基于三台主機的LAMP
172.16.59.10主機, httpd:
[root@yph7 ~]# yuminstall httpd
[root@yph7 ~]# apachectlstart
[root@yph7 ~]# ss -tnl |grep 80
LISTEN 0 128 :::80 :::*
[root@yph7~]# vim/etc/httpd/conf/httpd.conf
#DocumentRoot"/var/www/html"
#DirectoryIndex index.html
[root@yph7 ~]# vim /var/www/html/a.com/index.html
172.16.59.10 a.com
建立虛拟主機:https預設把第一個虛拟主機作為https伺服器,
[root@yph7 ~]# cd/etc/httpd/conf.d
[root@yph7 conf.d]# vimvhosts.conf
[root@yph7 conf.d]# catvhosts.conf
DirectoryIndex index.php
<VirtualHost172.16.59.10:80>
ServerName www.a.com
DocumentRoot /var/www/html/a.com
ProxyRequests off
ProxyPassmatch ^/(.*\.php)$fcgi://172.16.59.20:9000/var/www/html/a.com/$1
<Directory "/var/www/html/a.com">
Options FollowSymLinks
Require all granted
AllowOverride None
</Directory>
</VirtualHost>
ServerName www.b.com
DocumentRoot /var/www/html/b.com
ProxyPassmatch ^/(.*\.php)$fcgi://172.16.59.20:9000/var/www/html/b.com/$1
<Directory "/var/www/html/b.com">
[root@yph7 conf.d]# mkdir/var/www/html/{a,b}.com
安裝WordPress----/var/www/html/a.com/wordpress
[root@y7-2 wordpress]#unzip wordpress-4.3.1-zh_CN.zip
[root@y7-2 html]# cdwordpress/
[root@y7-2 wordpress]# cpwp-config-sample.php wp-config.php
[root@y7-2 wordpress]#vim wp-config.php
define('DB_NAME','wpdb');
define('DB_USER','wpuser');
define('DB_PASSWORD','magedu');
define('DB_HOST','172.16.59.30');
安裝phpMyAdmin:
[root@yph7 b.com]# scp [email protected]:/var/www/html/b.com/phpMyAdmin-4.4.14.1-all-languages pma
申請CA簽證:
[root@yph7 a.com]# mkdir/etc/httpd/ssl
[root@yph7 a.com]# cd/etc/httpd/ssl
建立私鑰
[root@yph7 ssl]#(umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)
建立申請信
[root@yph7 ssl]#openssl req -new -key /etc/httpd/ssl/httpd.key -out/etc/httpd/ssl/httpd.csr -days 365
Country Name (2 lettercode) [XX]:cn
State or Province Name(full name) []:beijing
Locality Name (eg, city)[Default City]:beijing
Organization Name (eg,company) [Default Company Ltd]:ali
Organizational Unit Name(eg, section) []:ops
Common Name (eg, yourname or your server's hostname) []:www.a.com
Email Address[]:[email protected]
發送申請信
[root@yph7 ssl]# scphttpd.csr [email protected]:/tmp/ ------正常是必須親自用U盤考走的,通過網絡太危險
建構https協定:
[root@yph7 b.com]# cd/etc/httpd/conf.d
[root@yph7 conf.d]# vimssl.conf
[root@yph7 conf.d]# cpssl.conf{,.bak}
[root@yph7 conf.d]# vimssl.conf ----------修改下列幾項
DocumentRoot "/var/www/html/a.com" ----伺服器根目錄
#ServerName www.a.com:443 --登出掉,因為在<VirtualHost_default_:443>裡有定義端口,vhosts.conf定義了主機名
SSLCertificateFile /etc/httpd/ssl/httpd.crt -----自己網站的證書,即公鑰
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key ----自己網站的私鑰
<VirtualHost_default_:443> _default_是預設虛拟主機,就是第一個虛拟主機,後面配置的幾個不是預設的
這個地方的端口改為443,vhosts.conf裡的端口就可以都為80 了。
[root@yph7 ssl]# vim/etc/httpd/conf.d/vhosts.conf
<VirtualHost172.16.59.10:80> ----------端口為80,www.a.com主機既可以通路http協定又可以通路https協定,否則如果端口為也443,通路http協定隻會通路到www.b.com上的内容,通路不到www.a.com的内容,因為www.a.com隻能通路https協定,二者又是同一個IP,是以會跳到www.b.com上去。
ServerName www.a.com
DocumentRoot /var/www/html/a.com
[root@yph7 ssl]# httpd –t -------檢查文法。若果服務重新開機失敗,找不到原因,不要忘記這個
Syntax OK
[root@yph7 ssl]#systemctl restart httpd.service
[root@yph7 ssl]# ss -tnl| grep 443
LISTEN 0 128 :::443 :::*
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
172.16.59.20 php-fpm:
安裝php-fpm并測試:
[root@y7-2 ~]# yuminstall php-fpm
[root@y7-2 wordpress]#yum install php-mysql -----------這個包必須安裝,否則phpMyAdmin無法運作
[root@y7-2 ~]# vim/etc/php-fpm.d/www.conf
listen =172.16.59.20:9000 ----隻監聽本機的哪些IP的端口,如果多IP可以使用0.0.0.0,允許本機所有IP
#listen.allowed_clients =172.16.59.10 -----------,必須注釋掉這行,否則表示隻允許與這個IP進行互動;或者把第二個的ip也加在後面。與MySQL伺服器無法連接配接就是這個原因
[root@y7-2 ~]# systemctlstart php-fpm.service
[root@y7-2 ~]# ss -tnl
LISTEN 0 128 *:9000 *:* --------9000端口被監聽,正常啟動
下面是為了測試三台主機的連結情況:
[root@y7-2 ~]# vim/var/www/html/a.com/index.php
172.16.59.20 a.com
<?php
phpinfo();
?>
[root@y7-2 ~]# vim/var/www/html/b.com/index.php
172.16.59.20 b.com
$conn =mysql_connect('172.16.59.30','wpuser','magedu');
if($conn)
echo "OK";
else
echo "Failure";
浏覽器輸入www.a.com和www.b.com 看到” 172.16.59.20OK”說明三個主機連接配接成功。因為index.php是放在172.16.59.20主機上的,OK是表示與172.16.59.30資料庫主機連接配接成功
安裝WordPress :/var/www/html/a.com/wordpress 過程同上
安裝phpMyAdmin:/var/www/html/b.com
[root@y7-2 ~]# yuminstall -y php-mbstring
[root@y7-2 pma]# yuminstall -y php-mysql
[root@y7-2 pma]# yuminstall -y mariadb-server --------上面這三個都是必須裝的,血的代價換來的
[root@y7-2 b.com]# unzip phpMyAdmin-4.4.14.1-all-languages.zip
[root@y7-2 pma]#ln -svphpMyAdmin-4.4.14.1-all-languages pma
[root@y7-2 pma]#opensslrand -base64 20
[root@y7-2 pma]#cd pma
[root@y7-2 pma]#cp config.sample.inc.php config.inc.php
[root@y7-2 pma]#vimconfig.inc.php
$cfg['blowfish_secret'] ='fG9NH5b7OmmGRohmjBO0Jpnk4kg'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
$cfg['Servers'][$i]['host']= '172.16.59.30'; ---------設定遠端連接配接主機,若寫入密碼就會自動登入,一般不要寫密碼
因為沒裝mariadb-server,無法初始化,沒那個檔案,裝完重新開機服務就可以了
[root@y7-2 pma]# yum install-y mariadb-server
[root@y7-2 pma]#systemctl start mariadb.service
[root@y7-2 pma]#systemctl restart php-fpm.service
[root@y7-2 pma]#mysql_secure_installation ----------初始化,設定密碼等功能,此處設定密碼隻是本地資料庫的root密碼;不論指向的是本地資料庫還是遠端資料庫都是本地資料庫的密碼;與遠端主機的root和普通使用者密碼無關,
把PHPMyAdmin複制到172.16.59.10/var/www/html/b.com一份後就可以用浏覽器輸入www.b.com/pma通路了,
輸入使用者名“wpuser”,密碼“magedu”就可以登入了
安裝php-xcache
換台主機壓力測試
[root@yph7 pma]# ab -n1000 -c 10 http://172.16.59.10/wordpress/index.php
Requests per second: 8.70 [#/sec] (mean)
[root@y7-2 pma]# yuminstall -y php-devel
[root@y7-2 ~]# yumgroupinstall -y "ServerPlatform Development ""Development Tools"
[root@y7-2 ~]# tar xfxcache-3.2.0.tar.bz2
[root@y7-2 ~]# cdxcache-3.2.0/
[root@y7-2 xcache-3.2.0]#phpize
[root@y7-2 xcache-3.2.0]#./configure --enable-xcache --with-php-config=/usr/bin/php-config
[root@y7-2 xcache-3.2.0]#make && make install
[root@y7-2 xcache-3.2.0]#vim /etc/php.d/xcache.ini
在59.10和59.20主機的/var/www/html/a.com/index.php都寫入phpinfo();函數
[root@y7-2 a.com]#systemctl restart php-fpm.service ------httpd主機的httpd服務或許需要重新開機
xcache.admin.enable_auth On On
xcache.cacher On On
xcache.size 60M
再換台主機壓測:效果果然提升了三倍左右
[root@yph7 a.com]# ab -n 1000 -c 10http://172.16.59.10/wordpress/index.php
Requests per second: 27.40 [#/sec] (mean)
這次實驗用不着這一步:
這一步在某種情況下要用,不改權限無權通路網頁
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
172.16.59.30 MySQL:
安裝mariadb-server:
[root@y7-3 ~]# yuminstall -y mariadb-server
[root@y7-3 ~]# systemctlstart mariadb.service
[root@y7-3 ~]# mysql
MariaDB [(none)]>grant all on wpdb.* to wpuser@'172.16.%.%' identified by 'magedu';
允許wpuser使用者可以通過172.16網段的IP連接配接MySQL資料庫,用來作為WordPress資料庫
MariaDB [(none)]>flush privileges;
[root@y7-3 ~]# ss -tnl
LISTEN 0 50 *:3306 *:*
[root@y7-3 ~]# vim/etc/my.cnf
[mysqld]
skip_name_resolve = ON
建立CA私有機構:
[root@y7-3 ~]# cd/etc/pki/CA
[root@y7-3 CA]# (umask077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
給自己發證書
[root@y7-3 CA]# opensslreq -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem-days 3655
Common Name (eg, yourname or your server's hostname) []:ca.ali.com
Email Address[]:[email protected]
建立必備目錄及檔案
[root@y7-3 CA]# mkdir -pv /etc/pki/CA/{certs,crl,newcerts}
[root@y7-3 CA]#touch /etc/pki/CA/{serial,index.txt}
[root@y7-3 CA]# echo 01 > /etc/pki/CA/serial
等申請方把申請書發過來,做證書
[root@y7-3 CA]# opensslca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365
把證書發給申請者
[root@y7-3 CA]# scpcerts/httpd.crt 172.16.59.10:/etc/httpd/ssl/
檢視證書
[root@y7-3 CA]#openssl x509 -in /etc/pki/CA/certs/httpd.crt -noout -serial -subject
serial=01
subject= /C=cn/ST=beijing/O=ali/OU=ops/CN=www.a.com/[email protected]
測試時,記得改hosts檔案:
[root@y7-3 CA]# openssls_client -connect www.a.com:443 -CAfile cacert.pem
GET /index.html HTTP/1.1
Host: www.a.com
将/etc/pki/CA/cacert.pem複制到windows桌面。并該格式為crt,雙加就可以安裝證書,在浏覽器輸入https://www.a.com驗證,預設安裝的是IE浏覽器。
![【釋出】App Store 預覽視訊制作總結知乎專欄:AppStore預覽視訊制作心得[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)