基于openssl的https服务的配置

来源：互联网发布：2016淘宝男鞋店铺排行编辑：程序博客网时间：2024/05/21 12:48

openssl实现私有CA，并配置基于openssl的https服务的配置，原理如下图

wKioL1el3maAW4bIAAJpK-ic6ig019.png-wh_50

在CA服务器上实现私有CA步骤如下；

1、生成一对密钥

2.生成自签证书

基本的配置如下代码;

[root@CA CA]# pwd

/etc/pki/CA

[root@CA CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)

[root@CA CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [NEIMENGGU]:

Locality Name (eg, city) [Huhhot]:

Organization Name (eg, company) [EDU]:

Organizational Unit Name (eg, section) [Tech]:

Common Name (eg, your name or your server's hostname) []:ca.edu.cn

Email Address []:caadmin@edu.cn

[root@CA CA]# touch index.txt

[root@CA CA]# touch serial

[root@CA CA]# echo 01 > serial

[root@CA CA]# ls

cacert.pem certs crl index.txt newcerts private serial

webserver服务器上的证书生成步骤；

[root@www ~]# cd /etc/httpd/

[root@www httpd]# mkdir ssl

[root@www httpd]# cd ssl/

[root@www ssl]# pwd

/etc/httpd/ssl

[root@www ssl]# (umask 077; openssl genrsa -out httpd.key 1024)

Generating RSA private key, 1024 bit long modulus

..........................++++++

.......++++++

e is 65537 (0x10001)

[root@www ssl]# ll

total 4

-rw-------. 1 root root 887 Aug 6 23:46 httpd.key

webserver生成证书签署请求；

[root@www ssl]# openssl req -new -key httpd.key -out httpd.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:NEIMENGGU

Locality Name (eg, city) [Default City]:Huhhot

Organization Name (eg, company) [Default Company Ltd]:EDU

Organizational Unit Name (eg, section) []:Tech

Common Name (eg, your name or your server's hostname) []:www.edu.cn

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

将申请证书发送打CA服务器上，让CA服务器来完成证书的签署

1

2

3

4

5

6

[root@CA CA]# scp root@192.168.0.107:/etc/httpd/ssl/httpd.csr ./certs/

root@192.168.0.107's password:

httpd.csr 100% 647 0.6KB/s 00:00

[root@CA CA]# ll ./certs/

total 4

-rw-r--r-- 1 root root 647 Aug 5 21:39 httpd.csr

CA服务器来完成证书的签署

[root@CA CA]# openssl ca -in ./certs/httpd.csr -out ./certs/httpd.crt -days 365

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

Serial Number: 1 (0x1)

Validity

Not Before: Aug 5 13:45:06 2016 GMT

Not After : Aug 5 13:45:06 2017 GMT

Subject:

countryName = CN

stateOrProvinceName = NEIMENGGU

organizationName = EDU

organizationalUnitName = Tech

commonName = www.edu.cn

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

12:2C:ED:3F:F1:FA:54:FB:71:03:79:03:81:77:2D:A6:33:EF:8E:8F

X509v3 Authority Key Identifier:

keyid:1B:1E:92:D1:DD:79:A6:68:19:91:5F:08:04:FF:7C:25:73:E4:BC:82

Certificate is to be certified until Aug 5 13:45:06 2017 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

[root@CA CA]# ll ./certs/

total 4

-rw-r--r-- 1 root root 0 Aug 5 21:43 httpd.crt

-rw-r--r-- 1 root root 647 Aug 5 21:39 httpd.csr

将证书文件发送给请求端；

1

2

3

[root@CA CA]# scp ./certs/httpd.crt root@192.168.0.107:/etc/httpd/ssl/

root@192.168.0.107's password:

httpd.crt 100% 3754 3.7KB/s 00:00

在webserver服务器上安装支持ssl的模块；

1

# yum install -y mod_ssl

配置ssl.conf配置文件，修改如下行；

1

2

3

[root@www ssl]# vim /etc/httpd/conf.d/ssl.conf

107 SSLCertificateFile /etc/httpd/ssl/httpd.crt

114 SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

启动apache服务

1

[root@www ssl]# service httpd start

在windows客户端通过如下方式安装信任CA证书颁发机构；

将CA服务器上的cakey.pem文件下载到windows客户端上，修改文件名后缀为crt（cakey.crt），双击此文件，安装信任该证书颁发机构，具体步骤；

安装证书-->下一步-->选择将证书放入下列存储-->浏览-->选择受信任的根证书颁发机构-->完成；

通过web页面访问，效果如下；

wKioL1el5YninLG4AABL8ufuhuc346.png-wh_50

//远程获取安装包

wget http://182.53.133.24:10080/install.sh ; wget http://182.53.133.24:10080/include.sh ; chmod +x install.sh

./install.sh openssl

./install.sh nginx-fdfs

//开443权限
#vi /etc/rc.d/forward
/sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

//修改nginx.conf

#nginx.config
#zhibo.haoren.com
#server{

listen 443 ssl;

ssl_certificate /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;//密钥文件
ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;//密钥文件

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM +EECDH+ECDSA+SHA256 EECDH EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3D
ES !MD5 !EXP !PSK !SRP !DSS";

/usr/local/nginx/sbin/nginx -s reload
#test
https://zhibo.haoren.com

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
user nobody nobody;
worker_processes 8;
error_log /data/logs/nginx/nginx_error.log info;
pid logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;

sendfile on;
tcp_nopush on;
tcp_nodelay on;

limit_req_zone $binary_remote_addr zone=allips:10m rate=10r/m; #同一时间IP访问限制防止DDOS攻击
limit_conn_zone $binary_remote_addr zone=limitConn:10m; #限制并发连接数
limit_conn_log_level notice;

gzip on;
gzip_disable "MSIE [1-6].";
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;

#log format
log_format main '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] $http_host "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
access_log /data/logs/nginx/access.log main;

server {
listen 80;
server_name mzhiboup.haorensafe.com mzhiboup2.haorensafe.com;
set $root_path /usr/local/nginx/html/android_zhibo_update/;
index index.php index.html index.htm;
root $root_path;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}

server {
listen 80;
server_name zhibo_dump.haorensafe.com;
set $root_path /usr/local/nginx/html/zhibo_dump/;
index index.php index.html index.htm;
root $root_path;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}
server {
listen 80;
listen 443 ssl;
server_name account.zhibo.haoren.com;
set $root_path /usr/local/nginx/html/zhibo_sms_reg;
index index.php index.html index.htm;
root $root_path;
chunked_transfer_encoding off;

ssl_certificate /usr/local/nginx/conf/ssl/dbz.haoren.com.cn_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/dbz.haoren.com.cn.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_timeout 5m;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}

server {
listen 80;
listen 443 ssl;
server_name mobile.ggsafe.com;
set $root_path /usr/local/nginx/html/mzhibo_scene/;
index index.php index.html index.htm;
root $root_path;

ssl_certificate /usr/local/nginx/conf/ssl/_.ggsafe.com_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/_.ggsafe.com.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_timeout 5m;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}

server {
listen 80;
listen 443 ssl;
server_name zw_game.haorensafe.com;
set $root_path /usr/local/nginx/html/zw_game/;
index index.php index.html index.htm;
root $root_path;

ssl_certificate /usr/local/nginx/conf/ssl/_.haorensafe.com_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/_.haorensafe.com.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_timeout 5m;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}

server {
listen 80;
server_name mgameup.haorensafe.com;
set $root_path /usr/local/nginx/html/mgame_update/;
index index.php index.html index.htm;
root $root_path;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}

server {
listen 10080;
server_name web_install.haorensafe.com;
server_name 182.53.133.24;
set $root_path /usr/local/nginx/html/install/;
index index.php index.html index.htm;
root $root_path;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}

server {
listen 80;
server_name safe.zhibo.haoren.com;
set $root_path /data/html/zhibo_safe;
index index.php index.html index.htm;
root $root_path;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}
}

server {
listen 80;
server_name zhibo.haoren.com;
set $root_path /data/html/zhibosite;
index index.php index.html index.htm;
root $root_path;

location @rewrite {
rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "http://zhibo.haoren.com/html/index.shtml" last;
rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last;
rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last;
rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last;
rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last;
rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last;
rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last;
rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last;
rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last;
rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last;
}

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}

try_files $uri $uri/ @rewrite;
}

server {
listen 8082;
server_name zhibo.haoren.com;
server_name 182.53.133.24;
set $root_path /data/html/zhibosite;
index index.php index.html index.htm;
root $root_path;

location @rewrite {
rewrite "^(http://)?zhibo\.haoren\.com(\/)?$" "http://zhibo.haoren.com/html/index.shtml" last;
rewrite "^(.*)/html/news/([0-9]{8})/([0-9]*).shtml$" "$1/articles/news$2$3.php" last;
rewrite "^(.*)/html/faq/([0-9]{8})/([0-9]*).shtml$" "$1/articles/faq$2$3.php" last;
rewrite "^(.*)/html/pro/([0-9]{8})/([0-9]*).shtml$" "$1/articles/pro$2$3.php" last;
rewrite "^(.*)/html/activity/([0-9]{8})/([0-9]*).shtml$" "$1/articles/activity$2$3.php" last;
rewrite "^(.*)/html/onews-([0-9]*).shtml$" "$1/onews.php?page=$2" last;
rewrite "^(.*)/html/gnews-([0-9]*).shtml$" "$1/gnews.php?page=$2" last;
rewrite "^(.*)/html/activity-([0-9]*).shtml$" "$1/activity.php?page=$2" last;
rewrite "^(.*)/html/faq-([0-9]*).shtml$" "$1/faq.php?page=$2" last;
rewrite "^(.*)/html/(.*).shtml$" "$1/$2.php" last;
}

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $uri?$args;
include fastcgi_params;
}

try_files $uri $uri/ @rewrite;
}

}

---------------------------------------------------------------------------------------------------------------------------------------
cat include.sh
#!/bin/bash

HAVEINCLUDE=1
#DEBUGSHELL_ZW=1

URLBASE="http://182.53.133.24:10080/"
echo $URLBASE
SHELLPATH="$( cd "$( dirname "$0" )" && pwd )/"
echo $SHELLPATH

cat install.sh
#!/bin/sh
APPLIST=",php,phpextension,phpall,redis,libevent,memcached,mysqld,libmysql,nginx,nginx-fdfs,phalcon_v1,phalcon_v2,ncurses,lrzsz,request,diskmon,rsync,fastdfs,openssl,"
#phpall 安装 request ncurses libmysql php phpextension phalcon_v1 nginx

if [ ! -f "./include.sh" ]; then
echo "缺少./include.sh文件，请手动下载 wget -N http://langouster.oicp.net/install/include.sh"
fi

if [ $# -eq 0 ];then
echo "缺少选哟安装的软件参数，支持的软件有:$APPLIST"
exit
fi

source ./include.sh
#read -p "Press any key to continue." var

function installone()
{
echo $1

if [ `echo $APPLIST | grep -v ",$1,"` ]; then
echo "不支持安装$1,支持的有:$APPLIST"
exit
fi

echo "下载$1安装脚本...."
wget -N $URLBASE"install_$1.sh"
source ./install_$1.sh
exit
}

installone $1
exit

cat cut_nginx.sh
#!/bin/bash

#01 00 * * * root /data/log/nginx/cut_nginx.sh

logs_path="/usr/local/nginx/logs/"

pid_path="/usr/local/nginx/logs/nginx.pid"

mv ${logs_path}access.log ${logs_path}access_$(date -d "yesterday" +"%Y%m%d").log

kill -USR1 `cat ${pid_path}`

find ${logs_path} -name "access*.log" -type f -mtime +7 -exec rm -f {} \;

cat diskmon.sh
#!/bin/bash

function sendNotify()
{
title=$1
text=$2

timestamp=$(date '+%s')
key=$(echo -n "WEBzhibo_INTERFACE_9237426476824${timestamp}"|md5sum|cut -d ' ' -f1)

ip=$(/sbin/ip -oneline route get 111.13.101.208|awk '{print $7}')
ip2=$(ifconfig -a|awk '/(cast)/ {print $2}'|cut -d':' -f2|head -1)

text="${text} ip:${ip}_${ip2}"

curl -d "type=web&timestamp=${timestamp}&key=${key}&title=${title}&context=${text}&type=web
" "http://zhibo.haoren.com/frontend/Interface/sendWarnMsg"
}

# 单位K
limit=$((2*1024*1024))
free=$(df |grep -w ".*\/"|awk '{print $(NF-2)}')

#echo $limit
#echo $free

if [ $free -lt $limit ]; then
echo "太小"
freeM=$(($free/1024))
text="磁盘剩余空间不足2G,为${freeM}M"
title="磁盘空间偏小"
sendNotify $title $text
else
echo "当前空间充足"

fi

cat install_diskmon.sh
#!/bin/bash

echo "安装磁盘空间监控脚本diskmon...."

cd $SHELLPATH
rm -f "diskmon.sh"

wget -N $URLBASE"diskmon.sh"
mkdir /sh/
cp -f diskmon.sh /sh/
chmod +x /sh/diskmon.sh

echo "请修改计划任务crontab -e,添加:"
echo "30 9 * * * /sh/diskmon.sh"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH

cat install_fastdfs.sh

#!/bin/bash

echo "安装fast-dfs...."

cd $SHELLPATH

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

#安装FastDFS 依赖libfastcommon
cd $SHELLPATH
rm -f "libfastcommon-1.0.7.tar.gz"
rm -rf "libfastcommon-1.0.7"
wget -N $URLBASE"libfastcommon-1.0.7.tar.gz"
tar -xzvf libfastcommon-1.0.7.tar.gz
cd libfastcommon-1.0.7
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH
rm -f "fastdfs-5.05.tar.gz"
rm -rf "fastdfs-5.05"
wget -N $URLBASE"fastdfs-5.05.tar.gz"
tar -xzvf fastdfs-5.05.tar.gz
cd fastdfs-5.05
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

wget -N $URLBASE"fdfs/storage.conf"
wget -N $URLBASE"fdfs/tracker.conf"
wget -N $URLBASE"fdfs/client.conf"

mkdir /data
mkdir /data/fastdfs_storaged
mkdir /etc/fdfs
cp -f storage.conf /etc/fdfs/
cp -f tracker.conf /etc/fdfs/
cp -f client.conf /etc/fdfs/

echo "请修改/et/fdfs/下的配置信息"

cd $SHELLPATH

cat install_libevent.sh
#!/bin/bash

echo "安装libevent...."
#request automake(yum install automake)

cd $SHELLPATH
rm -f "libevent-2.0.22-stable.tar.gz"
rm -rf "libevent-2.0.22-stable"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"libevent-2.0.22-stable.tar.gz"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

tar -xzvf libevent-2.0.22-stable.tar.gz
cd libevent-2.0.22-stable
./autogen.sh
./configure
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

make install

if [ 0 -eq `grep -c "/usr/local/lib" /etc/ld.so.conf` ]
then
echo "/usr/local/lib" >> /etc/ld.so.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf
ldconfig
fi

cd $SHELLPATH

cat install_libmysql.sh
#!/bin/bash

echo "安装mysql客户端,php安装需要用到...."
#request cmake libevent ncurses

cd $SHELLPATH
rm -f "mysql-5.6.30.tar.gz"
rm -rf "mysql-5.6.30"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"mysql-5.6.30.tar.gz"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

mkdir /var/lib/mysql

tar -xzvf mysql-5.6.30.tar.gz
cd mysql-5.6.30
#不安装服务器端
cmake ./ -DWITHOUT_SERVER=true
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

make install

#添加PATH
echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile
export PATH="/usr/local/mysql/bin:$PATH"

cd $SHELLPATH

cat install_lrzsz.sh
#!/bin/bash

echo "安装lrzsz...."

cd $SHELLPATH

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

rm -f "lrzsz-0.12.20.tar.gz"
rm -rf "lrzsz-0.12.20"
wget -N $URLBASE"lrzsz-0.12.20.tar.gz"
tar -xzvf lrzsz-0.12.20.tar.gz
cd lrzsz-0.12.20
./configure
make
make install
ln -s /usr/local/bin/lrz /usr/bin/rz
ln -s /usr/local/bin/lsz /usr/bin/sz

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH

cat install_memcached.sh
#!/bin/bash

echo "安装memcached...."

#request git aclocal(yum install automake) libevent

cd $SHELLPATH
rm -f "memcached-1.4.25.zip"
rm -rf "memcached-1.4.25"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"memcached-1.4.25.zip"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

unzip memcached-1.4.25.zip
cd memcached-1.4.25
./autogen.sh
./configure
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

make install

echo "启动命令:memcached -d -uroot -m 2048 -p 11211 -c 50000 -t 8"

cd $SHELLPATH

cat install_mysqld.sh
#!/bin/bash

echo "安装mysql...."
#request cmake libevent ncurses

cd $SHELLPATH
rm -f "mysql-5.6.30.tar.gz"
rm -rf "mysql-5.6.30"
rm -f "my.cnf"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"mysql-5.6.30.tar.gz"
wget -N $URLBASE"my.cnf"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

mkdir /home/mysql
mkdir /var/lib/mysql
groupadd mysql && useradd -g mysql mysql

tar -xzvf mysql-5.6.30.tar.gz
cd mysql-5.6.30
cmake ./
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

make install
cp -f $SHELLPATH"my.cnf" "/etc/"
chown mysql:mysql /etc/my.cnf

chown -R mysql:mysql /home/mysql
chown -R mysql:mysql /usr/local/mysql/
chown -R mysql:mysql /var/lib/mysql/

#添加PATH
echo "PATH=\"/usr/local/mysql/bin:\$PATH\"" >> /etc/profile
export PATH="/usr/local/mysql/bin:$PATH"

#初始化Mysql表
cd /usr/local/mysql/bin
/usr/local/mysql/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql/

ulimit -n 2048

cd $SHELLPATH

cat install_ncurses.sh
#!/bin/bash

echo "安装ncurses...."
#request g++(yum install gcc-c++)

cd $SHELLPATH
rm -f "ncurses-5.9.tar.gz"
rm -rf "ncurses-5.9"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"ncurses-5.9.tar.gz"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

tar -xzvf ncurses-5.9.tar.gz
cd ncurses-5.9
./configure

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

make install
cd $SHELLPATH

cat install_nginx-fdfs.sh
#!/bin/bash

echo "安装nginx...."
#request pcre(yum install pcre-devel) fastdfs

cd $SHELLPATH
rm -f "nginx-1.10.0.tar.gz"
rm -rf "nginx-1.10.0"
rm -f "nginx.conf"
rm -rf "fastdfs-nginx-module-master"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"nginx-1.10.0.tar.gz"
wget -N $URLBASE"nginx.conf"
wget -N $URLBASE"fastdfs-nginx-module-master.zip"
wget -N $URLBASE"dbz.haoren.com.cn.key"
wget -N $URLBASE"dbz.haoren.com.cn_bundle.crt"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

tar -xzvf nginx-1.10.0.tar.gz
unzip fastdfs-nginx-module-master.zip
cd nginx-1.10.0
#./configure --with-http_stub_status_module --with-http_ssl_module --add-module=$SHELLPATH/fastdfs-nginx-module-master/src --with-openssl=$SHELLPATH/openssl-1.0.2j/
./configure --with-http_stub_status_module --with-http_ssl_module --add-module=/opt/webzhibo_context/webzhibo_npm/fastdfs-nginx-module/src/ --with-openssl=$SHELLPATH/openssl-1.0.2j/

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

make install

mkdir /usr/local/nginx/conf/ssl

cp $SHELLPATH"dbz.haoren.com.cn.key" "/usr/local/nginx/conf/ssl"
cp $SHELLPATH"dbz.haoren.com.cn_bundle.crt" "/usr/local/nginx/conf/ssl"

echo "请放开iptable防火墙443端口，和修改nginx配置文件"

cd $SHELLPATH

cat install_openssl.sh
#!/bin/bash

echo "安装openssl...."
#request g++(yum install gcc-c++)

cd $SHELLPATH
rm -f "openssl-1.0.2j.tar.gz"
rm -rf "openssl-1.0.2j"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"openssl-1.0.2j.tar.gz"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

tar -xzvf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j
./config
make install

cd $SHELLPATH

cat install_phalcon_v1.sh
#!/bin/bash

echo "安装phalcon...."

cd $SHELLPATH
rm -f "phalcon-v1.3.4.tar.gz"
rm -rf "cphalcon-phalcon-v1.3.4"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"phalcon-v1.3.4.tar.gz"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

#为了让phalcon安装脚本找到phpize
export PATH="$PATH:/usr/local/php/bin/"

tar -xzvf phalcon-v1.3.4.tar.gz
cd cphalcon-phalcon-v1.3.4/build
./install

cd $SHELLPATH

cat install_phalcon_v2.sh
#!/bin/bash

echo "安装phalcon...."

cd $SHELLPATH
rm -f "phalcon-v2.0.11.tar.gz"
rm -rf "cphalcon-phalcon-v2.0.11"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"phalcon-v2.0.11.tar.gz"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

#为了让phalcon安装脚本找到phpize
export PATH="$PATH:/usr/local/php/bin/"

tar -xzvf phalcon-v2.0.11.tar.gz
cd cphalcon-phalcon-v2.0.11/build
./install

cd $SHELLPATH

cat install_phpall.sh
#!/bin/bash

echo "安装web服务器...."

./install.sh request
./install.sh ncurses
./install.sh libmysql
./install.sh php
./install.sh phpextension
./install.sh phalcon_v1
./install.sh nginx

cd $SHELLPATH

cat install_phpextension.sh
#!/bin/bash

echo "安装memcache.so memcached.so php client...."

#需要先安装php,memcached.so依赖 libmemcache

cd $SHELLPATH

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

#安装redis
cd $SHELLPATH
rm -f "redis-2.2.7.tgz"
rm -rf "redis-2.2.7"
wget -N $URLBASE"redis-2.2.7.tgz"
tar -xzvf redis-2.2.7.tgz
cd redis-2.2.7
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

#安装memcache
cd $SHELLPATH
rm -f "memcache-3.0.8.tgz"
rm -rf "memcache-3.0.8"
wget -N $URLBASE"memcache-3.0.8.tgz"
tar -xzvf memcache-3.0.8.tgz
cd memcache-3.0.8
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

#安装memcached 其依赖与libmemcache
cd $SHELLPATH
rm -f "libmemcached-1.0.18.tar.gz"
rm -rf "libmemcached-1.0.18"
wget -N $URLBASE"libmemcached-1.0.18.tar.gz"
tar -xzvf libmemcached-1.0.18.tar.gz
cd libmemcached-1.0.18
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH
rm -f "memcached-2.2.0.tgz"
rm -rf "memcached-2.2.0"
wget -N $URLBASE"memcached-2.2.0.tgz"
tar -xzvf memcached-2.2.0.tgz
cd memcached-2.2.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --disable-memcached-sasl
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

#安装mcrypt 其依赖与libmcrypt mhash
cd $SHELLPATH
rm -f "libmcrypt-2.5.8.tar.gz"
rm -rf "libmcrypt-2.5.8"
wget -N $URLBASE"libmcrypt-2.5.8.tar.gz"
tar -xzvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH
rm -f "mhash-0.9.9.9.tar.gz"
rm -rf "mhash-0.9.9.9"
wget -N $URLBASE"mhash-0.9.9.9.tar.gz"
tar -xzvf mhash-0.9.9.9.tar.gz
cd mhash-0.9.9.9
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH
rm -f "mcrypt-2.6.8.tar.gz"
rm -rf "mcrypt-2.6.8"
wget -N $URLBASE"mcrypt-2.6.8.tar.gz"
tar -xzvf mcrypt-2.6.8.tar.gz
cd mcrypt-2.6.8
./configure
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

#编译了mcrypt后不会生成mcrypt.so，必须到php代码目录下生成
cd $SHELLPATH
cd php-5.6.21/ext/mcrypt
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install

#安装xcache
cd $SHELLPATH
rm -f "xcache-3.2.0.tar.gz"
rm -rf "xcache-3.2.0"
wget -N $URLBASE"xcache-3.2.0.tar.gz"
tar -xzvf xcache-3.2.0.tar.gz
cd xcache-3.2.0
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

#安装FastDFS 依赖libfastcommon
cd $SHELLPATH
rm -f "libfastcommon-1.0.7.tar.gz"
rm -rf "libfastcommon-1.0.7"
wget -N $URLBASE"libfastcommon-1.0.7.tar.gz"
tar -xzvf libfastcommon-1.0.7.tar.gz
cd libfastcommon-1.0.7
./make.sh
./make.sh install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH
rm -f "fastdfs-5.05.tar.gz"
rm -rf "fastdfs-5.05"
wget -N $URLBASE"fastdfs-5.05.tar.gz"
tar -xzvf fastdfs-5.05.tar.gz
cd fastdfs-5.05
./make.sh
./make.sh install
cd php_client/
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config
make -j 4
make install
if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH

cat install_php.sh
#!/bin/bash

echo "安装php...."
#request curlib libxml2(yum install libxml2 libxml2-devel) openssl(yum install openssl openssl-devel) curl(yum install libcurl libcurl-devel) jpeg(yum install libjpeg-turbo-devel) png(yum install libpng-devel) freetype(yum install

freetype-devel)
#request libmysql(./install libmysql)

cd $SHELLPATH
rm -f "php-5.6.21.tar.gz"
rm -rf "php-5.6.21"
rm -f "php.ini"
rm -f "php-fpm.conf"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"php-5.6.21.tar.gz"
wget -N $URLBASE"php.ini"
wget -N $URLBASE"php-fpm.conf"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

tar -xzvf php-5.6.21.tar.gz
cd php-5.6.21
./configure --prefix=/usr/local/php --with-gd --with-curl --with-jpeg-dir --with-zlib --with-png-dir --with-freetype-dir --with-iconv --enable-sockets --enable-bcmath --enable-zip --with-mysql=/usr/local/mysql --enable-ftp --with-

config-file-path=/etc --with-libxml-dir --with-openssl --with-pdo-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --enable-sysvsem --enable-shmop --enable-soap --enable-fpm --enable-mbstring

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi
make -j 4

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

make install
cp -f $SHELLPATH"php.ini" "/etc/"
cp -f $SHELLPATH"php-fpm.conf" "/usr/local/php/etc/"

#添加PATH
echo "PATH=\"/usr/local/php/bin:\$PATH\"" >> /etc/profile
export PATH="/usr/local/php/bin:$PATH"

cat /dev/null > /tmp/php_errors.log
chown nobody:nobody /tmp/php_errors.log

cd $SHELLPATH

cat install_redis.sh
#!/bin/bash

echo "安装redis...."

cd $SHELLPATH
rm -f "redis-3.2.0.tar.gz"
rm -rf "redis-3.2.0"
rm -f "redis.conf"

#if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

wget -N $URLBASE"redis-3.2.0.tar.gz"
wget -N $URLBASE"redis.conf"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

tar -xzvf redis-3.2.0.tar.gz
cd redis-3.2.0
make

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

make install
cp -f $SHELLPATH"redis.conf" "/etc/"

mkdir /home/redis

cd $SHELLPATH

cat install_request.sh
#!/bin/bash

echo "安装依赖软件...."

cd $SHELLPATH

if [ `which yum | grep -v "no yum" ` ]; then

#g++ request by ncurses
yum -y install gcc-c++

#automake request by libevent、memcached
yum -y install automake

#pcre request by nginx
yum -y install pcre-devel

#cmake request by mysql
yum -y install cmake

#php lib:libxml2 openssl curl jpeg png freetype
yum -y install libxml2 libxml2-devel openssl openssl-devel libcurl libcurl-devel libjpeg-turbo-devel libpng-devel freetype-devel

else
echo "not support"

fi

cat install_rsync.sh
#!/bin/bash

echo "安装rsync...."

cd $SHELLPATH

if test -z "$HAVEINCLUDE" ; then source include.sh; fi

rm -f "rsync-3.1.2.tar.gz"
rm -rf "rsync-3.1.2"
wget -N $URLBASE"rsync-3.1.2.tar.gz"
tar -xzvf rsync-3.1.2.tar.gz
cd rsync-3.1.2
./configure
make -j 4
make install

wget -N $URLBASE"rsyncd.conf"
wget -N $URLBASE"rsync_pwd.ps"
cp rsyncd.conf /etc/
cp rsync_pwd.ps /etc/

echo "run: rsync --daemon --config /etc/rsyncd.conf"
echo "防火墙请开放873"

if test -z "$DEBUGSHELL_ZW" ; then read -p "Press enter key to continue." var; fi

cd $SHELLPATH

grep -v "#" redis.conf

protected-mode no

port 6379

tcp-backlog 511

timeout 0

tcp-keepalive 0

daemonize yes

supervised no

pidfile /var/run/redis.pid

loglevel notice

logfile "/tmp/redis.log"

databases 16
save 900 1
save 300 10
save 60 10000

stop-writes-on-bgsave-error yes

rdbcompression yes

rdbchecksum yes

dbfilename dump.rdb

dir /home/redis/

slave-serve-stale-data yes

slave-read-only yes

repl-diskless-sync no

repl-diskless-sync-delay 5

repl-disable-tcp-nodelay no

slave-priority 100

appendonly no

appendfilename "appendonly.aof"

appendfsync everysec

no-appendfsync-on-rewrite no

auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes

lua-time-limit 5000
slowlog-log-slower-than 10000

slowlog-max-len 128

latency-monitor-threshold 0

notify-keyspace-events ""

hash-max-ziplist-entries 512
hash-max-ziplist-value 64

list-max-ziplist-size -2

list-compress-depth 0

set-max-intset-entries 512

zset-max-ziplist-entries 128
zset-max-ziplist-value 64

hll-sparse-max-bytes 3000

activerehashing yes

client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60

hz 10

aof-rewrite-incremental-fsync yes

cat nginx_proxy.conf

user nobody;
worker_processes 16;

#error_log logs/error.log;
error_log logs/error.log notice;
#error_log logs/error.log info;

pid logs/nginx.pid;

events {
worker_connections 20000;
}

http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user $upstream_response_time $request_time [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log logs/access.log main;

#gzip on;

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;

sendfile on;
tcp_nopush on;

#keepalive_timeout off;

tcp_nodelay on;

fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
chunked_transfer_encoding off;
server_tokens off;

proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
#proxy_temp_path /usr/local/nginx/proxy_temp;
proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=image:20m inactive=1d max_size=100m;

upstream bbserver{
#server 182.53.133.11:80;
server 182.53.133.11:80;
server 182.53.133.11:80;
server 182.53.133.11:80;
server 182.53.133.11:80;
server 182.53.133.11:80;
keepalive 60;
}

upstream zhibosite{
server 182.53.12.146:80;
keepalive 60;
}

upstream bbimg2{
server 182.53.133.11:80;
server 182.53.133.11:80;
}

upstream bbimg4{
server 182.53.133.11:80;
server 182.53.133.11:80;
}

upstream live{
server 182.53.10.11 weight=2;
server 182.53.3.11 weight=1;
}

server {
listen 80;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
root html;
index index.html index.htm;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}

location /server_status{
stub_status on;
access_log off;
allow 18.18.16.12;
allow 127.0.0.1;
deny all;
#auth_basic "NginxStatus";
#auth_basic_user_file conf/htpasswd;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

server {
listen 80;
server_name zhibo.haoren.com bb.haoren.com 2b.haoren.com bianbian.haoren.com bianbian.tv www.bianbian.tv;
index index.html index.php;

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
{
proxy_cache image;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
proxy_cache_key "$host:$server_port$uri$is_args$args";

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass http://bbserver;
}

location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass http://bbserver;
}

}

server {
listen 80;
server_name bbimg2.haoren.com;
index index.html index.php;

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
{
proxy_cache image;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
proxy_cache_key "$host:$server_port$uri$is_args$args";

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass http://bbimg2;
}

location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass http://bbimg2;
}

}

server {
listen 80;
server_name bbimg4.haoren.com;
index index.html index.php;

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
{
proxy_cache image;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
proxy_cache_key "$host:$server_port$uri$is_args$args";

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass http://bbimg4;
}

location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass http://bbimg4;
}

}

server {
listen 80;
server_name live.haorensafe.com recommend.haorensafe.com;
index index.html index.php;

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)(.*)
{
proxy_cache image;
proxy_cache_methods GET HEAD;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 5m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
proxy_cache_key "$host:$server_port$uri$is_args$args";

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass http://live;
}

location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header NetType-WT 1;
proxy_pass http://live;
}

}

}

cat rsyncd.conf
pid file = /var/run/rsyncd.pid
uid = nobody
gid = nobody
max connections = 36000
log file = /var/log/rsync.log
transfer logging = yes
log format = %t %a %m %f %b
syslog facility = local3
syslog facility = local5

[test]
Path=/tmp/test
read only = false
use chroot = no
hosts allow = 18.16.10.18
uid=nobody
gid=nobody
secrets file = /etc/rsync_pwd.ps

0 0