项目要求:
1.lnmp实现多个虚拟主机,分别部署wordpress和phpmyadmin应用,并设置phpmyadmin仅能通过https协议访问;
2.配置即使客户端通过http协议访问phpmyadmin站点,最终也可以让用户使用https重新请求访问;

一、环境:lnmp=Linux+Nginx+MariaDB+PHP
在Linux中配置所需必要的环境:
1.在CentOS系和RHEL系列的发行版操作系统中,本地光盘并没有提供Nginx应用程序,所以我们一般有两种方法安装:
1).编译安装Nginx;(此项目使用安装方式)
2).rpm安装Nginx;

    1).编译安装:
        编译源代码(测试环境安装,例如安装淘宝的TNginx):
            1.安装好编译环境:yum -y groupinstall Development tools Server Platform Development
            2.可能需要提供额外的开发包:
                openssl-devel(支持ssl,从而实现网站的https访问), pcre-devel(基于正则表达式去匹配), libevent-devel(基于事件完成数据的IO调度)
            3. nginx-1.12.1]# ./configure --prefix=/usr/local/nginx112 --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --http-log-path=/var/log/nginx/access_log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx.lock --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-pcre --with-stream 
            4. ~]# make -j # && make install

        注意:在启动nginx服务进程之前,需要创建出nginx用户和nginx组;
              这里是在联网环境下编译安装Nginx:
              配置安装环境:
              [root@chenliang ~]# yum -y groupinstall Development tools Server Platform Development           
              [root@chenliang ~]# yum -y install openssl-devel pcre-devel libevent-devel       
              在指定站点下载Nginx程序的源代码包:
              [root@chenliang ~]# wget -c http://nginx.org/download/nginx-1.12.0.tar.gz
              解压下载的源代码包:
              [root@chenliang ~]# tar xvf nginx-1.12.0.tar.gz 
              进入解压后的目录:
              [root@chenliang ~]# cd nginx-1.12.0/
              编译:
              [root@chenliang nginx-1.12.0]# ./configure --prefix=/usr/local/nginx112 --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --http-log-path=/var/log/nginx/access_log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx.lock --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-pcre --with-stream
              安装:
              [root@chenliang nginx-1.12.0]# make -j 4 && make install
              创建Nginx用户和组:
              [root@chenliang ~]# id nginx
              uid=990(nginx) gid=985(nginx) 组=985(nginx)
              启动Nginx服务:
              语法检查:
              [root@chenliang nginx-1.12.0]# nginx -t
              启动:
              [root@chenliang nginx-1.12.0]# nginx
              查看服务启动状态:
          [root@chenliang ~]# ss -tnlp
          LISTEN     0      128                    *:80                                 *:*                   users:(("nginx",pid=3184,fd=6),("nginx",pid=3183,fd=6),("nginx",pid=3182,fd=6),("nginx",pid=3181,fd=6))

              至此,编译安装Nginx程序完成。
    2)rpm安装:
    设置对应的yum安装源,实现rpm包安装Nginx(标准化安装,大规模服务器或集群上安装,方便日后进行自动化管理):
            nginx官方预制的安装包:
                http://nginx.org/packages/centos/$releasever/$basearch
            Fedora-EPEL源中提供的安装包:
                http://mirrors.sohu.com/fedora-epel/7/x86_64/Packages/n/

                    在yum源中设置添加Nginx的下载地址(需要在联网状态下进行):
                    [root@chenliang ~]# vim /etc/yum.repos.d/CentOS-Base.repo
                    >           [nginx]
                    >           name=nginx repo
                    >           baseurl=http://nginx.org/packages/centos/7/$basearch/
                    >           gpgcheck=0
                    >           enabled=1
                    [root@chenliang ~]#yum clean all
                    [root@chenliang ~]#yum makecache
                    安装Nginx:
                    [root@chenliang ~]#yum install nginx -y
                    启动Nginx服务:
                    [root@chenliang ~]#nginx
                    查看启动Nginx的状态(可以看到现在服务器的80端口是nginx在监听):
                    [root@chenliang ~]# ss -tnlp
                    LISTEN     0      128          *:80                       *:*                   users:(("nginx",pid=4481,fd=6),("nginx",pid=4477,fd=6))

    2.安装数据库环境,PHP应用程序环境:
            [root@chenliang ~]# yum install -y php-fpm php-mysql mariadb-server
            并启动相应的服务:
            [root@chenliang ~]# systemctl start mariadb.service         //启动数据库
            [root@chenliang nginx-1.12.2]# systemctl start php-fpm.service

    3.防火墙和SELinux配置:
                [root@chenliang ~]# getenforce 
                Permissive
                [root@chenliang ~]# iptables -vnL
                Chain INPUT (policy ACCEPT 2493 packets, 238K bytes)
                 pkts bytes target     prot opt in     out     source               destination         

                Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
                 pkts bytes target     prot opt in     out     source               destination         

                Chain OUTPUT (policy ACCEPT 1837 packets, 279K bytes)
                 pkts bytes target     prot opt in     out     source               destination

    4.在 /etc/nginx/nginx.conf 中配置Nginx基于域名的虚拟主机:
    第一台虚拟主机用来部署搭建WordPress:
    server {
                    listen       80;
                    server_name  www.clhost1.com;

                    location / {
                            root   /myweb/host1;
                            index  index.php index.html index.htm;
                    }

                    location ~* \.php$ {
                        root           /myweb/host1;
                        fastcgi_pass   127.0.0.1:9000;
                        fastcgi_index  index.php;
                        fastcgi_param  SCRIPT_FILENAME  /myweb/host1/$fastcgi_script_name;
                        include        /etc/nginx/fastcgi_params;
                }
        }

    第二台虚拟主机用来搭建phpmyadmin:
    server {
                    listen       80;
                    server_name  www.clhost2.com;

                    location / {
                            root   /myweb/host2;
                            index  index.php index.html index.htm;
                    }

                    location ~ \.php$ {
                            root           /myweb/host2;
                            fastcgi_pass   127.0.0.1:9000;
                            fastcgi_index  index.php;
                            fastcgi_param  SCRIPT_FILENAME  /myweb/host2/$fastcgi_script_name;
                            include        /etc/nginx/fastcgi_params;
                    }
            }

            在本地主机系统C盘下\Windows\System32\drivers\etc\hosts文件添加:172.16.72.1 www.clhost1.com www.clhost2.com

            5.创建站点首页访问路径:
            [root@chenliang ~]# mkdir /myweb/host{1,2} -pv
            mkdir: 已创建目录 "/myweb"
            mkdir: 已创建目录 "/myweb/host1"
            mkdir: 已创建目录 "/myweb/host2"
            创建首页文件:
            [root@chenliang ~]# echo "nginx's page1" >> /myweb/host1/index.html
            [root@chenliang ~]# echo "nginx's page2" >> /myweb/host2/index.html
            而后检查语法错误后启动Nginx服务:
            [root@chenliang ~]# nginx -t
            nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
            nginx: configuration file /etc/nginx/nginx.conf test is successful
            [root@chenliang ~]# nginx -s reload

启动各项服务后查看:
[root@chenliang ~]# ss -tnl
State      Recv-Q Send-Q     Local Address:Port                    Peer Address:Port              
LISTEN     0      128            127.0.0.1:9000                               *:*                  
LISTEN     0      50                     *:3306                               *:*                  
LISTEN     0      128                    *:80                                 *:* 

6.配置php-fpm:
1)配置php-fpm服务:
更改进程所有者:
[root@chenliang ~]# vim /etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000
user = nginx
group = nginx
2)创建访问路径:
[root@chenliang ~]# mkdir /myweb/host{1,2} -pv
mkdir: 已创建目录 "/myweb"
mkdir: 已创建目录 "/myweb/host1"
mkdir: 已创建目录 "/myweb/host2"
创建首页文件:
[root@chenliang ~]# vim /myweb/host1/index.php
nginx host1's page.</br>
<?php
phpinfo();
$conn = mysql_connect('172.16.72.1','wpuser','wppass');
if ($conn)
echo "YES";
else
echo "NO";
?>
[root@chenliang ~]# vim /myweb/host2/index.php
nginx host2's page.</br>
<?php
$conn = mysql_connect('172.16.72.1','phpuser','phppass');
if ($conn)
echo "YES";
else
echo "NO";
phpinfo();
?>

7.配置数据库:
创建所需的两个数据库,授权用户并测试数据库的连接正常与否:

创建WordPress数据库:
MariaDB [(none)]> create database wpdb;
Query OK, 1 row affected (0.03 sec)
授权:
MariaDB [(none)]> grant all on wpdb. to 'wpuser'@'172.16.%.%' identified by '123456';
Query OK, 0 rows affected (0.10 sec)
创建PHPadmain数据库:
MariaDB [(none)]> create database phpmyadmain;
Query OK, 1 row affected (0.00 sec)
授权:
MariaDB [(none)]> grant all on phpmyadmain.
to 'phpuser'@'172.16.%.%' identified by 'phppass';
Query OK, 0 rows affected (0.00 sec)

测试用来搭建WordPress数据库host1主机:
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向
测试用来搭建PHPadmain数据库host2主机:
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向

二、搭建虚拟主机,分别部署wordpress和phpmyadmin应用
部署wordpress:
将wordpress应用程序上传到访问目录下:
[root@chenliang host1]# ls
index.html index.php wordpress-4.2-zh_CN.tar.gz
解压:
[root@chenliang host1]# tar xf wordpress-4.2-zh_CN.tar.gz
[root@chenliang host1]# ls
index.html index.php wordpress wordpress-4.2-zh_CN.tar.gz
更名,为了方便键入网址:
[root@chenliang host1]# mv wordpress wp
[root@chenliang host1]# ls
index.html index.php wordpress-4.2-zh_CN.tar.gz wp
进入目录,修改配置文件:
[root@chenliang host1]# cd wp
[root@chenliang wp]# cp wp-config-sample.php wp-config.php
[root@chenliang wp]# vim wp-config.php
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向
测试结果:
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向
至此,WordPress博客搭建成功。

部署phpmyadmin:
[root@chenliang host1]# cd /myweb/host2
[root@chenliang host2]# ls
index.html index.php phpMyAdmin-3.5.4-all-languages.tar.gz
[root@chenliang host2]# tar xf phpMyAdmin-3.5.4-all-languages.tar.gz
[root@chenliang host2]# ls
index.html index.php phpMyAdmin-3.5.4-all-languages phpMyAdmin-3.5.4-all-languages.tar.gz
[root@chenliang host2]# mv phpMyAdmin-3.5.4-all-languages phpmyadmain
[root@chenliang host2]# ls
index.html index.php phpmyadmain phpMyAdmin-3.5.4-all-languages.tar.gz
[root@chenliang host2]# cd phpmyadmain/

phpmyadmin访问有时候会出现了session没有缓存的情况,要在/etc/php.ini中修改缓存路径,然后修改/var/lib/php/session的权限为nginx操作:
session.save_path = "/var/lib/php/session"
[root@chenliang phpmyadmain]# ll -d /var/lib/php/session/
drwxr-xr-x. 2 nginx nginx 6 6月 1 11:10 /var/lib/php/session/

测试phpmyadmin界面显示如下:
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向
输入用户名和密码登录数据库管理成功:
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向
至此,phpmyadmain应用程序搭建成功。

设置phpmyadmin仅能通过https协议访问

创建私有CA:
创建私钥:
[root@chenliang ~]# cd /etc/pki/CA/
[root@chenliang CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
................................................................................+++
..+++
e is 65537 (0x10001)
生成自签证书:
[root@chenliang CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3653
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

  Country Name (2 letter code) [XX]:CN
  State or Province Name (full name) []:cl
  Locality Name (eg, city) [Default City]:cl
  Organization Name (eg, company) [Default Company Ltd]:cl
  Organizational Unit Name (eg, section) []:cl
  Common Name (eg, your name or your server's hostname) []:cl
  Email Address []:cl@cl
    完善证书目录要求和序列号:
    [root@chenliang CA]# touch index.txt
    [root@chenliang CA]# echo 01 > index.txt

    搭建https服务器站点:
        为服务器配置私钥:
        [root@chenliang ~]# mkdir /etc/nginx/ssl -pv
        [root@chenliang ~]# cd /etc/nginx/ssl
        [root@chenliang ssl]# (umask 077;openssl genrsa -out nginx.key 2048)
      Generating RSA private key, 2048 bit long modulus
      ..................................................................................................+++
      .................................................................................+++
      e is 65537 (0x10001)

生成证书请求:
[root@chenliang ssl]# openssl req -new -key nginx.key -out nginx.csr -days 3653
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

      Country Name (2 letter code) [XX]:CN      
      State or Province Name (full name) []:cl
      Locality Name (eg, city) [Default City]:cl
      Organization Name (eg, company) [Default Company Ltd]:cl
      Organizational Unit Name (eg, section) []:cl
      Common Name (eg, your name or your server's hostname) []:cl
      Email Address []:cl

      Please enter the following 'extra' attributes
      to be sent with your certificate request
      A challenge password []:123456
      An optional company name []:cl
    将证书请求发送到CA(这里是在自己的服务器上创建私有CA,所以直接将证书复制到服务器端的/tmp目录下):
    [root@chenliang ssl]# cp nginx.csr /tmp/

    在CA上为nginx服务器请求签发证书:
    [root@chenliang ssl]# openssl ca -in /tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 3653
  Using configuration from /etc/pki/tls/openssl.cnf
  Check that the request matches the signature
  Signature ok
  Certificate Details:
                  Serial Number: 1 (0x1)
                  Validity
                          Not Before: Jun  1 06:38:10 2018 GMT
                          Not After : Jun  1 06:38:10 2028 GMT
                  Subject:
                          countryName               = CN
                          stateOrProvinceName       = cl
                          organizationName          = cl
                          organizationalUnitName    = cl
                          commonName                = cl
                          emailAddress              = cl
                  X509v3 extensions:
                          X509v3 Basic Constraints: 
                                  CA:FALSE
                          Netscape Comment: 
                                  OpenSSL Generated Certificate
                          X509v3 Subject Key Identifier: 
                                  F7:03:98:4F:94:82:35:92:61:F3:E5:9E:8D:67:D4:DA:DD:CF:7A:EF
                          X509v3 Authority Key Identifier: 
                                  keyid:BC:65:B9:DF:AB:07:40:38:89:A5:45:ED:AD:A8:68:FF:FD:C4:80:BF

  Certificate is to be certified until Jun  1 06:38:10 2028 GMT (3653 days)
  Sign the certificate? [y/n]:y

  1 out of 1 certificate requests certified, commit? [y/n]y
  Write out database with 1 new entries
  Data Base Updated
    在CA上将CA签发的证书传送到Nginx服务器:
    [root@chenliang ssl]# cp /etc/pki/CA/certs/nginx.crt  /etc/nginx/ssl
    [root@chenliang ssl]# ls
    nginx.crt  nginx.csr  nginx.key
    在Nginx服务器上,删除证书请求文件:
    [root@chenliang ssl]# ls
    nginx.crt  nginx.csr  nginx.key
    [root@chenliang ssl]# rm -f nginx.csr 
    [root@chenliang ssl]# ls
    nginx.crt  nginx.key

    在Nginx服务器上配置ssl支持:
    1.安装mod_ssl模块:
        [root@chenliang ~]# yum install -y mod_ssl
    2.编辑Nginx服务器的主配置文件:
        [root@chenliang ~]# vim /etc/nginx/nginx.conf
        >           server {
        >                 listen     80 443 ssl;
        >                 server_name  www.clhost2.com;
        >                 ssl_certificate /etc/nginx/ssl/nginx.crt;
        >                 ssl_certificate_key /etc/nginx/ssl/nginx.key;
        >                 location / {
        >                         root   /myweb/host2;
        >                         index  index.php index.html index.htm;
        >                 }
        > 
        >                 location ~* \.php$ {
        >                     root           /myweb/host2;
        >                     fastcgi_pass   127.0.0.1:9000;
        >                     fastcgi_index  index.php;
        >                     fastcgi_param  SCRIPT_FILENAME  /myweb/host2/$fastcgi_script_name;
        >                     include        /etc/nginx/fastcgi_params;
        >                  }
        >         }

            检查语法错误:
      [root@chenliang ~]# nginx -t
      nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
      nginx: configuration file /etc/nginx/nginx.conf test is successful
      重载Nginx服务:
      [root@chenliang ~]# nginx -s reload

测试界面为:
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向
使用https访问站点结果:
lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向

配置即使客户端通过http协议访问phpmyadmin站点,最终也可以让用户使用https重新请求访问

    在nginx的主配置文件中,配置phpmyadmin应用程序所在的虚拟主机:
    [root@chenliang ~]# vim /etc/nginx/nginx.conf
    添加一个虚拟机,监听80端口:
        >       server {
        >                 listen 80;
        >                 server_name  www.clhost2.com;
        >                  location ~ \.php$ {
        >                         root   /myweb/host2;
        >                         index index.php;
        >                         rewrite ^/(.*\.php)$ https://www.clhost2.com/$1 break;
        >                 }
        >         }
    检查语法并重载服务:
    [root@chenliang ~]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@chenliang ~]# nginx -s reload
    键入网址: http://www.clhost2.com/phpmyadmin  测试结果如下,使用http访问会自动跳转到https访问:

lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向