CentOS 6下搭建Apache+MySQL+PHP+SSL

網上的一些文章都已經比較老了，現在版本高了之後，其實配置是很省力的（不考慮什麼負載的話）分享全過程，出了文中提到的安裝epel rpmfushion 源指令不同外，其他的過程也適用與Centos 5 1.安裝CentOS 6 ,可以選擇最小安裝，也可以安裝案頭2.升級系統 yum update3.安裝mysql,並設定mysql開機自啟動，同時啟動mysql yum install mysqlyum install mysql-serverchkconfig --levels 35 mysqld onservice mysqld start4.配置mysql的root密碼 mysql_secure_installation Enter current password for root (enter for none): ( 斷行符號)OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MySQLroot user without the proper authorisation. Set root password [Y/n] (Y) New password: (123456)Re-enter new password: (123456)Password updated successfully!Reloading privilege tables.. ... Success! By default, a MySQL installation has an anonymous user, allowing anyoneto log into MySQL without having to have a user account created forthem.  This is intended only for testing, and to make the installationgo a bit smoother.  You should remove them before moving into aproduction environment. Remove anonymous users [Y/n](是否移出資料庫的預設帳戶，如果移出，那麼在終端中直接輸入mysql是會提示串連錯誤的)Y Normally, root should only be allowed to connect from 'localhost'.  Thisensures that someone cannot guess at the root password from the network. Disallow root login remotely [Y/n](是否禁止root的遠程登入)YBy default, MySQL comes with a database named 'test' that anyone canaccess.  This is also intended only for testing, and should be removedbefore moving into a production environment. Remove test database and access to it [Y/n] YReload privilege tables now [Y/n] Y5.安裝apache,並設定開機啟動 yum install httpdchkconfig --levels 35 httpd onservice httpd start這時候可以測試apache是否正常工作直接瀏覽器訪問localhost應該沒問題，但是如果別的機子訪問不了的話，是因為防火牆的關係，配置防火牆（後面的ssl還會有這個問題的）6.安裝php yum install php yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc這個時候php就安裝完成拉，寫個指令碼測試一下 vi /var/www/html/info.php輸入 <phpphpinfo();>訪問localhost/info.php即可～7.安裝phpMyAdmin首先先給系統安裝epel 和rpmfushion兩個軟體大倉庫 rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpmrpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/6/i386/rpmfusion-free-release-6-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/6/i386/rpmfusion-nonfree-release-6-0.1.noarch.rpm 如果是centos 5 的話執行下面 rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpmrpm -Uvh http://download1.rpmfusion.org/free/el/updates/testing/5/i386/rpmfusion-free-release-5-0.1.noarch.rpm http://download1.rpmfusion.org/nonfree/el/updates/testing/5/i386/rpmfusion-nonfree-release-5-0.1.noarch.rpm   接著安裝起來就很方便拉，～根本不需要去下載就可以獲得最新的版本 yum install phpmyadmin安裝完成後還需要配置一下存取權限，使得出了本機外，其他機子也能訪問phpMyAdmin vi /etc/httpd/conf.d/phpMyAdmin.conf找到兩個directory的使用權限設定，Allow from 改成All<Directory /usr/share/phpMyAdmin/>   order Deny,Allow   Deny from All   Allow from 127.0.0.1   Allow from All</Directory><Directory /usr/share/phpMyAdmin/setup/>   order Deny,Allow   Deny from All   Allow from 127.0.0.1   Allow from All</Directory> 重啟伺服器 service httpd restart 測試localhost/phpMyAdmin使用者名稱密碼:root 123456OK～ LAMP搭建完畢, 8.搭建SSL,讓apache支援https yum install mod_ssl其實安裝完這個模組後，重啟完apache 就可以用https://localhost測試了，因為他建立了預設的認證在/etc/pki/tls下當然我們也可以用openssl建立自己的認證 yum install openssl 產生認證檔案建立一個rsa私密金鑰,檔案名稱為server.key openssl genrsa -out server.key 1024 Generating RSA private key, 1024 bit long modulus............++++++............++++++e is 65537 (0x10001)  用 server.key 產生認證簽署請求 CSR openssl req -new -key server.key -out server.csrCountry Name:兩個字母的國家代號State or Province Name:省份名稱Locality Name:城市名稱organization Name:公司名稱organizational Unit Name:部門名稱Common Name:你的姓名Email Address:地址至於 'extra' attributes 不用輸入.直接斷行符號 產生認證CRT檔案server.crt。 openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt修改ssl.conf指定我們自己產生的認證 vi /etc/httpd/conf.d/ssl.conf找到如下位置，修改路徑#   Server Certificate:# Point SSLCertificateFile at a PEM encoded certificate.  If# the certificate is encrypted, then you will be prompted for a# pass phrase.  Note that a kill -HUP will prompt again.  A new# certificate can be generated using the genkey(1) command.SSLCertificateFile /etc/pki/tls/certs/localhost.crt #   Server Private Key:#   If the key is not combined with the certificate, use this#   directive to point at the key file.  Keep in mind that if#   you've both a RSA and a DSA private key you can configure#   both in parallel (to also allow the use of DSA ciphers, etc.)SSLCertificateKeyFile /etc/pki/tls/private/localhost.key OK service httpd restart 一切都搞定拉～～ 整個過程我們不需要修改/etc/httpd/conf/httpd.conf 這就是版本高了的好處阿～