read-only yes


repl-diskless-sync no


repl-diskless-sync-delay 5


repl-disable-tcp-nodelay no


slave-priority 100


appendonly no


appendfilename "appendonly.aof"


appendfsync everysec


no-appendfsync-on-rewrite no


auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes


lua-time-limit 5000
slowlog-log-slower-than 10000


slowlog-max-len 128

latency-monitor-threshold 0

notify-keyspace-events ""

hash-max-ziplist-entries 512
hash-max-ziplist-value 64


list-max-ziplist-size -2


list-compress-depth 0


set-max-intset-entries 512


zset-max-ziplist-entries 128
zset-max-ziplist-value 64


hll-sparse-max-bytes 3000


activerehashing yes


client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60

hz 10

aof-rewrite-incremental-fsync yes


cat nginx_proxy.conf


user  nobody;
worker_processes  16;


#error_log  logs/error.log;
error_log  logs/error.log  notice;
#error_log  logs/error.log  info;


pid        logs/nginx.pid;




events {
    worker_connections  20000;
}




http {
    include       mime.types;
    default_type  application/octet-stream;


    log_format  main  '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';


    access_log  logs/access.log  main;




    #gzip  on;


    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 8m;
        
    sendfile on;
    tcp_nopush     on;
   
    #keepalive_timeout off;
   
    tcp_nodelay on;
   
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    chunked_transfer_encoding  off;
    server_tokens off;


    proxy_connect_timeout    5;
    proxy_read_timeout       60;
    proxy_send_timeout       5;
    proxy_buffer_size        16k;
    proxy_buffers            4 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;
    #proxy_temp_path   /usr/local/nginx/proxy_temp;
    proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=image:20m inactive=1d max_size=100m; 




        upstream bbserver{
                #server 182.53.133.11:80;
                server 182.53.133.11:80;
                server 182.53.133.11:80;
                server 182.53.133.11:80;
                server 182.53.133.11:80;
                server 182.53.133.11:80;
                keepalive 60;
        }


        upstream zhibosite{
                server   182.53.12.146:80;
                keepalive  60;
        }


        upstream bbimg2{
                server 182.53.133.11:80;
                server 182.53.133.11:80;
        }


        upstream bbimg4{
                server 182.53.133.11:80;
                server 182.53.133.11:80;
        }


        upstream live{
                server 182.53.10.11 weight=2;
                server 182.53.3.11 weight=1;
        }


    server {
        listen       80;


        #charset koi8-r;


        #access_log  logs/host.access.log  main;


        location / {
            root   html;
            index  index.html index.htm;
        }


        #error_page  404              /404.html;


        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }


        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}


        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            include        fastcgi_params;
        }


        location /server_status{
                stub_status on;
                access_log off;
                allow 18.18.16.12;
                allow 127.0.0.1;
                deny all;
                #auth_basic              "NginxStatus";
                #auth_basic_user_file conf/htpasswd;
        }


        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    server {
        listen       80;
        server_name  zhibo.haoren.com bb.haoren.com 2b.haoren.com bianbian.haoren.com bianbian.tv www.bianbian.tv;
        index  index.html index.php;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
        {
                proxy_cache image;
                proxy_cache_methods GET HEAD;
                proxy_cache_min_uses 1;
                proxy_cache_valid 200 302 5m;
                proxy_cache_valid 404 1m;
                proxy_cache_valid any 1m;
                proxy_cache_key "$host:$server_port$uri$is_args$args";


                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header NetType-WT 1;
                proxy_pass http://bbserver;
        }




        location /{
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NetType-WT 1;
        proxy_pass http://bbserver;
        }


    }


    server {
        listen       80;
        server_name  bbimg2.haoren.com;
        index  index.html index.php;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
        {
                proxy_cache image;
                proxy_cache_methods GET HEAD;
                proxy_cache_min_uses 1;
                proxy_cache_valid 200 302 5m;
                proxy_cache_valid 404 1m;
                proxy_cache_valid any 1m;
                proxy_cache_key "$host:$server_port$uri$is_args$args";


                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header NetType-WT 1;
                proxy_pass http://bbimg2;
        }




        location /{
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NetType-WT 1;
        proxy_pass http://bbimg2;
        }


    }






    server {
        listen       80;
        server_name  bbimg4.haoren.com;
        index  index.html index.php;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
        {
                proxy_cache image;
                proxy_cache_methods GET HEAD;
                proxy_cache_min_uses 1;
                proxy_cache_valid 200 302 5m;
                proxy_cache_valid 404 1m;
                proxy_cache_valid any 1m;
                proxy_cache_key "$host:$server_port$uri$is_args$args";


                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header NetType-WT 1;
                proxy_pass http://bbimg4;
        }




        location /{
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NetType-WT 1;
        proxy_pass http://bbimg4;
        }


    }


    server {
        listen       80;
        server_name  live.haorensafe.com recommend.haorensafe.com;
        index  index.html index.php;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)  
        {
                proxy_cache image;
                proxy_cache_methods GET HEAD;
                proxy_cache_min_uses 1;
                proxy_cache_valid 200 302 5m;
                proxy_cache_valid 404 1m;
                proxy_cache_valid any 1m;
                proxy_cache_key "$host:$server_port$uri$is_args$args";


                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header NetType-WT 1;
                proxy_pass http://live;
        }


        location /{
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header NetType-WT 1;
        proxy_pass http://live;
        }


    }




}

cat rsyncd.conf
pid file = /var/run/rsyncd.pid
uid = nobody
gid = nobody
max connections = 36000
log file = /var/log/rsync.log
transfer logging = yes
log format = %t %a %m %f %b
syslog facility = local3
syslog facility = local5


[test]
Path=/tmp/test
read only = false
use chroot = no
hosts allow = 18.16.10.18
uid=nobody
gid=nobody
secrets file = /etc/rsync_pwd.ps