配置Ubuntu10.10下的完整J2EE软件开发项目环境:过程、质量及项目管理

最新推荐文章于 2022-03-18 11:06:19 发布
最新推荐文章于 2022-03-18 11:06:19 发布
阅读量1.6k 收藏 1
点赞数
分类专栏: 开发工具 项目管理 J2EE 文章标签: ubuntu 项目管理 server authentication mysql maven
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/arn/article/details/6647496
版权

配置Ubuntu10.10下的完整J2EE软件开发项目环境:过程、质量及项目管理


近日有朋友需要J2EE相关开发项目的工具环境的配置,遂翻出以前折腾的时候整理的一篇文档发给了他。同时发现网上还有不少朋友在找这方面的资料,现将这份简单的文档贴在这里,希望对各位需要的朋友有个参考。欢迎转载,转载请注明出处。内容可能有点多,请CTRL+F查找。

————————————

Ubuntu10.10下配置Apache+SVN+Maven+Nexus+Sonar+Hudson+Redmine+Tomcat+Ant

本文所涉及的工具如下:

JDK        java-6-sun-jdk        http://www.oracle.com/technetwork/java/index.html
Mysql                            http://dev.mysql.com/
Apache2                          http://httpd.apache.org/
Subversion                       http://subversion.tigris.org/
Maven      apache-maven3         http://maven.apache.org/
Nexus      sonatype-nexus-oss    http://nexus.sonatype.org/
Sonar                            http://www.sonarsource.org/
Hudson                           http://hudson-ci.org/
Redmine                          http://www.redmine.org/
Tomcat     apache-tomcat-7       http://tomcat.apache.org/
Ant        apache-ant-1.8        http://ant.apache.org/
#Cargo                           http://cargo.codehaus.org/
OpenSSL
OpenSSH


预配置

1)如果安装的是ubuntu server版,在系统安装时选择LMAP即可
2)建议将IP地址设为固定IP
3)建议预先下载需要手动安装的包和插件

1、JDK 
$ sudo apt-get install java-6-sun-jdk
默认安装到 /usr/lib/jvm/java-6-sun-xxx(版本号)
确认jdk: 
$ java -version

2、Mysql 
$ sudo apt-get install mysql-server
也可以安装相关的mysql数据库工具,比如gui-tools、cluster-server、proxy等
1)设置mysql管理员密码 
$ mysql –u root
mysql> SET PASSWORD FOR root@localhost=PASSWORD(‘secret’);
2)utf8字符集 
$ sudo vi /etc/mysql/my.cnf
  [mysqld]
  #Set the default character set.
  default-character-set  =UTF8
  [client]
  #Set the default character set.
  default-character-set  =UTF8
mysql> show variables like "%colla%";  
mysql> show variables like "%char%";
3)远程访问 
$ sudo vi /etc/mysql/my.cnf
  [mysqld]
  #bind-address           = 127.0.0.1
mysql> GRANT ALL PRIVILEGES ON *.* TO newuser@192.168.1.111 IDENTIFIED BY 'secret'; //IP地址换成'%'表示任意地址
mysql> flush privileges;
4)忽略大小写 
$ sudo vi /etc/mysql/my.cnf
  [mysqld]
  lower_case_table_names  =1

3、Apache2 (后续详解与其它工具的整合) 
$ sudo apt-get install apache2
默认的配置文件 /etc/apache2/apache2.conf
默认的服务启动文件 /etc/init.d/apache2
安装Google Pagespeed mod

4、Subversion
1)直接从源里安装 
$ sudo apt-get install subversion
2)创建库 
$ sudo mkdir /var/svn && cd /var/svn
$ sudo svnadmin create repos && cd repos/conf
3)配置权限
配置svnserve.conf,注意每行开头不能留空格 
[general]
anon-access = read
auth-access = write
password-db = passwd
authz-db = authz
realm = IALS SVN Repository
配置passwd 
[users]
redmine = redmine
配置authz 
[groups]
dev = redmine
[repos:/]
@dev = rw
4)启动svnserve 
$ sudo svnserve -d -r /var/svn
5)将svn服务加入自启动 
$ cd /etc/rc2.d && sudo vi S88svnserve
#! /bin/sh
svnserve -d -r /var/svn
$ sudo chmod +x S88svnserve
6)导入项目 
$ sudo mkdir -p /tmp/ials/trunk tags branches
$ sudo svn import --username USERNAME -m "initial import" /tmp/ials/ svn://localhost/repos/ials
7)当提交时显示如下错误: 
  attempt to write a readonly database
则是因为/var/svn/repos/db目录中rep-cache.db,权限不是apache可写的权限,修改权限为apache可写即可: 
$ sudo chown www-data:www-data /var/svn/repos/db/rep-cache.db

5、Maven
选择Maven3
1)从http://maven.apache.org/下载apache-maven-3.0-bin.tar.gz
2)解压,将目录移动到/opt/,并建立符号链接 
$ sudo tar zxf apache-maven-3.0-bin.tar.gz .
$ sudo mv apache-maven-3.0 /opt/.
$ sudo ln -s /opt/apache-maven-3.0 /opt/maven3
3)配置环境变量 
$ sudo vi /etc/profile
在 umask 022 之前增加如下内容: 
export JAVA_HOME=/usr/lib/jvm/java-6-sun
export JRE_HOME=/usr/lib/jvm/java-6-sun/jre
export MAVEN_HOME=/opt/maven3
export MAVEN_OPTS="-Xmx512m -XX:MaxPermSize=256m"
export ANT_HOME=/opt/ant
export CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib
export PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$MAVEN_HOME/bin:$ANT_HOME/bin
4)确认 
$ mvn -v
5)安装jar到本地仓库 
$ mvn install:install-file -Dfile=yourJar -DgroupId=yourGourp -DartifactId=yourArtifact -Dversion=1.0 \
> -Dpackaging=jar -DgeneratePom=true

6、Nexus OSS
1)从官方网站http://nexus.sonatype.org/下载standalone版本,本文所用版本nexus-oss-webapp-1.8.0.1-bundle.tar.gz
2)解压,将目录移到/opt/,并建立符号链接 
$ sudo tar zxf nexus-oss-webapp-1.8.0.1-bundle.tar.gz .
$ sudo mv nexus-oss-webapp-1.8.0.1 /opt/.
$ sudo ln -s /opt/nexus-oss-webapp-1.8.0.1 /opt/nexus
3)安装为ubuntu服务
复制/opt/nexus/bin/jsw/linux-x86-32/nexus到/etc/init.d/ 
$ sudo cp /opt/nexus/bin/jsw/linux-x86-32/nexus /etc/init.d/.
$ sudo vi /etc/init.d/nexus
修改该文件如下属性字段: 
# Application
APP_NAME="nexus"
APP_LONG_NAME="Sonatype Nexus"
NEXUS_HOME=/opt/nexus
PLATFORM=linux-x86-32
# Wrapper
WRAPPER_CMD="${NEXUS_HOME}/bin/jsw/${PLATFORM}/wrapper"
WRAPPER_CONF="${NEXUS_HOME}/bin/jsw/conf/wrapper.conf"
# Location of the pid file.
PIDDIR="/var/run"
安装为系统服务 
$ sudo chmod 755 /etc/init.d/nexus
$ cd /etc/init.d
$ sudo update-rc.d nexus defaults
4)配置nexus存储库位置 
$ sudo vi /opt/nexus/conf/plexus.properties
修改如下属性值 
basedir=/opt/nexus
将默认创建存储库位置/opt/sonatype-work
也可在application-port修改默认启动端口
5)启动和停止服务 
$ sudo service nexus start/stop
默认nexus使用8081端口,直接访问http://127.0.0.1:8081/nexus 即可。默认管理员帐号登录:admin/admin123
6)安装后配置
更改管理员密码和Email地址
配置SMTP设置
开启远程索引下载:三个重要的代理仓库,中央Maven仓库,Apache快照仓库,
Codehaus快照仓库
7)配置Maven使用Nexus存储库
修改/创建~/.m2/settings.xml 
<settings>
  <mirrors>
    <mirror>
      <!--This sends everything else to /public -->
      <id>nexus</id>
      <mirrorOf>*</mirrorOf>
      <url>http://localhost:8081/nexus/content/groups/public</url>
    </mirror>
  </mirrors>
  <profiles>
    <profile>
      <id>nexus</id>
      <!--Enable snapshots for the built in central repo to direct -->
      <!--all requests to nexus via the mirror -->
      <repositories>
        <repository>
          <id>central</id>
          <url>http://central</url>
          <releases><enabled>true</enabled></releases>
          <snapshots><enabled>true</enabled></snapshots>
        </repository>
      </repositories>
     <pluginRepositories>
        <pluginRepository>
          <id>central</id>
          <url>http://central</url>
          <releases><enabled>true</enabled></releases>
          <snapshots><enabled>true</enabled></snapshots>
        </pluginRepository>
      </pluginRepositories>
    </profile>
  </profiles>
  <activeProfiles>
    <!--make the profile active all the time -->
    <activeProfile>nexus</activeProfile>
  </activeProfiles>
</settings>
也可修改Maven的全局设置/opt/maven3/conf/settings.xml
在项目中使用时,可在pom.xml中设置 
<repositories>
    <repository>
        <id>nexus</id>
        <name>local nexus</name>
        <url>http://localhost:8081/nexus/content/groups/public</url>
    </repository>
</repositories>
<pluginRepositories>
    <pluginRepository>
        <id>nexus</id>
        <name>local nexus</name>
        <url>http://localhost:8081/nexus/content/groups/public</url>
    </pluginRepository>
</pluginRepositories>
网络环境下,可在pom.xml中设置 

<repositories>
    <repository>
        <id>nexus</id>
        <name>local nexus</name>
        <url>http://[nexus host]:[nexus port]/nexus/content/groups/public</url>
    </repository>
</repositories>
<pluginRepositories>
    <pluginRepository>
        <id>nexus</id>
        <name>local nexus</name>
        <url>http://[nexus host]:[nexus port]/nexus/content/groups/public</url>
    </pluginRepository>
</pluginRepositories>
8)将第三方jar安装到Nexus存储库中,比如Oracle JDBC驱动: 
$ mvn deploy:deploy-file -DgroupId=com.oracle -DartifactId=ojdbc14 \
> -Dversion=10.2.0.3.0 -Dpackaging=jar -Dfile=ojdbc.jar \
> -Durl=http://localhost:8081/nexus/content/repositories/thirdparty \
> -DrepositoryId=thirdparty

7、Sonar
1)建立mysql数据库 
$ sudo mysql
mysql> create database sonar character set utf8;
mysql> create user 'sonar'@'localhost' identified by 'sonar';
mysql> grant all privileges on sonar.* to 'sonar'@'localhost';
mysql> flush privileges;
2)从官方网站http://www.sonarsource.org/下载最新版本,本文所用版本为sonar-2.4.1.zip
3)解压,将目录移到/opt/.,并建立符号链接 
$ sudo unzip -p sonar-2.4.1.zip
$ sudo mv sonar-2.4.1 /opt/.
$ sudo ln -s /opt/sonar-2.4.1 /opt/sonar
4)修改sonar配置文件 
$ sudo vi /opt/sonar/conf/sonar.properties
使用mysql的数据库配置,并注释掉derby的配置: 
#sonar.jdbc.url:                            jdbc:derby://localhost:1527/sonar;create=true
#sonar.jdbc.driverClassName:                org.apache.derby.jdbc.ClientDriver
#sonar.jdbc.validationQuery:                values(1)
#sonar.derby.drda.portNumber:               1527
#sonar.derby.drda.host: 0.0.0.0
sonar.jdbc.url:                            jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8
sonar.jdbc.driverClassName:                com.mysql.jdbc.Driver
sonar.jdbc.validationQuery:                select 1
5)standalone启动sonar 
$ cd /opt/sonar
$ sudo ./bin/linux-x86-32/sonar.sh start
默认sonar使用9000端口,直接访问http://127.0.0.1:9000/ 即可。默认管理员账号登录: admin/admin
6)配置Maven
修改~/.m2/settings.xml,在profiles中增加 
    <profile>
      <id>sonar</id>
      <properties>
        <sonar.jdbc.url>
          jdbc:mysql://localhost:3306/sonar?useUnicode=true&characterEncoding=utf8
        </sonar.jdbc.url>
        <sonar.jdbc.driver>com.mysql.jdbc.Driver</sonar.jdbc.driver>
        <sonar.jdbc.username>sonar</sonar.jdbc.username>
        <sonar.jdbc.password>sonar</sonar.jdbc.password>
      </properties>
    </profile>
并修改activeProfiles一段为 
  <activeProfiles>
    <!--make the profiles active all the time -->
    <activeProfile>nexus</activeProfile>
    <activeProfile>sonar</activeProfile>
  </activeProfiles>
或者修改maven的全局设置
7)安装为ubuntu服务
建立/etc/init.d/sonar 
#! /bin/sh
/usr/bin/sonar $*
并注册为自启动服务 
$ sudo ln -s /opt/sonar/bin/linux-x86-32/sonar.sh /usr/bin/sonar
$ sudo chmod 755 /etc/init.d/sonar
$ sudo update-rc.d sonar defaults
而后可启动停止服务 
$ sudo service sonar start
8)plugin安装
可从官方网站下载plugin到/opt/sonar/extensions/plugins/目录,或者登录管理员web界面安装

8、hudson (现为Jekins项目)
1)从官方网站http://hudson-ci.org/下载最新版hudson.deb
2)进行安装 
$ sudo dpkg -i hudson.deb
提示缺少daemon,修复安装 
$ sudo apt-get -f install
3)默认启动端口8080,可以指定不同的端口,比如9090 
$ sudo vi /etc/init.d/hudson
增加 
HUDSON_ARGS="-Xms256m -Xmx512m  -XX:MaxPermSize=96m --httpPort=9090 --ajp13Port=9009"
直接打开http://localhost:9090/可以访问,默认管理员帐号为空
4)hudson配置
5)安装插件 sonar、deploy等
6)集成maven、sonar、svn等

9、Redmine
1)配置mysql数据库 
create database redmine character set utf8;
create user 'redmine'@'localhost' identified by 'my_password';
grant all privileges on redmine.* to 'redmine'@'localhost';
2)从源里安装 
$ sudo apt-get install redmine
会自动安装ruby、rubygems、rake
3)配置 
$ cd /usr/local/redmine
$ sudo cp config/database.yml.example config/database.yml
$ sudo vi config/database.yml
production:
  adapter: mysql
  database: redmine
  host: localhost
  username: redmine
  password: redmine
  encoding: utf8
$ sudo gem install rails -v=2.3.5
$ sudo gem install rack -v=1.0.1
$ sudo rake generate_session_store
$ sudo RAILS_ENV=production rake db:migrate
$ sudo RAILS_ENV=production rake redmine:load_default_data
配置访问权限 
$ sudo useradd redmine -p redmine -D
$ sudo mkdir files tmp public/plugin_assets
$ sudo chown -R redmine:redmine files log tem public/plugin_assets
$ sudo chmod -R 755 files log tmp public/plugin_assets
$ sudo touch log/production.log
4)启动内置服务器 
$ sudo ruby script/server webrick -e production
默认访问地址为http://localhost:3000,默认管理员帐号:admin/admin
5)其它配置
logger配置 
$ sudo cp config/additional_environment.rb.example config/additional_environment.rb
$ sudo vi config/additional_environment.rb
#Logger.new(PATH,NUM_FILES_TO_ROTATE,FILE_SIZE)
config.logger = Logger.new(config.log_path, 2, 1000000)
config.logger.level = Logger::INFO
邮件设置 
$ sudo cp config/email.yml.example config/email.yml
$ sudo vi config/email.yml
需要验证的 
production:
  delivery_method: :smtp
  smtp_settings:
    address: smtp.example.net
    port: 25
    domain: example.net
    authentication: :login
    user_name: redmine@example.net
    password: redmine
development:
  delivery_method: :smtp
  smtp_settings:
    address: 127.0.0.1
    port: 25
    domain: example.net
    authentication: :login
    user_name: redmine@example.net
    password: redmine
使用GMail 
production:
  delivery_method: :smtp
  smtp_settings:
    tls: true
    enable_starttls_auto: true
    address: "smtp.gmail.com"
    port: '587'
    domain: "smtp.gmail.com"
    authentication: :plain
    user_name: "your_email@gmail.com"
    password: "your_password"
不需要验证的 
production:
  delivery_method: :smtp
  smtp_settings:
    address: smtp.knology.net
    port: 25
    domain: cybersprocket.com
    authentication: :none
6)备份数据库,创建脚本 
# Database
/usr/bin/mysqldump -u <username> -p<password> <redmine_database> | gzip > /path/to/backup/db/redmine_`date +%y_%m_%d`.gz
# Attachments
rsync -a /path/to/redmine/files /path/to/backup/files
7)集成hudson、svn、code review、knowledgebase、worktime、mylyn connector等 
$ sudo apt-get install git
下载插件到vendor/plugins目录 
$ sudo rake db:migrate_plugins RAILS_ENV=production

10、Apache2 HTTP配置 
$ sudo a2enmod headers
1)svn+apr+viewvc
通过WebDAV协议访问svn 
$ sudo apt-get install libapache2-svn db4.8-util viewvc-query python2.6-dev
$ sudo htpasswd -c /var/svn/repos/conf/passwd arbor
$ sudo htpasswd /var/svn/repos/conf/passwd redmine
在/etc/apache2/mods-available/dav_svn.conf中增加: 
<Location /svn>
  DAV svn
  SVNPath /var/svn/repos
  #SVNParentPath /var/svn
  AuthType Basic
  AuthName "IALS Subversion Repository"
  AuthUserFile /var/svn/repos/conf/passwd
  #<LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  #</LimitExcept>
</Location>
$ sudo service apache2 restart
viewVC的安装过程 
$ sudo vi /etc/viewvc/viewvc.conf
  svn_roots = svn: /var/svn/repos
  #root_parents = /var/svn : svn
  default_root = svn
  enable_syntax_coloration = 1
经过上述步骤即可通过http://localhost/cgi-bin/view.cgi(query.cgi)访问。
否则将/usr/lib/viewvc/cgi-bin/viewvc.cgi(query.cgi)链接到/usr/lib/cgi-bin/
并修改default site,在其中加入: 
     ScriptAlias /viewvc /usr/lib/viewvc/cgi-bin/viewvc.cgi  
     ScriptAlias /query /usr/lib/viewvc/cgi-bin/query.cgi  
     <Directory "/usr/lib/viewvc/cgi-bin">  
             AllowOverride None  
             Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch  
             Order allow,deny  
             Allow from all  
     </Directory>
可通过http://localhost/viewvc(query)访问。
2)redmine 
$ sudo gem install passenger
$ sudo passenger-install-apache2-module
$ sudo vi /etc/apache2/mods-available/passenger.load
LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-3.0.0/ext/apache2/mod_passenger.so
$ sudo vi /etc/apache2/mods-available/passenger.conf
PassengerRoot /var/lib/gems/1.8/gems/passenger-3.0.0
PassengerRuby /usr/bin/ruby1.8
(或者在/etc/apache2/apache2.conf最后添加passenger.load及passenger.conf中的内容) 
$ sudo a2enmod passenger
$ sudo ln -s /usr/local/redmine/public /var/www/redmine
$ sudo chown -R www-data:www-data /var/www
$ sudo vi /etc/apache2/sites-available/redmine
RailsEnv production
RailsBaseURI /redmine
$ sudo a2ensite redmine
$ sudo service apache2 restart
3)nexus
以下配置暂时不可用(单一服务可用) 
ProxyRequests     Off
ProxyPass /nexus http://127.0.0.1:8081/nexus
ProxyPassReverse /nexus http://127.0.0.1:8081/nexus
<proxy  http://127.0.0.1:8081/nexus>
    AllowOverride None
    Order Deny,Allow
    Allow from 192.168 127
</proxy>
4)sonar 
$ sudo a2enmod proxy_ajp
$ sudo vi /opt/sonar/conf/sonar.properties 
# Apache mod_jk connector. Supported only in standalone mode.
# Uncomment to activate AJP13 connector.
sonar.ajp13.port: 8009
$ sudo vi /etc/apache2/mods-available/proxy.conf
ProxyPass /sonar http://127.0.0.1:9000/sonar
ProxyPassReverse /sonar ajp://127.0.0.1:8009/sonar
<proxy  http://127.0.0.1:9000/sonar>
    AllowOverride None
    Order Deny,Allow
    Allow from 192.168 127
</proxy>
5)hudson 
$ sudo vi /etc/init.d/hudson
HUDSON_ARGS="-Xms256m -Xmx512m  -XX:MaxPermSize=96m --httpPort=9090 --ajp13Port=9009 --prefix=/hudson"
$ sudo vi /etc/apache2/mods-available/proxy.conf
ProxyPass /hudson ajp://127.0.0.1:9009/hudson
ProxyPassReverse /hudson ajp://127.0.0.1:9009/hudson
<proxy  ajp://127.0.0.1:9009>
    AllowOverride None
    Order Deny,Allow
    Allow from 192.168 127
</proxy>
6)tomcat

11、openssl的配置
1)Creating the Certificate Authority
(1)create an initial certificate database 

$ cd && mkdir -p myCA/signedcerts && mkdir myCA/private && cd myCA
$ echo '01' > serial && touch index.txt
(2)create an initial caconfig.cnf 
$ vi ~/myCA/caconfig.cnf
# My sample caconfig.cnf file.
#
# Default configuration to use  when one
# is not provided on the command line.
#
[ ca ]
default_ca      = local_ca
#
#
# Default location  of  directories  and
# files needed to generate certificates.
#
[ local_ca ]
dir             = /home/<username>/myCA
certificate     = $dir/cacert.pem
database        = $dir/index.txt
new_certs_dir   = $dir/signedcerts
private_key     = $dir/private/cakey.pem
serial          = $dir/serial
#
#
# Default   expiration   and  encryption
# policies for certificates.
#
default_crl_days        = 365
default_days            = 1825
default_md              = md5
#
policy          = local_ca_policy
x509_extensions = local_ca_extensions
#
#
# Default policy to use  when generating
# server   certificates.  The  following
# fields  must  be defined in the server
# certificate.
#
[ local_ca_policy ]
commonName              = supplied
stateOrProvinceName     = supplied
countryName             = supplied
emailAddress            = supplied
organizationName        = supplied
organizationalUnitName  = supplied
#
#
# x509 extensions to use when generating
# server certificates.
#
[ local_ca_extensions ]
subjectAltName          = DNS:alt.tradeshowhell.com
basicConstraints        = CA:false
nsCertType              = server
#
#
# The default root certificate
# generation policy.
#
[ req ]
default_bits    = 2048
default_keyfile = /home/<username>/myCA/private/cakey.pem
default_md      = md5
#
prompt                  = no
distinguished_name      = root_ca_distinguished_name
x509_extensions         = root_ca_extensions
#
#
# Root  Certificate  Authority   distinguished
# name.  Change these fields to match
# your local environment!
#
[ root_ca_distinguished_name ]
commonName              = MyOwn Root Certificate Authority
stateOrProvinceName     = NC
countryName             = US
emailAddress            = root@tradeshowhell.com
organizationName        = Trade Show Hell
#
[ root_ca_extensions ]
basicConstraints        = CA:true
(3)generate the Certificate Authority Root Certificate and Key 
$ export OPENSSL_CONF=~/myCA/caconfig.cnf
$ openssl req -x509 -newkey rsa:2048 -out cacert.pem -outform PEM -days 1825

2)Creating a Self-Signed Server Certificate
(1)Create the server configuration file

$ vi ~/myCA/exampleserver.cnf 
#
# exampleserver.cnf
#
[ req ]
prompt                  = no
distinguished_name      = server_distinguished_name
[ server_distinguished_name ]
commonName              = tradeshowhell.com
stateOrProvinceName     = NC
countryName             = US
emailAddress            = root@tradeshowhell.com
organizationName        = My Organization Name
organizationalUnitName  = Subunit of My Large Organization
(2)Generate the server certificate 
$ export OPENSSL_CONF=~/myCA/exampleserver.cnf
$ openssl req -newkey rsa:1024 -keyout tempkey.pem -keyform PEM -out tempreq.pem -outform PEM
(3)translate the temporary private key into an unencrypted key 
$ openssl rsa < tempkey.pem > server_key.pem
leave the key encrypted with a passphrase 
$ mv tempkey.pem server_key.pem
(4)sign the server certificate with the Certificate Authority (CA) key 
$ export OPENSSL_CONF=~/myCA/caconfig.cnf
$ openssl ca -in tempreq.pem -out server_crt.pem
(5)Remove the temporary certificate, and key files 
$ rm -f tempkey.pem && rm -f tempreq.pem
    * server_crt.pem : Server application certificate file
    * server_key.pem : Server application key file
3)Converting X.509 Certificates to PKCS#12 for Client Applications
(1)Create a single file containing both the certificate, and key 
$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
(2)convert this certificate / key combination file into the PKCS#12 certificate 
$ openssl pkcs12 -export -out mycert.pfx -in mycert.pem -name "Certificate for Whatever"
4)Configuring Apache for SSL Support
(1)Generate a Server Certificate 
$ sudo apache2-ssl-certificate
$ sudo a2enmod ssl
(2)configure SSL settings for Apache 2 
$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
$ sudo ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
$ sudo vi /etc/apache2/sites-enabled/ssl
  NameVirtualHost *:443
  <VirtualHost *:443>
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/apache.pem
$ sudo vi /etc/apache2/sites-enabled/default
  NameVirtualHost *:80
  <VirtualHost *:80>
  DocumentRoot
  Directory 
$ sudo vi /etc/apache2/ports.conf
  Listen 80
  Listen 443
$ sudo /etc/init.d/apache2 force-reload
(3)Redirecting HTTP traffic to HTTPS 
$ sudo a2enmod rewrite
$ /etc/apache2/sites-enabled/default
add the following three lines under the <VirtualHost *:80> line: 
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
$ sudo /etc/init.d/apache2 force-reload

12、OpenSSH的配置 
$ sudo apt-get install openssh-server
$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
$ sudo chmod a-w /etc/ssh/sshd_config.original
$ sudo vi /etc/ssh/sshd_config
  #LogLevel INFO
  LogLevel VERBOSE
  #LoginGraceTime 120
  LoginGraceTime 20
  #X11Forwarding yes
  X11Forwarding no
  #Banner /etc/issue.net
  Banner /etc/issue.net
$ sudo vi /etc/issue.net
***************************************************************************
NOTICE TO USERS
This computer system is the private property of its owner, whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************
进一步的配置 
  #AllowUsers 'jhendrix svaughan'
  #DenyUsers 'wgates sballmer'
  AllowGroups sshlogin
$ sudo addgroup sshlogin
$ sudo adduser xxx sshlogin
$ sudo service ssh restart
启动 sshd来监听不同的端口 
  Port 22
  Port 2222

土豆变成泥
关注
专栏目录
java 安全漏洞_安全漏洞之Java
weixin_30359591的博客
02-12 1129
https://blog.csdn.net/ru_li/article/details/799159481.跨站脚本攻击(1)Cross-Site Scripting(XSS):Reflected:jsp取值漏洞,使用c:out转义var params_rf = "";var params_rf = "";Cross-Site Scripting: Persistent、Cross-Site Sc...
ubuntuJ2EE环境配置
java_user的专栏
02-14 1767
ubuntuJ2EE环境配置ubuntuJ2EE环境配置(MyEclipse+MySQL+tomcat+jdk1.5) 一、准备工作: 1、分区: /dev/hda7 -----/home -----1G /dev/hda8 -----swap -----512M /dev/hda9 -----/ -----6G 2、系统:ubuntu7.04 安装时没有装任何服务器和java相关配置软件
安全漏洞之Java
weixin_30667649的博客
11-28 351
https://blog.csdn.net/ru_li/article/details/79915948 1.跨站脚本攻击 (1)Cross-Site Scripting(XSS):Reflected:jsp取值漏洞,使用c:out转义 var params_rf = "<c:out value='${realFlag}'/>"; var params_rf = "&...
[一天一个设计模式]-[桥接模式]
A_yes的博客
11-04 603
桥接模式和适配器模式很像,桥接模式和适配器模式用于设计的不同阶段,桥接模式用于系统的初步设计,对于存在两个独立变化维度的类可以将其分为抽象化和实现化两个角色,使它们可以分别进行变化;而在初步设计完成之后,当发现系统与已有类无法协同工作时,可以采用适配器模式。但有时候在设计初期也需要考虑适配器模式,特别是那些涉及到大量第三方应用接口的情况。 适配器模式是把一个调用者不能用的类转换成调用者可以用...
PHP代码审计(行云海CMS v3.5)
y0un9er
03-04 900
PHP代码审计(行云海CMS v3.5)任意文件 下载/读取/删除
Ubuntu10.10下嵌入式开发环境配置.doc
06-16
### Ubuntu10.10下嵌入式开发环境配置详解 #### 一、网络配置 在进行嵌入式开发之前,首先要确保Ubuntu系统的网络连接正常。对于使用锐捷网络接入方式的用户,可以通过安装`mentohust`软件来实现网络连接。 **...
ubuntu10.10下嵌入式QT开发环境搭建手记[借鉴].pdf
10-12
Ubuntu 10.10 下嵌入式 QT 开发环境搭建手记 本文档是关于在 Ubuntu 10.10 操作系统下搭建嵌入式 QT 开发环境的步骤记录。作者从头开始搭建环境,遇到了许多问题,但最终成功搭建了环境。下面是环境搭建过程中的...
ubuntu10.10下嵌入式QT开发环境搭建手记
最新发布
08-11
qt下载,ubuntu10.10下嵌入式QT开发环境搭建手记
ubuntu 10.10系统安装及vim(ROR)开发环境完整配置
03-24
在本文中,我们将深入探讨如何在Ubuntu 10.10操作系统上进行系统安装,并配置一个完整的Vim编辑器环境,以便进行Ruby on Rails(ROR)开发。Ubuntu 10.10,代号“Maverick Meerkat”,是Ubuntu的一个老版本,但依然...
Ubuntu 10.10下建立嵌入式初级开发环境.doc
06-16
在《Ubuntu 10.10下建立嵌入式初级开发环境》这一文档中,作者详细阐述了在Ubuntu 10.10操作系统下搭建一个基础的嵌入式开发环境过程,这对于初学者来说是一份宝贵的指南。下面,我们将根据文档内容,深入解析几个...
nexus3-keycloak-plugin:Sonatype Nexus插件,用于Keycloak集成
05-14
Nexus3 Keycloak插件 该插件将Keycloak领域添加到Sonatype Nexus OSS中,使您可以通过Keycloak领域用户进行身份验证并通过Keycloak领域/客户端角色或组进行授权。 它适用于Nexus 3.x和Keycloak 3.x,Keycloak 4.x,Keycloak 5.x,Keycloak 6.x,Keycloak 7.x,Keycloak 8.x,Keycloak 9.x,Keycloak 10.x,Keycloak 11 。X。 特征 支持映射Keycloak的Realm-Roles , Client-Roles和Realm-Group 。 支持映射多个Keycloak领域。 支持Keycloak单点登录(SSO):全部支持登录和注销。 警告 如果你正在使用这个插件的版本0.2.X,并希望将插件升级到0.3.X,你应该建立在Nexus3
文件包含漏洞及简单绕过
球球的博客
03-18 1184
文件包含漏洞,DVWA靶场,pikachu靶场,漏洞原理,防御与绕过
vue.cli3解决跨跨域问题Access to XMLHttpRequest at ‘http://192.168.88.228/login/Login?phone=19939306484&pass
热门推荐
wupinlong的博客
07-27 9万+
当浏览器控制台出现Access to XMLHttpRequest at ‘http://192.168.88.228/login/Login?phone=19939306484&password=111’ from origin ‘http://localhost:8080’ has been blocked by CORS policy: The value of the 'Access-Contr说明是跨域问题 一.说跨域,就要先说说‘同源策略’ 1、同源策略/SOP(Same origin
java代码审计手书(四)
一个码农的笔记
11-29 7913
翻译自:http://find-sec-bugs.github.io/bugs.htm 翻译:聂心明 外部文件访问(Android) 漏洞特征:ANDROID_EXTERNAL_FILE_ACCESS 应用经常往外部存储上写数据(可能是SD卡),这个操作可能会有多个安全问题。首先应用可以可以通过READ_EXTERNAL_STORAGE 获取SD卡上存储的文件。而且如果数据中包含用户的敏感信息的话...
国外J2ME Game开发网站论坛
聚焦游戏和图形引擎开发技术
06-06 1618
gamedev.net 论坛 Consoles, PDAs, and Cell Phones 版 http://www.gamedev.net/community/forums/forum.asp?forum_id=39gamedev.net 论坛 Java Development 版 http://www.gamedev.net/community/forums/forum.asp?forum_
J2EE文件上传与下载小结
tonytfjing的专栏
01-09 1万+
一、文件上传 上传流程: 1、jsp页面上传文件 2、后台获取文件流(原理都是一样的,实现方式有所不同。 sevelet一般用ServletFileUpload从HttpServletRequest获取; struts2会自动将文件流封装为File对象;springmvc则是MultipartFile) 3、获取输出流,在相应目录生成文件 下面结合以前做的项目,我
【常见Web应用安全问题】---6、Script source code disclosure
weixin_34128839的博客
12-22 408
Web应用程序的安全性问题依其存在的形势划分,种类繁多,这里不准备介绍所有的,只介绍常见的一些。  常见Web应用安全问题安全性问题的列表:   1、跨站脚本攻击(CSS or XSS, Cross Site Scripting)   2、SQL注入攻击(SQL injection)   3、远程命令执行(Code execution,个人觉得译成代码执行并不确...
HCIP-H12-221多选题库(1)
清冷猫
05-07 2万+
1、IS-IS协议所使用的SNAP地址主要由哪几个部分构成?A.AREA ID B.DSCPC.SYSTEM ID D.SEL 【正确答案】A,C,D 【答案解析】ISIS同时支持IP协议和CLNP协议,在每个路由器上运行的时候,都需要配置一个NET地址,该地址长度可变,由三部分组成:区域地址+系统ID+选择符。所以正确答案是“AREA ID”、“SYSTEM ID”、“SEL”。 2、下面关于OSPF报文描述正确的是?A.在ExStart状态下协商主从关系。确认主从关系之后,主路由器发送DD报文...
Can't find the the request for http://127.0.0.1:8080/... 's Observer
记录技术点点之路
10-14 1359
Can't find the the request for http://127.0.0.1:8080/... 's Observer //没有正确加载cxf和spring配置文件
Ubuntu 10.10下MTK6573开发环境:SSH与JDK配置
本文档主要介绍了在Windows XP与Ubuntu 10.10双系统环境下,为MTK6573平台搭建开发环境并解决远程桌面中文乱码问题的过程。以下是详细的步骤和配置: 1. **安装Ubuntu 10.10**: 使用DAEMON Tools的虚拟镜像工具...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值