1、环境搭建



说明:

vpn client 192.168.8.16/24

openvpn server:

eth0: 192.168.8.41

eth1: 172.16.1.10





app server: 

172.16.1.20





app server和openvpn的eth1都在vmnet2上





openvpn server

# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:6C:85:A0  

          inet addr:192.168.8.41  Bcast:192.168.8.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe6c:85a0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:9587674 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5211921 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1241650018 (1.1 GiB)  TX bytes:1238208023 (1.1 GiB)





eth1      Link encap:Ethernet  HWaddr 00:0C:29:6C:85:AA  

          inet addr:172.16.1.10  Bcast:172.16.1.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe6c:85aa/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:122 errors:0 dropped:0 overruns:0 frame:0

          TX packets:73 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:11314 (11.0 KiB)  TX bytes:6306 (6.1 KiB)





lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:1572 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1572 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:141358 (138.0 KiB)  TX bytes:141358 (138.0 KiB)

2、时间同步:

# ntpdate 192.168.8.102

3、创建openvpn的安装目录

# mkdir -pv /home/tools/openvpn

mkdir: created directory `/home/tools'

mkdir: created directory `/home/tools/openvpn'

# cd /home/tools/openvpn/

上传安装软件到该目录

# ls -l

total 1464

-rw-r--r-- 1 root root 583045 Jun 29 17:30 lzo-2.06.tar.gz

-rw-r--r-- 1 root root 911158 Jun 29 17:30 openvpn-2.2.2.tar.gz

4、安装依赖包

# yum install -y gcc*

# yum install -y openssl*





编译安装依赖包,通过执行 echo $?可以判断步骤是否正确





tar zxf lzo-2.06.tar.gz 

cd lzo-2.06

./configure 

make

make install





安装openvpnserver

# tar zxf openvpn-2.2.2.tar.gz 

# cd openvpn-2.2.2





# ./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib

# make && make install





验证是否安装成功

# ll /usr/local/sbin/openvpn 

-rwxr-xr-x 1 root root 2545339 Jun 29 17:55 /usr/local/sbin/openvpn

# which openvpn

/usr/local/sbin/openvpn

5、配置openvpn server的各种密钥

# cd /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0

# vim vars





export KEY_COUNTRY="CN"

export KEY_PROVINCE="SZ"

export KEY_CITY="shenzhen"

export KEY_ORG="chinasoft"

export KEY_EMAIL="chinasoft@qq.com"

export KEY_EMAIL=chinasoft@qq.com

export KEY_CN=CN

export KEY_NAME=chinasoft

export KEY_OU=chinasoft

export PKCS11_MODULE_PATH=changeme

export PKCS11_PIN=1234





使配置生效

[root@node3 2.0]# source vars

NOTE: If you run ./clean-all, I will be doing a rm -rf on /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/keys

[root@node3 2.0]# ./clean-all 

[root@node3 2.0]# ./build-ca 

Generating a 1024 bit RSA private key

................................................++++++

....................++++++

writing new private key to 'ca.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [SZ]:

Locality Name (eg, city) [shenzhen]:

Organization Name (eg, company) [chinasoft]:

Organizational Unit Name (eg, section) [chinasoft]:

Common Name (eg, your name or your server's hostname) [CN]:chinasoft

Name [chinasoft]:

Email Address [chinasoft@qq.com]:





# ll keys/

total 12

-rw-r--r-- 1 root root 1367 Jun 29 18:09 ca.crt

-rw------- 1 root root  916 Jun 29 18:09 ca.key

-rw-r--r-- 1 root root    0 Jun 29 18:08 index.txt

-rw-r--r-- 1 root root    3 Jun 29 18:08 serial

生成服务器端证书和秘钥key文件

# ./build-key-server server

Generating a 1024 bit RSA private key

.................................++++++

...............++++++

writing new private key to 'server.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [SZ]:

Locality Name (eg, city) [shenzhen]:

Organization Name (eg, company) [chinasoft]:

Organizational Unit Name (eg, section) [chinasoft]:

Common Name (eg, your name or your server's hostname) [server]:chinasoft

Name [chinasoft]:

Email Address [chinasoft@qq.com]:





Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456  

An optional company name []:chinasoft

Using configuration from /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName           :PRINTABLE:'CN'

stateOrProvinceName   :PRINTABLE:'SZ'

localityName          :PRINTABLE:'shenzhen'

organizationName      :PRINTABLE:'chinasoft'

organizationalUnitName:PRINTABLE:'chinasoft'

commonName            :PRINTABLE:'chinasoft'

name                  :PRINTABLE:'chinasoft'

emailAddress          :IA5STRING:'chinasoft@qq.com'

Certificate is to be certified until Jun 27 10:13:59 2026 GMT (3650 days)

Sign the certificate? [y/n]:y









1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

建立2份客户端证书,分别为client和ett

[root@node3 2.0]# ./build-key test





注意:./build-key test 这条命令不能配置成 ./build-key chinasoft及其他和组织等名称相同的文件名,否则无法通信





Generating a 1024 bit RSA private key

.......++++++

................................++++++

writing new private key to 'test.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [SZ]:

Locality Name (eg, city) [shenzhen]:

Organization Name (eg, company) [chinasoft]:

Organizational Unit Name (eg, section) [chinasoft]:

Common Name (eg, your name or your server's hostname) [test]:chinasoft

Name [chinasoft]:

Email Address [chinasoft@qq.com]:





Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456

An optional company name []:chinasoft

Using configuration from /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName           :PRINTABLE:'CN'

stateOrProvinceName   :PRINTABLE:'SZ'

localityName          :PRINTABLE:'shenzhen'

organizationName      :PRINTABLE:'chinasoft'

organizationalUnitName:PRINTABLE:'chinasoft'

commonName            :PRINTABLE:'chinasoft'

name                  :PRINTABLE:'chinasoft'

emailAddress          :IA5STRING:'chinasoft@qq.com'

Certificate is to be certified until Jun 27 13:29:36 2026 GMT (3650 days)

Sign the certificate? [y/n]:y

failed to update database

TXT_DB error number 2

创建加密的客户端key

# ./build-key-pass ett

Generating a 1024 bit RSA private key

........................................++++++

................++++++

writing new private key to 'ett.key'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [SZ]:

Locality Name (eg, city) [shenzhen]:

Organization Name (eg, company) [chinasoft]:

Organizational Unit Name (eg, section) [chinasoft]:

Common Name (eg, your name or your server's hostname) [ett]:chinasoft

Name [chinasoft]:

Email Address [chinasoft@qq.com]:





Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456

An optional company name []:chinasoft

Using configuration from /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName           :PRINTABLE:'CN'

stateOrProvinceName   :PRINTABLE:'SZ'

localityName          :PRINTABLE:'shenzhen'

organizationName      :PRINTABLE:'chinasoft'

organizationalUnitName:PRINTABLE:'chinasoft'

commonName            :PRINTABLE:'chinasoft'

name                  :PRINTABLE:'chinasoft'

emailAddress          :IA5STRING:'chinasoft@qq.com'

Certificate is to be certified until Jun 27 10:24:44 2026 GMT (3650 days)

Sign the certificate? [y/n]:y

failed to update database

TXT_DB error number 2

生成传输进行密钥交换时用到的交换密钥协议文件

# ./build-dh

# ll keys/dh1024.pem 

-rw-r--r-- 1 root root 245 Jun 29 19:05 keys/dh1024.pem

为防止恶意攻击,如DOS、UDP port flooding,我们生成一个HMAC firewall

# openvpn --genkey --secret keys/ta.key

[root@node3 2.0]# ll keys/ta.key 

-rw------- 1 root root 636 Jun 29 19:07 keys/ta.key

6、配置openvpn.conf文件

# mkdir /etc/openvpn

# cp -a keys /etc/openvpn/

[root@node3 2.0]# cp ../../sample-config-files/server.conf /etc/openvpn/

[root@node3 2.0]# tree /etc/op

openldap/ openvpn/  opt/      

[root@node3 2.0]# tree /etc/openvpn/

-bash: tree: command not found

[root@node3 2.0]# tree /etc/openvpn/

/etc/openvpn/

├── keys

│   ├── 01.pem

│   ├── ca.crt

│   ├── ca.key

│   ├── chinasoft.crt

│   ├── chinasoft.csr

│   ├── chinasoft.key

│   ├── dh1024.pem

│   ├── ett.crt

│   ├── ett.csr

│   ├── ett.key

│   ├── index.txt

│   ├── index.txt.attr

│   ├── index.txt.old

│   ├── serial

│   ├── serial.old

│   ├── server.crt

│   ├── server.csr

│   ├── server.key

│   └── ta.key

└── server.conf









# vim /etc/openvpn/server.conf





local 192.168.8.41 # 监听地址

port 52155 # 监听端口

proto tcp

dev tun

ca /etc/openvpn/keys/ca.crt # ca证书

cert /etc/openvpn/keys/server.crt # 服务证书

key /etc/openvpn/keys/server.key # 服务key

dh /etc/openvpn/keys/dh1024.pem

server 10.8.0.0 255.255.255.0 # vpn server动态分配给vpn client的地址池,一般不需要修改

push "route 172.16.1.0 255.255.255.0" # vpn server所在的内网网段,如果有多个可写写多个push

ifconfig-pool-persist /etc/openvpn/keys/ipp.txt

keepalive 10 120

comp-lzo

persist-key

persist-tun

status openvpn-status.log

verb 3

client-to-client

duplicate-cn

log /var/log/openvpn.log

打开路由转发功能

# vim /etc/sysctl.conf 

net.ipv4.ip_forward = 1

使配置生效

# sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key

error: "net.bridge.bridge-nf-call-iptables" is an unknown key

error: "net.bridge.bridge-nf-call-arptables" is an unknown key

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

8、启动openvpn server服务

# /usr/local/sbin/openvpn --config /etc/openvpn/server.conf &

检查服务是否正常启动

# netstat -lntup|grep vpn

tcp        0      0 0.0.0.0:52155               0.0.0.0:*                   LISTEN      28959/openvpn    





加入启动脚本

# echo '/usr/local/sbin/openvpn --config /etc/openvpn/server.conf &' >> /etc/rc.local 

[root@node3 openvpn]# tail -1 /etc/rc.local 

tail: inotify cannot be used, reverting to polling

/usr/local/sbin/openvpn --config /etc/openvpn/server.conf &





将openvpn添加为服务的形式

# cp /home/tools/openvpn/openvpn-2.2.2/sample-scripts/openvpn.init /etc/init.d/openvpn

[root@node3 openvpn]# chkconfig --add openvpn

[root@node3 openvpn]# chkconfig --list openvpn

openvpn         0:off1:off2:off3:on4:on5:on6:off

[root@node3 openvpn]# chmod +x /etc/init.d/openvpn 

[root@node3 openvpn]# chkconfig openvpn on

[root@node3 openvpn]# chkconfig --list openvpn

openvpn         0:off1:off2:on3:on4:on5:on6:off

[root@node3 openvpn]# killall openvpn

[root@node3 openvpn]# service openvpn start

Starting openvpn:                                          [  OK  ]

[1]+  Done                    /usr/local/sbin/openvpn --config /etc/openvpn/server.conf

[root@node3 openvpn]# service openvpn restart

Shutting down openvpn:                                     [  OK  ]

Starting openvpn:                                          [  OK  ]





# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:6C:85:A0  

          inet addr:192.168.8.41  Bcast:192.168.8.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe6c:85a0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:9941129 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5344611 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1366753019 (1.2 GiB)  TX bytes:1255169492 (1.1 GiB)





eth1      Link encap:Ethernet  HWaddr 00:0C:29:6C:85:AA  

          inet addr:172.16.1.10  Bcast:172.16.1.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe6c:85aa/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:414 errors:0 dropped:0 overruns:0 frame:0

          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:28834 (28.1 KiB)  TX bytes:6644 (6.4 KiB)





lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:1738 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1738 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:155542 (151.8 KiB)  TX bytes:155542 (151.8 KiB)





tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  

          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:4 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100 

          RX bytes:240 (240.0 b)  TX bytes:0 (0.0 b)

如果启动报错:

需要修改服务启动服务脚本/etc/init.d/openvpn 

for c in `/bin/ls *.conf 2>/dev/null`; do

改为

for c in `/bin/ls server.conf 2>/dev/null`; do



9、windows客户端openvpn-2.2.2-install.exe安装

在vpn server中安装文件传输工具,将下列文件传送给客户端,放置在E:\Program Files (x86)\OpenVPN\config\test目录下

client.conf 改名为 test.ovpn

# yum install -y lrzsz

# sz -y ca.crt test.crt test.key client.conf





报错:

failed to update database

TXT_DB error number 2





解决办法:

 

vim /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/keys/index.txt.attr

将unique_subject = yes  改为unique_subject = no





在vpn客户端连通后ping 172.16.1.20

通过在appserver 172.16.1.20上抓包发现只有请求的数据包,没有回应

# tcpdump -nnn -s 10000|grep -i icmp

将appserver的网关指向vpnserver的内网网卡后可以ping通,访问nginx服务http://172.16.1.20也正常

# route add default gw 172.16.1.10

或者添加静态路由



# route add -net 10.8.0.0/24 gw 172.16.1.10





如果要是永久生效,有如下几种方法:

方法一:

vi /etc/sysconfig/network-scripts/route-eth0  #默认不存在此文件

加入如下内容:

10.8.0.0/24 via 172.16.1.10

提示:写到配置里,重启网络服务和重启系统都会生效!

 

方法二:

vi /etc/sysconfig/static-routes  #默认不存在此文件

加入如下内容:

any net 10.8.0.0/24 gw 172.16.1.10

提示:写到配置里,重启网络服务和重启系统都会生效!

 

方法三:

vi /etc/rc.local

加入如下内容:

route add -net 10.8.0.0/24 gw 172.16.1.10

PS: 方法一推荐生产环境使用

提示:方法三写到/etc/rc.local里只在开机时加载,当手工重启网络后会失效,但是重启系统后会生效!





注意:如果当VPN客户端的网关不是VPNSERVER内网地址的时候,所有的VPN客户端都要加网络路由,当VPN客户端的网关是VPNSETVER内网地址就不需要添加静态路由了

centos6.5环境搭建openvp服务器及windows客户端搭建及配置详解的更多相关文章

  1. CentOS6.5环境使用keepalived实现nginx服务的高可用性及配置详解

    keepalived基础概念    Keepalived是一个基于VRRP协议来实现的WEB服务高可用方案,可以利用其来避免单点故障.一个WEB服务至少会有2台服务器运行Keepalived,一台为主 ...

  2. Hibernate4搭建Log4J日志管理(附Log4j.properties配置详解)

    1.首先加入slf4j的jar包,即slf4j-api-1.6.1.jar 在hibernate官网下载hibernate-release-4.2.2.Final.zip并解压,在hibernate- ...

  3. Samba centos7文件共享服务器搭建教程,可以更改任意需求操作配置详解。

    先安装软件   yum -y install samba-client 请看如下配置文件说明 [gongxiang]       comment = This is my shared folder  ...

  4. [PXE] Linux(centos6)中PXE 服务器搭建,PXE安装、启动及PXE理论详解

    [PXE] Linux(centos6)中PXE 服务器搭建,PXE安装.启动及PXE理论详解 本篇blog主要讲述了[PXE] linux(centos)PXE无盘服务器搭建,安装,启动及pxe协议 ...

  5. Linux - CentOS6.5服务器搭建与初始化配置详解(下)

    传送带:Linux - CentOS6.5服务器搭建与初始化配置详解(上) 继续接着上面的安装,安装完后会出现下面界面 点击reboot重启 重启后可以看到下面的tty终端界面  因为这就是最小化安装 ...

  6. Linux - CentOS6.5服务器搭建与初始化配置详解(上)

    1.新建一个虚拟机 选择典型 单机下一步 p.MsoNormal,li.MsoNormal,div.MsoNormal { margin: 0cm 0cm 0.0001pt; text-align: ...

  7. JAVA环境变量配置详解(Windows)

    JAVA环境变量配置详解(Windows)   JAVA环境变量JAVA_HOME.CLASSPATH.PATH设置详解  Windows下JAVA用到的环境变量主要有3个,JAVA_HOME.CLA ...

  8. 实时监控、直播流、流媒体、视频网站开发方案流媒体服务器搭建及配置详解:使用nginx搭建rtmp直播、rtmp点播、,hls直播服务配置详解

    注意:这里不会讲到nginx流媒体模块如何安装的问题,只研究rtmp,hls直播和录制相关的nginx服务器配置文件的详细用法和说明.可以对照这些命令详解配置nginx -rtmp服务 一.nginx ...

  9. Windows下Nginx Virtual Host多站点配置详解

    Windows下Nginx Virtual Host多站点配置详解 此教程适用于Windows系统已经配置好Nginx+Php+Mysql环境的同学. 如果您还未搭建WNMP环境,请查看 window ...

随机推荐

  1. Linux 系统缓存机制学习

    前言:本文为参考他人的文章,是一篇学习记录型博客.理解linux的系统缓存机制有助于理解elasticsearch实时更新的原理. 一.缓存机制 为了提高文件系统性能,内核利用一部分物理内存分配出缓冲 ...

  2. TRIE 字典树 前缀紧急集合!

    TRIE: 在计算机科学中,Trie,又称前缀树或字典树,是一种有序树状的数据结构,用于保存关联数组,其中的键通常是字符串.——百度百科 自我理解: trie树,是一种处理字符串前缀的数据结构,通常会 ...

  3. 动态分配内存 new

    a=]; ;i<=n;i++) a[i]=]; 感觉比malloc好用. 动态初始化后,值并非全为0,注意!

  4. gcc-linaro-arm-linux-gnueabihf交叉编译器配置

    系统Ubuntu14.04 版本:gcc 版本 4.7.3 20130328 (prerelease) (crosstool-NG linaro-1.13.1-4.7-2013.04-20130415 ...

  5. JS,JQ及时监听input值的变化,MUI的input搜索框里的清除按钮的点击监听事件

    JS: document.getElementById("input对象的ID").addEventListener('input',function(){ console.log ...

  6. 类的初始化过程(难点)--------java基础总结

    前言:看到这么好的东西,忍不住又写到了博客上面 Student s = new Student();在内存中究竟做了哪些事情呢? ①加载student.class文件进内存. ②为栈内存s开辟空间. ...

  7. AIC和BIC

    一.模型选择之AIC和BIC 人们提出许多信息准则,通过加入模型复杂度的惩罚项来避免过拟合问题,此处我们介绍一下常用的两个模型选择方法 赤池信息准则(Akaike Information Criter ...

  8. Golang面向过程编程-函数

    Golang面向过程编程-函数 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 一.什么是函数 简单的说函数的作用就是把程序里多次调用的相同的代码部分定义成一份,然后起个名字,所有的 ...

  9. H3C配置FTP服务器

    H3C配置FTP服务器 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 一.FTP协议简介 1.FTP协议是互联网上广泛使用的文件传输协议 FTP文件传送协议(File Transf ...

  10. php-fpm sock文件权限设置

    在编译php-fpm时,若没有指定fpm用户,在配置文件中也没有指定用户,则sock文件会由root(启动php-fpm的用户)创建,其权限是srw-rw----. 而nginx一般由nginx用户启 ...