單主機部署LAMP

單主機LAMP部署

要求：在一個主機上一個虛拟主機提供phpMyAdmin，另一個虛拟主機提供wordpress，且為phpMyAdmim提供https服務:

一．安裝所需rpm包

yuminstall -y httpd php php-mysql php-gd php-mbstring php-xml mariadb-servermod_ssl

二．開啟并檢測服務，配置資料庫，測試網頁是否聯通

啟動httpd服務：systemctl start htppd.service

檢查服務開啟狀态:systemctlstatus httpd.service

● httpd.service - The Apache HTTP Server

   Loaded: loaded(/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

   Active: active (running) since Mon2016-07-18 22:59:32 CST

将服務設定為預設開啟狀态：systemctl enable httpd.service

檢視80端口狀态：ss -tnl

LISTEN     0     128                               :::80                                            :::*

檢查httpd程序：ps -aux | grep httpd

root       1709 0.0  1.6 468464 16304 ?        Ss  22:59   0:00 /usr/sbin/httpd-DFOREGROUND

apache     2013 0.0  0.8 470680  8560 ?       S    22:59   0:00 /usr/sbin/httpd -DFOREGROUND

apache     2014 0.0  0.8 470680  8560 ?       S    22:59   0:00 /usr/sbin/httpd -DFOREGROUND

apache     2015 0.0  0.8 470680  8560 ?       S    22:59   0:00 /usr/sbin/httpd -DFOREGROUND

apache     2017 0.0  0.8 470680  8560 ?       S    22:59   0:00 /usr/sbin/httpd -DFOREGROUND

apache     2018 0.0  0.8 470680  8560 ?       S    22:59   0:00 /usr/sbin/httpd -DFOREGROUND

root       4499 0.0  0.0 112644   952 pts/1   R+   23:05   0:00 grep --color=auto httpd

檢視是否是prefork子產品：httpd -M | grep mpm ：

mpm_prefork_module(shared)

确認ssl子產品是否啟用成功：httpd -M |grep ssl

ssl_module(shared)

啟動mysql服務；systemctl start mariadb.service

Mysql資料庫初始化：mysql_secure_installation

授權建立使用者

[root@zq~]# mysql

mysql>GRANT ALL ON qqdb.* TO 'qquser'@'172.16.%.%' IDENTIFIED BY 'qqpass';

mysql>FLUSH PRIVILEGES;

mysql>CREATE DATABASE qqdb;

為虛拟主機建FQDN的資源映射路徑，并配置預設測試頁面：

[root@zq~]# mkdir -p /data/vhost/www{1,2}

配置預設頁1：vim /data/vhost/www1/index.php

<h1>number1 </h1>

<?php

$conn =mysql_connect('172.16.35.1','qquser','qqpass');

if($conn)

echo"OK";

else

echo"Failure";

phpinfo();

?>

配置預設頁2：cp /data/vhost/www1/index.php/data/vhost/www2/index.php

vim/data/vhost/www2/index.php

改1為2即可

改httpd的配置檔案

 vim /etc/httpd/conf.d/vhost1.conf

<VirtualHost172.16.35.1：80>

ServerNamewww1.test.com

DocumentRoot"/data/vhost/www1"

ProxyRequestson

DirectoryIndexindex.php

<Directory"/data/vhost/www1">

OptionsNone

AllowOverrideNone

Requireall granted

</Directory>

</VirtualHost>

vim/etc/httpd/conf.d/vhost2.conf

<VirtualHost172.16.35.1:80>

ServerNamewww2.test.com

DocumentRoot"/data/vhost/www2"

<Directory"/data/vhost/www2">

修改DNS指向自己并添加本地域名解析

vim/etc/resolv.conf

DNS=172.16.35.1

vim/etc/hosts

172.16.100.31www1.test.comwww2.test.com

輸入網址www1.test.com或www2.test.com顯示ok則說明以上步驟正确

且加速器以啟用：

三．安裝wordpress和php-myadmin

在教室伺服器上用lftp下載下傳wordpress放在/data/vhost/www1中，php-myadmin放在/data/vhost/www2中

1.安裝wordpress ：

[root@zq~]# unzip wordpress-4.3.1-zh_CN.zip

修改配置檔案；

[root@zq~]# vim /data/vhost/www1/wp-config-sample.php

// **MySQL 設定 - 具體資訊來自您正在使用的主機 ** //

/**WordPress資料庫的名稱 */

define('DB_NAME','qqdb');

/** MySQL資料庫使用者名 */

define('DB_USER','qquser');

/** MySQL資料庫密碼 */

define('DB_PASSWORD','qqpass');

/** MySQL主機 */

define('DB_HOST','172.16.35.1');

/** 建立資料表時預設的文字編碼 */

define('DB_CHARSET','utf8');

/** 資料庫整理類型。如不确定請勿更改 */

define('DB_COLLATE','');

2.安裝php-myadmin:

 [root@zq ~]# unzipphpMyAdmin-4.4.14.1-all-languages.zip

[root@zq ~]#mv /data/vhost/www2/config.sample.inc.php /data/vhost/www2/config.inc.php

[root@zq~]# vim /data/vhost/www2/config.inc.php

$cfg['blowfish_secret']= '4pfPnJU4R8pA4WMWaQxD'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

/*

* Serversconfiguration

*/

$i = 0;

* Firstserver

$i++;

/*Authentication type */

$cfg['Servers'][$i]['auth_type']= 'cookie';

/* Serverparameters */

$cfg['Servers'][$i]['host']= '172.16.35.1'; 這裡這指向mysql資料庫主機的位址

$cfg['Servers'][$i]['connect_type']= 'tcp';

$cfg['Servers'][$i]['compress']= false;

$cfg['Servers'][$i]['AllowNoPassword']= false;

3.測試wordpress和php-myadmin是否可以連接配接

第一次登陸要輸入認證資訊。

四．簽署CA憑證并為phpmyadmin提供https服務；

1、生成密鑰

進入CA目錄下

[root@zq~]# cd /etc/pki/CA/

[root@zq CA]#(umask 077; openssl genrsa -out private/cakey.pem 1024)

GeneratingRSA private key, 1024 bit long modulus

............................................................................+++

...............+++

e is65537 (0x10001)

2、生成自簽證書

[root@zq CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem

You are about to be asked to enterinformation that will be incorporated

into your certificate request.

What you are about to enter is what iscalled a Distinguished Name or a DN.

There are quite a few fields but you canleave some blank

For some fields there will be a defaultvalue,

If you enter '.', the field will be leftblank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name)[]:beijing

Locality Name (eg, city) [Default City]:haidian

Organization Name (eg, company) [DefaultCompany Ltd]:mage

Organizational Unit Name (eg, section)[]:magedu

Common Name (eg, your name or your

補充檔案

[root@zq CA]# touch index.txt

[root@zq CA]# echo 01 > serial

3.在第2台主機上生成請求簽署檔案以及密鑰

在/etc/httpd/目錄下建立ssl目錄并cd進入

生成密鑰：

[root@zq ssl]# (umask 077; openssl genrsa -outhttpd.key 1024)

.++++++

........................................++++++

生成簽署請求檔案：

[root@ ssl]# openssl req -new -key httpd.key -outhttpd.csr

You areabout to be asked to enter information that will be incorporated

into yourcertificate request.

What youare about to enter is what is called a Distinguished Name or a DN.

There arequite a few fields but you can leave some blank

For somefields there will be a default value,

If youenter '.', the field will be left blank.

CountryName (2 letter code) [XX]:CN

State orProvince Name (full name) []:beijing

LocalityName (eg, city) [Default City]:haidian

OrganizationName (eg, company) [Default Company Ltd]:mage

OrganizationalUnit Name (eg, section) []:magedu

CommonName (eg, your name or your server's hostname) []:www2.test.com 這個要和客戶通路要加密的主機名一樣

EmailAddress []:[email protected]

Pleaseenter the following 'extra' attributes

to besent with your certificate request

A challengepassword []:

Anoptional company name []:

4.複制給CA主機簽署證書

[root@zq ssl]# scp httpd.csr 172.16.35.2:/tmp

5.到centos7主機上簽署檔案

[root@1 CA]# openssl ca -in /tmp/httpd.csr -out/etc/pki/CA/certs/httpd.crt

6.簽署完成後複制給請求主機

[root@1 CA]# scp certs/httpd.crt 172.16.35.1:/etc/httpd/ssl/

編輯這個檔案

[root@zq~]# vim /etc/httpd/conf.d/ssl.conf

DocumentRoot"/data/vhost/www2/myadmin"

ServerNamewww2.test.com:443 主機名也改成自己的

SSLCertificateFile/etc/httpd/ssl/httpd.crt 指明簽署的證書檔案路徑

SSLCertificateKeyFile/etc/httpd/ssl/httpd.key 指明私鑰檔案的路徑

7.重載配置檔案

Systemctl reload httpd

8.檢視443端口情況：

ss -tnl |grep 443

9.主配置檔案中禁掉預設根目錄：

#DocumentRoot"/var/www/html"

10.打開浏覽器輸入myadmin位址通路看看是否提供了https服務

五．對其做壓力測試:

ab -n 1000 -c 1000 -k www1.test.com

ab -n 1000 -c 1000 -k  www2.test.com