1、PHP部署配置
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum install yum-utils yum install php72 php72-php-fpm php72-php-gd php72-php-json php72-php-mbstring php72-php-mysqlnd php72-php-xml php72-php-xmlrpc php72-php-opcache php72-php-ldap PHP修改配置 vim /etc/php.ini ## 修改对应如下配置 session.save_path = /tmp upload_max_filesize = 10M post_max_size = 16M max_execution_time = 600 request_terminate_timeout = 600 expose_php = Off output_buffering = 4096 PHP启动 systemctl enable php72-php-fpm.service systemctl start php72-php-fpm.service
2、nginx 安装
yum安装 yum install -y nginx 配置修改 vim etc/nginx/conf.d/ssp.conf server { listen 8080; root /usr/share/self-service-password/htdocs; index index.php index.html index.htm; # Make site accessible from http://localhost/ server_name _; # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html sendfile off; gzip on; gzip_comp_level 6; gzip_min_length 1000; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js; gzip_vary on; gzip_proxied any; gzip_disable "MSIE [1-6].(?!.*SV1)"; # Add stdout logging # pass the PHP scripts to FastCGI server listening on socket # location ~ .php { #fastcgi_pass unix:/var/run/php-fpm.socket; fastcgi_pass 127.0.0.1:9000; fastcgi_split_path_info ^(.+.php)(/.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; try_files $fastcgi_script_name =404; fastcgi_read_timeout 600; include fastcgi_params; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; internal; } # deny access to . files, for security # location ~ /. { log_not_found off; deny all; } location ~ /scripts { log_not_found off; deny all; } }
3、安装self-service-password
## Configure the yum repository: vim /etc/yum.repos.d/ltb-project.repo [ltb-project-noarch] name=LTB project packages (noarch) baseurl=https://ltb-project.org/rpm/$releasever/noarch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project 安装服务 rpm --import https://ltb-project.org/wiki/lib/RPM-GPG-KEY-LTB-project yum install self-service-password 修改配置文件 vim /usr/share/self-service-password/conf/config.inc.php ## ldap # LDAP $ldap_url = "ldap://10.9.0.0:389"; # ldap地址 $ldap_starttls = false; $ldap_binddn = "cn=ldapadm,dc=liuwq,dc=com"; $ldap_bindpw = 'password'; $ldap_base = "dc=liuwq,dc=com"; $ldap_login_attribute = "uid"; $ldap_fullname_attribute = "cn"; $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))"; $ldap_use_exop_passwd = false; $ldap_use_ppolicy_control = false; $who_change_password = "ldapadm"; ## mail 信息配置 $mail_attribute = "mail"; # Get mail address directly from LDAP (only first mail entry) # and hide mail input field # default = false $mail_address_use_ldap = true; # Who the email should come from $mail_from = "[email protected]"; $mail_from_name = "Self Service Password"; $mail_signature = "本邮件为通过密码自助修改LDAP账号密码,无需回复,如有重置密码遇到问题可以联系运维同学"; # Notify users anytime their password is changed $notify_on_change = true; # PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer) $mail_sendmailpath = '/usr/sbin/sendmail'; $mail_protocol = 'smtp'; $mail_smtp_debug = 0; $mail_debug_format = 'html'; $mail_smtp_host = 'smtp.qiye.aliyun.com'; #smtp地址 $mail_smtp_auth = true; $mail_smtp_user = '[email protected]'; $mail_smtp_pass = 'password'; $mail_smtp_port = 25; $mail_smtp_timeout = 30; $mail_smtp_keepalive = false; $mail_smtp_secure = 'tls'; $mail_smtp_autotls = false; $mail_smtp_options = array(); $mail_contenttype = 'text/plain'; $mail_wordwrap = 0; $mail_charset = 'utf-8'; $mail_priority = 3;
4、浏览器输入:IP:8080,上面配置过的nginx端口
结果发现这时打开web界面会提示:Token encryption requires a random string in keyphrase setting
原因和解决办法:
修改完成后刷新浏览器:
5、附加配置,关闭其它验证
问题:$use_questions = false;
邮件:$use_tokens = false;
短信:$use_sms = false;