作者:SOLARIS小兵
MAIL:solarisxb@hotmail.com
FROM:WWW.CHINAUNIX.NET
一、系統(tǒng)信息:
1、安裝solaris8
solaris8 02/4(三張盤)
# uname -a
SunOS BJ-APP1 5.8 Generic_117350-15 sun4u sparc SUNW,Sun-Blade-1000
2����、打補丁:
8_Recommended(149MB)
3�����、系統(tǒng)tcp優(yōu)化:
修改系統(tǒng)參數(shù)/etc/system
set rlim_fd_cur=81920
set rlim_fd_max=81920
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 2048
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 8192
二、安裝apache2軟件:
1�、安裝系統(tǒng)軟件:運行apache2軟件需要如下軟件包:
apache-2.0.52-sol8-sparc-local
libiconv-1.8-sol8-sparc-local
db-4.2.52.NC-sol8-sparc-local
libtool-1.5-sol8-sparc-local
expat-1.95.5-sol8-sparc-local
gcc-3.4.2-sol8-sparc-local
openssl-0.9.7e-sol8-sparc-local
gdb-6.0-sol8-sparc-local
gdbm-1.8.3-sol8-sparc-local
glib-2.2.3-sol8-sparc-local
libghttp-1.0.6-sol8-sparc-local
2���、安裝管理軟件包:
top-3.5beta12-sol8-sparc3264-local
nmap-2.54BETA28-sol8-sparc-local
ssh-3.2.5.tar.gz
3、安裝ssl臨時證書:
ssl.ca-0.1.tar.gz
生成臨時ssl的key���?����?梢詤⒖迹篽ttp://dev.csdn.net/develop/article/33/33020.shtm
現(xiàn)在沒有這個工具了�,只能自己動手生成了���,對證書不熟悉的人����,有一個工具可以使用:http://www.openssl.org/contrib/ssl.ca-
0.1.tar.gz
# cd /usr/local/apache2/conf
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
# ./new-root-ca.sh (生成根證書)
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key: (輸入一個密碼)
Verifying - Enter pass phrase for ca.key: (再輸入一次密碼)
......
Self-sign the root CA... (簽署根證書)
Enter pass phrase for ca.key: (輸入剛剛設(shè)置的密碼)
........
........ (下面開始簽署)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:JiangSu
Locality Name (eg, city) [Sitiawan]:NanJing
Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd
Organizational Unit Name (eg, section) [Certification Services Division]:ACSTAR
Common Name (eg, MD Root CA) []:WISCOM CA
Email Address []:acmail@wiscom.com.cn
這樣就生成了ca.key和ca.crt兩個文件����,下面還要為我們的服務(wù)器生成一個證書:
# ./new-server-cert.sh server (這個證書的名字是server)
......
......
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:JiangSu
Locality Name (eg, city) [Sitiawan]:NanJing
Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd
Organizational Unit Name (eg, section) [Secure Web Server]:ACSTAR
Common Name (eg, www.domain.com) []:acmail.wiscom.com.cn
Email Address []:acmail@wiscom.com.cn
這樣就生成了server.csr和server.key這兩個文件。
還需要簽署一下才能使用的:
# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key: (輸入上面設(shè)置的根證書密碼)
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'JiangSu'
localityName :PRINTABLE:'NanJing'
organizationName :PRINTABLE:'Wiscom System Co.,Ltd'
organizationalUnitName:PRINTABLE:'ACSTAR'
commonName :PRINTABLE:'acmail.wiscom.com.cn'
emailAddress :IA5STRING:'acmail@wiscom.com.cn'
Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
(如果這里出現(xiàn)錯誤�����,最好重新來過����,刪除ssl.ca-0.1這個目錄���,從解壓縮處重新開始。)
下面要按照ssl.conf里面的設(shè)置����,將證書放在適當(dāng)?shù)奈恢谩?br />
# chmod 400 server.key
# cd ..
# mkdir ssl.key
# mv ssl.ca-0.1/server.key ssl.key
# mkdir ssl.crt
# mv ssl.ca-0.1/server.crt ssl.crt
然后就可以啟動啦!
# cd /usr/local/apache2
# ./bin/apachectl startssl
4�����、安裝weblogic 軟件:weblogic 813
重要聲明:weblogic 812以前的版本不支持ssl 128位加密��,只有weblogic 813以后的版本支持ssl 128位加密
安裝bea軟件:server813_solaris32.bin
創(chuàng)建server:
/export/home/bea/weblogic81/common/bin/config.sh
三����、整合apache2和weblogic813
1、修改apache2配置文件httpd.conf
修改啟動組:Group nobody
ServerName 192.0.0.188
2���、拷貝so文件:
cd /usr/local/apache2/modules
cp /export/home/bea/weblogic81/server/lib/solaris/mod_wl128_20.so .
vi httpd.conf
LoadModule weblogic_module modules/mod_wl128_20.so
#<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
#</IfDefine>
3�、添加weblogic連接文件:
<Location />
SetHandler weblogic-handler
</Location>
<IfModule mod_weblogic.c>
WebLogicHost 127.0.0.1
WebLogicPort 7001
MatchExpression *.jsp
ConnectTimeoutSecs 60
</IfModule>
4���、配置域名解析
vi /etc/resolv.conf
nameserver 211.94.69.34
vi /etc/nsswitch.conf
hosts: files dns
備注:
報錯信息:start: .[Tue Mar 01 21:15:30 2005] [crit] [Tue Mar 01 21:15:30 2005] file vhost.c, line 189, assertion "rv ==
APR_SUCCESS" failed
解決方法:把/etc/resolv.conf和/etc/nsswitch.conf做了相應(yīng)的改動后����,就ok了
5����、添加證書:配置ssl證書:我們買的是verisign的128位ssl證書。
vi ssl.conf
#SSLCertificateFile /usr/local/apache2/public.crt
#SSLCertificateKeyFile /usr/local/apache2/private.key
#SSLCertificateChainFile /usr/local/apache2/intermediate.crt
四����、DB2數(shù)據(jù)庫客戶端安裝:
1、安裝db2數(shù)據(jù)庫for solaris 64為客戶端:
修改系統(tǒng)參數(shù)/etc/system
set msgsys:msginfo_msgmax = 65535
set msgsys:msginfo_msgmnb = 65535
set msgsys:msginfo_msgssz = 32
set msgsys:msginfo_msgseg = 32767
set msgsys:msginfo_msgmap = 2562
set msgsys:msginfo_msgmni = 2560
set msgsys:msginfo_msgtql = 2560
set semsys:seminfo_semmap = 3074
set semsys:seminfo_semmni = 3072
set semsys:seminfo_semmns = 6452
set semsys:seminfo_semmnu = 3072
set semsys:seminfo_semume = 600
set shmsys:shminfo_shmmax = 2134020096
set shmsys:shminfo_shmmni = 3072
set shmsys:shminfo_shmseg = 600
2�����、數(shù)據(jù)庫客戶端安裝:
/soft/076_ADCL_SUN_3264_NLV/adcl/db2setup
注意:選擇32位的客戶端就可以�!
1、db2 catalog tcpip node dbnode remote 192.0.0.160 server 50001
db2 terminate
db2 catalog database mbidb2 as mbidb2 at node dbnode
db2 terminate
2�、 db2連接
db2 connect to mbidb21 user db2inst1 using password
3、db2客戶端問題解決:
db2set DB2CODEPAGE=1383
報錯問題解決:
$ db2 connect to mbidb26 user db2inst1 using password
SQL0 2N There is no available conversion for the source code page "1383" to
the target code page "819". Reason Code "1". SQLSTATE=57017
$
解決方法:
db2set DB2CODEPAGE=1383
備注:有錯之處希望大家指正��!
