1、PHP部署配置
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install yum-utils
yum install php72 php72-php-fpm php72-php-gd php72-php-json php72-php-mbstring php72-php-mysqlnd php72-php-xml php72-php-xmlrpc php72-php-opcache php72-php-ldap
PHP修改配置
vim /etc/php.ini
## 修改对应如下配置
session.save_path = /tmp
upload_max_filesize = 10M
post_max_size = 16M
max_execution_time = 600
request_terminate_timeout = 600
expose_php = Off
output_buffering = 4096
PHP启动
systemctl enable php72-php-fpm.service
systemctl start php72-php-fpm.service
2、nginx 安装
yum安装
yum install -y nginx
配置修改
vim etc/nginx/conf.d/ssp.conf
server {
listen 8080;
root /usr/share/self-service-password/htdocs;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name _;
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
gzip on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
gzip_vary on;
gzip_proxied any;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# Add stdout logging
# pass the PHP scripts to FastCGI server listening on socket
#
location ~ \.php {
#fastcgi_pass unix:/var/run/php-fpm.socket;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
try_files $fastcgi_script_name =404;
fastcgi_read_timeout 600;
include fastcgi_params;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
internal;
}
# deny access to . files, for security
#
location ~ /\. {
log_not_found off;
deny all;
}
location ~ /scripts {
log_not_found off;
deny all;
}
}
3、安装self-service-password
## Configure the yum repository:
vim /etc/yum.repos.d/ltb-project.repo
[ltb-project-noarch]
name=LTB project packages (noarch)
baseurl=https://ltb-project.org/rpm/$releasever/noarch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
安装服务
rpm --import https://ltb-project.org/wiki/lib/RPM-GPG-KEY-LTB-project
yum install self-service-password
修改配置文件
vim /usr/share/self-service-password/conf/config.inc.php
## ldap
# LDAP
$ldap_url = "ldap://10.9.0.0:389"; # ldap地址
$ldap_starttls = false;
$ldap_binddn = "cn=ldapadm,dc=liuwq,dc=com";
$ldap_bindpw = 'password';
$ldap_base = "dc=liuwq,dc=com";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
$ldap_use_exop_passwd = false;
$ldap_use_ppolicy_control = false;
$who_change_password = "ldapadm";
## mail 信息配置
$mail_attribute = "mail";
# Get mail address directly from LDAP (only first mail entry)
# and hide mail input field
# default = false
$mail_address_use_ldap = true;
# Who the email should come from
$mail_from = "xx@xxx.com";
$mail_from_name = "Self Service Password";
$mail_signature = "本邮件为通过密码自助修改LDAP账号密码,无需回复,如有重置密码遇到问题可以联系运维同学";
# Notify users anytime their password is changed
$notify_on_change = true;
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 0;
$mail_debug_format = 'html';
$mail_smtp_host = 'smtp.qiye.aliyun.com'; #smtp地址
$mail_smtp_auth = true;
$mail_smtp_user = 'xx@xxx.com';
$mail_smtp_pass = 'password';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;
$mail_smtp_keepalive = false;
$mail_smtp_secure = 'tls';
$mail_smtp_autotls = false;
$mail_smtp_options = array();
$mail_contenttype = 'text/plain';
$mail_wordwrap = 0;
$mail_charset = 'utf-8';
$mail_priority = 3;
4、浏览器输入:IP:8080,上面配置过的nginx端口
结果发现这时打开web界面会提示:Token encryption requires a random string in keyphrase setting
原因和解决办法:
修改完成后刷新浏览器:
5、附加配置,关闭其它验证
问题:$use_questions = false;
邮件:$use_tokens = false;
短信:$use_sms = false;