边肖将与您分享centos7主机如何部署LAMP并提供https服务。相信大部分人还不太了解,所以分享这篇文章给大家参考。希望你看完这篇文章会有很多收获。我们一起来看看吧!
在一个centos7上部署LAMP和xcache,在两个虚拟主机上分别安装wordpress和php-myadmin,为phpmyadmin提供https服务;
#使用rpm套件快速部署:LAMP
1.yum安装:
yum install-y http PD PHP-MySQL PHP-GD PHP-mbstring PHP-XML mariadb-server mod _ SSL
已安装:
httpd . x86 _ 640:2 . 4 . 6-40 . El 7 . centosmariadb-server . x86 _ 641:5 . 5 . 44-2 . El 7 . cent亚磷酸酯. x86 _ 640:5 . 4 . 16-36 . El 7 _ 1 PPP-GD . x86 _ 64033605 . 4 . 16-36 . El 7 _ 1 PPP-mbstring . x86 _ 640:5
PHP-MySQL . x86 _ 640:5 . 4 . 16-36 . el7 _ 1 PPP-XML . x86 _ 64033605 . 4 . 16-36 . el7 _ 1
2.检查httpd服务是否可以成功启动,php页面是否可以成功打开:
检查httpd服务是否可以成功启动,端口80是否启动,然后启动:
Systemctl start htppd.service启动服务
Systemctl状态httpd.service检查服务启动状态
Ss -tnl观察口80
PS-辅助检查过程
Httpd -M | grep mpm:检查它是否是预工作模块,是否是开放的(共享的)
#确认httpd服务已成功启动
[root @ 1 ~]# systemctlstatushtpd
httpd . service-Thapachehttpserver
loaded : loaded(/usr/lib/systemd/system/httpd . service;残疾人;vendorpreset:disabled)
活动:自2016-07-1615:32:43CST起活动(运行);4米18西米
文件s:man:httpd(8)
不间断空格
; man:apachectl(8)
Main PID: 6535 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─6535 /usr/sbin/httpd -DFOREGROUND
├─6537 /usr/sbin/httpd -DFOREGROUND
├─6538 /usr/sbin/httpd -DFOREGROUND
├─6539 /usr/sbin/httpd -DFOREGROUND
├─6540 /usr/sbin/httpd -DFOREGROUND
└─6541 /usr/sbin/httpd -DFOREGROUND
#确认80端口开启状态
[root@1~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25
#确认进程启动
[root@1 ~]# ps -aux
root 6535 0.0 0.8 450548 15064 ? Ss 15:32 0:00 /usr/sbin/httpd -DFOREGROUND
apache 6537 0.0 0.4 452632 7888 ? S 15:32 0:00 /usr/sbin/httpd -DFOREGROUND
apache 6538 0.0 0.4 452632 7888 ? S 15:32 0:00 /usr/sbin/httpd -DFOREGROUND
apache 6539 0.0 0.4 452632 7888 ? S 15:32 0:00 /usr/sbin/httpd -DFOREGROUND
apache 6540 0.0 0.4 452632 7888 ? S 15:32 0:00 /usr/sbin/httpd -DFOREGROUND
apache 6541 0.0 0.4 452632 7888 ? S 15:32 0:00 /usr/sbin/httpd -DFOREGROUND
#确认默认启动模块prefok是shared状态
[root@1 ~]# httpd -M | grep mpm
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 0.0.0.1. Set the 'ServerName' directive globally to suppress this message
mpm_prefork_module (shared)
#确认ssl模块是否启用成功
[root@1 ~]# httpd -M |grep ssl
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 0.0.0.1. Set the 'ServerName' directive globally to suppress this message
ssl_module (shared)
#配置mysql数据库,并启动起来;
systemctl start mariadb.service
#然后授权创建用户
先进mysql 然后如下
mysql> GRANT ALL ON wpdb.* TO 'wpuser'@'172.16.%.%' IDENTIFIED BY 'wppass';
mysql> FLUSH PRIVILEGES;
mysql> CREATE DATABASE wpdb;
#建2个目录作为虚拟主机FQDN的资源映射路径,
[root@1 ~]# mkdir -pv /data/vhost/www{1,2}
#配置默认测试页面
[root@1 ~]# vim /data/vhost/www1/index.php
<h2>第一台虚拟主机</h2>
<?php
$conn = mysql_connect('172.16.100.34','wpuser','wppass');
if($conn)
echo "OK";
else
echo "Failure";
phpinfo();
?>
[root@1 ~]# vim /data/vhost/www2/index.php
<h2>第二台虚拟主机</h2>
<?php
$conn = mysql_connect('172.16.100.34','wpuser','wppass');
if($conn)
echo "OK";
else
echo "Failure";
phpinfo();
?>
#配置2个FQDN虚拟主机的配置文件
[root@1 ~]# vim /etc/httpd/conf.d/vhost1.conf
<VirtualHost 172.16.100.34:80>
ServerName www1.wufeng.com
DocumentRoot "/data/vhost/www1"
ProxyRequests on
DirectoryIndex index.php
<Directory "/data/vhost/www1">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
[root@1 ~]# vim /etc/httpd/conf.d/vhost2.conf
<VirtualHost 172.16.100.34:80>
ServerName www2.wufeng.com
DocumentRoot "/data/vhost/www2"
ProxyRequests on
DirectoryIndex index.php
<Directory "/data/vhost/www2">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
#临时修改DNS指向自己
[root@1 ~]# vim /etc/resolv.conf
# Generated by NetworkManager
DNS=172.16.100.34
#本地域名解析增加条目
[root@1 ~]# vim /etc/hosts
172.16.100.31 www1.wufeng.com www2.wufeng.com
#测试php页面是否可以正常连接 以及数据库连接是否正常
#用www2.wufeng.com访问也没问题 而且加速器也成功安装了
#下面我们就剩下搞定wordpress 以及php-myadmin
#因为我是本地ftp服务器所以直接下载下来解压缩了;
[root@1~]# unzip wordpress-4.3.1-zh_CN.zip
#并移动至第一个虚拟主机的资源映射路径下
[root@1~]# mv wordpress /data/vhost/www1
#cd进入该目录下并且修改配置文件
#修改配置文件名并修改之;
[root@localhost ~]# cd /data/vhost/www1/wordpress/
[root@localhost wordpress]# ln -s wp-config-sample.php wp-config.php
[root@localhost wordpress]# vim wp-config.php
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wpdb');
/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'wppass');
/** MySQL主机 */
define('DB_HOST', '172.16.100.34'); 这里的地址是指向数据库地址
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE', '');
那么wordpress基本上已经配置好了 不急于测试 下面把php-myadmin也一起安装了
#php-myadmin也是在ftp服务器上下载的所以直接解压了
[root@1 ~]# unzip phpMyAdmin-4.4.14.1-all-languages.zip
#并且放在第2台主机上的第2个虚拟主机资源映射路径下;
[root@1 myadmin]# mv phpMyAdmin-4.4.14.1-all-languages /data/vhost/www2/myadmin
#cd进该目录下并且修改文件名修改配置
[root@1 www2]# cd myadmin/ 进入目标目录
[root@1 myadmin]# mv config.sample.inc.php config.inc.php 修改配置文件名
[root@1 myadmin]# vim config.inc.php 修改配置文件
$cfg['blowfish_secret'] = '4pfPnJU4R8pA4WMWaQxD'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
上面这2个单引号中间加上随机码 用openssl rand -base64 15 生成 用于传输加密
/*
* Servers configuration
*/
$i = 0;
/*
* First server
*/
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['host'] = '172.16.100.34'; 这里这指向mysql数据库主机的地址
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
#下面就测试这2个程序是否可以连接
#需要安装以及创建账户密码然后登陆即可
#测试第2台虚拟主机上的myadmin
#到这里测试全部成功,然后我们最后要为myadmin提供https服务
#签署CA证书并为phpmyadmin提供https服务;
#在主机上安装mod_ssl模块 因为需要http来加载模块并启动443端口我们前面已经安装了
[root@localhost CA]# yum install mod_ssl.x86_64
#找一台主机做CA比如第一台主机
#然后在第1台主机上生成CA自签名证书;
1、生成密钥
#首先进入CA目录下
[root@1 wordpress]# cd /etc/pki/CA/
#在CA目录下生成密钥
[root@1 CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
............................................................................+++
...............+++
e is 65537 (0x10001)
2、生成自签证书
[root@1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:wufeng
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:ca.wufeng.com
Email Address []:admin@wufeng.com
补充文件
[root@1 CA]# touch index.txt
[root@1 CA]# echo 01 > serial
、
#然后在去第2台主机上生成请求签署文件以及密钥
在/etc/httpd/目录下创建一个目录
~]# mkdir ssl
~]# cd ssl
生成密钥
[root@ ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
Generating RSA private key, 1024 bit long modulus
.++++++
........................................++++++
e is 65537 (0x10001)
生成签署请求文件:
[root@ ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:wufeng
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:www2.wufeng.com 这个要和客户访问要加密的主机名一样
Email Address []:www1admin@wufeng.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
复制给CA主机签署证书
[root@ ssl]# scp httpd.csr 172.16.100.32:/tmp
然后到centos7主机上签署文件
[root@1 CA]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt
连续2个yes 简写y
签署完成后 复制给请求主机
[root@1 CA]# scp certs/httpd.crt 172.16.100.31:/etc/httpd/ssl/
在请求主机上也就是第2台centos7上
编辑这个文件
[root@1 ~]# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/data/vhost/www2/myadmin" 这2个启用起来 把前面的#号去掉 改成自己的资源映射路径
ServerName www2.wufeng.com:443 主机名也改成自己的
SSLCertificateFile /etc/httpd/ssl/httpd.crt 指明签署的证书文件路径
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key 指明私钥文件的路径
然后reload一下
然后ss -tnl 查看一下443端口起来没
在centos7 主CA机器上 测试基于https访问相应的主机;
[root@localhost CA]# openssl s_client -connect 172.16.100.31:443 -CAfile /etc/pki/CA/cacert.pem
#然后打开浏览器输入myadmin地址访问看看是否提供了https服务
在主配置文件里把这个给禁了 免得冲突
#DocumentRoot "/var/www/html"
成功了 下面我们做个ab压力测试
并且比较2个架构性能的差别
单台主机部署LAMP
三台主机分别部署LAMP
以上是“一台centos7主机如何部署LAMP并提供https服务”这篇文章的所有内容,感谢各位的阅读!相信大家都有了一定的了解,希望分享的内容对大家有所帮助,如果还想学习更多知识,欢迎关注行业资讯频道!
内容来源网络,如有侵权,联系删除,本文地址:https://www.230890.com/zhan/94367.html