discuz+https+serysnc+backup

作业 – 05-06

1.部署discuz，实现伪静态

2.实现https

3.实现实时备份

web01 搭建discuz论坛

1.web01搭建discuz论坛

# 前提已经安装好php和nginx
1、创建站点目录
[root@web01 ~]# mkdir /mm/discuz

2、解压代码
1.上传代码包
[root@web01 ~]# rz
[root@web01 ~]# ll
-rw-r--r--. 1 root root 10829853 Dec  7 12:04 Discuz_X3.3_SC_GBK.zip

3.解压
[root@web01 ~]# unzip Discuz_X3.3_SC_GBK.zip -d /mm/discuz/
[root@web01 ~]# chown -R www.www /mm/discuz/

2、配置nginx配置文件

# 1、配置nginx文件
[root@web01 ~]# vim /etc/nginx/conf.d/linux12mm.discuz.com.conf
server {
    listen 80;
    server_name linux12mm.discuz.com;
    root /mm/discuz/upload;

    location / {
        #root /mm/discuz/upload;
        index index.php;
    }   

    location ~* \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }   
}

## 2、检查nginx -t并重启
[root@web01 ~]# systemctl restart nginx

3.配置本地hosts访问测试

192.168.15.7 linux12mm.discuz.com

db01 搭建数据库

1、根据页面操作

# 前提已经安装好mariadb-server
1、根据页面操作
2、创建数据库
[root@db01 ~]# mysql -uroot -p123

#1.建库
MariaDB [(none)]> create database discuz;
Query OK, 1 row affected (0.00 sec)

#2.授权用户
MariaDB [(none)]> grant all on discuz.* to discuz@'172.16.1.%' identified by '123';
Query OK, 0 rows affected (0.00 sec)

NFS 实时同步共享

## 前提nfs都安装完成，站点目录创建好 （nfs-utils）
[root@pingnfs ~]# systemctl restart nfs
[root@pingnfs ~]# cat /etc/exports
/data      172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data_wp   172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

[root@pingnfs ~]# cd /usr/local/sersync2/
[root@pingnfs sersync2]# ll
total 1772
-rwxr-xr-x 1 root root    2210 May  7 20:56 confxml.xml
-rwxr-xr-x 1 root root 1810128 Oct 26  2011 sersync2
[root@pingnfs sersync2]# ./sersync2 -dro ./confxml.xml

backup 备份

# 前提站点目录和rsync都配置好 （rpcbind+rsync）
[root@pingbackup 07]# systemctl restart rsyncd

web01 创建https证书

1 .配置web01HTTPS证书 — 假证书

1.检查nginx
[root@web01 ~]# nginx -V
--with-http_ssl_module    ---有这个模块是支持

2.创建证书存放目录
[root@web01 ~]# mkdir /etc/nginx/ssl_key
[root@web01 ~]# cd /etc/nginx/ssl_key/

3.造假证书
# 1、生成私钥
#使用openssl命令充当CA权威机构创建证书（生产不使用此方式生成证书，不被互联网认可的黑户证书）

[root@web01 ssl_key]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...............................+++
........+++
e is 65537 (0x10001)
Enter pass phrase for server.key: 123456   # 密码6位
Verifying - Enter pass phrase for server.key: 123456

[root@web01 ssl_key]# ll
total 4
-rw-r--r--. 1 root root 1739 Dec  9 11:27 server.key

# 2、生成公钥
#生成自签证书(公钥)，同时去掉私钥的密码
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
........................+++
...............................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:riben
Locality Name (eg, city) [Default City]:sh
Organization Name (eg, company) [Default Company Ltd]:skz
Organizational Unit Name (eg, section) []:mm
Common Name (eg, your name or your server's hostname) []:mm
Email Address []:1234@qq.com

# req  --> 用于创建新的证书
# new  --> 表示创建的是新证书    
# x509 --> 表示定义证书的格式为标准格式
# key  --> 表示调用的私钥文件信息
# out  --> 表示输出证书文件信息
# days --> 表示证书的有效期
# sha256 --> 加密方式

# 3、查看生成的证书
[root@web01 ssl_key]# ll
total 8
-rw-r--r-- 1 root root 1342 Apr  8 15:00 server.crt
-rw-r--r-- 1 root root 1708 Apr  8 15:00 server.key

web实现https访问

1、配置伪静态

# web01 挂载
[root@pingweb01 ~]# mount -t nfs 172.16.1.31:/data_wp /mm/discuz/upload/data/attachment/forum/

[root@pingweb01 conf.d]# cat linux12mm.discuz.com.conf 
server {
    listen 443 ssl;
    server_name linux12mm.discuz.com;
    root /mm/discuz/upload;
    ssl_certificate /etc/nginx/ssl_key/server.crt;
    ssl_certificate_key /etc/nginx/ssl_key/server.key;

    location / {
        index index.php;

        rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
        rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
        rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
        rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
        rewrite ^([^\.]*)/blog-([0-9]+)-([0-9]+)\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
        rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/archiver/index.php?action=$2&value=$3 last;
        rewrite ^([^\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ $1/plugin.php?id=$2:$3 last;
        if (!-e $request_filename) {
                return 404;
        }
    }

    location ~* \.php$ {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}
server {
    listen 80;
    server_name linux12mm.discuz.com;
    rewrite (.*) https://$server_name$1;
}