FreeBSDServer10.0
安装FreeBSD系统:
按照[Src ]加[Doc ]安装/var分区尽量大点
安装完成设置OpenSSH允许root登录
ee/etc/ssh/sshd_config
PermitRootLoginyes
PasswordAuthenticationyes
UsePAMyes
编辑完成后,保存退出。
/etc/rc.d/sshdrestart
使用密匙对(SSH)登录
在服务器上新建用户目录下的.ssh文件夹,authorized_keys可以保存多个公钥
mkdir~/.ssh
chmod -R 600 ~/.ssh
更新porttree和源码
portsnapfetch extract
portsnapfetch update
等它完成吧ports升级完毕。
环境设置(.cshrc)
ee ~/.cshrc
#############################################################
aliasls ls -GFw
setenvPACKAGEROOT "ftp://ftp.freebsdchina.org"
setnobeep
setprompt = '%n@%/%# '
setfilec
sethistory = 1000
setsavehist = (1000 merge)
setautolist = ambiguous
setautoexpand
setautorehash
setenv
LSCOLORS ExGxFxdxCxegedabagExEx
setenv
CLICOLOR yes
#############################################################
启动优化(loader.conf)
ee /boot/loader.conf
#############################################################
autoboot_delay="0"
beastie_disable="YES"
kern.ipc.nmbclusters="32768"
kern.ipc.somaxconn="1024"
kern.maxusers="256"
kern.maxfilesperproc="16384"
#############################################################
编辑/etc/resolv.conf,确保第一条nameserver记录是127.0.0.1,这样本地DNS缓存才有效,类似如下:
ee /etc/resolv.conf
searchhengrun-gd.com
nameserver127.0.0.1
nameserver221.4.8.1
nameserver221.5.88.88
nameserver210.21.196.6
编霎/etc/rc.conf确保有如下内容
ee/etc/rc.conf
named_enable="YES"
然后执陦如下命令
/etc/rc.d/namedstart
关于pkg_add的使用
比如您安装lynx,使用pkg_add-rv lynx下载位置是从ftp.freebsd.org的ftpfetch 文件
但是你可以改变环境变量pkg_add-r从我们的ftp上fetch文件具体位置如下
bashshell
exportPACKAGEROOT="ftp://ftp.freebsd.org"
cshshell
setenvPACKAGEROOT "ftp://ftp.freebsd.org"
编辑/etc/motd文件内容。防止系统信息泄漏
echo"" > /etc/motd
ee/etc/rc.conf
#############################################################
hostname="log.hengrun-gd.com"
ifconfig_fxp0="inet10.1.9.1 netmask 255.255.255.0"
ifconfig_lo0_alias0="inet127.0.0.2 netmask 0xffffffff"
defaultrouter="10.1.9.252"
sshd_enable="YES"
#Set dumpdev to "AUTO" to enable crash dumps, "NO"to disable
dumpdev="AUTO"
#########################################
fsck_y_enable="YES"
update_motd="NO"
keyrate="fast"
#########################################
kern_securelevel_enable="YES"
kern_securelevel="-1"
#########################################
syslogd_enable="YES"
syslogd_flags="-ss"
#########################################
enable_quotas="YES"
check_quotas="YES"
#########################################
tcp_extensions="YES"
tcp_drop_synfin="YES"
icmp_drop_redirect="YES"
icmp_log_redirect="YES"
#########################################
#named_enable="YES"
#mysql_enable="YES"
#apache2_enable="YES"
#########################################
#postfix_enable="YES"
sendmail_enable="NONE"
#########################################
ee/etc/make.conf
##########################################
#added by use.perl 2010-08-02 05:10:35
#PERL_VERSION=5.12.3
##########################################
#CPUTYPE=core
WITHOUT_X11=yes
WITH_OPENSSL_PORT=yes
WITH_APACHE2=yes
WITH_MYSQL_VER=56
WITH_BDB_VER=53
WITH_DB_VER=41
WITH_OPENLDAP_VER=24
DEFAULT_PGSQL_VER=94
#MASTER_SITE_BACKUP?=\
#ftp://ftp.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/
#MASTER_SITE_OVERRIDE?=${MASTER_SITE_BACKUP}
NO_GAMES=true
NO_SENDMAIL=true
NO_BLUETOOTH=true
NO_MODULES=true
##########################################
#FETCH_CMD=/usr/local/bin/wget
#FETCH_BEFORE_ARGS=-c -t 1
#FETCH_AFTER_ARGS=
#DISABLE_SIZE=yes
########################################
#FETCH_CMD=/usr/local/bin/axel
#FETCH_BEFORE_ARGS=-a
#FETCH_AFTER_ARGS=
#DISABLE_SIZE=yes
########################################
变量 意义
WITH_APACHE2如定义此变量则使用apache2而不是系统安装的apache。
WITH_DB_VER 41、42
WITH_BDB_VERBerkeley 数据库可以取值包括 4.8,5.3, 6.1。
WITH_MYSQL_VER 指定所用MySQL的版本取值包括 51、55、56。
DEFAULT_PGSQL_VER 指定所用PGSQL的版本取值包括 84、90、91、92、、93、94。
WITH_OPENLDAP_VER 指定所用OPENLDAP的版本取值包括 24。
WITHOUT_NLS关闭国际化支持,可以节省编译时间。
WITH_OPENSSL_BASE使用基本系统中的OpenSSL版本。
WITH_OPENSSL_PORT使用从ports中安装的OpenSSL版本并覆盖系统基本系统中的OpenSSL版本。
WITHOUT_X11开启此变量、则构建不包含X支持的版本。
X_WINDOW_SYSTEM=xorg
#Currently the following CPU types are recognized:
# Intel x86 architecture:
#(AMDCPUs) opteron,athlon64, athlon-fx, k8, athlon-mp,athlen-xp, k7,geode,
#(Intel CPUs) core2,core, nocona, pentium4m, pentium4,
# AMD64 architecture: opteron,athlon64, k8, core2, nocona
强制安装
makeinstall FORCE_PKG_REGISTER="yes"
安装wget加速下载
cd/usr/ports/ftp/wget/ && make install clean
pkginstall ftp/wget
ee/etc/make.conf
##########################################
FETCH_CMD=/usr/local/bin/wget
FETCH_BEFORE_ARGS=-c -t 1
FETCH_AFTER_ARGS=
DISABLE_SIZE=yes
##########################################
安装axel加速下载
cd/usr/ports/ftp/axel/ && make install clean
ee/etc/make.conf
##########################################
FETCH_CMD=/usr/local/bin/axel
FETCH_BEFORE_ARGS=-a
FETCH_AFTER_ARGS=
DISABLE_SIZE=yes
##########################################
使用代理服务器加上
FETCH_ENV=http_proxy=http://10.1.9.12:8080
FETCH_ENV=ftp_proxy=http://10.1.9.12:8080
安装CVSUP
cd/usr/ports/net/cvsup-without-gui/ && make install clean
pkginstall net/cvsup-static
安装CVSUP速度测试
cd/usr/ports/sysutils/fastest_cvsup/ && make install clean
pkginstall sysutils/fastest_cvsup
测试速度
#fastest_cvsup -c cn
Subversionuses URLsto designate a repository, taking the form ofprotocol://hostname/path
.Mirrors may support different protocols as specified below. The firstcomponent of the path is the FreeBSD repository to access. There arethree different repositories, base
for the FreeBSD base system source code, ports
for the Ports Collection, and doc
for documentation. For example, the URLsvn://svn0.us-east.FreeBSD.org/ports/head/
specifies the main branch of the ports repository on thesvn0.us-east.FreeBSD.org
mirror, using the svn
protocol.
Acheckout from a given repository is performed with a command likethis:
#
svn checkout svn-mirror/repository/branch
lwcdir
where:
-
svn-mirror
isa URL for one of the Subversion mirror sites. -
repository
is one of the Project repositories, i.e.,base
,ports
,ordoc
. -
branch
dependson the repository used.ports
anddoc
are mostly updated in thehead
branch, whilebase
maintains the latest version of -CURRENT underhead
and the respective latest versions of the -STABLE branches understable/8
(for 8.x
),stable/9
(9.x
)andstable/10
(10.x
). -
lwcdir
isthe target directory where the contents of the specified branchshould be placed. This is usually/usr/ports
forports
,/usr/src
forbase
,and/usr/doc
fordoc
.
Thisexample checks out the Ports Collection from the western USrepository using the HTTPSprotocol, placing the local working copy in /usr/ports
.If /usr/ports
is already present but was not created by svn
,remember to rename or delete it before the checkout.
svn checkout
https://svn0.us-west.FreeBSD.org/base/stable/10/
/usr/src
svn checkout
https://svn0.us-east.FreeBSD.org/base/stable/10/
/usr/src
svn upd
ate /usr/src
系统源代码升级ADSL大概用30分髓左右即可完成。
MAKEWORLD升级操作系统和定制内核
代码升级完成后鬥先髴\隕驥新编隸系统MAKEWORLD。由于我们的系统是刚陬的干净的所以没有驍」么多髫セ鬚。霑入
cd/usr/src && make -j4 buildworld
会开始一个30分髓左右的编隸霑程如果编隸没有什么髣ョ鬚继续
cd/usr/src && make installworld
即可更新系统为最新版髫后就可以驥启机器了。
如果出了问题,我该怎么办
绝对确保您的环境没有先前build留下的残余。简单。
chflags-R noschg /usr/obj/usr
rm-rf /usr/obj/usr
cd/usr/src
makecleandir
makecleandir
不髞makecleandir 真的隕执陦两次。
然后驥新开始整个霑程使用makebuildworld 开始。
执陦驟置文件升级在此霑程中髴\隕按i以便系统执陦升级
cd/usr/src && mergemaster -i
假隶セ我们己经编写好/etc/mergemaster.rc,我们只隕把底下系统鬚隶セ的騾鬘ケ反批注就好,
ee/etc/mergemaster.rc
IGNORE_FILES='/etc/motd/etc/printcap /etc/passwd /etc/master.passwd /etc/group /etc/rc.conf/etc/make.conf /etc/profile /etc/hosts.allow /etc/hosts'
修改好后,
执陦mergemaster
#mergemaster-a
驟置文件升级完成后我们髴\隕定制内核。定制内核的必隕性我想就不必我隸エ了隸キ好好看看手册相关驛ィ分和霑个帖子
为了驟置閾ェ己的内核应将GENERIC复制为一个另外的文件。习惯上霑个文件和主机名相同。
例如我把閾ェ己的霑台Web机器命名为mail.myhost.com就把驟置文件命名为mail
在FreeBSD5.X 和以后的版本中您仍然可以騾霑下髱「的命令生成LINT文件
cd/usr/src/sys/i386/conf && make LINT
为了闃省篇幅霑个文件头上的注驥陲ォ删掉了一驛ィ分。
现在隕做的是去掉我们不髴\隕的任何隶セ备。闢濶イ陦ィ示增加灰濶イ陦ィ示陲ォ屏阡ス霑份驟置是生产服务器上的驟置文件。
ee /usr/src/sys/i386/conf/m3
髫后用eefax编霎它。我们拿一个实髯的GENERIC文件来隸エ明。
#
#fax -- FreeBSD/i386内核驟置文件
#####################################################
cpu I686_CPU
ident m1
maxusers 0
options INCLUDE_CONFIG_FILE # Include this file in kernel
optionsSCHED_ULE #ULE scheduler
optionsPREEMPTION #Enable kernel thread preemption
device npx
device crypto
device cryptodev
optionsINET #InterNETworking
options ACCEPT_FILTER_HTTP
optionsINET6 #IPv6 communications protocols
optionsSCTP #Stream Control Transmission Protocol
optionsDIRECTIO
optionsDEVICE_POLLING
optionsZERO_COPY_SOCKETS
optionsFFS #Berkeley Fast Filesystem
optionsSOFTUPDATES #Enable FFS soft updates support
optionsUFS_ACL #Support for access control lists
optionsUFS_DIRHASH #Improve performance on big directories
optionsUFS_GJOURNAL #Enable gjournal-based UFS journaling
optionsMD_ROOT #MD is a potential root device
optionsQUOTA
optionsPROCFS #Process filesystem (requires PSEUDOFS)
optionsPSEUDOFS #Pseudo-filesystem framework
optionsGEOM_PART_GPT #GUID Partition Tables.
optionsGEOM_LABEL #Provides labelization
optionsCOMPAT_43TTY #BSD 4.3 TTY compat (sgtty)
optionsCOMPAT_FREEBSD4 #Compatible with FreeBSD4
optionsCOMPAT_FREEBSD5 #Compatible with FreeBSD5
optionsCOMPAT_FREEBSD6 #Compatible with FreeBSD6
optionsCOMPAT_FREEBSD7 #Compatible with FreeBSD7
optionsSCSI_DELAY=5000 #Delay (in ms) before probing SCSI
optionsKTRACE #ktrace(1) support
optionsSTACK #stack(9) support
optionsSYSVSHM #SYSV-style shared memory
optionsSYSVMSG #SYSV-style message queues
optionsSYSVSEM #SYSV-style semaphores
optionsP1003_1B_SEMAPHORES #POSIX-style semaphores
options_KPOSIX_PRIORITY_SCHEDULING
optionsPRINTF_BUFR_SIZE=128
optionsKBD_INSTALL_CDEV #install a CDEV entry in /dev
optionsHWPMC_HOOKS
optionsAUDIT #Security event auditing
optionsMAC #TrustedBSD MAC Framework
options FLOWTABLE #per-cpu routing cache
#To make an SMP kernel, the next two lines are needed
optionsSMP #Symmetric MultiProcessor Kernel
device apic #I/O APIC
#Bus support.
device acpi
device eisa
device pci
#ATA and ATAPI devices
device ata
device atadisk #ATA disk drives
device ataraid #ATA RAID drives
device atapicd #ATAPI CDROM drives
device atapifd #ATAPI floppy drives
device atapist #ATAPI tape drives
optionsATA_STATIC_ID #Static device numbering
#SCSI Controllers
device mpt #LSI-Logic MPT-Fusion
#SCSI peripherals
device scbus #SCSI bus (required for SCSI)
#RAID controllers interfaced to the SCSI subsystem
device amr #AMI MegaRAID
#atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc #AT keyboard controller
device atkbd #AT keyboard
device psm #PS/2 mouse
device kbdmux #keyboard multiplexer
device vga #VGA video card driver
#syscons is the default console driver, resembling an SCO console
device sc
device agp #support several AGP chipsets
#Add suspend/resume support for the i8254.
device pmtimer
#Serial (COM) ports
#device sio #8250, 16[45]50 based serial ports
device uart #Generic UART driver
#Parallel port
device ppc
device ppbus #Parallel port bus (required)
device lpt #Printer
device plip #TCP/IP over parallel
device ppi #Parallel port interface device
#If you've got a "dumb" serial or parallel PCI card that is
#supported by the puc(4) glue driver, uncomment the following
#line to enable it (connects to sio, uart and/or ppc drivers):
#device puc
#PCI Ethernet NICs.
device em #Intel PRO/1000 Gigabit Ethernet Family
device igb #Intel PRO/1000 PCIE Server Gigabit Family
device ixgb #Intel PRO/10GbE Ethernet Card
#PCI Ethernet NICs that use the common MII bus controller code.
#NOTE: Be sure to keep the 'device miibus' line in order to use theseNICs!
device miibus #MII bus support
device bce #Broadcom BCM5706/BCM5708 Gigabit Ethernet
device bfe #Broadcom BCM440x 10/100 Ethernet
device bge #Broadcom BCM570xx Gigabit Ethernet
device fxp #Intel EtherExpress PRO/100B (82557, 82558)
device vge #VIA VT612x gigabit Ethernet
device vr #VIA Rhine, Rhine II
device re #RealTek 8139C+/8169/8169S/8110S
device rl #RealTek 8129/8139
#Pseudo devices.
device loop #Network loopback
device random #Entropy device
device ether #Ethernet support
device vlan #802.1Q VLAN support
device tun #Packet tunnel.
device pty #BSD-style compatibility pseudo ttys
device md #Memory "disks"
device gif #IPv6 and IPv4 tunneling
device faith #IPv6-to-IPv4 relaying (translation)
device firmware #firmware assist module
#The `bpf' device enables the Berkeley Packet Filter.
#Be aware of the administrative consequences of enabling this!
#Note that 'bpf' is required for DHCP.
device bpf #Berkeley packet filter
device carp
#PF kernel options
device pf
device pflog
device pfsync
#ALTQ kernel options will enableand additional functionality
optionsALTQ
optionsALTQ_CBQ
optionsALTQ_RED
optionsALTQ_RIO
optionsALTQ_HFSC
optionsALTQ_CDNR
optionsALTQ_PRIQ
optionsALTQ_NOPCC
optionsALTQ_DEBUG
#USB support
device uhci #UHCI PCI->USB interface
device ohci #OHCI PCI->USB interface
device ehci #EHCI PCI->USB interface (USB 2.0)
device usb #USB Bus (required)
device uhid #"Human Interface Devices"
device ukbd #USB Keyboard
device ums #Mouse
#####################################################
编霎完驟置文件是用下髱「的命令编隸、安陬内核
cd /usr/src && make buildkernel KERNCONF=m3
霑个编隸霑程大概隕20分髓编隸完先不隕着急install先备份一下旧内核以免有意外。
cd /boot && rm -R kernel.old
cd /boot && cp -R kernel kernel.old
髫后安陬内核
cd /usr/src && make installkernel KERNCONF=m3
安陬好之后可以驥启了。
服务器霓ッ件安陬
新的精简内核编隸完成之后就是安陬应用霓ッ件了。建隶ョ按照我下髱「的鬘コ序来陬。安陬霓ッ件
前建隶ョ先
ee/etc/make.conf
##########################################################
#added by use.perl 2010-08-26 21:03:20
PERL_VERSION=5.10.1
CPUTYPE=i686
WITHOUT_X11=yes
WITH_OPENSSL_PORT=yes
WITH_APACHE2=yes
WITH_MYSQL_VER=51
WITH_BDB_VER=44
WITH_OPENLDAP_VER=23
MASTER_SITE_BACKUP?=\
ftp://ftp.cn.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.pl.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp.freebsd.org/pub/FreeBSD/distfiles/${DIST_SUBDIR}/
MASTER_SITE_OVERRIDE?=${MASTER_SITE_BACKUP}
NO_GAMES=true
NO_SENDMAIL=true
NO_BLUETOOTH=true
##########################################################
FETCH_CMD=/usr/local/bin/wget
DISABLE_SIZE=yes
指定ports霓ッ件鬥先从国内下霓ス。否则所有霓ッ件从国外下霓ス有时候騾度实在是不陦。
变驥 意义
WITH_APACHE2如定义此变驥则使用apache2閠不是鮟隶、的apache。
WITH_BDB_VER霑个变驥陦ィ示所用的Berkeley数据库霓ッ件包版本可以取的值包括2、3、41、42、43、和44。
WITH_MYSQL_VER 指定所用MySQL的版本取值包括323、40、41、50。
DEFAULT_PGSQL_VER 指定所用PGSQL的版本取值包括73、74、80、81。
WITH_OPENLDAP_VER 指定所用OPENLDAP的版本取值包括22、23、24。
WITHOUT_NLS陦ィ示不髴\隕国髯化支持霑可以闃省编隸所消閠的时髣エ。鮟隶、启用国髯化支持。
WITH_OPENSSL_BASE使用基本系统中的OpenSSL版本。
WITH_OPENSSL_PORT使用从ports中安陬的OpenSSL版本并隕盖髫系统安陬的OpenSSL版本。
WITHOUT_X11开启此变驥则构建不包含 X支持的版本。
X_WINDOW_SYSTEM=xorg
系统驟置优化示例
ee/etc/sysctl.conf
#############################################################
security.bsd.see_other_uids=0
kern.ipc.maxsockbuf=8388608
kern.ipc.shm_use_phys=0
kern.ipc.shmmax=67108864
kern.ipc.shmall=32768
kern.ipc.somaxconn=8192
kern.maxfiles=65536
kern.maxfilesperproc=32768
kern.coredump=0
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
net.local.dgram.maxdgram=16384
net.local.dgram.recvspace=65536
net.inet.tcp.syncookies=1
net.inet.tcp.log_in_vain=1
net.inet.tcp.delayed_ack=0
net.inet.tcp.rfc1323=1
net.inet.tcp.rfc3042=1
net.inet.tcp.rfc3390=1
net.inet.tcp.sendspace=65535
net.inet.tcp.recvspace=65535
net.inet.tcp.drop_synfin=1
net.inet.tcp.always_keepalive=1
net.inet.tcp.msl=7500
net.inet.tcp.blackhole=2
net.inet.tcp.inflight.enable=1
net.inet.ip.redirect=0
net.inet.ip.fastforwarding=0
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=0
net.inet.icmp.icmplim=100
net.inet.icmp.icmplim_output=0
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
net.inet.udp.blackhole=1
net.inet.udp.log_in_vain=1
net.inet.udp.checksum=1
net.inet.raw.maxdgram=65536
net.inet.raw.recvspace=65536
vfs.vmiodirenable=1
#############################################################
强制安装
makeinstall FORCE_PKG_REGISTER="yes"
PORTS的更新工具
cd/usr/ports/ports-mgmt/portupgrade/ && make install clean
rehash
portupgrade-ar
全驛ィ閾ェ动下霓ス升级所有安陬的东东为最新版本包扣各种陦・丁也打上了
安陬portaudit第三方霓ッ件安全髣ョ鬚霍雕ェ工具
cd/usr/ports/ports-mgmt/portaudit/ && make install clean
rehash
/usr/local/sbin/portaudit-Fda
编霎/etc/rc.conf添加如下内容
ee /etc/rc.conf
named_enable="YES"
编霎/etc/resolv.conf确保第一条nameserver隶ー录是127.0.0.1,类似如下:
ee /etc/resolv.conf
domain hengrun-gd.com
nameserver 127.0.0.1
nameserver 221.4.66.66
nameserver 210.21.4.130
nameserver 221.4.8.1
nameserver 221.4.9.48
nameserver 210.21.196.6
然后驥启named服务
/etc/rc.d/namedstart
##################################################################
A.MYSQL41的安陬
cd /usr/ports/databases/mysql41-server
makeclean
makeBUILD_OPTIMIZED=yesBUILD_STATIC=yes WITH_XCHARSET=all install
开始下霓ス并开始安陬数据库。编隸安陬完之后驥启机器可以启动mysqld守护霑程
隶セ定开机激活
ee/etc/rc.conf
mysql_enable="YES"
cp/usr/local/share/mysql/my-small.cnf /etc/my.cnf
#此处已经确隶、不可更改
激活MySQL
/usr/local/etc/rc.d/mysql-serverstart
确隶、mysqlserver 有激活
netstat-an | grep LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp4 0 0 *.3306 *.* LISTEN
修改密码
/usr/local/bin/mysqladmin-u root password ww123456
驟置最大霑接数和IP地址的绑定
ee/etc/my.cnf
#################################################################
[mysqld]
bind_address=127.0.0.1
set-variable= max_connections=1024
#################################################################
mysqladmin-uroot -p variables
B.安陬APACHE服务器
安陬apache20
cd /usr/ports/www/apache20
makeWITH_APACHE_SUEXEC=yesAPACHE_HARD_SERVER_LIMIT=2048 APACHE_PERF_TUNING=yes install
隶セ定apache2开机閾ェ动启动
ee/etc/rc.conf
apache2_enable="YES"
apache2_flags="-DSSL"
编霎apache2驟置文件
cd/usr/local/etc/apache22&& ee httpd.conf
DirectoryIndexindex.html index.html.var index.php index.phps
AddTypeapplication/x-httpd-php .php
AddTypeapplication/x-httpd-php-source .phps
建隶ョ把Apache上的DefaultLanguage隶セ定档 mark掉霑样才不会騾 成强霑ォ使用某种编码閠无法 show出其它种类的编码。修改ApacheServer鬚隶セ显示中文方式为
DefaultLanguagezh-CN
AddDefaultCharset GB2312
创建SSL密髓・隸书
cd~
opensslgenrsa -out server.key 1024
opensslreq -new -key server.key -out server.csr
opensslx509 -req -days 365 -in /root/server.csr -signkey /root/server.key-out /root/server.crt
测隸查看它的内容
opensslrsa -noout -text -in server.key
opensslreq -noout -text -in server.csr
opensslx509 -noout -text -in server.crt
拷雍密髓・隸书到apache2的目录
mkdir/usr/local/etc/apache2/ssl.key
mkdir/usr/local/etc/apache2/ssl.crt
mkdir-m 0600 /usr/local/etc/apache2/ssl.crt
mkdir-m 0600 /usr/local/etc/apache2/ssl.csr
mkdir-m 0600 /usr/local/etc/apache2/ssl.key
cp~/server.key /usr/local/etc/apache2/ssl.key/
cp~/server.crt /usr/local/etc/apache2/ssl.crt/
chmod0600 /usr/local/etc/apache2/ssl.key
chmod0600 /usr/local/etc/apache2/ssl.crt
opensslgenrsa -des3 -out server.key 1024#把新产生的私髓・用DES3加密每次隕使用霑个私髓・时驛ス隕用霎入密码。如果你的电子隸书是用在apache等服务器中你每次启动服务器时驛ス隕霎入密码一次会髱常鮗サ烦。所以一闊ャ人驛ス会省去騾鬘ケ-des3来产生一个不陲ォ加密的私髓・只是不会髣ョ你霎入密码也不会把私髓・加密。
安陬FastCGI閼本加騾
cd/usr/ports/www/mod_fastcgi
makeWITH_APACHE2=yes install
##############################mod_fastcgi################################
LoadModulefastcgi_module libexec/apache2/mod_fastcgi.so
AddHandlerfastcgi-script fcgi fcgi fpl
##############################mod_fastcgi################################
安陬mod_security加强apache的安全性髦イsql注入有很好的效果
cd/usr/ports/www/mod_security
makeWITH_APACHE2=yes install
##############################mod_security###############################
LoadModulesecurity_module libexec/apache2/mod_security.so
<IfModulemod_security.c>
SecFilterEngineOn
SecFilterCheckURLEncodingOn
SecFilterDefaultAction"deny,log,status:500"
#SecFilterForceByteRange32 126
#SecFilterScanPOSTOn
#SecAuditLoglogs/audit_log
#####
SecFilter"\.\./"
#####
SecFilter/etc/*passwd
SecFilter/bin/*sh
#forcss attack
SecFilter"<( | )*script"
SecFilter"<(.| )+>"
#forsql attack
SecFilter"delete[ ]+from"
SecFilter"insert[ ]+into"
SecFilter"select.+from"
SecFilter"union[ ]+from"
SecFilter"drop[ ]"
</IfModule>
#################mod_security##################
安陬mod_limitipconn2实现单一IP地址霑接数髯制
cd/usr/ports/www/
makeWITH_APACHE2=yes install
编隸完成后一定隶ー得
################mod_limitipconn#################
#ExtendedStatusOn
################
LoadModulelimitipconn_module libexec/apache2/mod_limitipconn.so
<IfModulemod_limitipconn.c>
<Location/>
MaxConnPerIP3
NoIPLimitimage/*
</Location>
</IfModule>
################mod_limitipconn#################
安陬mod_dosevasive20髦イ止DDOS的攻击
cd/usr/ports/www/mod_dosevasive20
makeWITH_APACHE2=yes install
################mod_dosevasive################
LoadModuledosevasive20_module libexec/apache2/mod_dosevasive20.so
<IfModulemod_dosevasive20>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
################mod_dosevasive################
然后httpd-t检查httpd.conf看是否OK
OK一切已经完成驥启你的APACHE2就陦了
启动apache2
/usr/local/sbin/apachectlstart
/usr/local/sbin/apachectlstop
确隶、apache2有激活
ps-ax |grep http
34339 ?? Ss 0:00.04 /usr/local/sbin/httpd -k start
34340 ?? S 0:00.00 /usr/local/sbin/httpd -k start
34341 ?? S 0:00.00 /usr/local/sbin/httpd -k start
66241 p1 S+ 0:00.00 grep http
C.安陬PHP隸ュ險\
cd/usr/ports/lang/php5/ && make install clean
安陬霑程中騾择OPENSSL和MULTIBYTE多字闃支持.
cd /usr/local/etc/ && cp php.ini-development php.ini
D.安陬髴\隕的PHP扩展模块
cd/usr/ports/lang/php5-extensions && make install clean
[X]BCMATH
[X]BZ2
[X]CRACK
[X]CTYPE
[X]CURL
[X]FTP
[X] GD GD
[X]GETTEXT
[X]ICONV
[X]IMAGICK
[X]IMAP
[X]MBSTRING
[X]MCRYPT
[X] MYSQL
[X]OVERLOAD
[X] PCRE
[X] POSIX
[X] SESSION
[X] TOKENIZER
[X] XML
[X]XMLRPC
[X]ZIP
[X]ZLIB
#PHP扩展支持的模块可以参閠
ee/usr/local/etc/php/extensions.ini
驥新启动系统
reboot
测隸PHP信息
ee/usr/local/www/data/index.php
<?
phpinfo();
?>
netstat-na |grep LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp4 0 0 *.80 *.* LISTEN
tcp4 0 0 127.0.0.1.3306 *.* LISTEN
最后开个Browse查看http://192.168.0.100/index.php看php5有无激活。
E.安陬Zend:
由于版权髣ョ鬚系统不会閾ェ动下霓ス隸・霓ッ件包。髴\隕到zend的网站
(http://www.zend.com/free_download/optimizer)下霓スFreeBSD的版本放到
/usr/ports/distfiles中再霑陦安陬。
cd/usr/ports/devel/ZendOptimizer
makeinstall clean
#安陬完成后在/usr/local/etc/php.ini添加下髱「的内容。
ee/usr/local/etc/php.ini
[Zend]
zend_optimizer.optimization_level=15
zend_extension_manager.optimizer="/usr/local/lib/php/20020429/Optimizer"
zend_extension_manager.optimizer_ts="/usr/local/lib/php/20020429/Optimizer_TS"
zend_extension="/usr/local/lib/php/20020429/ZendExtensionManager.so"
zend_extension_ts="/usr/local/lib/php/20020429/ZendExtensionManager_TS.so"
F.安陬phpmyadmin
cd/usr/ports/databases/phpmyadmin
makefetch
cd/usr/ports/distfiles && ls | grep phpMyAdmin
phpMyAdmin-2.6.4-pl3.tar.bz2
tarjxvf phpMyAdmin-2.6.4-pl3.tar.bz2
mvphpMyAdmin-2.6.4-pl3 /usr/local/www/data/phpmyadmin
#驟置phpmyadmin
#打开/usr/local/www/data/phpmyadmin/config.inc.php修改
cd/usr/local/www/data/phpmyadmin && cp config.default.phpconfig.inc.php
eeconfig.inc.php
$cfg['PmaAbsoluteUri']= 'http://192.168.0.100/phpmyadmin';
$cfg['Servers'][$i]['auth_type']= 'http';
#打开http://192.168.0.100/phpmyadmin用户名为root密码为空
#注意mysql的密码为空霑去后隸キ鬩ャ上修改密码。或如下操作
mysqladmin-u root -p password 123456
#123456为你的新密码,如果你的数据库已经有密码则隕先霎入旧密码。
G.安陬Blog博客
cd/usr/ports/www/lifetype
makeinstall
****NOTE ****
Forfirst use of LifeType, remember to point your browser to
http://192.168.0.100/lifetype/wizard.php
and,remember to load your templates at
http://192.168.0.100/lifetype/admin.php?op=adminSettings
andthen click 'scanTemplates'
H.安陬phpbb隶コ坛
cd/usr/ports/www/phpbb
makeinstall
安陬phpbb中文包
cd/usr/local/www/data/phpBB2/language
tarzxvf lang_chinese_simplified.tar.gz
cd/usr/local/www/data/phpBB2/templates
tarzxvf subsilver_chinese_simplified.tar.gz
http://192.168.0.100/phpBB2/ #打开看看你的隶コ坛
以下列指令檢查IMAP/POP是否在正確的port上準備提供服務
sockstat-l4
shutdown-p now
chown–R vmail:vmail /var/tmp/extman/