一,首先搞定防火墙,

mkdir -p /usr/local/virus/iptables
cd /usr/local/virus/iptables

vim iptables.rule

#!/bin/bash

EXTIF="eth0"
export EXTIF

echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "1" > $i
done
for i in /proc/sys/net/ipv4/conf/*/log_martians; do
echo "1" > $i
done
for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo "0" > $i
done
for i in /proc/sys/net/ipv4/conf/*/accept_redirects; do
echo "0" > $i
done
for i in /proc/sys/net/ipv4/conf/*/send_redirects; do
echo "0" > $i
done

PATH=/sbin:/usr/sbin:/bin:/usr/bin; export PATH
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT

if [ -f /usr/local/virus/iptables/iptables.deny ]; then
sh /usr/local/virus/iptables/iptables.deny
fi
if [ -f /usr/local/virus/iptables/iptables.allow ]; then
sh /usr/local/virus/iptables/iptables.allow
fi
if [ -f /usr/local/virus/httpd-err/iptables.http ]; then
sh /usr/local/virus/httpd-err/iptables.http
fi
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

AICMP="0 3 3/4 4 11 12 14 16 18"
for tyicmp in $AICMP
do
iptables -A INPUT -i $EXTIF -p icmp --icmp-type $tyicmp -j ACCEPT
done

iptables -A INPUT -p TCP -i $EXTIF --dport 22 -j ACCEPT # SSH
# iptables -A INPUT -p TCP -i $EXTIF --dport 25 -j ACCEPT # SMTP
# iptables -A INPUT -p UDP -i $EXTIF --sport 53 -j ACCEPT # DNS
# iptables -A INPUT -p TCP -i $EXTIF --sport 53 -j ACCEPT # DNS
iptables -A INPUT -p TCP -i $EXTIF --dport 80 -j ACCEPT # WWW
# iptables -A INPUT -p TCP -i $EXTIF --dport 110 -j ACCEPT # POP3
# iptables -A INPUT -p TCP -i $EXTIF --dport 443 -j ACCEPT # HTTPS

vim iptables.allow

#!/bin/bash
# iptables -A INPUT -i $EXTIF -s xxx.xxx.xxx.xxx -j ACCEPT

vim iptables.deny

#!/bin/bash
# iptables -A INPUT -i $EXTIF -s xxx.xxx.xxx.xxx -j DROP

我选择手动启动iptables:

chmod 700 /usr/local/virus/iptables/iptables.* #设置权限
/usr/local/virus/iptables/iptables.rule #开启防火墙

二,安装其他一些依赖库,因为我的系统没有安装任何东西,,所以先升级一下库,GCC之类的东西

yum -y install patch make gcc gcc-c++ autoconf libjpeg libjpeg-devel
libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib
zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel
ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5
krb5-devel libidn libidn-devel openssl openssl-devel readline-devel

三,下载ruby,并安装
突然发现服务器上没有装wget,我…!

yum install wget
#下载ruby 1.8.7-p72.tar.gz和MBARIp72patches.tar.gz(没有下载)
wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz
tar zxvf ruby-1.8.7-p72.tar.gz
cd ruby-1.8.7-p72
./configure --prefix=/usr/local/system/ruby-1.8.7-p72
make && make install

编辑/etc/profile,加入

export RUBY_HOME=/usr/local/system/ruby-1.8.7-p72
PATH=$RUBY_HOME/bin:$PATH

执行source /etc/profile,并使用ruby -v进行验证ruby是否安装好.

下载rubygems-1.3.4.tgz 并安装

tar zxvf rubygems-1.3.4.tgz
cd rubygems-1.3.4
ruby setup.rb
如果有下面的错误:
/usr/local/lib/ruby1.8.7/lib/ruby/1.8/openssl/ssl.rb:26: uninitialized constant
 OpenSSL::SSL::VERIFY_PEER (NameError)
        from /usr/local/lib/ruby1.8.7/lib/ruby/1.8/openssl.rb:23:in `require'
        from /usr/local/lib/ruby1.8.7/lib/ruby/1.8/openssl.rb:23
这是ruby1.8.7的一个bug
牛人已经给我们提交了ticket

It's caused by recursive require.  There must be TRUE reason behind
why recursive require happens, e.g. RUBYOPT environment variable, but
the following patch stops recursive calls.  Could you see if the patch
works?

                                                        matz.

diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c
index 5bb55af..eac6541 100644
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@@ -233,7 +233,6 @@ ossl_digest_block_length(VALUE self)
 void
 Init_ossl_digest()
 {
-    rb_require("openssl");
     rb_require("digest");
 
 #if 0 /* let rdoc know about mOSSL */

然后重新编译安装ruby,
很简单!!
gem -v #查看gem版本

三,安装ruby-ext:zilb,readline或者openssl #也许可以忽略下面三点
1,ruby-zlib
由于开始时候我们已经yum install zlib zlib-devel了

cd ruby-1.8.7-p72/ext/zlib
ruby extconf.rb --with-zlib-include=/usr/include --with-zlib-lib=/usr/lib
make && make install 如果出错,可能需要进行yum install zlib-devel
#结果出错信息如下:
make: Nothing to be done for `all'.
/usr/bin/install -c -m 0755 zlib.so /usr/local/system/ruby-1.8.7-
p72/lib/ruby/site_ruby/1.8/i686-linux
/usr/bin/install: cannot stat `zlib.so': No such file or directory
make: *** [/usr/local/system/ruby-1.8.7-p72/lib/ruby/site_ruby/1.8/
i686-linux/zlib.so] Error 1
#这种方法可能在centos下不好使,这个可能是因为动态链接库找不到
#在这里我们采用下面的方法来安装ruby的zlib支持:
wget http://www.blue.sky.or.jp/atelier/ruby/ruby-zlib-0.6.0.tar.gz
tar zxvf ruby-zlib-0.6.0.tar.gz
cd ruby-zlib-0.6.0
ruby extconf.rb
make && make install

or

apt-get install zlib1g-dev(ubuntu) then back to ext/zlib ruby extconf.rb make && make install

2,readline

cd ruby-1.8.7-p72/ext/readline #可能需要进行yum install readline-devel
ruby extconf.rb
make && make install
进入到
irb,
irb(main):001:0> require 'readline'
irb(main):004:0> Readline::readline('> ')
> djkjsdf
=> "djkjsdf" #成功

3,openssl

cd ruby-1.8.7-p72/ext/openssl
ruby extconf.rb
make && make install
#结果报错如下:
make: Nothing to be done for `all'.
/usr/bin/install -c -m 0755 openssl.so /usr/local/system/ruby-1.8.7-
p72/lib/ruby/site_ruby/1.8/i686-linux
/usr/bin/install: cannot stat `openssl.so': No such file or directory
make: *** [/usr/local/system/ruby-1.8.7-p72/lib/ruby/site_ruby/
1.8/i686-linux/openssl.so] Error 1

同样是动态链接库找不到,但是进入到irb,require ‘openssl’ 返回true,
说明openssl已经安装成功了,不必重新编译安装了

#for detail to : http://netfork.javaeye.com/blog/432928
#no such file to load — openssl (RuntimeError)终极解决

四,安装各式各样的gem

gem source -a http://gems.github.com
gem install rails --version "2.3.4" --no-rdoc --no-ri
gem install rspec

五,安装apache

yum install httpd mod_ssl
/etc/init.d/httpd start #启动httpd
#这个时候,访问网站就可以看到apache的欢迎页面了
/sbin/chkconfig httpd on #让httpd随开机启动
/sbin/chkconfig --list httpd #查看httpd开机启动情况,输出如下:
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

五(1), 源代码编译安装apache

[root@li96-10 httpd-2.2.14]# wget http://apache.freelamp.com/httpd/httpd-2.2.14.tar.gz
[root@li96-10 httpd-2.2.14]# tar zxvf httpd-2.2.14.tar.gz
[root@li96-10 httpd-2.2.14]# cd httpd-2.2.14
[root@li96-10 httpd-2.2.14]# ./configure --prefix=/usr/local/system/httpd
[root@li96-10 httpd-2.2.14]# make
[root@li96-10 httpd-2.2.14]# make install
[root@li96-10 httpd-2.2.14]# cp /usr/local/system/httpd/bin/apachectl /etc/init.d/httpd
[root@li96-10 httpd-2.2.14]# vim /etc/profile #加入下面这行
export PATH=$PATH:/usr/local/system/httpd/bin
[root@li96-10 httpd-2.2.14]# vim /usr/local/system/httpd/conf/httpd.conf
#这个是httpd的配置文件啊
[root@li96-10 httpd-2.2.14]# netstat -tulnp | grep :80
tcp        0      0 :::80         :::*           LISTEN      16952/httpd

有一个问题:编译的httpd不支持chkconfig,下面是解决办法:

[root@li96-10 ~]# vim /etc/init.d/httpd #在第二行加入以下内容:
# Comments to support chkconfig on Centos
# chkconfig:3 92 10
# description:http server
[root@li96-10 ~]# chkconfig --add httpd
[root@li96-10 ~]# chkconfig --level 3 httpd on
[root@li96-10 ~]# chkconfig --list #这样就可以查看到httpd了

真是无奈!

六,安装Phusion's Passenger (mod_rails)
--- LinuxShell
gem update #没必要吧?
gem install passenger
passenger-install-apache2-module #然后安装Apache2 module,按照指示往下装就行了

Welcome to the Phusion Passenger Apache 2 module installer, v2.2.8.

This installer will guide you through the entire installation process. It
shouldn't take more than 3 minutes in total.

Here's what you can expect from the installation process:

1. The Apache 2 module will be installed for you.
2. You'll learn how to configure Apache.
3. You'll learn how to deploy a Ruby on Rails application.

Don't worry if anything goes wrong. This installer will advise you on how to
solve any problems.

Press Enter to continue, or Ctrl-C to abort.

+++++++++++++++++++++++++++++++++++++++

Checking for required software...

* GNU C++ compiler... found at /usr/bin/g++
* Ruby development headers... found
* OpenSSL support for Ruby... found
* RubyGems... found
* Rake... found at /usr/local/system/ruby-1.8.7-p72/bin/rake
* rack... found
* Apache 2... found at /usr/sbin/httpd
* Apache 2 development headers... not found
* Apache Portable Runtime (APR) development headers... not found
* Apache Portable Runtime Utility (APU) development headers... not found

Some required software is not installed.
But don't worry, this installer will tell you how to install them.

Press Enter to continue, or Ctrl-C to abort.

++++++++++++++++++++++++++++++++++++++++++++++

Installation instructions for required software

* To install Apache 2 development headers:
Please run yum install httpd-devel as root.

* To install Apache Portable Runtime (APR) development headers:
Please run yum install apr-devel as root.

* To install Apache Portable Runtime Utility (APU) development headers:
Please download it from http://httpd.apache.org/
(APR Utility is an integrated part of Apache.)

If the aforementioned instructions didn't solve your problem, then please take
a look at the Users Guide:

/usr/local/system/ruby-1.8.7-p72/lib/ruby/gems/1.8/gems/passenger-2.2.8/
doc/Users guide Apache.html

#由以上信息可以发现,有几个需要安装一下:
yum install httpd-devel apr-devel apr-util-devel
#然后继续:
passenger-install-apache2-module

。。。
。。。
+++++++++++++++++++++++++++++++++++++++++++++++
The Apache 2 module was successfully installed.

Please edit your Apache configuration file, and add these lines:

LoadModule passenger_module /usr/local/system/ruby-1.8.7-
p72/lib/ruby/gems/1.8/gems/passenger-2.2.8/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/system/ruby-1.8.7-p72/lib/ruby/gems/1.8/gems/passenger-2.2.8
PassengerRuby /usr/local/system/ruby-1.8.7-p72/bin/ruby

After you restart Apache, you are ready to deploy any number of Ruby on Rails
applications on Apache, without any further Ruby on Rails-specific
configuration!

Press ENTER to continue.


+++++++++++++++++++++++++++++++++++++++++++++++++
Deploying a Ruby on Rails application: an example

Suppose you have a Rails application in /somewhere. Add a virtual host to your
Apache configuration file and set its DocumentRoot to /somewhere/public:

   <VirtualHost *:80>
      ServerName www.yourhost.com
      DocumentRoot /somewhere/public    # <-- be sure to point to 'public'!
      <Directory /somewhere/public>
         AllowOverride all              # <-- relax Apache security settings
         Options -MultiViews            # <-- MultiViews must be turned off
      </Directory>
   </VirtualHost>

And that's it! You may also want to check the Users Guide for security and
optimization tips, troubleshooting and other useful information:

  /usr/local/system/ruby-1.8.7-p72/lib/ruby/gems/1.8/gems/passenger-2.2.8/doc/
Users guide Apache.html

Enjoy Phusion Passenger, a product of Phusion (www.phusion.nl) :-)
http://www.modrails.com/

可以看到安装已经成功,并且将蓝色字体(可惜我这里没有颜色)的配置文字放到apache配置文件/usr/local/system/httpd/conf/httpd.conf里面
加入到该文件的最后吧

vim /usr/local/system/httpd/conf/httpd.conf

LoadModule passenger_module /usr/local/system/ruby-1.8.7-
p72/lib/ruby/gems/1.8/gems/passenger-2.2.8/ext/apache2/mod_passenger.so
   PassengerRoot /usr/local/system/ruby-1.8.7-p72/lib/ruby/gems/1.8/gems/passenger-2.2.8
   PassengerRuby /usr/local/system/ruby-1.8.7-p72/bin/ruby

<VirtualHost *:80>
      ServerName www.weekface.info
      DocumentRoot /usr/local/system/blog/public
      <Directory /usr/local/system/public>
         AllowOverride all
         Options -MultiViews
      </Directory>
   </VirtualHost>
#下面两行需要替换,而不是放在文件的最后
User apache
Group apache

cd /usr/local/system/good
chown -R apache public
chgrp -R apache public
/etc/init.d/httpd restart
如果有下面的错误:
Forbidden
You don't have permission to access /admin on this server.
就先将
< Directory / >
     Options FollowSymLinks
     AllowOverride None
     #Order deny,allow #两行注释掉
     #Deny from all  #两行注释掉
< /Directory >
就可以了
--- LinuxShell
到此,mod_rails就安装成功了啊!

六,安装mysql服务器
--- LinuxShell
wget http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-
5.0.88.tar.gz/from/http://opensource.become.com/mysql/
tar zxvf mysql-5.0.88.tar.gz
cd mysql-5.0.88
./configure --prefix=/usr/local/system/mysql #将mysql安装到/usr/local/system/mysql

# if  "No curses/termcap library found", 编译时加上路径即可解决,即
# wget ncurses-5.5.tar.gz, compile install and add to PATH

make && make install #漫长的等待....
#for exec: g++: 未找到
#apt-get install build-essential
# re ./configure and make && make install

cp support-files/my-medium.cnf /etc/my.cnf
cd /usr/local/system/mysql/
groupadd mysql #新建一个名为mysql的用户组
useradd -g mysql mysql #在mysql用户组下新建一个名为mysql的用户
chown -R mysql . #将该目录设置为mysql拥有
chgrp -R mysql . #将该目录设置为mysql组 拥有
bin/mysql_install_db --user=mysql #创建mysql资料库,var等等目录
bin/mysqld_safe --user=mysql & #启动mysql daemon
bin/mysqladmin -u root password ******** #设置root的密码
cd - #回到刚才的mysql源文件目录
cp support-files/mysql.server /etc/rc.d/init.d/mysqld
chmod +x /etc/init.d/mysqld
/sbin/chkconfig --add mysqld

vim /etc/profile
#在该文件里面添加一行:
export PATH=$PATH:/usr/local/system/mysql/bin
source /etc/profile #使更改有效

七,测试rails

cd /usr/local/system/
rails good #创建rails项目在: /usr/local/system/good
vim /etc/httpd/conf/httpd.conf #http创建一个虚拟主机,增加如下内容:

<VirtualHost *:80>

ServerName xxx.com
ServerAlias www.xxx.com

DocumentRoot /usr/local/system/good/public

</VirtualHost>

/etc/init.d/httpd restart
http://www.xxx.com #访问试试看

八,部署rails
将blog程序scp到服务器上面,比如将程序放在/usr/local/system/good

cd /usr/local/system/good
vim config/database.yml

development:
adapter: mysql
encoding: utf8
reconnect: false
database: blog
pool: 5
username: mysql
password: ********
socket: /tmp/mysql.sock

rake db:create #创建数据库,结果出现如下错误:

(in /usr/local/system/good)
rake aborted!
no such file to load -- cucumber/rake/task
/usr/local/system/good/Rakefile:10
(See full trace by running task with --trace)

#经过google,缺少cucumber,很明显吧!
gem install cucumber

#继续错误:

(in /usr/local/system/good)
** Invoke db:create (first_time)
** Invoke db:load_config (first_time)
** Invoke rails_env (first_time)
** Execute rails_env
** Execute db:load_config
** Execute db:create
!!! The bundled mysql.rb driver has been removed from Rails 2.2.
Please install the mysql gem and try again: gem install mysql.
rake aborted!
no such file to load -- mysql

#看来是缺少mysql的ruby支持,

wget http://rubyforge.org/frs/download.php/51087/mysql-ruby-2.8.1.tar.gz
tar zxvf mysql-ruby-2.8.1.tar.gz
cd mysql-ruby-2.8.1
ruby extconf.rb --with-mysql-dir=/usr/local/system/mysql
make && make install

#然后继续
cd /usr/local/system/good
rake db:create

继续错误如下

(in /usr/local/system/blog)
Couldn't create database for {"reconnect"=>false, "encoding"=>"utf8",
"username"=>"mysql", "adapter"=>"mysql", "database"=>"good", "pool"=>5,
"password"=>"*******", "socket"=>"/tmp/mysql.sock"},
charset: utf8, collation: utf8_unicode_ci
(if you set the charset manually, make sure you have a matching collation)

这个错误是因为mysql 这个用户的问题,我改成root就可以了,
具体原因有待调查,可能是mysql用户密码错误#TODO

rake db:create
rake db:migrate

出现如下错误:

(in /usr/local/system/good)
Missing these required gems:
RedCloth ~> 4.0
ruby-openid ~> 2.1.0
chronic ~> 0.2.0
coderay ~> 0.8.0
lesstile ~> 0.3
will_paginate ~> 2.3
ruby-openid >= 2.0.4

You're running:
ruby 1.8.7.72 at /usr/local/system/ruby-1.8.7-p72/bin/ruby
rubygems 1.3.4 at /root/.gem/ruby/1.8, /usr/local/system/ruby-1.8.7-p72
/lib/ruby/gems/1.8
Run `rake gems:install` to install the missing gems.

因为config/environment.rb里面设置了所需要的gem包:

  # Specify gems that this application depends on and have them installed with rake gems:install


  config.gem "RedCloth",    :lib => "redcloth", :version => "~> 4.0"
  config.gem "ruby-openid", :lib => "openid",   :version => "~> 2.1.0"


  config.gem "chronic",  :version => "~> 0.2.0"
  config.gem "coderay",  :version => "~> 0.8.0"
  config.gem "lesstile", :version => "~> 0.3"


  config.gem "will_paginate", :version => "~> 2.3", :source => 'http://gemcutter.org'

#所以,继续:

rake gems:install
/etc/init.d/httpd restart

http://www.xxx.com #访问试试看
结果 Phusion Passenger,mod_rails报了一大堆的错误:

Ruby on Rails application could not be started
There appears to be a database problem.

*Your config/database.yml may not be written correctly. Please check it and
fix any errors.
*Your database schema may be out of date or nonexistant.
Please run rake db:migrate to ensure that the database schema is up-to-date.
*The database server may not be running. Please check whether it's running,
and start it if it isn't.

Error message:
production database is not configured (ActiveRecord::AdapterNotSpecified)
Exception class:
ActiveRecord::AdapterNotSpecified
Application root:
/usr/local/system/blog

错误很明显,mysql服务器没有起来
突然恍然大悟,database.yml文件没有关于production的定义,这不是开玩笑么

vim config/database.yml 进行修改
/etc/init.d/httpd restart #重新启动并访问,结果报错,
tail -f log/production.log #观察错误,结果找到下面一些错误:

ActiveRecord::StatementInvalid
(Mysql::Error: Table 'good.blogs' doesn't exist: SELECT * FROM `blogs`
WHERE (published_at < '2009-12-18 08:36:38') 
ORDER BY blogs.published_at DESC LIMIT 15):

Errno::ECONNREFUSED (Connection refused - connect(2)):

错误很明显,没有数据库表,我进到数据库里发现确实没有数据库表

rake db:migrate
/etc/init.d/httpd restart #重启

到此终于可以了!!!!!!
WWW服务器的配置文档到此为止,接下来的各种配置,会另起主题。