系统环境:centos7,httpd-2.4,php-5.5,mariadb5.5
192.168.1.20 httpd
192.168.1.30 PHP
192.168.1.40 mariadb
修改客户机hosts文件
[root@bogon Desktop]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.20 www.pma.com www.wp.com
在192.168.1.20上安装httpd服务
[root@localhost yum.repos.d]# yum -yinstall httpd
修改mpm编辑模块为event
[root@localhost yum.repos.d]# cd/etc/httpd/conf.modules.d/ [root@localhost conf.modules.d]# vim00-mpm.conf
# Select the MPM module which should beused by uncommenting exactly # one of the following LoadModule lines: # prefork MPM: Implements a non-threaded, pre-forkingweb server # See:http://httpd.apache.org/docs/2.4/mod/prefork.html #LoadModulempm_prefork_module modules/mod_mpm_prefork.so # worker MPM: Multi-Processing Moduleimplementing a hybrid # multi-threaded multi-process web server # See: http://httpd.apache.org/docs/2.4/mod/worker.html # #LoadModule mpm_worker_modulemodules/mod_mpm_worker.so # event MPM: A variant of the worker MPMwith the goal of consuming # threads only for connections with activeprocessing # See: http://httpd.apache.org/docs/2.4/mod/event.html # LoadModulempm_event_module modules/mod_mpm_event.so
编辑wordpress虚拟主机配置文件
[root@localhost conf.d]# cd/etc/httpd/conf.d [root@localhost conf.d]# vim wp.conf <VirtualHost *:80> ServerName www.wp.com DocumentRoot /wordpress/wordpress ProxyRequests off DirectoryIndex index.php ProxyPassMatch ^/(.*.php)$fcgi://192.168.1.30:9000/wordpress/wordpress/$1 <Directory "/wordpress/wordpress"> Options None AllowOverride None Require all granted </Directory> </VirtualHost>
编辑phpmyadmin虚拟主机配置文件
[root@localhost conf.d]# vim pma.conf <VirtualHost *:80> ServerName www.pma.com DocumentRoot /usr/share/phpMyAdmin ProxyRequests off DirectoryIndex index.php ProxyPassMatch ^/(.*.php)$fcgi://192.168.1.30:9000/usr/share/phpMyAdmin/$1 <Directory "/usr/share/phpMyAdmin"> Options None AllowOverride None Require all granted </Directory> </VirtualHost>
创建相应文件夹
[root@localhost conf.d]# mkdir -p/usr/share/phpMyAdmin
重新加载httpd服务
[root@localhost conf.d]# systemctl reloadhttpd
在192.168.1.30上安装php-fpmphp-mysql
[root@bogon ~]# yum install -y php-fpmphp-mysql
修改php-fpm配置文件,将监听IP地址改为本机地址
[root@bogon ~]# cd /etc/php-fpm.d/ [root@bogon php-fpm.d]# vim www.conf listen = 192.168.1.30:9000 ###通过网络连接可用的IP及端口 listen.allowed_clients = 192.168.1.20 ###允许那台主机连接至本机
启动php-rpm
[root@bogon php-fpm.d]# systemctl statusphp-fpm
在192.168.1.40上安装mariadb
[root@localhost yum.repos.d]# yum -yinstall mariadb-service mariadb
创建数据库wpdb
MariaDB [(none)]> grant all on wpdb.* towpuser@'192.168.%.%' identified by 'pass'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> create database wpdb; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec)ry OK,0 rows affected (0.00 sec)
创建phpmyadmin用账号
MariaDB [(none)]> create userpma@'192.168.%.%' identified by 'mppass'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on *.* topma@'192.168.%.%' identified by 'mppass'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flash privileges; Query OK, 0 rows affected (0.00 sec)
安装WordPress(这里是直接将WordPress在windows中直接拷贝入linux中)
[root@localhost conf.d]# cd /wordpress/ [root@localhost wordpress]# unzipwordpress-4.5.3-zh_CN.zip [root@localhost wordpress]# cd/wordpress/wordpress/
修改配置文件
[root@localhost wordpress]# mvwp-config-sample.php wp-config.php [root@localhost wordpress]# vimwp-config.php
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** // /** WordPress数据库的名称*/ define('DB_NAME', 'wpdb'); /** MySQL数据库用户名 */ define('DB_USER', 'wpuser'); /** MySQL数据库密码 */ define('DB_PASSWORD', 'wppass'); /** MySQL主机 */ define('DB_HOST', '192.168.1.40');
配置好数据库后进行www.wp.com的验证
PS:若显示乱码,在httpd服务器对应虚拟主机DocumentRoot安装wordpress,即可。
安装phpmyadmin
[root@localhost conf.d]# yum -y installphpmyadmin
添加mysql的服务器地址
$cfg['Servers'][$i]['host'] = '192.168.1.40'; // MySQL hostnameor IP address
修改phpMyAdmin的配置信息
[root@localhost phpMyAdmin]# cd/etc/phpMyAdmin/ [root@localhost phpMyAdmin]# vimconfig.inc.php
登录验证
PS:若显示乱码,在httpd服务器对应虚拟主机DocumentRoot安装phpMyAdmin,即可。
为phpMyAdmin提供https
https以来于mod_ssl模块,在httpd服务器中安装
[root@localhost~]# yum -y install mod_ssl
192.168.1.12生成字签证书
[root@localhost~]# cd /etc/pki/CA/ [root@localhostCA]# (umask 077;openssl genrsa -out private/cakey.pem 1024) GeneratingRSA private key, 1024 bit long modulus ...................................................++++++ ..++++++ e is65537 (0x10001)
[root@localhostCA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem Youare about to be asked to enter information that will be incorporated intoyour certificate request. Whatyou are about to enter is what is called a Distinguished Name or a DN. Thereare quite a few fields but you can leave some blank Forsome fields there will be a default value, Ifyou enter '.', the field will be left blank. ----- CountryName (2 letter code) [XX]:CN Stateor Province Name (full name) []:beijing LocalityName (eg, city) [Default City]:beijing OrganizationName (eg, company) [Default Company Ltd]:pma OrganizationalUnit Name (eg, section) []:pma CommonName (eg, your name or your server's hostname) []:pma.admin.com EmailAddress []:pma@phpmyadmin.com
创建结构文件
[root@localhost CA]# touch index.txt [root@localhost CA]# echo 01 > serial
切换至ssl目录
[root@localhost httpd]# cd ssl/
生成证书申请请求
[root@localhostssl]# openssl req -new -key httpd.key -out httpd.csr Youare about to be asked to enter information that will be incorporated intoyour certificate request. Whatyou are about to enter is what is called a Distinguished Name or a DN. Thereare quite a few fields but you can leave some blank Forsome fields there will be a default value, Ifyou enter '.', the field will be left blank. ----- CountryName (2 letter code) [XX]:CN Stateor Province Name (full name) []:beijing LocalityName (eg, city) [Default City]:beijing OrganizationName (eg, company) [Default Company Ltd]:pma OrganizationalUnit Name (eg, section) []:pma CommonName (eg, your name or your server's hostname) []:www.pma.com EmailAddress []:pma@phpmyadmin.com Pleaseenter the following 'extra' attributes to besent with your certificate request Achallenge password []: Anoptional company name []:
将所需签名证书复制至CA服务器的tmp目录
[root@localhostssl]# scp httpd.csr 192.168.1.12:/tmp Theauthenticity of host '192.168.1.12 (192.168.1.12)' can't be established. ECDSAkey fingerprint is 4b:8b:6d:c8:53:c4:7e:ff:dd:26:a2:b9:67:1d:ab:cd. Areyou sure you want to continue connecting (yes/no)? yes Warning:Permanently added '192.168.1.12' (ECDSA) to the list of known hosts.
切换至tmp目录
[root@localhosttmp]# cd /tmp
给服务器签发证书
[root@localhosttmp]# openssl ca -in httpd.csr -out httpd.crt Usingconfiguration from /etc/pki/tls/openssl.cnf Checkthat the request matches the signature Signatureok CertificateDetails: Serial Number: 1 (0x1) Validity Not Before: Jul 21 02:38:25 2016GMT Not After : Jul 21 02:38:25 2017GMT Subject: countryName = CN stateOrProvinceName = beijing organizationName = pma organizationalUnitName = pma commonName = www.pma.com emailAddress = pma@phpmyadmin.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 24:A6:69:18:F6:C5:DC:24:84:F1:B9:DE:EB:7D:E3:CA:F7:8A:C0:8F X509v3 Authority Key Identifier: keyid:AB:49:C7:C7:F5:16:B8:6F:31:56:D2:9B:56:A6:81:0C:F9:C1:53:56 Certificateis to be certified until Jul 21 02:38:25 2017 GMT (365 days) Signthe certificate? [y/n]:y 1 outof 1 certificate requests certified, commit? [y/n]y Writeout database with 1 new entries DataBase Updated 将签发好的证书发送至httpd服务器 [root@localhosttmp]# scp httpd.crt 172.16.252.173:/etc/httpd/ssl Theauthenticity of host '172.16.252.173 (172.16.252.173)' can't be established. ECDSAkey fingerprint is d3:71:51:da:74:25:b2:af:b6:d2:d4:98:9a:cd:f4:ee. Areyou sure you want to continue connecting (yes/no)? yes Warning:Permanently added '172.16.252.173' (ECDSA) to the list of known hosts. root@172.16.252.173'spassword: httpd.crt 在httpd服务器配置ssl.conf文件 修改页面默认路径 # General setup for the virtual host,inherited from global configuration #DocumentRoot "/var/www/html" #ServerName www.example.com:443 DocumentRoot"/usr/share/phpMyAdmin"
配置证书所在路径
# Server Certificate: #Point SSLCertificateFile at a PEM encoded certificate. If # thecertificate is encrypted, then you will be prompted for a #pass phrase. Note that a kill -HUP willprompt again. A new #certificate can be generated using the genkey(1) command. SSLCertificateFile/etc/httpd/ssl/httpd.crt # Server Private Key: # If the key is not combined with thecertificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key youcan configure # both in parallel (to also allow the use ofDSA ciphers, etc.) SSLCertificateKeyFile/etc/httpd/ssl/httpd.key
进行访问验证: