discuz+https+serysnc+backup
Posted FikL-09-19
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了discuz+https+serysnc+backup相关的知识,希望对你有一定的参考价值。
作业 – 05-06
1.部署discuz,实现伪静态
2.实现https
3.实现实时备份
web01 搭建discuz论坛
1.web01搭建discuz论坛
# 前提已经安装好php和nginx
1、创建站点目录
[root@web01 ~]# mkdir /mm/discuz
2、解压代码
1.上传代码包
[root@web01 ~]# rz
[root@web01 ~]# ll
-rw-r--r--. 1 root root 10829853 Dec 7 12:04 Discuz_X3.3_SC_GBK.zip
3.解压
[root@web01 ~]# unzip Discuz_X3.3_SC_GBK.zip -d /mm/discuz/
[root@web01 ~]# chown -R www.www /mm/discuz/
2、配置nginx配置文件
# 1、配置nginx文件
[root@web01 ~]# vim /etc/nginx/conf.d/linux12mm.discuz.com.conf
server {
listen 80;
server_name linux12mm.discuz.com;
root /mm/discuz/upload;
location / {
#root /mm/discuz/upload;
index index.php;
}
location ~* \\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
## 2、检查nginx -t并重启
[root@web01 ~]# systemctl restart nginx
3.配置本地hosts访问测试
192.168.15.7 linux12mm.discuz.com
db01 搭建数据库
1、根据页面操作
# 前提已经安装好mariadb-server
1、根据页面操作
2、创建数据库
[root@db01 ~]# mysql -uroot -p123
#1.建库
MariaDB [(none)]> create database discuz;
Query OK, 1 row affected (0.00 sec)
#2.授权用户
MariaDB [(none)]> grant all on discuz.* to discuz@'172.16.1.%' identified by '123';
Query OK, 0 rows affected (0.00 sec)
NFS 实时同步共享
## 前提nfs都安装完成,站点目录创建好 (nfs-utils)
[root@pingnfs ~]# systemctl restart nfs
[root@pingnfs ~]# cat /etc/exports
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data_wp 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
[root@pingnfs ~]# cd /usr/local/sersync2/
[root@pingnfs sersync2]# ll
total 1772
-rwxr-xr-x 1 root root 2210 May 7 20:56 confxml.xml
-rwxr-xr-x 1 root root 1810128 Oct 26 2011 sersync2
[root@pingnfs sersync2]# ./sersync2 -dro ./confxml.xml
backup 备份
# 前提站点目录和rsync都配置好 (rpcbind+rsync)
[root@pingbackup 07]# systemctl restart rsyncd
web01 创建https证书
1 .配置web01HTTPS证书 — 假证书
1.检查nginx
[root@web01 ~]# nginx -V
--with-http_ssl_module ---有这个模块是支持
2.创建证书存放目录
[root@web01 ~]# mkdir /etc/nginx/ssl_key
[root@web01 ~]# cd /etc/nginx/ssl_key/
3.造假证书
# 1、生成私钥
#使用openssl命令充当CA权威机构创建证书(生产不使用此方式生成证书,不被互联网认可的黑户证书)
[root@web01 ssl_key]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...............................+++
........+++
e is 65537 (0x10001)
Enter pass phrase for server.key: 123456 # 密码6位
Verifying - Enter pass phrase for server.key: 123456
[root@web01 ssl_key]# ll
total 4
-rw-r--r--. 1 root root 1739 Dec 9 11:27 server.key
# 2、生成公钥
#生成自签证书(公钥),同时去掉私钥的密码
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
........................+++
...............................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:riben
Locality Name (eg, city) [Default City]:sh
Organization Name (eg, company) [Default Company Ltd]:skz
Organizational Unit Name (eg, section) []:mm
Common Name (eg, your name or your server's hostname) []:mm
Email Address []:1234@qq.com
# req --> 用于创建新的证书
# new --> 表示创建的是新证书
# x509 --> 表示定义证书的格式为标准格式
# key --> 表示调用的私钥文件信息
# out --> 表示输出证书文件信息
# days --> 表示证书的有效期
# sha256 --> 加密方式
# 3、查看生成的证书
[root@web01 ssl_key]# ll
total 8
-rw-r--r-- 1 root root 1342 Apr 8 15:00 server.crt
-rw-r--r-- 1 root root 1708 Apr 8 15:00 server.key
web实现https访问
1、配置伪静态
# web01 挂载
[root@pingweb01 ~]# mount -t nfs 172.16.1.31:/data_wp /mm/discuz/upload/data/attachment/forum/
[root@pingweb01 conf.d]# cat linux12mm.discuz.com.conf
server {
listen 443 ssl;
server_name linux12mm.discuz.com;
root /mm/discuz/upload;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
index index.php;
rewrite ^([^\\.]*)/topic-(.+)\\.html$ $1/portal.php?mod=topic&topic=$2 last;
rewrite ^([^\\.]*)/article-([0-9]+)-([0-9]+)\\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
rewrite ^([^\\.]*)/forum-(\\w+)-([0-9]+)\\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^\\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^\\.]*)/group-([0-9]+)-([0-9]+)\\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^\\.]*)/space-(username|uid)-(.+)\\.html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^\\.]*)/blog-([0-9]+)-([0-9]+)\\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
rewrite ^([^\\.]*)/(fid|tid)-([0-9]+)\\.html$ $1/archiver/index.php?action=$2&value=$3 last;
rewrite ^([^\\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\\-]+)\\.html$ $1/plugin.php?id=$2:$3 last;
if (!-e $request_filename) {
return 404;
}
}
location ~* \\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name linux12mm.discuz.com;
rewrite (.*) https://$server_name$1;
}
以上是关于discuz+https+serysnc+backup的主要内容,如果未能解决你的问题,请参考以下文章