XAMPP踩坑记

1.下载安装

打开网址，https://www.apachefriends.org/zh\_cn/download.html，选择XAMPP for Linux，根据对应的PHP版本，下载RUN文件（关于PHP版本的选择，7是不怎么向后兼容的升级，但是升级并不是革命性的，几乎所有的php程序都能不用大规模重新而支持7，如果用7就用最新的）

将RUN文件upload到VPS，执行:

chmod 755 xampp-linux-*-installer.run
sudo ./xampp-linux-*-installer.run

安装完成后，用sudo /opt/lampp/lampp start启动Xampp服务

2.配置虚拟主机

（1）新建虚拟主机目录，其中default文件夹用于跳转到https和acme验证。

cd /opt/lampp/htdocs
mkdir default
mkdir domainA
mkdir domainB

（2）打开虚拟主机配置文件vi /opt/lampp/etc/extra/httpd-vhosts.conf

<VirtualHost *:80>
    ServerAdmin Your E-mail Address
    DocumentRoot "/opt/lampp/htdocs/default"
    ServerName default
    ServerAlias default
    ErrorLog "logs/default_log"
    CustomLog "logs/default_log" common
</VirtualHost>

（3）打开配置文件/opt/lampp/etc/httpd.conf，确保如下两处未被注释

# Virtual hosts
Include etc/extra/httpd-vhosts.conf
``````
<IfDefine SSL>
Include etc/extra/httpd-ssl.conf
</IfDefine>

(4)执行/opt/lampp/lampp reload重启Apache服务

3.配置SSL （执行vi /opt/lampp/etc/extra/httpd-ssl.conf）

（1）Line 51

默认的ciphersuite配置是比较陈旧的，建议更换成“ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4”

（2）Line83

<VirtualHost _default_:443>改为 <VirtualHost *:443>

（3）Line 127

#SSLCertificateChainFile "/opt/lampp/etc/server-ca.crt"

去掉该行之前的井号

（4）Line 83

<VirtualHost *:443>
#General setup for the virtual host
DocumentRoot "/opt/lampp/htdocs/default"
ServerName default:443
ServerAdmin Your E-mail Address
ErrorLog "/opt/lampp/logs/default_error_log"
TransferLog "/opt/lampp/logs/default_access_log"

……………………

</VirtualHost>

修改同2（2）的配置，并复制多份，分别修改为DomainA和DomainB，保存，退出。

<VirtualHost *:443>
#General setup for the virtual host
DocumentRoot "/opt/lampp/htdocs/DomainA"
ServerName DomainA:443
ServerAdmin Your E-mail Address
ErrorLog "/opt/lampp/logs/DomainA_error_log"
TransferLog "/opt/lampp/logs/DomainA_access_log"

……………………

</VirtualHost>

``````nginx
<VirtualHost *:443>
#General setup for the virtual host
DocumentRoot "/opt/lampp/htdocs/DomainB"
ServerName DomainB:443
ServerAdmin Your E-mail Address
ErrorLog "/opt/lampp/logs/DomainB_error_log"
TransferLog "/opt/lampp/logs/DomainB_access_log"

……………………

</VirtualHost>

(5)使用curl https://get.acme.sh | sh或者wget -O - https://get.acme.sh | sh安装ACME.SH，重启终端。

(6)执行acme.sh —-issue -d DomainA -w /opt/lampp/htdocs/default -d DomainB -w /opt/lampp/htdocs/default为域名生成SSL证书

(7)执行acme.sh --install-cert -d blog.weirdowy.cn --cert-file /opt/lampp/etc/ssl.crt/server.crt --key-file /opt/lampp/etc/ssl.key/server.key --fullchain-file /opt/lampp/etc/server-ca.crt --reloadcmd "/opt/lampp/lampp reloadapache"加载证书

4.配置Xampp Security

(1) 执行/opt/lampp/lampp security设置MySQL pmy 密码，执行/opt/lampp/lampp stopftp关闭FTP服务

(2)修改/opt/lampp/etc/extra/httpd-xampp.conf中的

Alias /******(自定义) "/opt/lampp/phpmyadmin"

# since XAMPP 1.4.3
<Directory "/opt/lampp/phpmyadmin">
    AllowOverride AuthConfig Limit
    Require all granted
    ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</Directory>

5.配置.htaccess文件

(1)default文件夹下，开启强制跳转https

RewriteEngine On
RewriteCond $1 !^(.well-known)
RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

(2)DomainA、DomainB文件夹下，开启HSTS与Typecho地址重写

Header set Strict-Transport-Security "max-age=2628000"

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L,E=PATH_INFO:$1]