asano のすべての投稿

WOrdpress+賢威 インストールメモ

◆バージョン情報

     Wordpress 3.9.1 + 賢威6.2

nginx -v uname -a
Linux websample.jp 2.6.32-431.23.3.el6.x86_64

nginx -v
nginx version: nginx/1.7.4

php -v
PHP 5.6.5 (cli) (built: Jan 21 2015 17:50:29)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2014 Zend Technologies

MySQL Community Server  5.6.20 – MySQL Community Serve

phpmyadmin: 4.3.8,

◆作業

・データベースの作成 Mysql

1.create database xxx_DB;

2.grant all privileges on xxx_DB.* to user@localhost identified by ‘passwd';

3.flush privileges;

・wordpressのインストール

1.wordpressのダウンロード

2.wordpressの解凍

3.パーミッションを chown -R nginx:nginx XXX

4.wp-config.phpの修正

→define(‘DB_NAME’, ‘XXX’);

→define(‘DB_USER’, ‘XXX’);

→definedefine(‘DB_PASSWORD’, ‘XXX’);

5.wp-config.phpの最終行1つ前に追加:SSL対応

if (isset($_SERVER[‘HTTP_X_FORWARDED_PROTO’]) && $_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’) {

$_SERVER[‘HTTPS’] = ‘on';
}

define(‘FORCE_SSL_LOGIN’, true);
define(‘FORCE_SSL_ADMIN’, true);

6./etc/nginx/nginx.d配下にバーチャルドメイン設定

vi xxx.conf   (フロント側)

upstream xxx {
ip_hash;
server 192.168.96.248:80xx;
}
server {

listen 80;

access_log /var/log/nginx/xxx-access.log main;
client_max_body_size 36M;
port_in_redirect off;

location ~ /\. { deny all; access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location /wp-admin { proxy_pass http://xxx; }
location /wp-content { proxy_pass http://xxx; }
location ~ .*\.php { proxy_pass http://xxx; }
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
log_not_found off;
proxy_pass http://xxx;
}

l location / {
set $mobile “”;
if ($http_user_agent ~* ‘(DoCoMo|J-PHONE|Vodafone|MOT-UP\.Browser|DDIPOCKET|ASTEL|PDXGW|Palmscape|Xiino|sharp pda browser|Windows CE|L-mode|WILLCOM|SoftBank|Semulator|Vemulator|J-EMULATOR|emobile|mixi-mobile-converter)’) {
set $mobile “@ktai”;
}

if ($http_user_agent ~* ‘(iPhone|iPod|Opera Mini|Android.*Mobile|NetFront|PSP|BlackBerry)’) {
set $mobile “@mobile”;
}

set $do_not_cache 0;
if ($request_method != GET) {
set $do_not_cache 1;
}
if ($uri !~* “.(jpg|png|gif|jpeg|css|js|swf|pdf|html|htm)$”) {
set $do_not_cache 1;
expires 30d;
}
# Casheing
proxy_no_cache $do_not_cache;
proxy_cache_bypass $do_not_cache;
proxy_cache czone;
proxy_cache_key “$scheme://$host$request_uri$is_args$args$mobile”;
proxy_cache_valid 200 301 302 60m;
proxy_cache_valid 404 5m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_pass http://xxx;

proxy_redirect off;
}
}

server {
listen 443 ssl spdy;
server_name moshimoall.ecoya.jp;
root /var/www/html/moshimoall;
client_max_body_size 36M;

# ssl on;
# ssl
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

# Tell the browser we do SPDY
add_header Alternate-Protocol 443:npn-spdy/2;
# spdy
spdy_max_concurrent_streams 500;
spdy_streams_index_size 64;
spdy_recv_timeout 50s;
spdy_keepalive_timeout 150s;
spdy_headers_comp 9;

location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Casheing
set $do_not_cache 0;
if ($request_method != GET) {
set $do_not_cache 1;
}
if ($uri !~* “.(jpg|png|gif|jpeg|css|js|swf|pdf|html|htm)$”) {
set $do_not_cache 1;
}
proxy_no_cache $do_not_cache;
proxy_cache_bypass $do_not_cache;
proxy_cache czone;
proxy_cache_key “$scheme://$host$request_uri$is_args$args$mobile”;
proxy_cache_valid 200 301 302 60m;
proxy_cache_valid 404 5m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_pass http://moshimoall;
proxy_redirect off;
client_max_body_size 24576M;
client_body_buffer_size 16384M;
proxy_connect_timeout 408000;
proxy_send_timeout 408000;
proxy_read_timeout 1600000;
# proxy_buffers 324k;
}
}

vi xxx.conf   (バックエンド側)

server {

listen 80xx;
server_name xxx.xxx.jp;
root /var/www/html/xxxl;

access_log /var/log/nginx/xxx-electric-access.log main;
error_log /var/log/nginx/xxx-error.log debug;
client_max_body_size 36M;

location / {
index index.php index.html index.htm;
# static files
if (-f $request_filename) {
expires 14d;
break;
}
# request to index.php
if (!-e $request_filename) {
rewrite ^(.+)$ /index.php?q=$1 last;
}
}

/var/www/html/xxx/$fastcgi_script_name;
# }
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
client_max_body_size 98304M;
client_body_buffer_size 67336M;
expires 2h;
}
}

 

 

 

 

 

 

nginx-1.7.3 インストール

■nginx-1.7.3が、7月8日にリリースがされたので最新版をインストールしてみました。

■ダウンロードしてインストール (/usr/local/src/nginx ←ダウンロード場所)
wget http://nginx.org/download/nginx-1.7.3.tar.gz
tar xvzf nginx-1.7.3.tar.gz
cd nginx-1.7.3

■configure (/usr/local/src/nginx-1.7.3 )
./configure –prefix=/usr/local/nginx-1.7.3 \
–sbin-path=/usr/local/sbin/nginx \
–with-openssl=/usr/local/src/openssl-1.0.1g \
–conf-path=/etc/nginx/nginx.conf \
–error-log-path=/var/log/nginx/error.log \
–http-log-path=/var/log/nginx/access.log \
–http-client-body-temp-path=/var/lib/nginx/tmp/client_body \
–http-proxy-temp-path=/var/lib/nginx/tmp/proxy \
–http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \
–http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \
–http-scgi-temp-path=/var/lib/nginx/tmp/scgi \
–pid-path=/var/run/nginx.pid \
–lock-path=/var/lock/subsys/nginx \
–user=nginx \
–group=nginx \
–with-file-aio \
–with-ipv6 \
–with-pcre \
–with-http_ssl_module \
–with-http_realip_module \
–with-http_addition_module \
–with-http_sub_module \
–with-http_dav_module \
–with-http_flv_module \
–with-http_mp4_module \
–with-http_gzip_static_module \
–with-http_random_index_module \
–with-http_secure_link_module \
–with-http_degradation_module \
–with-http_stub_status_module \
–with-http_perl_module \
–with-http_xslt_module \
–with-mail \
–with-mail_ssl_module \
–with-http_spdy_module \
–with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic’ \
–with-ld-opt=’ -Wl,-E’ \
–add-module=/usr/local/src/nginx/ngx_small_light \
–add-module=/usr/local/src/nginx/ngx_cache_purge-2.1 \
–add-module=/usr/local/src/nginx/nginx-rtmp-module-master

■configure の not found を確認
hecking for OS
+ Linux 2.6.32-431.5.1.el6.x86_64 x86_64
checking for C compiler … found
+ using GNU C compiler
+ gcc version: 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
checking for gcc -pipe switch … found
checking for –with-ld-opt=” -Wl,-E” … found
checking for gcc builtin atomic operations … found
checking for C99 variadic macros … found
checking for gcc variadic macros … found
checking for unistd.h … found
checking for inttypes.h … found
checking for limits.h … found
checking for sys/filio.h … not found
checking for sys/param.h … found
checking for sys/mount.h … found
checking for sys/statvfs.h … found
checking for crypt.h … found
checking for Linux specific features
checking for epoll … found
checking for EPOLLRDHUP … found
checking for O_PATH … not found
checking for sendfile() … found
checking for sendfile64() … found
checking for sys/prctl.h … found
checking for prctl(PR_SET_DUMPABLE) … found
checking for sched_setaffinity() … found
checking for crypt_r() … found
checking for sys/vfs.h … found
checking for poll() … found
checking for /dev/poll … not found
checking for kqueue … not found
checking for crypt() … not found
checking for crypt() in libcrypt … found
checking for F_READAHEAD … not found
checking for posix_fadvise() … found
checking for O_DIRECT … found
checking for F_NOCACHE … not found
checking for directio() … not found
checking for statfs() … found
checking for statvfs() … found
checking for dlopen() … not found
checking for dlopen() in libdl … found
checking for sched_yield() … found
checking for SO_SETFIB … not found
checking for SO_ACCEPTFILTER … not found
checking for TCP_DEFER_ACCEPT … found
checking for TCP_KEEPIDLE … found
checking for TCP_FASTOPEN … not found
checking for TCP_INFO … found
checking for accept4() … found
checking for kqueue AIO support … not found
checking for Linux AIO support … found
checking for int size … 4 bytes
checking for long size … 8 bytes
checking for long long size … 8 bytes
checking for void * size … 8 bytes
checking for uint64_t … found
checking for sig_atomic_t … found
checking for sig_atomic_t size … 4 bytes
checking for socklen_t … found
checking for in_addr_t … found
checking for in_port_t … found
checking for rlim_t … found
checking for uintptr_t … uintptr_t found
checking for system byte ordering … little endian
checking for size_t size … 8 bytes
checking for off_t size … 8 bytes
checking for time_t size … 8 bytes
checking for AF_INET6 … found
checking for setproctitle() … not found
checking for pread() … found
checking for pwrite() … found
checking for sys_nerr … found
checking for localtime_r() … found
checking for posix_memalign() … found
checking for memalign() … found
checking for mmap(MAP_ANON|MAP_SHARED) … found
checking for mmap(“/dev/zero”, MAP_SHARED) … found
checking for System V shared memory … found
checking for POSIX semaphores … not found
checking for POSIX semaphores in libpthread … found
checking for struct msghdr.msg_control … found
checking for ioctl(FIONBIO) … found
checking for struct tm.tm_gmtoff … found
checking for struct dirent.d_namlen … not found
checking for struct dirent.d_type … found
checking for sysconf(_SC_NPROCESSORS_ONLN) … found
checking for openat(), fstatat() … found
checking for getaddrinfo() … found
configuring additional modules
adding module in /usr/local/src/nginx/ngx_small_light
checking for ngx_small_light dependencies … found
+ ngx_http_small_light was configured
adding module in /usr/local/src/nginx/ngx_cache_purge-2.1
+ ngx_http_cache_purge_module was configured
adding module in /usr/local/src/nginx/nginx-rtmp-module-master
+ ngx_rtmp_module was configured
checking for PCRE library … found
checking for PCRE JIT support … not found
checking for zlib library … found
checking for libxslt … found
checking for libexslt … found
checking for perl
+ perl version: v5.10.1 (*) built for x86_64-linux-thread-multi
+ perl interpreter multiplicity found
creating objs/Makefile

Configuration summary
+ using system PCRE library
+ using OpenSSL library: /usr/local/src/openssl-1.0.1g
+ md5: using OpenSSL library
+ sha1: using OpenSSL library
+ using system zlib library

nginx path prefix: “/usr/local/nginx-1.7.3″
nginx binary file: “/usr/local/sbin/nginx”
nginx configuration prefix: “/etc/nginx”
nginx configuration file: “/etc/nginx/nginx.conf”
nginx pid file: “/var/run/nginx.pid”
nginx error log file: “/var/log/nginx/error.log”
nginx http access log file: “/var/log/nginx/access.log”
nginx http client request body temporary files: “/var/lib/nginx/tmp/client_body”
nginx http proxy temporary files: “/var/lib/nginx/tmp/proxy”
nginx http fastcgi temporary files: “/var/lib/nginx/tmp/fastcgi”
nginx http uwsgi temporary files: “/var/lib/nginx/tmp/uwsgi”
nginx http scgi temporary files: “/var/lib/nginx/tmp/scgi”

make
make install

■設定ファイルが問題ないかどうかを確認する。
[root@ecoya nginx-1.5.12]# /usr/local/sbin/nginx -t
ginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@ecoya nginx-1.5.12]# ldd /usr/local/sbin/nginx
linux-vdso.so.1 => (0x00007fff983ff000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb47f33e000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fb47f106000)
libMagickWand.so.2 => /usr/lib64/libMagickWand.so.2 (0x00007fb47edfb000)
libMagickCore.so.2 => /usr/lib64/libMagickCore.so.2 (0x00007fb47e9c3000)
libImlib2.so.1 => /usr/lib64/libImlib2.so.1 (0x00007fb47e758000)
libfreetype.so.6 => /usr/lib64/libfreetype.so.6 (0x00007fb47e4bb000)
libX11.so.6 => /usr/lib64/libX11.so.6 (0x00007fb47e17e000)
libXext.so.6 => /usr/lib64/libXext.so.6 (0x00007fb47df6a000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fb47dd66000)
libm.so.6 => /lib64/libm.so.6 (0x00007fb47dae2000)
libXpm.so.4 => /usr/lib64/libXpm.so.4 (0x00007fb47d8d0000)
libjpeg.so.62 => /usr/lib64/libjpeg.so.62 (0x00007fb47d680000)
libfontconfig.so.1 => /usr/lib64/libfontconfig.so.1 (0x00007fb47d44a000)
libpng12.so.0 => /usr/lib64/libpng12.so.0 (0x00007fb47d223000)
libz.so.1 => /lib64/libz.so.1 (0x00007fb47d00d000)
libgd.so.2 => /usr/lib64/libgd.so.2 (0x00007fb47cdc6000)
libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fb47cb99000)
libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007fb47c847000)
libxslt.so.1 => /usr/lib64/libxslt.so.1 (0x00007fb47c60a000)
libexslt.so.0 => /usr/lib64/libexslt.so.0 (0x00007fb47c3f5000)
libperl.so => /usr/lib64/perl5/CORE/libperl.so (0x00007fb47c08a000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fb47be70000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00007fb47bc56000)
libutil.so.1 => /lib64/libutil.so.1 (0x00007fb47ba53000)
libc.so.6 => /lib64/libc.so.6 (0x00007fb47b6bf000)
/lib64/ld-linux-x86-64.so.2 (0x00007fb47f565000)
libfreebl3.so => /lib64/libfreebl3.so (0x00007fb47b447000)
liblcms.so.1 => /usr/lib64/liblcms.so.1 (0x00007fb47b20e000)
libtiff.so.3 => /usr/lib64/libtiff.so.3 (0x00007fb47afaa000)
libXt.so.6 => /usr/lib64/libXt.so.6 (0x00007fb47ad44000)
libbz2.so.1 => /lib64/libbz2.so.1 (0x00007fb47ab33000)
libgomp.so.1 => /usr/lib64/libgomp.so.1 (0x00007fb47a926000)
libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007fb47a71c000)
libSM.so.6 => /usr/lib64/libSM.so.6 (0x00007fb47a514000)
libICE.so.6 => /usr/lib64/libICE.so.6 (0x00007fb47a2f8000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fb47a0e1000)
libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00007fb479ec3000)
libexpat.so.1 => /lib64/libexpat.so.1 (0x00007fb479c9a000)
libgcrypt.so.11 => /lib64/libgcrypt.so.11 (0x00007fb479a25000)
libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x00007fb479820000)
librt.so.1 => /lib64/librt.so.1 (0x00007fb479618000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fb479413000)
libXau.so.6 => /usr/lib64/libXau.so.6 (0x00007fb479210000)

[root@ecoya nginx-1.5.12]# find / -name libpcre.so.1
/usr/local/src/nginx/pcre/pcre-8.34/.libs/libpcre.so.1
/usr/local/lib/libpcre.so.1

[root@ecoya nginx-1.5.12]# cp -p /usr/local/lib/libpcre.so.1 /lib64

エラー内容 nginx: [emerg] mkdir() “/var/lib/nginx/tmp/client_body” failed (2: No such file or directory)
   mkdir /var/lib/nginx
mkdir /var/lib/nginx/tmp
chown -R ngix:nginx /var/lib/nginx
   
–http-client-body-temp-path=/var/lib/nginx/tmp/client_body \
   –http-proxy-temp-path=/var/lib/nginx/tmp/proxy \
   –http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \
   –http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \
   –http-scgi-temp-path=/var/lib/nginx/tmp/scgi \

/usr/local/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

■ビルドが全て終わったらシンボリックリンクを貼っておきます
   ln -s /usr/local/nginx-1.7.3 /usr/local/nginx

PHP 5.4.26 に EACCELERATOR V1.0-DEV をインストール

WEBページ(WordPress)を高速にするため、PHP 5.4.26に eAccelerator v1.0-dev モジュールをコンパイルで追加しました。2台構成なので各インストールしました。

>サービスストップ
# service php-fpm stop

>PHP5.4に対応しているソースをダウンロード
# wget https://lnamp-web-server.googlecode.com/files/eaccelerator-eaccelerator-42067ac.tar.gz

>解凍
# tar -xvf eaccelerator-eaccelerator-42067ac.tar.gz

>移動
# cd eaccelerator-eaccelerator-42067ac

>ビルドツールの確認
# phpize
Configuring for:
PHP Api Version: 20100412
Zend Module Api No: 20100525
Zend Extension Api No: 220100525

>which php-configのPath確認
# which php-config
/usr/bin/php-config

>eacceleratorのconfigure
# ./configure –enable-eaccelerator=shared –with-php-config=/usr/bin/php-config -with-eaccelerator-userid=nginx
checking for grep that handles long lines and -e… /bin/grep
checking for egrep… /bin/grep -E
checking for a sed that does not truncate output… /bin/sed
checking for cc… cc
checking for C compiler default output file name… a.out
checking whether the C compiler works… yes
checking whether we are cross compiling… no
checking for suffix of executables…
checking for suffix of object files… o
checking whether we are using the GNU C compiler… yes
checking whether cc accepts -g… yes
checking for cc option to accept ISO C89… none needed
checking how to run the C preprocessor… cc -E
checking for icc… no
checking for suncc… no
checking whether cc understands -c and -o together… yes
checking for system library directory… lib
checking if compiler supports -R… no
checking if compiler supports -Wl,-rpath,… yes
checking build system type… x86_64-unknown-linux-gnu
checking host system type… x86_64-unknown-linux-gnu
checking target system type… x86_64-unknown-linux-gnu
checking for PHP prefix… /usr
checking for PHP includes… -I/usr/include/php -I/usr/include/php/main -I/usr/include/php/TSRM -I/usr/include/php/Zend -I/usr/include/php/ext -I/usr/include/php/ext/date/lib
checking for PHP extension directory… /usr/lib64/php/modules
checking for PHP installed headers prefix… /usr/include/php
checking if debug is enabled… no
checking if zts is enabled… no
checking for re2c… no
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk… gawk
checking whether to enable eaccelerator support… yes, shared
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking for unistd.h… (cached) yes
checking limits.h usability… yes
checking limits.h presence… yes
checking for limits.h… yes
checking sys/param.h usability… yes
checking sys/param.h presence… yes
checking for sys/param.h… yes
checking sched.h usability… yes
checking sched.h presence… yes
checking for sched.h… yes
checking mandatory system headers… yes
checking whether union semun is defined in sys/sem.h… no
checking for sysvipc shared memory support… yes
checking for mmap shared memory support… yes
checking for mmap on /dev/zero shared memory support… yes
checking for anonymous mmap shared memory support… yes
checking for posix mmap shared memory support… no
checking for best shared memory type… sysvipc
checking for spinlock semaphores support… yes
checking for pthread semaphores support… yes
checking for posix semaphores support… no
checking for sysvipc semaphores support… no
checking for fcntl semaphores support… yes
checking for flock semaphores support… yes
checking for best semaphores type… spinlock
checking for a sed that does not truncate output… (cached) /bin/sed
checking for fgrep… /bin/grep -F
checking for ld used by cc… /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld… yes
checking for BSD- or MS-compatible name lister (nm)… /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface… BSD nm
checking whether ln -s works… yes
checking the maximum length of command line arguments… 1966080
checking whether the shell understands some XSI constructs… yes
checking whether the shell understands “+=”… yes
checking for /usr/bin/ld option to reload object files… -r
checking for objdump… objdump
checking how to recognize dependent libraries… pass_all
checking for ar… ar
checking for strip… strip
checking for ranlib… ranlib
checking command to parse /usr/bin/nm -B output from cc object… ok
checking for dlfcn.h… yes
checking for objdir… .libs
checking if cc supports -fno-rtti -fno-exceptions… no
checking for cc option to produce PIC… -fPIC -DPIC
checking if cc PIC flag -fPIC -DPIC works… yes
checking if cc static flag -static works… no
checking if cc supports -c -o file.o… yes
checking if cc supports -c -o file.o… (cached) yes
checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries… yes
checking whether -lc should be explicitly linked in… no
checking dynamic linker characteristics… GNU/Linux ld.so
checking how to hardcode library paths into programs… immediate
checking whether stripping libraries is possible… yes
checking if libtool supports shared libraries… yes
checking whether to build shared libraries… yes
checking whether to build static libraries… no
configure: creating ./config.status
config.status: creating config.h
config.status: executing libtool commands

>eacceleratorのmake
# make

・・・・省略・・・・

libtool: install: cp ./.libs/eaccelerator.so /usr/local/src/php-eaccelerator/eaccelerator-eaccelerator-42067ac/modules/eaccelerator.so
libtool: install: cp ./.libs/eaccelerator.lai /usr/local/src/php-eaccelerator/eaccelerator-eaccelerator-42067ac/modules/eaccelerator.la
libtool: finish: PATH=”/root/.rbenv/bin:/root/.rbenv/shims:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/sbin” ldconfig -n /usr/local/src/php-eaccelerator/eaccelerator-eaccelerator-42067ac/modules
———————————————————————-
Libraries have been installed in:
/usr/local/src/php-eaccelerator/eaccelerator-eaccelerator-42067ac/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR’
flag during linking and do at least one of the following:
– add LIBDIR to the `LD_LIBRARY_PATH’ environment variable
during execution
– add LIBDIR to the `LD_RUN_PATH’ environment variable
during linking
– use the `-Wl,-rpath -Wl,LIBDIR’ linker flag
– have your system administrator add LIBDIR to `/etc/ld.so.conf’

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
———————————————————————-

Build complete.
Don’t forget to run ‘make test’.

>eacceleratorのmake test
# make test

Build complete.
Don’t forget to run ‘make test’.
=====================================================================
PHP : /usr/bin/php
PHP_SAPI : cli
PHP_VERSION : 5.4.26
ZEND_VERSION: 2.4.0
PHP_OS : Linux – Linux websample.jp 2.6.32-431.5.1.el6.x86_64 #1 SMP Wed Feb 12 00:41:43 UTC 2014 x86_64
INI actual : /usr/local/src/php-eaccelerator/eaccelerator-eaccelerator-42067ac/tmp-php.ini
More .INIs :
CWD : /usr/local/src/php-eaccelerator/eaccelerator-eaccelerator-42067ac
Extra dirs :
VALGRIND : Not used
=====================================================================
TIME START 2014-03-10 19:13:05
=====================================================================
No tests were run.

>eacceleratorのmake install
# make install
Installing shared extensions: /usr/lib64/php/modules/

+——————————————————-+
| !!! Attention !!! |
| |
| For disk cache users (using eaccelerator.shm_only=0): |
| |
| Please remember to empty your eAccelerator disk cache |
| when upgrading, otherwise things will break! |
+——————————————————-+
>/etc/php.ini の最後に以下を追記
[eaccelerator]
zend_extension=”/usr/lib64/php/modules/eaccelerator.so”
eaccelerator.shm_size = “128″
eaccelerator.cache_dir = “/var/cache/php-eaccelerator”
eaccelerator.enable = “1″
eaccelerator.optimizer = “1″
eaccelerator.check_mtime = “1″
eaccelerator.debug = “0″
eaccelerator.filter = “”
eaccelerator.shm_max = “0″
eaccelerator.shm_ttl = “0″
eaccelerator.shm_prune_period = “0″
eaccelerator.shm_only = “0″
eaccelerator.compress = “1″
eaccelerator.compress_level = “9″
eaccelerator.keys = “shm_and_disk”
eaccelerator.sessions = “shm_and_disk”
eaccelerator.content = “shm_and_disk”

>php-fpm の起動
# service php-fpm start

※確認1
# php -v
PHP 5.4.26 (cli) (built: Mar 5 2014 16:04:58)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
with eAccelerator v1.0-dev, Copyright (c) 2004-2012 eAccelerator, by eAccelerator

※確認2
# php -m
[PHP Modules]
bcmath
bz2
calendar
Core
ctype
curl
date
dom
eAccelerator   ←←←←←←←←←←
ereg
exif
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
json
libxml
mbstring
mhash
mysql
mysqli
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
readline
recode
Reflection
session
shmop
SimpleXML
sockets
SPL
sqlite3
standard
tidy
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
zip
zlib

[Zend Modules]
eAccelerator

※ギャラリー(写真)ページが遅かったが、1度キャシュされた後は、体感で感じるほど高速になりました。

FCGIWRAP SPAWN-FCGI インストール

nginxのCGIとしてperlを使えるようにするには、fcgiwrap+spawn-fcgiを使う方法と、fcgi-perl+fastcgi-wrapper.plを使う方法があります。以下は、fcgiwrap+spawn-fcgiのインストールです。

 

>fcgi-devel のインストール
yum –enablerepo=epel install fcgi-devel

>fcgiwrapのダウンロード
# cd /usr/local/src/fcgiwrap
# wget -O fcgiwrap.tar.gz http://github.com/gnosek/fcgiwrap/tarball/master

>解凍
# tar xvf fcgiwrap.tar.gz

>移動
# cd gnosek-fcgiwrap-66e7b7d

>ビルドツールの確認
# autoreconf -i
# ./configure
# make
# make install

>spawn-fcgi のインストール
# yum –enablerepo=epel install spawn-fcgi

>/etc/sysconfig/spawn-fcgi ファイルの最後に1行追加します。
vi /etc/sysconfig/spawn-fcgi
以下1行追加
OPTIONS=”-u nginx -g nginx -a 127.0.0.1 -p 9000 -P /var/run/spawn-fcgi.pid — /usr/local/sbin/fcgiwrap”

>nginxの設定ファイル
cd /etc/nginx/conf.d
vi default.conf
# server セクション内の適当な位置に設定を追記
location ~ \.pl|cgi$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
}

>nginx再起動
# service nginx restart
>spawn-fcgiを自動起動の設定
# chkconfig spawn-fcgi on
>spawn-fcgiの起動
# service spawn-fcgi start

>perlでCGIを使う場合
# yum install perl-CGI
# yum –enablerepo=epel install perl-FCGI
※スクリプト内で「use CGI;」が利用可能

>perlのシンボリックリンク
# ln -s /usr/bin/perl /usr/local/bin/perl
ファイル1行目の記載が「#!/usr/bin/perl」、「#!/usr/local/bin/perl」どちらも動作可能

ap.tar.gz

NGINX-1.5.12. コンパイル インストール手順

OpenSSL-1.0.1gへバージンアップに伴い、最新のNginx-1.5.12をインストールしました。

>ダウンロードしてインストール (/usr/local/src/nginx ←ダウンロード場所)
wget http://nginx.org/download/nginx-1.5.12.tar.gz
tar xvzf nginx-1.5.12.tar.gz

>コンフィグ configure (/usr/local/src/nginx-1.5.12 )
./configure –prefix=/usr/local/nginx-1.5.12 \
–sbin-path=/usr/local/sbin/nginx \
–with-openssl=/usr/local/src/openssl/openssl-1.0.1g \
–add-module=/usr/local/src/nginx-1.5.12/ngx_cache_purge-2.1 \
–conf-path=/etc/nginx/nginx.conf \
–error-log-path=/var/log/nginx/error.log \
–http-log-path=/var/log/nginx/access.log \
–http-client-body-temp-path=/var/lib/nginx/tmp/client_body \
–http-proxy-temp-path=/var/lib/nginx/tmp/proxy \
–http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \
–http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \
–http-scgi-temp-path=/var/lib/nginx/tmp/scgi \
–pid-path=/var/run/nginx.pid \
–lock-path=/var/lock/subsys/nginx \
–user=nginx \
–group=nginx \
–with-file-aio \
–with-ipv6 \
–with-pcre \
–with-http_ssl_module \
–with-http_realip_module \
–with-http_addition_module \
–with-http_sub_module \
–with-http_dav_module \
–with-http_flv_module \
–with-http_mp4_module \
–with-http_gzip_static_module \
–with-http_random_index_module \
–with-http_secure_link_module \
–with-http_degradation_module \
–with-http_stub_status_module \
–with-http_perl_module \
–with-http_xslt_module \
–with-mail \
–with-mail_ssl_module \
–with-http_spdy_module \
–with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic’ \
–with-ld-opt=’ -Wl,-E’ \
–add-module=/usr/local/src/nginx-1.5.12/nginx-rtmp-module-master

>configureの確認
onfiguration summary
+ using system PCRE library
+ using OpenSSL library: /usr/local/src/openssl/openssl-1.0.1g
+ md5: using OpenSSL library
+ sha1: using OpenSSL library
+ using system zlib library

nginx path prefix: “/usr/local/nginx-1.5.12″
nginx binary file: “/usr/local/sbin/nginx”
nginx configuration prefix: “/etc/nginx”
nginx configuration file: “/etc/nginx/nginx.conf”
nginx pid file: “/var/run/nginx.pid”
nginx error log file: “/var/log/nginx/error.log”
nginx http access log file: “/var/log/nginx/access.log”
nginx http client request body temporary files: “/var/lib/nginx/tmp/client_body”
nginx http proxy temporary files: “/var/lib/nginx/tmp/proxy”
nginx http fastcgi temporary files: “/var/lib/nginx/tmp/fastcgi”
nginx http uwsgi temporary files: “/var/lib/nginx/tmp/uwsgi”
nginx http scgi temporary files: “/var/lib/nginx/tmp/scgi”

>make;make install

>chkconfig nginx on

>service nginx start

# ps -ef | grep nginx
ginx 27732 1 0 Apr20 ? 00:00:00 /usr/local/sbin/fcgiwrap
nginx 28262 28261 0 14:18 ? 00:00:00 php-fpm: pool www
nginx 28263 28261 0 14:18 ? 00:00:00 php-fpm: pool www
nginx 28264 28261 0 14:18 ? 00:00:00 php-fpm: pool www
nginx 28265 28261 0 14:18 ? 00:00:00 php-fpm: pool www
nginx 28266 28261 0 14:18 ? 00:00:00 php-fpm: pool www
root 28319 1 0 14:19 ? 00:00:00 nginx: master process /usr/local/sbin/nginx -c /etc/nginx/nginx.conf
nginx 28320 28319 0 14:19 ? 00:00:00 nginx: worker process
nginx 28321 28319 0 14:19 ? 00:00:00 nginx: worker process
nginx 28322 28319 0 14:19 ? 00:00:00 nginx: cache manager process

>補足1
./configure: のエラー1
checking for PCRE library … not found
checking for PCRE library in /usr/local/ … not found
checking for PCRE library in /usr/include/pcre/ … not found
checking for PCRE library in /usr/pkg/ … not found
checking for PCRE library in /opt/local/ … not found

./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using –without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using –with-pcre= option.

PCRE のインストール
# cd /usr/local/src/
# mkdir pcre
# wget http://downloads.sourceforge.net/pcre/pcre-8.34.tar.bz2
# tar -jxvf pcre-8.34.tar.bz2
# cd pcre-8.34/
# ./configure
# make
# make install

>補足2
./configure: のエラー2
./configure: error: the HTTP XSLT module requires the libxml2/libxslt
libraries. You can either do not enable the module or install the libraries.

libxslt libxslt-devel ibxml2 libxml2-devel のインストール
# yum install libxslt libxslt-devel
# yum install ibxml2 libxml2-devel

>補足3
./configure: のエラー3
+ perl version: v5.10.1 (*) built for x86_64-linux-thread-multi
Can’t locate ExtUtils/Embed.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .).
BEGIN failed–compilation aborted.

./configure: error: perl module ExtUtils::Embed is required

perl-ExtUtils-Embed のインストール
# yum install perl-ExtUtils-Embed

>補足4
/usr/local/sbin/nginx -t: のエラー1

# /usr/local/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] getpwnam(“nginx”) failed
nginx: configuration file /etc/nginx/nginx.conf test failed

NGINXユーザ、グループを作成
groupadd nginx
useradd -g nginx nginx
usermod -s /bin/false nginx( nginx 用のユーザをログイン禁止に設定)

>補足5
/usr/local/sbin/nginx -t: のエラー2

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] mkdir() “/var/lib/nginx/tmp/client_body” failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed

/var/lib/nginx/tmpフォルダの作成
# mkdir /var/lib/nginx
# mkdir /var/lib/nginx/tmp
# chown -R nginx:nginx /var/lib/nginx

>補足6
/usr/local/sbin/nginx -t: のOK表示
# /usr/local/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

>補足7
Server Name Indication(SNI、サーバー ネーム インディケーション)によって名前ベースのバーチャルホストで
SSLが使えるとのこと。
#nginx -V
nginx version: nginx/1.5.12
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
TLS SNI support enabled
configure arguments: –prefix=/usr/local/nginx-1.5.12 –sbin-path=/usr/local/sbin/nginx –with-openssl=/usr/local/src/openssl/openssl-1.0.1g –add-module=/usr/local/src/nginx-1.5.12/ngx_cache_purge-2.1 –conf-path=/etc/nginx/nginx.conf –error-log-path=/var/log/nginx/error.log –http-log-path=/var/log/nginx/access.log –http-client-body-temp-path=/var/lib/nginx/tmp/client_body –http-proxy-temp-path=/var/lib/nginx/tmp/proxy –http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi –http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi –http-scgi-temp-path=/var/lib/nginx/tmp/scgi –pid-path=/var/run/nginx.pid –lock-path=/var/lock/subsys/nginx –user=nginx –group=nginx –with-file-aio –with-ipv6 –with-pcre –with-http_ssl_module –with-http_realip_module –with-http_addition_module –with-http_sub_module –with-http_dav_module –with-http_flv_module –with-http_mp4_module –with-http_gzip_static_module –with-http_random_index_module –with-http_secure_link_module –with-http_degradation_module –with-http_stub_status_module –with-http_perl_module –with-http_xslt_module –with-mail –with-mail_ssl_module –with-http_spdy_module –with-cc-opt=’-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic’ –with-ld-opt=’ -Wl,-E’ –add-module=/usr/local/src/nginx-1.5.12/nginx-rtmp-module-master

>補足8
/etc/nginx/mime.types ファイルに以下の追加が必要なくなった。
application/x-mpegURL m3u8; <- 追加 video/MP2T ts;    <- 追加

OPENSSL、秘密鍵、自己認証局、SSL証明書作成

openssl-1.0.1fを使用し、秘密鍵、自己認証局、SSL証明書を作成し、/etc/nginx/sslに置き、nginxのConfファイルに設定しました。

■OpenSSL設定ファイルバックアップ

cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnfORG

■OpenSSL設定ファイル変更
vi /etc/ssl/openssl.cnf

[ CA_default ]
# CAディレクトリ作成場所
#dir = ./demoCA # Where everything is kept
dir = /etc/ssl/CA # Where everything is kept

# 署名の期限
#default_days = 365 # how long to certify for 1年
default_days = 3650 # how long to certify for 10年

[ req_distinguished_name ]
# 以下地域設定
#countryName_default = AU
countryName_default = JP

# 適当
#stateOrProvinceName_default = Some-State
stateOrProvinceName_default = Kanagawa

# 適当
#localityName = Locality Name (eg, city)
localityName = Sagamihara

# 0.organizationName_default = Internet Widgits Pty Ltd
0.organizationName_default = xxxxx

[ usr_cert ]
# 認証局作成:true
# basicConstraints=CA:FALSE
basicConstraints=CA:true

# コメントアウト外す
# nsCertType = server
nsCertType = server

[ v3_ca ]
# コメントアウト外す
# nsCertType = sslCA, emailCA
nsCertType = sslCA, emailCA

■CA作成スクリプト編集
vi /etc/ssl/misc/CA.sh

#if [ -z “$DAYS” ] ; then DAYS=”-days 365″ ; fi # 1 年
#CADAYS=”-days 1095″ # 3 年
DAYS=”-days 3650″ # 10 年
CADAYS=”-days 7300″ # 20 20年

#if [ -z “$CATOP” ] ; then CATOP=./demoCA ; fi
CATOP=”/etc/ssl/CA”

■CA作成スクリプト実行
mkdir /etc/ssl/CA
cd /etc/ssl/CA
/etc/ssl/misc/CA.sh -newca
CA certificate filename (or enter to create)
# [Enter]
Making CA certificate …
Generating a 1024 bit RSA private key
………………………….++++++
………..++++++
writing new private key to ‘/etc/ssl/CA/private/./cakey.pem’
Enter PEM pass phrase: # パスフレーズ設定
Verifying – Enter PEM pass phrase: # 確認
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [JP]: #[Enter]
State or Province Name (full name) [Tokyo]: #[Enter]
oote-machi 1,Chiyodaku-ku []: #[Enter]
Organization Name (eg, company) [Youria]: #[Enter]
Organizational Unit Name (eg, section) []: #[Enter]
Common Name (e.g. server FQDN or YOUR name) []:*.websample.jp #ワイルドカード
Email Address []: #[Enter]

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: #[Enter]
An optional company name []: #[Enter]
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for /etc/ssl/CA/private/./cakey.pem: # 先のパスフレーズ
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 17236407115119056261 (0xef3404f2e4afd585)
Validity
Not Before: Jan 27 05:02:38 2014 GMT
Not After : Jan 22 05:02:38 2034 GMT
Subject:
countryName = JP
stateOrProvinceName = Kanagawa
organizationName = Sagamihara
commonName = *.websample.jp
emailAddress = xxxx@xxxxx.xx
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:0A:92:8C:4B:CA:F1:67:17:0B:5A:F1:88:CA:8A:17:14:21:6A:3A
X509v3 Authority Key Identifier:
keyid:F5:0A:92:8C:4B:CA:F1:67:17:0B:5A:F1:88:CA:8A:17:14:21:6A:3A

X509v3 Basic Constraints:
CA:TRUE
Netscape Cert Type:
SSL CA, S/MIME CA
Certificate is to be certified until May 17 13:28:01 2032 GMT (7300 days)

Write out database with 1 new entries
Data Base Updated

■作成確認
ls -l /etc/ssl/CA
合計 36
-rw-r–r– 1 root root 3113 2月 20 14:02 2014 cacert.pem
-rw-r–r– 1 root root 676 2月 20 14:02 2014 careq.pem
drwxr-xr-x 2 root root 4096 2月 20 14:01 2014 certs
drwxr-xr-x 2 root root 4096 2月 20 14:01 2014 crl
-rw-r–r– 1 root root 111 2月 20 14:02 2014 index.txt
-rw-r–r– 1 root root 21 2月 20 14:02 2014 index.txt.attr
-rw-r–r– 1 root root 0 2月 20 14:01 2014 index.txt.old
drwxr-xr-x 2 root root 4096 2月 20 14:02 2014 newcerts
drwxr-xr-x 2 root root 4096 2月 20 14:01 2014 private
-rw-r–r– 1 root root 17 2月 20 14:02 2014 serial

■秘密鍵作成
openssl genrsa -aes256 -rand /var/log/boot.log -out /etc/ssl/private/server.key 1024
510364 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
……………………………………….++++++
………………++++++
e is 65537 (0×10001)
Enter pass phrase for /etc/ssl/private/server.key: # パスフレーズ設定
Verifying – Enter pass phrase for /etc/ssl/private/server.key: # 確認

ls /etc/ssl/private/
server.key

# パスフレーズを必要としない秘密鍵作成
openssl rsa -in /etc/ssl/private/server.key -out /etc/ssl/private/nopass_server.key
Enter pass phrase for /etc/ssl/private/server.key: #パスフレーズの入力
writing RSA key

ls -l /etc/ssl/private/
-rw-r–r– 1 root root 887 2月 20 14:12 2014 nopass_server.key
-rw-r–r– 1 root root 986 2月 20 14:08 2014 server.key

■署名要求書(CSR)の作成
自己認証局用に編集したopenssl.cnfを署名要求書用に編集
vi /etc/ssl/openssl.cnf

[ CA_default ]
#dir = ./demoCA # Where everything is kept
dir = /etc/ssl/CA # Where everything is kept

#default_days = 365 # how long to certify for
default_days = 3650 # how long to certify for

[ req_distinguished_name ]
countryName_default = AU
countryName_default = JP

stateOrProvinceName_default = Some-State
stateOrProvinceName_default = Kanagawa

localityName = Locality Name (eg, city)
localityName = Sagamohara

0.organizationName_default = Internet Widgits Pty Ltd
0.organizationName_default = xxxxx

■署名要求書を発行します。
openssl req -new -days 3650 -key /etc/ssl/private/nopass_server.key -out /etc/ssl/www_csr.pem

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [JP]: #[Enter]
State or Province Name (full name) [Kanagawa]: #[Enter]
oote-machi 1,Chiyodaku-ku []: #[Sagamihara]
Organization Name (eg, company) [xxxx]: #[Enter]
Organizational Unit Name (eg, section) []: #[Enter]
Common Name (e.g. server FQDN or YOUR name) []: *.websample.jp# ワイルドカード
Email Address []: #[Enter]

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: #[Enter]
An optional company name []: #[Enter]

■署名要求書に署名
openssl ca -config /etc/ssl/openssl.cnf -in /etc/ssl/www_csr.pem -keyfile /etc/ssl/CA/private/cakey.pem -cert /etc/ssl/CA/cacert.pem -out server.pem

Using configuration from /etc/ssl/CA/openssl_server.cnf
Enter pass phrase for /etc/ssl/CA/private/cakey.pem: # パスフレーズの入力
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 14017714533794264351 (0xc288ed1975a3351f)
Validity
Not Before: May 22 15:00:49 2012 GMT
Not After : May 20 15:00:49 2022 GMT
Subject:
countryName = JP
stateOrProvinceName = Kanagawa
organizationName = Sagamihara
commonName = *.websample.jp
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F8:97:17:66:E4:3D:6E:71:0B:ED:C7:D1:99:61:3C:86:7C:A9:AB:6F
X509v3 Authority Key Identifier:
keyid:25:77:B8:F5:09:E7:C0:33:ED:10:3A:FE:DC:B7:21:64:66:AA:20:28

Certificate is to be certified until May 20 15:00:49 2022 GMT (3650 days)
Sign the certificate? [y/n]: # y

1 out of 1 certificate requests certified, commit? [y/n] # y
Write out database with 1 new entries
Data Base Updated

作成されたserver.pemをWebサーバで使用。 /etc/nginx/ssl/ に置く

■エラー
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2

■エラーの対応
openssl ca -revoke /etc/ssl/CA/newcerts/00.pem
上記でだめなら
/etc/ssl/index.txt ファイルを削除して touch /etc/ssl/index.txt  で復活後 上記コマンドを再度行う

■nginxの設定
mkdir /etc/nginx/ssl
mv server.pem /etc/nginx/ssl/
vi /etc/nginx/conf.d/default
# SSL証明書と秘密鍵を指定
server {
listen 443;
server_name localhost;

root /usr/share/nginx/www;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/server.pem;
ssl_certificate_key /etc/ssl/private/nopass_server.key;
}

STUNSERVER-1.2.6 インストール

ウエブカメラ通話実現のキーとなるクライアント双方のIPアドレスをNATを越えて取得し、双方向リアルタイムウエブカメラ通話を可能とします。

■ダウンロード先
wget http://sourceforge.net/projects/stuntman/files/stunserver-1.2.6.tgz

■保存先
/usr/local/src/STUNServer
stunserver-1.2.6.tgz

■解凍先
/usr/local/src/STUNServer/stunserver

■事前にインストール
RedHat/Fedora and EC2 Amazon Linux AMI
yum groupinstall “Development Tools” # For g++, make, et. al.
yum install boost* # For Boost
yum install openssl-devel # For OpenSSL

■makeで作成
rwxr-xr-x 1 root root 139558 2月 18 2:37 2014 stunserver
-rwxr-xr-x 1 root root 95110 2月 18 2:37 2014 stunclient
-rwxr-xr-x 1 root root 171783 2月 18 2:37 2014 stuntestcode

■インストール先
/usr/bin/stunclient(STUNクライアント)
/usr/sbin/stunserver (STUNサーバ)
/etc/stun/stund.conf (STUNサーバ設定ファイル、未使用)
/etc/init.d/stund (STUNサーバ起動ファイル)

■STUNサーバ起動ファイル /etc/init.d/stund

#! /bin/sh

# chkconfig: 344 98 1
# description: stund
# processname: stund
#
# /etc/init.d/stund: start and stop the STUND daemon
#
DAEMON_START=”/usr/local/bin/start_stund_server.sh”(起動スクリプト)
DAEMON_STOP=”/usr/local/bin/stop_stund_server.sh”(終了スクリプト)
test -x $DAEMON_START || exit 0
test -x $DAEMON_STOP || exit 0
case “$1″ in
start)
echo -n “Starting STUND stunserver: stund”
$DAEMON_START
echo “ok.”
;;
stop)
echo -n “Stopping STUND stunserver: stund”
$DAEMON_STOP
echo “ok.”
;;

reload|force-reload)
echo -n “Restarting STUND stunserver: stund”
$DAEMON_STOP
$DAEMON_START
echo “ok.”
;;
restart)
echo -n “Restarting STUND stunserver: stund”
$DAEMON_STOP
$DAEMON_START
echo “ok.”
;;
*)
echo “Usage: /etc/init.d/stund {start|stop|reload|force-reload|restart}”
exit 1
esac
exit 0
~
# chmod +x /etc/init.d/stund
# chkconfig /etc/init.d/stund on

■起動スクリプト: /usr/local/bin/start_stund_server.sh

/usr/sbin/stunserver –mode full –primaryinterface XXX.XXX.XXX.101 –primaryport 3478 –altint
erface XXX.XXX.XXX.102 –altport 3479 > /dev/null 2>&1 &

※ルータのポート解放設定 と iptablesのポート解放設定が必要

※XXX.XXX.XXX.101とXXX.XXX.XXX.102は、1台のマシン、LANカード2枚、グローバルIPも2つ必要

■終了スクリプト: /usr/local/bin/stop_stund_server.sh
killall /usr/sbin/stunserver

■ご利用方法

peer.jsファイル内の以下の部分を変更してご利用ください。

// var defaultConfig = {‘iceServers’: [{ ‘url':    ’stun:stun.l.google.com:19302′ }]};

↓ 変更
var defaultConfig = {‘iceServers’: [{ ‘url':  ’stun:turn.websample.jp:3478′ }]};
 var dataCount = 1;

※問題がありましたらご連絡お願いします。

PEERSERVER、PEERJS インストール

ウエブカメラ通話アプリケーションPeerJSとそのPeerServerのインストールと設定と自動起動を記載しました。

■PeerServerダウンロード
# cd /opt
# git clone https://github.com/peers/peerjs-server.git

■PeerServerの依存ライブラリインストール
# cd peerjs-server

# npm install
npmはnode.jsのpackage管理ツール

■PeerJSダウンロード

$ cd /opt
$ git clone https://github.com/peers/peerjs.git

videochatのデモをnginxの下に配置
$ cd /var/www/html/xxxx
$ mkdir peerjs
$ cp /opt/peerjs/examples/videochat/* /var/www/html/xxxx/peerjs

$ cp /opt/peerjs/dist/peer.js  /var/www/html/xxxx/peerjs
以下のdiffのようにindex.htmlを修正

$ vi peerjs/index.html
# diff index.html /opt/peerjs/examples/videochat/index.html
6c6
<

>
13c13
< var peer = new Peer({host:’192.xxx.xxx.xxx’, port:9000, key: ‘peerjs’, debug: 3}); — > var peer = new Peer({ key: ‘lwjd5qra8257b9′, debug: 3});
PeerServer起動

PeerServerの自動起動設定
$ vi /etc/init/peerjs.conf
description “PeerJS Server”
author “co-meeting Inc.”

# Saves log to /var/log/upstart/peerjs.log
console log

# Starts only after drives are mounted.
start on started mountall

stop on shutdown

# Automatically Respawn. But fail permanently if it respawns 10 times in 5 seconds:
respawn
respawn limit 10 5

script
node /opt/peerjs-server/bin/peerjs -p 8124 -k peerjs
end script
起動コマンドオプションの-k peerjsはクライアントのnew Peer({host:’’, port:8124, key: ‘peerjs’, debug: 3})のkeyと一致

80番と8124番ポート解放

■peerserver 自動起動

# vi /etc/init.d/peerjs

#! /bin/sh
# chkconfig: 345 99 1
# description: peerjs
# processname: peerjs
#
# /etc/init.d/peerjs: start and stop the PEERJS daemon
#
DAEMON_START=”/usr/local/bin/start_peers_server.sh”
DAEMON_STOP=”/usr/local/bin/stop_peers_server.sh”
test -x $DAEMON_START || exit 0
test -x $DAEMON_STOP || exit 0
case “$1″ in
start)
echo -n “Starting STUND peerserver: peerjs”
$DAEMON_START
echo “ok.”
;;
stop)
echo -n “Stopping STUND peerserver: peerjs”
$DAEMON_STOP
echo “ok.”
;;

reload|force-reload)
echo -n “Restarting STUND peerserver: peerjs”
$DAEMON_STOP
$DAEMON_START
echo “ok.”
;;
restart)
echo -n “Restarting STUND peerserver: peerjs”
$DAEMON_STOP
$DAEMON_START
echo “ok.”
;;
*)
echo “Usage: /etc/init.d/stund {start|stop|reload|force-reload|restart}”
exit 1
esac
exit 0

# chmod +x /etc/init.d/peerjs
# chkconfig /etc/init.d/peerjs on

# vi /usr/local/bin/start_peers_server.sh
node /opt/peerjs-server/bin/peerjs -p 8124 -k peerjs > /dev/null 2>& 1 &

# vi /usr/local/bin/stop_peers_server.sh
killall node /opt/peerjs-server/bin/peerjs

OPENSSL-1.0.1F インストール

記事を記載する為、WordPressが良いことを知り、インストールや設定を調べている間に、SSL機能が必要と知り、openssl-1.0.1fをインストールをインストールしました。

■ダウンロード&解凍  (/usr/local/src/openssl ←ダウンロード場所)
wget http://www.openssl.org/source/openssl-1.0.1f.tar.gz
wget http://www.linuxfromscratch.org/patches/blfs/svn/openssl-1.0.1f-fix_parallel_build-1.patch
wget http://www.linuxfromscratch.org/patches/blfs/svn/openssl-1.0.1f-fix_pod_syntax-1.patch
tar xvzf openssl-1.0.1f.tar.gz

■パッチスクリプト実行
patch -Np1 -i ../openssl-1.0.1f-fix_parallel_build-1.patch
patch -Np1 -i ../openssl-1.0.1f-fix_pod_syntax-1.patch

■config実行
./config –prefix=/usr \
–openssldir=/etc/ssl \
–libdir=lib \
shared \
zlib-dynamic

■make実行

■ビルド結果をテストする場合は make test実行

■スタティックライブラリをインストールしたくない場合は、以下の sed コマンド実行

sed -i ‘s# libcrypto.a##;s# libssl.a##’ Makefile

■root ユーザーになって以下1,2,3を実行します。

1.make MANDIR=/usr/share/man MANSUFFIX=ssl install
下記のエラー (上記 sed しなかった場合)
cp: cannot stat `lib4758cca.so’: No such file or directory
make[1]: *** [install] Error 1
make[1]: Leaving directory `/usr/local/src/nginx/openssl-1.0.1f/engines’
make: *** [install_sw] Error 1

find / -name lib4758cca.so
/usr/lib64/openssl/engines/lib4758cca.so

cp -p /usr/lib64/openssl/engines/* engin

2.install -dv -m755 /usr/share/doc/openssl-1.0.1f
3.cp -vfr doc/* /usr/share/doc/openssl-1.0.1f

PHP-FPM インストール

Nginxインストールで調べた際、php-fpmが同時にインストールするようなので、php-fpm インストールとphp-fpm.confの設定をしました。PHP5.4からFastCGI(php-fpm)が利用可能になったからのようです。

■yumでインストール

yum –enablerepo=remi install php php-fpm

■php-fpm設定
mkdir /var/log/php-fpm
chown -R nobody:nobody /var/log/php-fpm

php-fpm.confを編集

[global]
pid = /var/run/php-fpm/php-fpm.pid

vi /etc/php-fpm.d/www.conf
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.owner = nginx
listen.group = nginx
listen.mode = 0666
listen.allowed_clients = 127.0.0.1
listen=/var/run/php-fpm/php-fpm.sock

pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500

php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_value[session.save_path] = /var/lib/php/session
php_admin_flag[log_errors] = on

/var/lib/php/session の権限を nginx に変更
chown nginx:nginx /var/lib/php/session

service php-fpm start
chkconfig php-fpm on