1.yum 换源
CentOS 6.10镜像源
vim /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-6.10 -Base -vault.centos.org
failovermethod=priority
baseurl=http://vault.centos.org/6.10/os/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6
#released updates
[updates]
name=CentOS-6.10 -Updates -vault.centos.org
failovermethod=priority
baseurl=http://vault.centos.org/6.10/updates/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6
#additional packages that may be useful
[extras]
name=CentOS-6.10 -Extras -vault.centos.org
failovermethod=priority
baseurl=http://vault.centos.org/6.10/extras/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-6.10 -Plus -vault.centos.org
failovermethod=priority
baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6
#contrib -packages by Centos Users
[contrib]
name=CentOS-6.10 -Contrib -vault.centos.org
failovermethod=priority
baseurl=http://vault.centos.org/6.10/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6
三种镜像源任选其一
清华大学开源软件镜像站:http://mirrors.tuna.tsinghua.edu.cn/centos-vault
执行以下命令替换镜像源:
sed -i 's#vault.centos.org#mirrors.tuna.tsinghua.edu.cn/centos-vault#g' /etc/yum.repos.d/CentOS-Base.repo
南京大学开源软件镜像站:http://mirrors.nju.edu.cn/centos-vault
执行以下命令替换镜像源
sed -i 's#vault.centos.org#mirrors.nju.edu.cn/centos-vault#g' /etc/yum.repos.d/CentOS-Base.repo
北京外国语大学开源软件镜像站:http://mirrors.bfsu.edu.cn/centos-vault
执行以下命令替换镜像源
sed -i 's#vault.centos.org#mirrors.bfsu.edu.cn/centos-vault#g' /etc/yum.repos.d/CentOS-Base.repo
本地缓存
执行如下命令生成本地缓存。
yum makecache
完成上述切换操作后您就可以正常使用yum install命令安装和更新软件包了。
https://blog.csdn.net/jsjxlhy/article/details/123749986
https://blog.csdn.net/qq_42184753/article/details/115659635
2. nginx 环境配置支持https安装
nginx -s stop
nginx -s start
yum -y install openssl openssl-devel
yum -y install gcc-c++ autoconf automake
yum -y install openssl openssl-devel
yum -y install pcre pcre-devel
检查端口被哪个进程占用 代码如下复制代码 netstat -lnp|grep 88#88请换为你的apache需要的端口,如:80
1.1 配置
./configure --prefix=/etc/nginx --user=root --group=root --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-pcre=/usr/local/pcre-8.38 --with-pcre-jit --with-debug --with-zlib=/usr/local/zlib-1.2.12 --with-openssl=/usr/local/openssl-1.0.2h
1.2 编译,安装
make
make install
1.3 检查nginx是否安装成功和运行
安装好后检查nginx是否运行
[root@localhost ~]# ps -A|grep nginx
如果有返回结果表示已经运行
没有返回结果表示还没运行,如果没有运行,则执行运行脚本
使用which nginx命令查看nginx的安装目录
[root@localhost ~]# which nginx
得到结果是在/usr/sbin/nginx
[root@localhost ~]# cd /usr/sbin/
[root@localhost sbin]# ./nginx
运行nginx,如果出现如下报错
[root@localhost sbin]# ./nginx
nginx: [emerg] mkdir() "/var/lib/nginx/tmp/client_body" failed (2: No such file or directory)
[root@localhost sbin]# ./nginx
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
[root@AY14060515464627034cZ sbin]#
表示这个目录不存在,使用命令创建要求的目录即可
[root@localhost ~]# cd /var/lib/
[root@localhost lib]# mkdir -p nginx/tmp/client_body
[root@localhost lib]# chmod 777 -R nginx/
创建目录后最可给目录写权限,再到/usr/sbin目录执行nginx启动脚本
[root@localhost sbin]# ./nginx
此时查看可以看到nginx已经启动
查看端口
[root@localhost ~]# netstat -ntlp
[root@localhost ~]# ps -A|grep nginx
16209 ? 00:00:00 nginx
16210 ? 00:00:00 nginx
检测nginx是否正常安装成功,在浏览器输入服务器ip,如果页面显示
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.
Thank you for using nginx.
表示安装成功,可以使用了。
https://blog.csdn.net/wolf131721/article/details/100523318
https://edwiv.com/archives/210
https://blog.csdn.net/weifan199175/article/details/79984996
error
1./configure: error: the HTTP XSLT module requires the libxml2/libxslt
yum -y install libxml2 libxml2-dev
yum -y install libxslt-devel
2.error: perl module ExtUtils::Embed is required
yum -y install perl-devel perl-ExtUtils-Embed
3…/configure: no supported file AIO was found
Currently file AIO is supported on FreeBSD 4.3+ and Linux 2.6.22+ only
###路径不对或者没有找到AIO这个模块,同上,再编译参数中去掉。
4.can not detect int size
发现“–with-cc-opt=‘-m32 -march=i386’”,我的操作系统是 64 位,所以我删除它
5.Error: Protected multilib versions:
yum list all libcurl 查出有两个库冲突,32位与64位冲突
删除32位冲突库,只保留64位库(也可以根据需要删除64位的库,保留32位的库)。
命令: yum erase libcurl-7.19.7-46.el6.i686
6.the Google perftools module requires the Google perftools library
yum install -y gperftools-devel
7.the HTTP image filter module requires the GD library
yum install gd gd-devel
8.perl module ExtUtils::Embed is required
yum -y install perl-devel perl-ExtUtils-Embed
9.服务无法启动
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] mkdir() “/var/lib/nginx/tmp/client_body” failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
10. 创建目录
# mkdir -p /var/lib/nginx/tmp/
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
cd /root
wget http://nginx.org/download/nginx-1.10.1.tar.gz
wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz
(
注意:pcre和zlib没有找到可以直接下载的地址,在浏览器下载后通过ftp工具上传到/root目录,
下载的包分别为pcre-8.38.tar.gz和zlib-1.2.11.tar.gz,
下载地址如下
https://sourceforge.net/projects/pcre/files/pcre/8.38/
http://www.zlib.net/
)
在/root目录解压
tar zxf nginx-1.10.1.tar.gz /usr/local/nginx-1.10.1
tar zxf openssl-1.0.2h.tar.gz /usr/local/openssl-1.0.2h
tar zxf pcre-8.38.tar.gz /usr/local/pcre-8.38
tar zxf zlib-1.2.11.tar.gz /usr/local/zlib-1.2.11
然后用mv 命令,目录名不变,移动到/usr/local目录。
https://blog.csdn.net/weixin_45546960/article/details/124757626
http://edwiv.com/archives/210
https://blog.csdn.net/weifan199175/article/details/79984996
nginx.conf 配置
# HTTPS部署
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name Dfdb运维;
root /application/PythonDjango/;
ssl on;
ssl_certificate "cert/证书名.pem";
ssl_certificate_key "cert/证书名.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
# 静态文件存放位置
location /static/ {
alias /application/PythonDjango/collectedstatic/;
expires max;
}
https://www.jianshu.com/p/29f8b8fd041c
django https
给Django网站和用户数据提供更高级别的保护,需要在settings.py新增如下安全配置
# Application definition
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SECURE_SSL_REDIRECT = True # 将所有非SSL请求永久重定向到SSL
SESSION_COOKIE_SECURE = True # 仅通过https传输cookie
CSRF_COOKIE_SECURE = True # 仅通过https传输cookie
# SECURE_HSTS_INCLUDE_SUBDOMAINS = True # 严格要求使用https协议传输
SECURE_HSTS_PRELOAD = True # HSTS为
SECURE_HSTS_SECONDS = 60
SECURE_CONTENT_TYPE_NOSNIFF = True # 防止浏览器猜测资产的内容类型
Django的SECURE_SSL_REDIRECT = True也可实现80端口的http请求永久地重定向至https, 与Nginx的301重定向设置选其一即可。Django以上的几个安全设置均依赖下面这个SecurityMiddleware中间件。
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
]