需求:
CentOS 7 lamp (module)
(1) 三者分离于两台主机
(2) 一个虚拟主机用于提供phpMyAdmin;另一个虚拟机用于提供wordpress;
(3) xcache
(4) 为phpMyAdmin提供https虚拟主机
环境准备:
一:关闭selinux和iptables
setenforce 0 systemctl stop iptables
二:为了方便测试,修改本机hosts,也可自行搭建DNS Server
修改文件:
Linux:/etc/hosts windows: \Windows\System32\drivers\etc\host
添加内容:
172.18.64.61 phpadmin.com 172.18.64.61 wordpress.com
实验环境:
host1: apache + php 172.18.64.61 host2: mariadb 172.18.64.62 host3: 私有CA 172.18.64.63
Host 1
# yum install httpd php php-mysql -y
Host 2
# yum install mariadb-server # systemctl start mariadb mysql> create user 'root'@'172.18.64.%'; mysql> grant all on *.* to 'root'@'172.18.64.%' identified by '123456'; //phpadmin mysql> create database wordpress; mysql> create user 'wordpress'@'172.18.64.%'; mysql> grant all on wordpress.* to 'wordpress'@'172.18.64.%' identified by 'wordpress'; //wordpress
创建虚拟主机
一个虚拟机用于提供phpMyAdmin;另一个虚拟主机用于提供wordpress
Host1
一:注释/etc/httpd/conf/httpd.conf 第119行
# DocumentRoot "/var/www/html"
二:配置虚拟主机
mkdir -pv /www/host1/phpadmin wordpress
三:获取源码
phpadmin
# cd /www/host1/phpadmin # wget # unzip phpMyAdmin-4.6.0-all-languages.zip # mv phpMyAdmin-4.6.0-all-languages phpmyadmin # cd phpmyadmin # cp config.sample.inc.php config.inc.php 生成随机数 # openssl rand -base64 20 6rR4Nxjl7YEdSBXNQlxIMZ8TeVw 将生成的随机数添加到config.inc.php: $cfg['blowfish_secret'] = 'Js/yatgOt2UBJMkKqkeJfFX9RKA'; 指定数据库的IP地址 $cfg['Servers'][$i]['host'] = '10.0.0.62';
wordpress
官网:https://cn.wordpress.org
# cd /www/host1/wordpress # wget # unzip wordpress-4.5-zh_CN.tar.gz
压力测试
ab
-n:总请求数
-c:模拟并行数
# ab -n 100 -c 100 http://www.phpadmin.com/index.php Requests per second: 6664.53 [#/sec] (mean) // 每秒处理请求数 6664
编译安装xcache
官网:http://xcache.lighttpd.net/
# yum install php-devel -y //xcache依赖php-devel # wget http://xcache.lighttpd.net/pub/Releases/3.2.0/xcache-3.2.0.tar.bz2 # tar xf xcache-3.2.0.tar.bz2 # cd xcache-3.2.0 # phpize # ./configure --enable-xcache --with-php-config=`which php-config` # make && make install # cp xcache.ini /etc/php.d # systemctl reload httpd Requests per second: 7642.92 [#/sec] (mean) // 性能提升1000
注意epel源中xcache的rpm包可能有问题,性能不升反降
提供https虚拟主机
为phpMyAdmin提供https虚拟主机
申请数字证书:
host3 //创建私有CA # yum install openssl -y # (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) # openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem # touch /etc/pki/CA/{serial,index.txt} # echo 01 > /etc/pki/CA/serial host1: //在apache服务器创建证书签署请求 # mkdir /etc/httpd/ssl; cd /etc/httpd/ssl # (umask 077;openssl genrsa -out httpd.key 1024) # openssl req -new -key httpd.key -out httpd.csr # scp httpd.csr root@10.0.0.63:/tmp //现实中用安全的办法把 httpd.csr 交给 CA; 因为这里是测试,就用scp命令传; host3: //CA签证 # openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt # scp /etc/pki/CA/certs/httpd.crt root@10.0.0.61:/etc/httpd/ssl
配置httpd支持使用ssl
# yum install mod_ssl -y 查看模块:httpd -M | grep ssl_mod 修改配置文件:/etc/httpd/conf.d/ssl.conf //这个配置文件会自动加载mod_ssl模块 DocmentRoot "/www/host1/phpadmin/" ServerName www.phpadmin.com SSLCertificateFile /etc/httpd/ssl/httpd.crt SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
配置httpd的配置文件
此时的配置文件应该是这样的:为什么呢,因为我们之前只是定义了phpadmin允许80端口,但是并没有允许443端口