1.yum 换源

CentOS 6.10镜像源

vim /etc/yum.repos.d/CentOS-Base.repo 

  1. [base]
  2. name=CentOS-6.10 -Base -vault.centos.org
  3. failovermethod=priority
  4. baseurl=http://vault.centos.org/6.10/os/$basearch/
  5. gpgcheck=1
  6. gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6
  8. #released updates
  9. [updates]
  10. name=CentOS-6.10 -Updates -vault.centos.org
  11. failovermethod=priority
  12. baseurl=http://vault.centos.org/6.10/updates/$basearch/
  13. gpgcheck=1
  14. gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6
  15. #additional packages that may be useful
  17. [extras]
  18. name=CentOS-6.10 -Extras -vault.centos.org
  19. failovermethod=priority
  20. baseurl=http://vault.centos.org/6.10/extras/$basearch/
  21. gpgcheck=1
  22. gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6
  23. #additional packages that extend functionality of existing packages
  25. [centosplus]
  26. name=CentOS-6.10 -Plus -vault.centos.org
  27. failovermethod=priority
  28. baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
  29. gpgcheck=1
  30. enabled=0
  31. gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6
  32. #contrib -packages by Centos Users
  34. [contrib]
  35. name=CentOS-6.10 -Contrib -vault.centos.org
  36. failovermethod=priority
  37. baseurl=http://vault.centos.org/6.10/contrib/$basearch/
  38. gpgcheck=1
  39. enabled=0
  40. gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6

三种镜像源任选其一

  1. 清华大学开源软件镜像站:http://mirrors.tuna.tsinghua.edu.cn/centos-vault
  3. 执行以下命令替换镜像源:
  5. sed -i 's#vault.centos.org#mirrors.tuna.tsinghua.edu.cn/centos-vault#g' /etc/yum.repos.d/CentOS-Base.repo
  6. 南京大学开源软件镜像站:http://mirrors.nju.edu.cn/centos-vault
  8. 执行以下命令替换镜像源
  10. sed -i 's#vault.centos.org#mirrors.nju.edu.cn/centos-vault#g' /etc/yum.repos.d/CentOS-Base.repo
  11. 北京外国语大学开源软件镜像站:http://mirrors.bfsu.edu.cn/centos-vault
  13. 执行以下命令替换镜像源
  15. sed -i 's#vault.centos.org#mirrors.bfsu.edu.cn/centos-vault#g' /etc/yum.repos.d/CentOS-Base.repo

本地缓存

执行如下命令生成本地缓存。
yum makecache
完成上述切换操作后您就可以正常使用yum install命令安装和更新软件包了。
https://blog.csdn.net/jsjxlhy/article/details/123749986
https://blog.csdn.net/qq_42184753/article/details/115659635

2. nginx 环境配置支持https安装

nginx -s stop
nginx -s start
yum -y install openssl openssl-devel
yum -y install gcc-c++ autoconf automake
yum -y install openssl openssl-devel
yum -y install pcre pcre-devel

检查端口被哪个进程占用 代码如下复制代码 netstat -lnp|grep 88#88请换为你的apache需要的端口,如:80

1.1 配置

  1. ./configure --prefix=/etc/nginx --user=root --group=root --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf  --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi  --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid  --lock-path=/var/run/nginx.lock  --with-file-aio  --with-ipv6  --with-http_ssl_module   --with-http_realip_module --with-http_addition_module  --with-http_xslt_module  --with-http_image_filter_module  --with-http_geoip_module  --with-http_sub_module --with-http_flv_module  --with-http_mp4_module  --with-http_gunzip_module  --with-http_gzip_static_module  --with-http_random_index_module --with-http_secure_link_module  --with-http_degradation_module  --with-http_stub_status_module --with-http_perl_module  --with-mail --with-mail_ssl_module  --with-pcre=/usr/local/pcre-8.38  --with-pcre-jit --with-debug  --with-zlib=/usr/local/zlib-1.2.12  --with-openssl=/usr/local/openssl-1.0.2h


1.2 编译,安装

  1. make
  2. make install

1.3 检查nginx是否安装成功和运行

  1. 安装好后检查nginx是否运行
  3. [root@localhost ~]# ps -A|grep nginx
  5. 如果有返回结果表示已经运行
  6. 没有返回结果表示还没运行,如果没有运行,则执行运行脚本
  7. 使用which nginx命令查看nginx的安装目录
  9. [root@localhost ~]# which nginx
  11. 得到结果是在/usr/sbin/nginx
  13. [root@localhost ~]# cd /usr/sbin/
  14. [root@localhost sbin]# ./nginx
  16. 运行nginx,如果出现如下报错
  18. [root@localhost sbin]# ./nginx
  19. nginx: [emerg] mkdir() "/var/lib/nginx/tmp/client_body" failed (2: No such file or directory)
  20. [root@localhost sbin]# ./nginx
  21. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
  22. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
  23. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
  24. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
  25. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
  26. nginx: [emerg] still could not bind()
  27. [root@AY14060515464627034cZ sbin]#
  29. 表示这个目录不存在,使用命令创建要求的目录即可
  31. [root@localhost ~]# cd /var/lib/
  32. [root@localhost lib]# mkdir -p nginx/tmp/client_body
  33. [root@localhost lib]# chmod 777 -R nginx/
  36. 创建目录后最可给目录写权限,再到/usr/sbin目录执行nginx启动脚本
  37. [root@localhost sbin]# ./nginx
  39. 此时查看可以看到nginx已经启动
  40. 查看端口
  41. [root@localhost ~]# netstat -ntlp
  42. [root@localhost ~]# ps -A|grep nginx
  43. 16209 ?        00:00:00 nginx
  44. 16210 ?        00:00:00 nginx
  46. 检测nginx是否正常安装成功,在浏览器输入服务器ip,如果页面显示
  47. Welcome to nginx!
  49. If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
  51. For online documentation and support please refer to   nginx.org.
  52. Commercial support is available at   nginx.com.
  54. Thank you for using nginx.
  56. 表示安装成功,可以使用了。

https://blog.csdn.net/wolf131721/article/details/100523318
https://edwiv.com/archives/210
https://blog.csdn.net/weifan199175/article/details/79984996

error

1./configure: error: the HTTP XSLT module requires the libxml2/libxslt
yum -y install libxml2 libxml2-dev
yum -y install libxslt-devel

2.error: perl module ExtUtils::Embed is required
yum -y install perl-devel perl-ExtUtils-Embed

3…/configure: no supported file AIO was found
Currently file AIO is supported on FreeBSD 4.3+ and Linux 2.6.22+ only
###路径不对或者没有找到AIO这个模块,同上,再编译参数中去掉。

4.can not detect int size
发现“–with-cc-opt=‘-m32 -march=i386’”,我的操作系统是 64 位,所以我删除它

5.Error: Protected multilib versions:
yum list all libcurl 查出有两个库冲突,32位与64位冲突
删除32位冲突库,只保留64位库(也可以根据需要删除64位的库,保留32位的库)。
命令: yum erase libcurl-7.19.7-46.el6.i686

6.the Google perftools module requires the Google perftools library
yum install -y gperftools-devel

7.the HTTP image filter module requires the GD library
yum install gd gd-devel

8.perl module ExtUtils::Embed is required
yum -y install perl-devel perl-ExtUtils-Embed
9.服务无法启动
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] mkdir() “/var/lib/nginx/tmp/client_body” failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
10. 创建目录
# mkdir -p /var/lib/nginx/tmp/
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
cd /root
wget http://nginx.org/download/nginx-1.10.1.tar.gz
wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz
(
注意:pcre和zlib没有找到可以直接下载的地址,在浏览器下载后通过ftp工具上传到/root目录,
下载的包分别为pcre-8.38.tar.gz和zlib-1.2.11.tar.gz,
下载地址如下
https://sourceforge.net/projects/pcre/files/pcre/8.38/
http://www.zlib.net/
)
在/root目录解压
tar zxf nginx-1.10.1.tar.gz /usr/local/nginx-1.10.1
tar zxf openssl-1.0.2h.tar.gz /usr/local/openssl-1.0.2h
tar zxf pcre-8.38.tar.gz /usr/local/pcre-8.38
tar zxf zlib-1.2.11.tar.gz /usr/local/zlib-1.2.11
然后用mv 命令,目录名不变,移动到/usr/local目录。


https://blog.csdn.net/weixin_45546960/article/details/124757626
http://edwiv.com/archives/210
https://blog.csdn.net/weifan199175/article/details/79984996

nginx.conf 配置

  1.  # HTTPS部署
  3.     server {
  5.         listen      443 ssl http2 default_server;
  7.         listen      [::]:443 ssl http2 default_server;
  9.         server_name  Dfdb运维;
  11.         root        /application/PythonDjango/;
  15.         ssl on;
  17.         ssl_certificate "cert/证书名.pem";
  19.         ssl_certificate_key "cert/证书名.key";
  21.         ssl_session_cache shared:SSL:1m;
  23.         ssl_session_timeout  5m;
  25.         ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  27.         ssl_prefer_server_ciphers on;
  29.     # 静态文件存放位置
  31.         location /static/ {
  33.             alias /application/PythonDjango/collectedstatic/;
  35.             expires max;
  37.         }

https://www.jianshu.com/p/29f8b8fd041c

django https


给Django网站和用户数据提供更高级别的保护,需要在settings.py新增如下安全配置

  2. # Application definition
  3. SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
  4. SECURE_SSL_REDIRECT = True # 将所有非SSL请求永久重定向到SSL
  5. SESSION_COOKIE_SECURE = True # 仅通过https传输cookie
  6. CSRF_COOKIE_SECURE = True # 仅通过https传输cookie
  7. # SECURE_HSTS_INCLUDE_SUBDOMAINS = True # 严格要求使用https协议传输
  8. SECURE_HSTS_PRELOAD = True # HSTS为
  9. SECURE_HSTS_SECONDS = 60
  10. SECURE_CONTENT_TYPE_NOSNIFF = True # 防止浏览器猜测资产的内容类型



Django的SECURE_SSL_REDIRECT = True也可实现80端口的http请求永久地重定向至https, 与Nginx的301重定向设置选其一即可。Django以上的几个安全设置均依赖下面这个SecurityMiddleware中间件。

  2. MIDDLEWARE = [
  3.     'django.middleware.security.SecurityMiddleware',
  4.     'django.contrib.sessions.middleware.SessionMiddleware',
  5.     'django.middleware.common.CommonMiddleware',
  6.     # 'django.middleware.csrf.CsrfViewMiddleware',
  7.     'django.contrib.auth.middleware.AuthenticationMiddleware',
  8.     'django.contrib.messages.middleware.MessageMiddleware',
  9.     'django.middleware.clickjacking.XFrameOptionsMiddleware',
  10.     'django.middleware.security.SecurityMiddleware',
  11. ]


https://blog.csdn.net/z_johnny/article/details/110410432