centos7 安装lamp,ssl证书
2019-07-02 本文已影响3人
i高安
折腾了好久,终于把服务器的这些个环境配好了。第一次没啥经验,记录一下。
lamp环境
lamp就是Linux Apache Mysql Php的缩写。打开网站
1.安装 wget、screen、unzip,创建 screen 会话
yum -y install wget screen git
2.git clone并赋予脚本执行权限
git clone https://github.com/teddysun/lamp.git
cd lamp
chmod 755 *.sh
3.开始安装
screen -S lamp
4.选择安装选项
./lamp.sh --apache_option 1 --apache_modules mod_wsgi,mod_security --db_option 3 --db_root_pwd root --php_option 4 --php_extensions ioncube,imagick,redis,mongodb,libsodium,swoole --phpmyadmin_option 1 --kodexplorer_option 1
卸载
./uninstall.sh
命令一览
MySQL 或 MariaDB 或 Percona 命令
/etc/init.d/mysqld (start|stop|restart|status)
Apache 命令
/etc/init.d/httpd (start|stop|restart|status)
Memcached 命令(可选安装)
/etc/init.d/memcached (start|stop|restart|status)
Redis 命令(可选安装)
/etc/init.d/redis-server (start|stop|restart|status)
免费证书
1.新增虚拟主机
lamp add
2.交互显示如下:
Please enter server names(example: lamp.sh www.lamp.sh): 此处输入网站域名(一个或多个)
Please enter website root directory(default:/data/www/网站域名): 此处输入网站根目录路径,默认回车即可
website root directory: 此处显示上一步输入的网站根目录路径
Please enter Administrator Email address: 此处输入管理员邮箱地址
Administrator Email address: 此处显示上一步输入的邮箱地址
Do you want to create a database and mysql user with same name? [y/n]: 此处输入 y 或 n,表示创建或不创建数据库(输入 y)
Virtual host [网站域名] has been created
Website root directory is: 网站根目录路径
Database [数据库名] and mysql user [数据库用户名] has been created
Reloading the apache config file...
Syntax OK
Reload succeed
Do you want to add a SSL certificate? [y/n]: 此处输入 y 或 n,表示添加或不添加证书(输入 y)
1. Use your own SSL Certificate and Key
2. Use Let's Encrypt CA to create SSL Certificate and Key
3. Use Buypass.com CA to create SSL Certificate and Key
Please enter 1 or 2 or 3: 此处输入 1,2 或 3。1 表示使用自己的证书;2 使用 Let's Encrypt 签发免费证书;3 使用 Buypass.com 签发免费证书。
You chosen Let's Encrypt CA, and it will be processed automatically
Do you want force redirection from HTTP to HTTPS? [y/n]:此处输入 y 或 n,询问是否强制 http 转 https
You chosen force redirection from HTTP to HTTPS, and it will be processed automatically
Starting create Let's Encrypt SSL Certificate...
此处开始安装 certbot 运行所需的依赖库等
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 网站域名
Using the webroot path /data/www/网站域名 for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/网站域名/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/网站域名/privkey.pem
Your cert will expire on 证书过期日. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Let's encrypt crontab renew rule is not exist, create it!
Create Let's Encrypt SSL Certificate successfully
Reloading the apache config file...
Syntax OK
Reload succeed
All done
结束后,查看 crond 任务,命令如下:
crontab -l
确认返回值里包含以下语句:
0 3 */7 * * /bin/certbot renew --disable-hook-validation --renew-hook "/etc/init.d/httpd restart"
