• LNMP项目实战-Worldpress站点搭建(源码编译)


    实战环境

    OS:Ubuntu 18.04.3 LTS

    MYSQL: mysql-5.6.48.tar.gz

    PHP: php-7.4.14.tar.gz

    Nginx: nginx-1.18.0.tar.gz

    Wordpress: wordpress-5.6-zh_CN.tar.gz

    部署规划:
    192.168.56.133:Nginx php-fpm 运⾏web服务
    192.168.56.132:运⾏MySQL数据库
    
    Ubuntu安装常用软件包:
    apt install -y iproute2 ntpdate tcpdump telnet traceroute nfs-kernel-server nfs-common lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute gcc openssh-server lrzsz tree openssl libssl-dev libpcre3 libpcre3-dev zlib1g-dev ntpdate tcpdump telnet traceroute iotop unzip zip cmake libncurses5-dev
    

    1、MySQL数据库安装配置

    1.1 MySQL数据库编译安装

    # useradd mysql -s /sbin/nologin -M
    # mkdir /data/mysql/data
    # chown -R mysql.mysql /data/mysql/
    # cd /usr/local/src/
    # tar xf mysql-5.6.48.tar.gz
    # cmake . -DCMAKE_INSTALL_PREFIX=/apps/mysql-5.6.48 
    -DMYSQL_DATADIR=/data/mysql/data 
    -DMYSQL_UNIX_ADDR=/apps/mysql-5.6.48/tmp/mysql.sock 
    -DDEFAULT_CHARSET=utf8 
    -DDEFAULT_COLLATION=utf8_general_ci 
    -DWITH_EXTRA_CHARSETS=all 
    -DWITH_INNOBASE_STORAGE_ENGINE=1 
    -DWITH_FEDERATED_STORAGE_ENGINE=1 
    -DWITH_BLACKHOLE_STORAGE_ENGINE=1 
    -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1 
    -DWITH_ZLIB=bundled 
    -DWITH_SSL=system 
    -DENABLED_LOCAL_INFILE=1 
    -DWITH_EMBEDDED_SERVER=1 
    -DENABLE_DOWNLOADS=1 
    -DWITH_DEBUG=0
    # make
    # make install
    # ln -sv /apps/mysql-5.6.48 /apps/mysql
    # cd /usr/local/src/mysql-5.6.48/support-files
    # cp my-default.cnf /etc/my.cnf
    # cp mysql.server /etc/init.d/mysqld
    # mkdir /apps/mysql-5.6.48/tmp
    # chown -R mysql.mysql /apps/mysql*
    # cd /usr/local/src/mysql-5.6.48/scripts
    # cd/apps/mysql/scripts
    # ./mysql_install_db --user=mysql --basedir=/apps/mysql --datadir=/data/mysql/data
    # chmod +x /etc/init.d/mysqld 
    # /etc/init.d/mysqld start
    # cat /etc/profile.d/mysql.sh 
    export PATH=/apps/mysql/bin:$PATH
    # source /etc/profile
    
    # mysql
    Welcome to the MySQL monitor.  Commands end with ; or g.
    Your MySQL connection id is 1
    Server version: 5.6.48 Source distribution
    Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
    Oracle is a registered trademark of Oracle Corporation and/or its
    affiliates. Other names may be trademarks of their respective
    owners.
    Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | mysql              |
    | performance_schema |
    | test               |
    +--------------------+
    4 rows in set (0.01 sec)
    mysql> 
    
    

    1.2 创建数据库并授权

    mysql> create database wordpress;
    Query OK, 1 row affected (0.00 sec)
    
    mysql> grant all privileges on wordpress.* to "wordpress"@"192.168.56.%" identified by "123456";
    Query OK, 0 rows affected (0.00 sec)
    
    mysql> flush privileges;
    Query OK, 0 rows affected (0.00 sec)
    
    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | mysql              |
    | performance_schema |
    | test               |
    | wordpress          |
    +--------------------+
    5 rows in set (0.00 sec)
    mysql> 
    

    1.3 验证MySQL帐户权限

    在WordPress服务器使⽤授权的MySQL账⼾远程登录测试权限

    # mysql -uwordpress -h192.168.56.132 -p123456
    mysql: [Warning] Using a password on the command line interface can be insecure.
    Welcome to the MySQL monitor.  Commands end with ; or g.
    Your MySQL connection id is 2
    Server version: 5.6.48 Source distribution
    
    Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
    
    Oracle is a registered trademark of Oracle Corporation and/or its
    affiliates. Other names may be trademarks of their respective
    owners.
    
    Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
    
    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | test               |
    | wordpress          |
    +--------------------+
    3 rows in set (0.00 sec)
    
    mysql> 
    

    2、PHP安装配置

    2.1 php 编译安装

    # groupadd -g 2000 nginx
    # useradd -u 2000 -g 2000 www
    # apt install libbz2-dev libxml2-dev libjpeg-dev libpng-dev libfreetype6-dev libzip-dev openssl libssl-dev sqlite3 libsqlite3-dev libcurl4-openssl-dev libxslt-dev libxml2-dev -y 
    # cd /usr/local/src
    # tar xf php-7.4.14.tar.gz
    # cd php-7.4.14
    # ./configure --prefix=/apps/php --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-pear --with-curl --with-png-dir --with-freetype-dir --with-iconv --with-mhash --with-zlib --with-xmlrpc --with-xsl --with-openssl --with-mysqli --with-pdo-mysql --disable-debug --enable-zip --enable-sockets --enable-inline-optimization --enable-xml --enable-ftp --enable-exif --enable-bcmath --enable-calendar --enable-shmop --enable-dba --enable-sysvsem --enable-sysvshm --enable-sysvmsg
    # make -j 2
    # make install
    

    2.2 准备PHP配置文件

    # cd /apps/php/etc/php-fpm.d/
    # cp www.conf.default www.conf
    # cp /usr/local/src/php-7.4.14/php.ini-production /apps/php/etc/php.ini
    # grep -v ";" www.conf | grep -v "^$"
    [www]
    user = www
    group = www
    listen = 127.0.0.1:9000
    listen.allowed_clients = 127.0.0.1
    pm = dynamic
    pm.max_children = 50
    pm.start_servers = 30
    pm.min_spare_servers = 30
    pm.max_spare_servers = 30
    pm.status_path = /status
    ping.path = /ping
    ping.response = pong
    slowlog = log/$pool.log.slow
    # mkdir /apps/php/log
    # cd /apps/php/etc/
    # cp php-fpm.conf.default php-fpm.conf
    

    2.3 启动并验证PHP-FPM

    #检测语法并启动php-fpm:
    # /apps/php/sbin/php-fpm -t
    [30-Jan-2021 18:49:33] NOTICE: configuration file /apps/php/etc/php-fpm.conf test is successful
    
    #验证php-fpm:
    # /apps/php/sbin/php-fpm -c /apps/php/etc/php.ini
    
    # ps -ef|grep php-fpm
    root      78786      1  0 18:50 ?        00:00:00 php-fpm: master process (/apps/php/etc/php-fpm.conf)
    www       78787  78786  0 18:50 ?        00:00:00 php-fpm: pool www
    www       78788  78786  0 18:50 ?        00:00:00 php-fpm: pool www
    
    # netstat -nltp | grep php-fpm
    tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      78786/php-fpm: mast 
    

    2.4 php-fpm 启动服务脚本

    # cp /usr/local/src/php-7.4.14/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
    # chmod +x /etc/init.d/php-fpm
    # /etc/init.d/php-fpm start|stop|status
    

    3、Nginx安装配置

    3.1 Nginx 编译安装

    # apt install libpcre3 libpcre3-dev zlib1g-dev build-essential
    # cd /usr/local/src 
    # tar xf nginx-1.18.0.tar.gz
    # cd nginx-1.18.0/
    # ./configure --prefix=/apps/nginx 
    --user=www 
    --group=www 
    --with-http_ssl_module 
    --with-http_v2_module 
    --with-http_realip_module 
    --with-http_stub_status_module 
    --with-http_gzip_static_module 
    --with-pcre 
    --with-stream 
    --with-stream_ssl_module 
    --with-stream_realip_module
    # make
    # make install
    

    3.2 准备PHP测试页

    # mkdir /data/nginx/wordpress -p
    # vim /data/nginx/wordpress/index.php
    <?php
    phpinfo();
    ?>
    

    3.3 配置Nginx

    # grep -v "#" /apps/nginx/conf/nginx.conf | grep -v "^$"
    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        server {
            listen       80;
            server_name  localhost;
            location / {
                root   /data/nginx/wordpress;
                index  index.php index.html index.htm;
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
            location ~ .php$ {
                root           /data/nginx/wordpress;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include        fastcgi_params;
            }
        }
    }
    

    3.4 重启Nginx并访问PHP状态页

    # /apps/nginx/sbin/nginx -t
    nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
    # /apps/nginx/sbin/nginx
    

    4、部署wordpress

    4.1 部署wordpress

    # cd /data/nginx/wordpress/
    # mv index.php /opt/
    # tar xf wordpress-5.6-zh_CN.tar.gz
    # mv wordpress/* .
    # mv wordpress wordpress-5.6-zh_CN.tar.gz /opt/
    # cp wp-config-sample.php wp-config.php
    # vim wp-config.php
    // ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
    /** WordPress数据库的名称 */
    define( 'DB_NAME', 'wordpress' );
    
    /** MySQL数据库用户名 */
    define( 'DB_USER', 'wordpress' );
    
    /** MySQL数据库密码 */
    define( 'DB_PASSWORD', '123456' );
    
    /** MySQL主机 */
    define( 'DB_HOST', '192.168.51.132' );
    

    4.2 访问WEB页面

    4.3 初始化完成

    4.4 验证数据库

    4.5 登录wordpress

    4.6 后台管理界面

    4.7 前端访问页面

    5、配置自定义404页面

    # grep -v "#" /apps/nginx/conf/nginx.conf | grep -v "^$"
    user  www;
    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        server {
            listen       80;
            server_name  localhost;
            location / {
                root   /data/nginx/wordpress;
                index  index.php index.html index.htm;
            }
            error_page  404              /404.html;
            location /404.html {
                root   /apps/nginx/html;
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
            location ~ .php$ {
                try_files $uri = 404;
                root           /data/nginx/wordpress;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include        fastcgi_params;
            }
        }
    }
    
    重启nginx并访问不存在的⻚⾯进⾏测试
    

    6、配置访问日志为JSON格式

    log_format access_json '{"@timestamp":"$time_iso8601",'
    '"host":"$server_addr",'
    '"clientip":"$remote_addr",'
    '"size":$body_bytes_sent,'
    '"responsetime":$request_time,'
    '"upstreamtime":"$upstream_response_time",'
    '"upstreamhost":"$upstream_addr",'
    '"http_host":"$host",'
    '"uri":"$uri",'
    '"domain":"$host",'
    '"xff":"$http_x_forwarded_for",'
    '"referer":"$http_referer",'
    '"tcp_xff":"$proxy_protocol_addr",'
    '"http_user_agent":"$http_user_agent",'
    '"status":"$status"}';
    
    access_log /apps/nginx/logs/access_json.log access_json;
    
    在nginx.conf配置文件中配置访问日志格式为JSON格式
    重启Nginx服务并访问测试日志格式
    
    json访问日志输出格式
    root@web2:/apps/nginx/logs# tail -f access_json.log 
    {"@timestamp":"2021-01-30T22:44:56+08:00","host":"192.168.56.133","clientip":"192.168.56.1","size":20281,"responsetime":0.158,"upstreamtime":"0.156","upstreamhost":"127.0.0.1:9000","http_host":"192.168.56.133","uri":"/index.php","domain":"192.168.56.133","xff":"-","referer":"-","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36","status":"200"}
    {"@timestamp":"2021-01-30T22:45:17+08:00","host":"192.168.56.133","clientip":"192.168.56.1","size":169,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"192.168.56.133","uri":"/wp-admin","domain":"192.168.56.133","xff":"-","referer":"-","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36","status":"301"}
    {"@timestamp":"2021-01-30T22:45:17+08:00","host":"192.168.56.133","clientip":"192.168.56.1","size":5,"responsetime":0.173,"upstreamtime":"0.172","upstreamhost":"127.0.0.1:9000","http_host":"192.168.56.133","uri":"/wp-admin/index.php","domain":"192.168.56.133","xff":"-","referer":"-","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36","status":"302"}
    {"@timestamp":"2021-01-30T22:45:17+08:00","host":"192.168.56.133","clientip":"192.168.56.1","size":7830,"responsetime":0.130,"upstreamtime":"0.128","upstreamhost":"127.0.0.1:9000","http_host":"192.168.56.133","uri":"/wp-login.php","domain":"192.168.56.133","xff":"-","referer":"-","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36","status":"200"}
    {"@timestamp":"2021-01-30T22:45:17+08:00","host":"192.168.56.133","clientip":"192.168.56.1","size":59010,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"192.168.56.133","uri":"/wp-includes/css/dashicons.min.css","domain":"192.168.56.133","xff":"-","referer":"http://192.168.56.133/wp-login.php?redirect_to=http%3A%2F%2F192.168.56.133%2Fwp-admin%2F&reauth=1","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36","status":"200"}
    {"@timestamp":"2021-01-30T22:45:17+08:00","host":"192.168.56.133","clientip":"192.168.56.1","size":5845,"responsetime":0.000,"upstreamtime":"-","upstreamhost":"-","http_host":"192.168.56.133","uri":"/wp-includes/css/buttons.min.css","domain":"192.168.56.133","xff":"-","referer":"http://192.168.56.133/wp-login.php?redirect_to=http%3A%2F%2F192.168.56.133%2Fwp-admin%2F&reauth=1","tcp_xff":"-","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36","status":"200"}
    

    7、配置虚拟主机,实现https访问

    7.1 虚拟主机配置

    # nginx主配置文件
    # grep -v "#" /apps/nginx/conf/nginx.conf | grep -v "^$"
    user  www;
    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        include /apps/nginx/conf/conf.d/*.conf;
    }
    
    # 虚拟主机独立配置文件
    # vim /apps/nginx/conf/conf.d/www.slt.com.conf 
    log_format access_json '{"@timestamp":"$time_iso8601",'
                           '"host":"$server_addr",'
                           '"clientip":"$remote_addr",'
                           '"size":$body_bytes_sent,'
                           '"responsetime":$request_time,'
                           '"upstreamtime":"$upstream_response_time",'
                           '"upstreamhost":"$upstream_addr",'
                           '"http_host":"$host",'
                           '"uri":"$uri",'
                           '"domain":"$host",'
                           '"xff":"$http_x_forwarded_for",'
                           '"referer":"$http_referer",'
                           '"tcp_xff":"$proxy_protocol_addr",'
                           '"http_user_agent":"$http_user_agent",'
                           '"status":"$status"}';
    server {
            listen       80;
            server_name  www.slt.com;
            access_log /apps/nginx/logs/access_json.log access_json; 
    
            location / {
                root   /data/nginx/wordpress;
                index  index.php index.html index.htm;
            }
         
            error_page  404              /404.html;
            location /404.html {
                root   /apps/nginx/html;
            }
         
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
         
            location ~ .php$ {
                try_files $uri = 404;
                root           /data/nginx/wordpress;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include        fastcgi_params;
            }
    }
    

    7.2 测试访问(虚拟主机域名方式)

    # 测试访问机器配置HOSTS文件绑定
    C:WindowsSystem32driversetchosts
    192.168.56.133  www.slt.com
    

    7.3 https证书配置

    7.3.1 ssl 配置参数

    ssl on | off;
    #为指定的虚拟主机配置是否启⽤ssl功能,此功能在1.15.0废弃,使⽤listen [ssl]替代。
    
    ssl_certificate /path/to/file;
    #当前虚拟主机使⽤使⽤的公钥⽂件,⼀般是crt⽂件
    
    ssl_certificate_key /path/to/file;
    #当前虚拟主机使⽤的私钥⽂件,⼀般是key⽂件
    
    ssl_protocols [SSLv2] [SSLv3] [TLSv1] [TLSv1.1] [TLSv1.2];
    #⽀持ssl协议版本,早期为ssl,现在是TSL,默认为后三个
    
    ssl_session_cache off | none | [builtin[:size]] [shared:name:size];
    #配置ssl缓存
    off: 关闭缓存
    none: 通知客⼾端⽀持ssl session cache,但实际不⽀持
    builtin[:size]:使⽤OpenSSL内建缓存,为每worker进程私有
    [shared:name:size]:在各worker之间使⽤⼀个共享的缓存,需要定义⼀个缓存名称和缓存空间⼤⼩,⼀兆
    可以存储4000个会话信息,多个虚拟主机可以使⽤相同的缓存名称。
    
    ssl_session_timeout time;
    #客⼾端连接可以复⽤ssl session cache中缓存的有效时⻓,默认5m
    

    7.3.2 自签名证书

    7.3.2.1 ⾃签名CA证书
    # cd /apps/nginx
    # mkdir certs
    # cd certs
    # openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt   # 自签名CA证书
    Can't load /root/.rnd into RNG
    140475446698432:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
    Generating a RSA private key
    .......++++
    .............................................................................................++++
    writing new private key to 'ca.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:CN
    State or Province Name (full name) [Some-State]:BeiJing
    Locality Name (eg, city) []:BeiJing
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:slt.Ltd        
    Organizational Unit Name (eg, section) []:slt
    Common Name (e.g. server FQDN or YOUR name) []:slt.ca
    Email Address []:3327189673@qq.com
    
    root@web2:/apps/nginx/certs# ll
    total 16
    drwxr-xr-x  2 root root 4096 Jan 30 23:35 ./
    drwxr-xr-x 12 www  www  4096 Jan 30 23:32 ../
    -rw-r--r--  1 root root 2106 Jan 30 23:35 ca.crt
    -rw-------  1 root root 3272 Jan 30 23:33 ca.key
    
    7.3.2.2 ⾃制key和csr⽂件
    # openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.slt.com.key -out www.slt.com.csr
    Can't load /root/.rnd into RNG
    140507939316160:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
    Generating a RSA private key
    ......................................................................................................................................................................++++
    ............................................................................................................................++++
    writing new private key to 'www.slt.com.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:CN
    State or Province Name (full name) [Some-State]:BeiJing
    Locality Name (eg, city) []:BeiJing
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:slt.com
    Organizational Unit Name (eg, section) []:slt.com
    Common Name (e.g. server FQDN or YOUR name) []:www.slt.com
    Email Address []:3327189673@qq.com
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
    
    # ll
    total 24
    drwxr-xr-x  2 root root 4096 Jan 30 23:40 ./
    drwxr-xr-x 12 www  www  4096 Jan 30 23:32 ../
    -rw-r--r--  1 root root 2106 Jan 30 23:35 ca.crt
    -rw-------  1 root root 3272 Jan 30 23:33 ca.key
    -rw-r--r--  1 root root 1748 Jan 30 23:40 www.slt.com.csr
    -rw-------  1 root root 3272 Jan 30 23:39 www.slt.com.key
    
    7.3.2.3 签发证书
    # openssl x509 -req -days 3650 -in www.slt.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.slt.com.crt
    Signature ok
    subject=C = CN, ST = BeiJing, L = BeiJing, O = slt.com, OU = slt.com, CN = www.slt.com, emailAddress = 3327189673@qq.com
    Getting CA Private Key
    
    # ll
    total 32
    drwxr-xr-x  2 root root 4096 Jan 30 23:43 ./
    drwxr-xr-x 12 www  www  4096 Jan 30 23:32 ../
    -rw-r--r--  1 root root 2106 Jan 30 23:35 ca.crt
    -rw-------  1 root root 3272 Jan 30 23:33 ca.key
    -rw-r--r--  1 root root   41 Jan 30 23:43 ca.srl
    -rw-r--r--  1 root root 1996 Jan 30 23:43 www.slt.com.crt
    -rw-r--r--  1 root root 1748 Jan 30 23:40 www.slt.com.csr
    -rw-------  1 root root 3272 Jan 30 23:39 www.slt.com.key
    
    7.3.2.4 验证证书内容
    # openssl x509 -in www.slt.com.crt -noout -text
    Certificate:
        Data:
            Version: 1 (0x0)
            Serial Number:
                3f:a2:29:35:ca:fc:4a:08:aa:c4:be:ac:7f:9f:88:09:ee:79:1e:ff
            Signature Algorithm: sha256WithRSAEncryption
            Issuer: C = CN, ST = BeiJing, L = BeiJing, O = slt.Ltd, OU = slt, CN = slt.ca, emailAddress = 3327189673@qq.com
            Validity
                Not Before: Jan 30 15:43:25 2021 GMT
                Not After : Jan 28 15:43:25 2031 GMT
            Subject: C = CN, ST = BeiJing, L = BeiJing, O = slt.com, OU = slt.com, CN = www.slt.com, emailAddress = 3327189673@qq.com
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    RSA Public-Key: (4096 bit)
                    Modulus:
                        00:ba:a0:ba:77:a2:15:e0:8c:1d:b3:6c:3c:ba:c3:
                        68:5e:8a:c5:b1:b2:27:bf:d7:dc:e3:92:9c:5c:42:
                        bc:d0:26:e0:5d:e9:75:7d:82:98:e2:00:67:e0:7f:
                        88:f2:bb:8c:c8:47:2d:84:3c:a6:f1:0e:65:03:85:
                        64:ff:af:40:1b:b0:b8:4b:a0:3c:7f:47:16:60:a8:
                        50:73:c2:bc:dc:f2:cb:f0:b3:1e:cb:a4:6f:3b:cb:
                        03:2e:7d:49:6c:74:cc:5b:bb:0d:5b:ea:93:e1:dd:
                        05:35:08:e4:d0:7d:fc:d2:26:76:fe:74:21:38:45:
                        60:9d:c6:eb:8d:e2:d8:64:fd:e3:da:93:6d:b0:77:
                        63:16:f1:dc:4e:c8:c8:d2:74:84:f9:8f:dc:f4:31:
                        ff:ac:63:4a:7a:1b:16:0d:1d:33:71:69:9e:ac:be:
                        42:33:77:a6:3d:56:52:bf:a1:b7:10:c5:e1:93:c3:
                        08:33:e5:a3:f6:ee:e2:46:af:f6:c8:ca:de:20:85:
                        75:d3:fc:01:fb:84:56:84:63:96:44:41:93:3e:41:
                        3e:7b:b1:af:34:51:84:38:90:79:c5:b9:27:bb:5f:
                        2a:38:45:58:46:92:db:4c:c0:ad:c2:c9:76:68:82:
                        13:b3:4a:af:a9:71:99:6b:24:bb:31:11:f3:77:78:
                        1b:59:26:a6:cd:ad:bb:df:5f:81:e0:0e:d3:bf:1f:
                        0a:54:3c:1b:76:e5:a6:b4:7f:10:86:10:30:d2:aa:
                        2b:eb:cd:d9:d4:37:50:74:bb:26:f9:f2:7f:56:e3:
                        e4:4a:e7:77:3e:17:48:a6:cf:fb:dc:74:6e:b0:4d:
                        3e:4f:12:ba:88:5d:dd:b6:39:3b:e3:47:12:46:b6:
                        07:10:b0:c8:8e:13:7f:70:c5:2a:aa:ce:0a:bc:07:
                        b5:ca:38:7b:16:7d:cc:e6:67:8a:84:e2:6b:fc:9c:
                        bd:c7:97:8a:ce:cb:c2:32:ea:69:87:09:d4:d1:16:
                        39:8c:f0:5d:01:0c:da:56:68:7c:5a:86:9c:cf:de:
                        d4:38:4d:bf:e7:c4:b8:9c:a4:99:46:44:7e:d7:27:
                        8f:1a:48:bf:83:4d:3e:b6:d5:cf:92:e7:75:96:8d:
                        07:27:8c:b7:ea:80:dc:10:e3:69:0e:09:04:cf:ea:
                        fa:a4:e6:36:68:70:a2:d0:b2:b4:eb:da:13:39:7a:
                        e5:b4:7e:a2:a7:51:d6:79:f8:ac:b6:db:cd:9f:05:
                        8b:24:de:af:57:86:7d:f4:61:ec:18:e3:a1:b0:2f:
                        10:e9:3d:4c:9b:57:93:00:3f:a4:f0:81:79:41:b2:
                        9d:35:64:81:c1:9a:94:ad:20:e4:c4:27:4a:52:ef:
                        e5:a4:2d
                    Exponent: 65537 (0x10001)
        Signature Algorithm: sha256WithRSAEncryption
             56:44:31:14:8d:76:7e:5d:97:ac:34:00:7d:a5:33:68:14:ad:
             34:c9:ef:8c:17:76:2a:29:1a:fc:c9:28:c8:fd:ba:da:0b:f5:
             b9:ae:29:cf:1c:ac:65:c2:57:57:aa:8e:67:9d:2d:73:8f:72:
             9e:40:1c:9b:90:9a:0c:dd:7c:8a:d9:62:df:71:5f:a9:e2:40:
             ae:e2:98:cb:ac:7a:6e:c4:f9:c7:b9:4d:39:33:85:92:59:71:
             82:b3:e7:be:d7:fb:bf:5b:9e:53:4f:3e:34:2d:f6:75:1a:0a:
             34:05:7a:f3:96:9f:6b:bc:48:27:87:d1:23:da:19:0f:be:72:
             0d:71:55:42:99:90:17:70:21:4f:a3:e4:4a:ad:08:5e:75:10:
             cc:82:5d:0a:79:50:ac:47:2e:8d:7d:38:16:18:ff:78:a1:c9:
             2a:e3:04:08:9a:9f:47:a8:c9:a4:3f:8b:e9:ab:14:f2:ed:e1:
             a2:77:fc:af:7d:6b:5c:0f:59:79:92:01:60:c4:7d:dd:e9:42:
             a1:7b:48:82:82:34:51:83:6b:1b:65:0d:4c:95:24:d1:9b:5d:
             03:9e:37:bd:10:a4:86:0d:b6:f1:c9:01:e3:d1:53:85:c4:30:
             be:ae:01:ad:c2:9d:0a:61:17:11:dc:37:08:d5:be:e7:81:6a:
             1d:01:06:30:9b:c5:18:67:f7:bf:01:fb:a0:12:94:6d:b5:27:
             e9:58:7e:a6:fa:c7:4a:55:31:de:64:31:45:57:05:b0:79:2f:
             5e:34:8e:de:6d:0d:08:8b:ad:d8:2e:12:8d:86:74:92:33:9f:
             ec:71:ea:ec:63:23:1e:b7:d1:f0:48:a4:38:0c:5b:05:7f:84:
             bf:c9:eb:72:c8:81:b0:e9:56:6b:2a:47:57:c0:d5:49:fb:39:
             26:3b:26:6f:e7:19:1d:cc:38:2d:13:4f:c8:a4:ab:e6:a1:87:
             dc:d9:eb:7d:d2:85:40:a3:00:c2:97:32:b5:7c:e9:ce:78:f0:
             42:da:e1:73:7c:b2:34:52:cc:6f:7c:da:c4:48:5f:cb:1c:ac:
             d4:6e:1c:d3:84:10:67:5f:6a:af:57:09:86:46:a6:0b:6c:17:
             fb:57:90:7b:59:95:e4:38:57:d6:85:5f:bb:2a:a6:f4:45:74:
             28:00:bc:20:9b:55:96:09:9b:cc:20:35:fe:db:5e:8f:be:8b:
             68:90:70:58:f6:dd:27:44:d1:89:d6:4c:6a:c0:ff:9f:be:ef:
             f1:e5:0a:b8:51:32:75:5c:c8:38:cb:9d:ef:fb:62:af:e5:e2:
             5f:62:dd:ef:42:20:83:cc:9f:08:85:38:bf:25:a5:e6:c6:0d:
             29:17:e6:76:d9:d6:13:1c
    

    7.3.3 Nginx配置证书

    listen       80;
    listen 443 ssl;
    ssl_certificate /apps/nginx/certs/www.slt.com.crt;
    ssl_certificate_key /apps/nginx/certs/www.slt.com.key;
    ssl_session_cache shared:sslcache:20m;
    ssl_session_timeout 10m;
    重启nginx并访问验证
    

    7.3.4 https访问验证ssl证书

  • 相关阅读:
    Oracle学习笔记--Oracle启动过程归纳整理
    Oracle 11g rac开启归档
    Oracle 11g rac中关于crsctl stop cluster/crs/has的区别
    Linux环境下安装MySQL 5.7.28
    将root用户权限赋予普通用户
    用Navicat Premium 连接mysql数据库时报错 -- 1130 Host xxxx is not allowed to connect to this MySQL server
    PCoIP vs HDX (CITRIX ICA)远程访问协议对比
    systemctl
    组播查询命令
    默认路由ip default-network和ip route 0.0.0.0 0.0.0.0区别
  • 原文地址:https://www.cnblogs.com/miclesvic/p/14351597.html
Copyright © 2020-2023  润新知