单主机LAMP部署
要求:在一个主机上一个虚拟主机提供phpMyAdmin,另一个虚拟主机提供wordpress,且为phpMyAdmim提供https服务:
一.安装所需rpm包
yuminstall -y httpd php php-mysql php-gd php-mbstring php-xml mariadb-servermod_ssl
二.开启并检测服务,配置数据库,测试网页是否联通
启动httpd服务:systemctl start htppd.service
检查服务开启状态:systemctlstatus httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded(/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon2016-07-18 22:59:32 CST
将服务设置为默认开启状态:systemctl enable httpd.service
查看80端口状态:ss -tnl
LISTEN 0 128 :::80 :::*
检查httpd进程:ps -aux | grep httpd
root 1709 0.0 1.6 468464 16304 ? Ss 22:59 0:00 /usr/sbin/httpd-DFOREGROUND
apache 2013 0.0 0.8 470680 8560 ? S 22:59 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2014 0.0 0.8 470680 8560 ? S 22:59 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2015 0.0 0.8 470680 8560 ? S 22:59 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2017 0.0 0.8 470680 8560 ? S 22:59 0:00 /usr/sbin/httpd -DFOREGROUND
apache 2018 0.0 0.8 470680 8560 ? S 22:59 0:00 /usr/sbin/httpd -DFOREGROUND
root 4499 0.0 0.0 112644 952 pts/1 R+ 23:05 0:00 grep --color=auto httpd
查看是否是prefork模块:httpd -M | grep mpm :
mpm_prefork_module(shared)
确认ssl模块是否启用成功:httpd -M |grep ssl
ssl_module(shared)
启动mysql服务;systemctl start mariadb.service
Mysql数据库初始化:mysql_secure_installation
授权创建用户
[root@zq~]# mysql
mysql>GRANT ALL ON qqdb.* TO 'qquser'@'172.16.%.%' IDENTIFIED BY 'qqpass';
mysql>FLUSH PRIVILEGES;
mysql>CREATE DATABASE qqdb;
为虚拟主机建FQDN的资源映射路径,并配置默认测试页面:
[root@zq~]# mkdir -p /data/vhost/www{1,2}
配置默认页1:vim /data/vhost/www1/index.php
<h1>number1 </h1>
<?php
$conn =mysql_connect('172.16.35.1','qquser','qqpass');
if($conn)
echo"OK";
else
echo"Failure";
phpinfo();
?>
配置默认页2:cp /data/vhost/www1/index.php/data/vhost/www2/index.php
vim/data/vhost/www2/index.php
改1为2即可
改httpd的配置文件
vim /etc/httpd/conf.d/vhost1.conf
<VirtualHost172.16.35.1:80>
ServerNamewww1.test.com
DocumentRoot"/data/vhost/www1"
ProxyRequestson
DirectoryIndexindex.php
<Directory"/data/vhost/www1">
OptionsNone
AllowOverrideNone
Requireall granted
</Directory>
</VirtualHost>
vim/etc/httpd/conf.d/vhost2.conf
<VirtualHost172.16.35.1:80>
ServerNamewww2.test.com
DocumentRoot"/data/vhost/www2"
ProxyRequestson
DirectoryIndexindex.php
<Directory"/data/vhost/www2">
OptionsNone
AllowOverrideNone
Requireall granted
</Directory>
</VirtualHost>
修改DNS指向自己并添加本地域名解析
vim/etc/resolv.conf
DNS=172.16.35.1
vim/etc/hosts
172.16.100.31www1.test.comwww2.test.com
输入网址www1.test.com或www2.test.com显示ok则说明以上步骤正确
三.安装wordpress和php-myadmin
在教室服务器上用lftp下载wordpress放在/data/vhost/www1中,php-myadmin放在/data/vhost/www2中
1.安装wordpress :
[root@zq~]# unzip wordpress-4.3.1-zh_CN.zip
修改配置文件;
[root@zq~]# vim /data/vhost/www1/wp-config-sample.php
// **MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/**WordPress数据库的名称 */
define('DB_NAME','qqdb');
/** MySQL数据库用户名 */
define('DB_USER','qquser');
/** MySQL数据库密码 */
define('DB_PASSWORD','qqpass');
/** MySQL主机 */
define('DB_HOST','172.16.35.1');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET','utf8');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE','');
2.安装php-myadmin:
[root@zq ~]# unzipphpMyAdmin-4.4.14.1-all-languages.zip
[root@zq ~]#mv /data/vhost/www2/config.sample.inc.php /data/vhost/www2/config.inc.php
[root@zq~]# vim /data/vhost/www2/config.inc.php
$cfg['blowfish_secret']= '4pfPnJU4R8pA4WMWaQxD'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
/*
* Serversconfiguration
*/
$i = 0;
/*
* Firstserver
*/
$i++;
/*Authentication type */
$cfg['Servers'][$i]['auth_type']= 'cookie';
/* Serverparameters */
$cfg['Servers'][$i]['host']= '172.16.35.1'; 这里这指向mysql数据库主机的地址
$cfg['Servers'][$i]['connect_type']= 'tcp';
$cfg['Servers'][$i]['compress']= false;
$cfg['Servers'][$i]['AllowNoPassword']= false;
3.测试wordpress和php-myadmin是否可以连接
第一次登陆要输入认证信息。
四.签署CA证书并为phpmyadmin提供https服务;
1、生成密钥
进入CA目录下
[root@zq~]# cd /etc/pki/CA/
[root@zq CA]#(umask 077; openssl genrsa -out private/cakey.pem 1024)
GeneratingRSA private key, 1024 bit long modulus
............................................................................+++
...............+++
e is65537 (0x10001)
2、生成自签证书
[root@zq CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will be leftblank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name)[]:beijing
Locality Name (eg, city) [Default City]:haidian
Organization Name (eg, company) [DefaultCompany Ltd]:mage
Organizational Unit Name (eg, section)[]:magedu
Common Name (eg, your name or your
补充文件
[root@zq CA]# touch index.txt
[root@zq CA]# echo 01 > serial
3.在第2台主机上生成请求签署文件以及密钥
在/etc/httpd/目录下创建ssl目录并cd进入
生成密钥:
[root@zq ssl]# (umask 077; openssl genrsa -outhttpd.key 1024)
GeneratingRSA private key, 1024 bit long modulus
.++++++
........................................++++++
e is65537 (0x10001)
生成签署请求文件:
[root@ ssl]# openssl req -new -key httpd.key -outhttpd.csr
You areabout to be asked to enter information that will be incorporated
into yourcertificate request.
What youare about to enter is what is called a Distinguished Name or a DN.
There arequite a few fields but you can leave some blank
For somefields there will be a default value,
If youenter '.', the field will be left blank.
-----
CountryName (2 letter code) [XX]:CN
State orProvince Name (full name) []:beijing
LocalityName (eg, city) [Default City]:haidian
OrganizationName (eg, company) [Default Company Ltd]:mage
OrganizationalUnit Name (eg, section) []:magedu
CommonName (eg, your name or your server's hostname) []:www2.test.com 这个要和客户访问要加密的主机名一样
EmailAddress []:www1admin@test.com
Pleaseenter the following 'extra' attributes
to besent with your certificate request
A challengepassword []:
Anoptional company name []:
4.复制给CA主机签署证书
[root@zq ssl]# scp httpd.csr 172.16.35.2:/tmp
5.到centos7主机上签署文件
[root@1 CA]# openssl ca -in /tmp/httpd.csr -out/etc/pki/CA/certs/httpd.crt
6.签署完成后复制给请求主机
[root@1 CA]# scp certs/httpd.crt 172.16.35.1:/etc/httpd/ssl/
编辑这个文件
[root@zq~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot"/data/vhost/www2/myadmin"
ServerNamewww2.test.com:443 主机名也改成自己的
SSLCertificateFile/etc/httpd/ssl/httpd.crt 指明签署的证书文件路径
SSLCertificateKeyFile/etc/httpd/ssl/httpd.key 指明私钥文件的路径
7.重载配置文件
Systemctl reload httpd
8.查看443端口情况:
ss -tnl |grep 443
9.主配置文件中禁掉默认根目录:
#DocumentRoot"/var/www/html"
10.打开浏览器输入myadmin地址访问看看是否提供了https服务
五.对其做压力测试:
ab -n 1000 -c 1000 -k www1.test.com
ab -n 1000 -c 1000 -k www2.test.com