在web3上搭建ecshop网上商城

主机规划

221914317.png

221914899.png

1.3.1-编译安装LAMP环境
一、准备好开发环境及软件包;
yum -y groupinstall "Development tools"
apache:
apr-1.4.6.tar.bz2
apr-util-1.5.2.tar.bz2
httpd-2.4.4.tar.bz2
rpm包:pcre-devel openssl-devel
mysql:(二进制安装包)
mysql-5.5.28-linux2.6-i686.tar.gz
php:
libmcrypt-2.5.8.tar.gz php-5.4.13.tar.bz2 xcache-3.0.1.tar.bz2
rpm包:libxml2-devel openssl-devel bzip2-devel
二、编译安装httpd-2.4.4
[root@web3 ~]# yum -y install pcre-devel openssl-devel
编译安装apr
[root@web3 ~]# tar xf apr-1.4.6.tar.bz2
[root@web3 ~]# cd apr-1.4.6
[root@web3 apr-1.4.6]# ./configure --prefix=/usr/local/apr
[root@web3 apr-1.4.6]# make && make install
编译安装apr-util
[root@web3 ~]# tar xf apr-util-1.5.2.tar.bz2
[root@web3 ~]# cd apr-util-1.5.2
[root@web3 apr-util-1.5.2]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[root@web3 apr-util-1.5.2]# make && make install
编译安装httpd
[root@web3 ~]# tar xf httpd-2.4.4.tar.bz2
[root@web3 ~]# cd httpd-2.4.4
[root@web3 httpd-2.4.4]# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-mpms-shared=most --with-mpm=event --enable-mpms-shared
[root@web3 httpd-2.4.4]# make && make install
修改httpd的主配置文件,设置其Pid文件的路径
[root@web3 ~]# echo "PidFile "/var/run/httpd.pid"" >>/etc/httpd/httpd.conf

提供SysV服务脚本 vi /etc/rc.d/init.d/httpd

[root@web3 ~]# cat /etc/rc.d/init.d/httpd
#!/bin/bash
#
# httpd        Startup script for the Apache HTTP Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server.  It is used to serve
#          HTML files and CGI.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd.pid
# Source function library.
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/httpd ]; then
        . /etc/sysconfig/httpd
fi
# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-"C"}
# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""
# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based "worker" MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache/bin/apachectl
httpd=${HTTPD-/usr/local/apache/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/var/run/httpd.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httpd}
RETVAL=0
start() {
        echo -n $"Starting $prog: "
        LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch ${lockfile}
        return $RETVAL
}
stop() {
    echo -n $"Stopping $prog: "
    killproc -p ${pidfile} -d 10 $httpd
    RETVAL=$?
    echo
    [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
    echo -n $"Reloading $prog: "
    if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
        RETVAL=$?
        echo $"not reloading due to configuration syntax error"
        failure $"not reloading $httpd due to configuration syntax error"
    else
        killproc -p ${pidfile} $httpd -HUP
        RETVAL=$?
    fi
    echo
}
# See how we were called.
case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  status)
        status -p ${pidfile} $httpd
    RETVAL=$?
    ;;
  restart)
    stop
    start
    ;;
  condrestart)
    if [ -f ${pidfile} ] ; then
        stop
        start
    fi
    ;;
  reload)
        reload
    ;;
  graceful|help|configtest|fullstatus)
    $apachectl $@
    RETVAL=$?
    ;;
  *)
    echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"
    exit 1
esac
exit $RETVAL

为脚本赋予执行权限:
chmod +x /etc/rc.d/init.d/httpd
加入服务列表:
chkconfig --add httpd
三、安装mysql-5.5.28
[root@web3 ~]# yum -y install libaio-devel
[root@web3 ~]# mkdir -pv /mydata/data
#新建用户和组
[root@web3 ~]# groupadd -r mysql
[root@web3 ~]# useradd -g mysql -r -s /sbin/nologin -M -d /mydata/data mysql
[root@web3 ~]# chown -R mysql:mysql /mydata/data
[root@web3 ~]# tar xf mysql-5.5.28-linux2.6-i686.tar.gz -C /usr/local
[root@web3 ~]# cd /usr/local/
[root@web3 local]# ln -sv mysql-5.5.28-linux2.6-i686 mysql
[root@web3 local]# cd mysql
[root@web3 mysql]# chown -R mysql:mysql .
[root@web3 mysql]# /usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/mydata/data
[root@web3 mysql]# chown -R root .
为mysql提供主配置文件:
[root@web3 mysql]# cp support-files/my-large.cnf /etc/my.cnf
修改配置文件指定数据存放目录datadir = /mydata/data


221914827.png

为mysql提供sysv服务脚本
[root@web3 mysql]# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@web3 mysql]# chmod +x /etc/rc.d/init.d/mysqld
[root@web3 mysql]# chkconfig --add mysqld
[root@web3 mysql]# chkconfig mysqld on
[root@web3 mysql]# ln -sv /usr/local/mysql/bin/mysql /bin/
[root@web3 mysql]# ln -sv /usr/local/mysql/include /usr/include/mysql
输出mysql的库文件给系统库查找路径:
[root@web3 mysql]# echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
让系统重新载入系统库:

[root@web3 mysql]# ldconfig


四、编译按装php

[root@web3 ~]#  yum -y install libxml2-devel openssl-devel bzip2-devel
[root@web3 ~]#  tar xf libmcrypt-2.5.8.tar.gz
[root@web3 ~]#  cd libmcrypt-2.5.8
[root@web3 libmcrypt-2.5.8]#  ./configure
[root@web3 libmcrypt-2.5.8]#  make && make install
[root@web3 libmcrypt-2.5.8]#  cd
[root@web3 ~]#  tar xf php-5.4.13.tar.bz2
[root@web3 ~]#  cd php-5.4.13
[root@web3 php-5.4.13]# ./configure --prefix=/usr/local/php --with-openssl  --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml  --enable-sockets --enable-fpm --with-mcrypt  --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --with-mysql=mysqlnd --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd
[root@web3 php-5.4.13]# make && make install
[root@web3 php-5.4.13]# cp php.ini-production /etc/php.ini

为php-fpm提供Sysv init脚本,并将其添加至服务列表:
[root@web3 php-5.4.13]# cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm
[root@web3 php-5.4.13]# chmod +x /etc/rc.d/init.d/php-fpm
[root@web3 php-5.4.13]# chkconfig --add php-fpm
[root@web3 php-5.4.13]# chkconfig php-fpm on
为php-fpm提供配置文件:
[root@web3 php-5.4.13]# cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
#安装xcache
[root@web3 php-5.4.13]# cd
[root@web3 ~]# tar xf xcache-3.0.1.tar.bz2
[root@web3 ~]# cd xcache-3.0.1
[root@web3 xcache-3.0.1]# /usr/local/php/bin/phpize
[root@web3 xcache-3.0.1]# ./configure --enable-xcache --with-php-config=/usr/local/php/bin/php-config
[root@web3 xcache-3.0.1]# make && make install
[root@web3 xcache-3.0.1]# mkdir /etc/php.d
[root@web3 xcache-3.0.1]# cp xcache.ini /etc/php.d
1.3.2-配置httpd安装ecshop
编辑apache配置文件httpd.conf,以apache支持php
[root@web3 ~]# vim /etc/httpd/httpd.conf
加入下面两行:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

221914915.png

搜索DirectoryIndex (约247行处)增加对php主页的支持

221914946.png

让httpd加载fastcgi模块

221914249.png

启用虚拟主机配置(去掉前面的#)

221915680.png

安装Ecshop

[root@web3 ~]#  unzip ECShop_V2.7.3_UTF8_release1106.zip
[root@web3 ~]#  mv  ECShop_V2.7.3_UTF8_release1106/upload/* /usr/local/apache/htdocs/
[root@web3 ~]# cd /usr/local/apache/htdocs/
[root@web3 htdocs]# for file in data temp cert includes images themes;do chmod -R o+w $file;done
[root@web3 htdocs]# vim /etc/httpd/extra/httpd-vhosts.conf 
清空文件并加入:
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/"
    ServerName shop.sanyu.com
    ServerAlias shop.sanyu.com
        ProxyRequests Off
        ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/$1
    <Directory "/usr/local/apache/htdocs/">
        Options none
        AllowOverride none
        Require all granted
    </Directory>
</VirtualHost>
创建数据库并赋予相应权限
[root@web3 ~]# service mysqld start
[root@web3 ~]# mysql -e "create database shop;grant all privileges on shop.* to shopdba@localhost identified by 'redhat';flush privileges"
修改时区
[root@web3 ~]# echo date.timezone = Asia/Shanghai >>/etc/php.ini
ECShop与高版本php存在兼容性问题,稍作修改
[root@web3 ~]# sed -i '/return cls_image::gd_version();/a$p = new cls_image();\nreturn $p->gd_version();' /usr/local/apache/htdocs/install/includes/lib_installer.php
[root@web3 ~]# sed -i '/return cls_image::gd_version();/d' /usr/local/apache/htdocs/install/includes/lib_installer.php
[root@web3 ~]# sed -i '418d' /usr/local/apache/htdocs/includes/cls_template.php
[root@web3 ~]# sed -i "417a\$tag_arr = explode(' ', \$tag);\n\$tag_sel = array_shift(\$tag\_arr);" /usr/local/apache/htdocs/includes/cls_template.php
重启服务
service php-fpm restart
service httpd restart

221915458.png

配置ecshop
用浏览器打开 http://shop.sanyu.com/install/index.php

221921609.png

主要配置如下:



222503574.png

搭建私有CA
cp /etc/pki/tls/openssl.cnf{,.bak}
修改openssl.cnf配置文件
[root@web3 ~]# vim /etc/pki/tls/openssl.cnf

221921713.png






为CA生成私钥
[root@web3 ~]# (umask 077 ;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
[root@web3 ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem

221922469.png

[root@web3 ~]# mkdir /etc/pki/CA/{certs,newcerts,crl}
[root@web3 ~]# touch /etc/pki/CA/index.txt
[root@web3 ~]# echo 01 >> /etc/pki/CA/serial


1.3.4-配置基于openssl的https
[root@web3 ~]# cd /tmp
生成私钥
[root@web3 tmp]# (umask 077;openssl genrsa -out httpd.key 1024)
生成证书申请请求
[root@web3 tmp]# openssl req -new -key httpd.key -out httpd.csr

221922475.png

签署证书
[root@web3 tmp]# openssl ca -in httpd.csr -out httpd.crt -days 365

221922160.png

[root@web3 tmp]# cp httpd.crt /etc/httpd/server.crt
[root@web3 tmp]# cp httpd.key /etc/httpd/server.key
[root@web3 tmp]# rm /tmp/httpd*

配置ssl虚拟主机
修改http.conf加载ssl模块,启用httpd-ssl.conf文件:
[root@web3 ~]# vim /etc/httpd/httpd.conf

221922543.png

cp /etc/httpd/extra/httpd-ssl.conf{,.bak}
定义ssl虚拟主机
[root@web3 ~]# vim /etc/httpd/extra/httpd-ssl.conf

221922878.png

重启httpd服务
service httpd restart
测试:

221923472.png

221924455.png



上述过程脚本化:

#!/bin/bash
read -p "源码包所在目录:" BASEDIR
cd $BASEDIR
yum -y groupinstall  "Development tools"
#=============================
#编译按装httpd
#=============================
yum  -y install pcre-devel openssl-devel
#编译安装apr
tar xf apr-1.4.6.tar.bz2
cd apr-1.4.6
./configure --prefix=/usr/local/apr
make && make install
cd $BASEDIR
#编译安装apr-util
tar xf apr-util-1.5.2.tar.bz2
cd apr-util-1.5.2
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make && make install
cd $BASEDIR
#编译安装httpd
tar xf httpd-2.4.4.tar.bz2
cd httpd-2.4.4
./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-mpms-shared=most --with-mpm=event --enable-mpms-shared
make && make install
cd $BASEDIR
#修改httpd的主配置文件,设置其Pid文件的路径
echo "PidFile  "/var/run/httpd.pid"" >>/etc/httpd/httpd.conf
#提供SysV服务脚本/etc/rc.d/init.d/httpd
cat >/etc/rc.d/init.d/httpd <<END
#!/bin/bash
#
# httpd        Startup script for the Apache HTTP Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server.  It is used to serve
#          HTML files and CGI.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd.pid
# Source function library.
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/httpd ]; then
        . /etc/sysconfig/httpd
fi
# Start httpd in the C locale by default.
HTTPD_LANG=\${HTTPD_LANG-"C"}
# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""
# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based "worker" MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/local/apache/bin/apachectl
httpd=\${HTTPD-/usr/local/apache/bin/httpd}
prog=httpd
pidfile=\${PIDFILE-/var/run/httpd.pid}
lockfile=\${LOCKFILE-/var/lock/subsys/httpd}
RETVAL=0
start() {
        echo -n \$"Starting \$prog: "
        LANG=\$HTTPD_LANG daemon --pidfile=\${pidfile} \$httpd \$OPTIONS
        RETVAL=\$?
        echo
        [ \$RETVAL = 0 ] && touch \${lockfile}
        return \$RETVAL
}
stop() {
    echo -n \$"Stopping \$prog: "
    killproc -p \${pidfile} -d 10 \$httpd
    RETVAL=\$?
    echo
    [ \$RETVAL = 0 ] && rm -f \${lockfile} \${pidfile}
}
reload() {
    echo -n \$"Reloading \$prog: "
    if ! LANG=\$HTTPD_LANG \$httpd \$OPTIONS -t >&/dev/null; then
        RETVAL=\$?
        echo \$"not reloading due to configuration syntax error"
        failure \$"not reloading \$httpd due to configuration syntax error"
    else
        killproc -p \${pidfile} \$httpd -HUP
        RETVAL=\$?
    fi
    echo
}
# See how we were called.
case "\$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  status)
        status -p \${pidfile} \$httpd
    RETVAL=\$?
    ;;
  restart)
    stop
    start
    ;;
  condrestart)
    if [ -f \${pidfile} ] ; then
        stop
        start
    fi
    ;;
  reload)
        reload
    ;;
  graceful|help|configtest|fullstatus)
    \$apachectl \$@
    RETVAL=\$?
    ;;
  *)
    echo \$"Usage: \$prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"
    exit 1
esac
exit \$RETVAL
END
#为此脚本赋予执行权限:
chmod +x /etc/rc.d/init.d/httpd
#加入服务列表:
chkconfig --add httpd
#====================
#安装mysql-5.5.28
#====================
yum -y install libaio-devel
mkdir -pv /mydata/data
#新建用户和组
groupadd -r mysql
useradd -g mysql -r -s /sbin/nologin -M -d /mydata/data mysql
chown -R mysql:mysql /mydata/data
cd $BASEDIR
tar xf mysql-5.5.28-linux2.6-i686.tar.gz -C /usr/local
cd /usr/local/
ln -sv mysql-5.5.28-linux2.6-i686  mysql
cd mysql
chown -R mysql:mysql  .
/usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/mydata/data
chown -R root  .
#为mysql提供主配置文件:
cd /usr/local/mysql
sed '/skip-external-locking/adatadir = /mydata/data/' support-files/my-large.cnf > /etc/my.cnf
CORE=`grep 'processor' /proc/cpuinfo  | wc -l`
sed -i "s/thread_concurrency.*/thread_concurrency = $[${CORE}*2]/g" /etc/my.cnf
#为mysql提供sysv服务脚本
cd /usr/local/mysql
cp support-files/mysql.server  /etc/rc.d/init.d/mysqld
chmod +x /etc/rc.d/init.d/mysqld
chkconfig --add mysqld
chkconfig mysqld on
ln -sv /usr/local/mysql/bin/mysql /bin/
ln -sv /usr/local/mysql/include  /usr/include/mysql
#输出mysql的库文件给系统库查找路径:
echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
#让系统重新载入系统库:
ldconfig
#=============================
#编译按装php
#=============================
cd $BASEDIR
yum -y install libxml2-devel openssl-devel bzip2-devel
tar xf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make && make install
cd $BASEDIR
tar xf php-5.4.13.tar.bz2
cd php-5.4.13
./configure --prefix=/usr/local/php --with-openssl  --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml  --enable-sockets --enable-fpm --with-mcrypt  --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --with-mysql=mysqlnd --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd
make && make install
cp php.ini-production /etc/php.ini
#为php-fpm提供Sysv init脚本,并将其添加至服务列表:
cp sapi/fpm/init.d.php-fpm  /etc/rc.d/init.d/php-fpm
chmod +x /etc/rc.d/init.d/php-fpm
chkconfig --add php-fpm
chkconfig php-fpm on
#为php-fpm提供配置文件:
cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
#安装xcache
cd $BASEDIR
tar xf xcache-3.0.1.tar.bz2
cd xcache-3.0.1
/usr/local/php/bin/phpize
./configure --enable-xcache --with-php-config=/usr/local/php/bin/php-config
make && make install
mkdir /etc/php.d
cp xcache.ini /etc/php.d
#=================
#配置
#=================
#编辑apache配置文件httpd.conf,以apache支持php
sed -i /AddType.*tgz/aAddType\ application/x-httpd-php-source\ .phps  /etc/httpd/httpd.conf
sed -i /AddType.*tgz/aAddType\ application/x-httpd-php\ .php  /etc/httpd/httpd.conf
sed -i 's/DirectoryIndex index.html/DirectoryIndex  index.php  index.html/g' /etc/httpd/httpd.conf
#httpd加载fastcgi模块
sed -i 's/#LoadModule proxy_module modules\/mod_proxy.so/LoadModule proxy_module modules\/mod_proxy.so/' /etc/httpd/httpd.conf
sed -i 's/#LoadModule proxy_fcgi_module modules\/mod_proxy_fcgi.so/LoadModule proxy_fcgi_module modules\/mod_proxy_fcgi.so/' /etc/httpd/httpd.conf
sed -i 's/#Include \/etc\/httpd\/extra\/httpd-vhosts.conf/Include \/etc\/httpd\/extra\/httpd-vhosts.conf/' /etc/httpd/httpd.conf
#安装Ecshop
cd $BASEDIR
unzip ECShop_V2.7.3_UTF8_release1106.zip
mv  ECShop_V2.7.3_UTF8_release1106/upload/* /usr/local/apache/htdocs/
cd /usr/local/apache/htdocs/
for file in data temp cert includes images themes;do chmod -R o+w $file;done
cat >/etc/httpd/extra/httpd-vhosts.conf <<END
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/"
    ServerName shop.sanyu.com
    ServerAlias shop.sanyu.com
    ProxyRequests Off
    ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/\$1
    <Directory "/usr/local/apache/htdocs/">
        Options none
        AllowOverride none
        Require all granted
    </Directory>
</VirtualHost>
END
mysql -e "create database shop;grant all privileges on shop.* to shopdba@localhost identified by 'redhat';flush privileges"
echo date.timezone = Asia/Shanghai >>/etc/php.ini
service php-fpm restart
sed -i '/return cls_image::gd_version();/a$p = new cls_image();\nreturn $p->gd_version();' /usr/local/apache/htdocs/install/includes/lib_installer.php
sed -i '/return cls_image::gd_version();/d' /usr/local/apache/htdocs/install/includes/lib_installer.php
sed -i '418d' /usr/local/apache/htdocs/includes/cls_template.php
sed -i "417a\$tag_arr = explode(' ', \$tag);\n\$tag_sel = array_shift(\$tag\_arr);" /usr/local/apache/htdocs/includes/cls_template.php
sed -i "s/\$ext = end(explode('.', \$tmp));/\$extsub=explode('.', \$tmp);\$tmp=end(\$extsub);/" /usr/local/apache/htdocs/includes/lib_main.php
#======================
#创建私有CA
#======================
cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf.bak
#修改openssl.cnf配置文件
sed -i "s/countryName_default.*XX/countryName_default\t\t= CN/g" /etc/pki/tls/openssl.cnf
sed -i "s/#stateOrProvinceName_default.*Province/stateOrProvinceName_default\t= shanghai/g" /etc/pki/tls/openssl.cnf
sed -i "s/localityName_default.*City/localityName_default\t= shanghai/g" /etc/pki/tls/openssl.cnf
sed -i "s/0.organizationName_default.*/0.organizationName_default\t= SanYu/g" /etc/pki/tls/openssl.cnf
sed -i "s/#organizationalUnitName_default.*=/organizationalUnitName_default\t= Tech/g" /etc/pki/tls/openssl.cnf
#为CA生成私钥
(umask 077 ;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
sleep 5
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem
mkdir /etc/pki/CA/{certs,newcerts,crl}
touch /etc/pki/CA/index.txt
touch /etc/pki/CA/serial
echo 01 >> /etc/pki/CA/serial
#申请证书
cd /tmp
(umask 077;openssl genrsa -out httpd.key 1024)
sleep 3
openssl req -new -key httpd.key -out httpd.csr
openssl ca -in httpd.csr -out httpd.crt -days 365
cp httpd.crt /etc/httpd/server.crt
cp httpd.key /etc/httpd/server.key
rm /tmp/httpd*
#配置ssl虚拟主机
cp /etc/httpd/extra/httpd-ssl.conf{,.bak}
sed -i 's/www.example.com/shop.sanyu.com/' /etc/httpd/extra/httpd-ssl.conf
sed -i 's/ServerAdmin [email protected]/ServerAdmin [email protected]/' /etc/httpd/extra/httpd-ssl.conf
sed -i '/ServerAdmin [email protected]/aProxyRequests Off\nProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/$1' /etc/httpd/extra/httpd-ssl.conf
sed -i 's/#LoadModule ssl_module modules\/mod_ssl.so/LoadModule ssl_module modules\/mod_ssl.so/' /etc/pki/tls/openssl.cnf
sed -i 's/#Include \/etc\/httpd\/extra\/httpd-ssl.conf/Include \/etc\/httpd\/extra\/httpd-ssl.conf/' /etc/httpd/httpd.conf
sed -i 's/#LoadModule ssl_module modules\/mod_ssl.so/LoadModule ssl_module modules\/mod_ssl.so/' /etc/httpd/httpd.conf
sed -i 's/#LoadModule socache_shmcb_module modules\/mod_socache_shmcb.so/LoadModule socache_shmcb_module modules\/mod_socache_shmcb.so/' /etc/httpd/httpd.conf
service httpd restart


你可能感兴趣的:(二进制,开发,ecshop,软件包,网上商城)