1.lnmp實作多個虛拟主機,部署wordpress和phpmyadmin,并為後一個主機提供https。
2.配置rewrite,即使使用者使用http協定通路phpmyadmin的站點,最終也會使用https重新請求資源。
-------------------------------------------------------------------------------------------
一、安裝nginx
方法一:編譯安裝
1.下載下傳nginx程式包,傳導至CentOS主機中,并解壓。
2.進入解壓目錄
3.~]# ./configure --prefix=/usr/local/nginx--sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/error.log--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid--lock-path=/var/lock/subsys/nginx.lock --user=nginx --group=nginx--with-http_ssl_module --with-http_v2_module --with-http_dav_module--with-threads --with-file-aio --with-http_stub_status_module
4. make -j 4 && make install
注意:1.啟動服務需要事先建立nginx使用者和nginx組;
2.若編譯錯誤提示缺少編譯軟體可以 yum -y install gcc gcc-c++autoconf automake make
方法二:EPEL源的安裝包
[root@zj06 ~]# cd /etc/yum.repos.d/
[[email protected]]# vim nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@zj06 yum.repos.d]# yum install -y nginx
二、建立虛拟機
[root@zj06 ~]# mkdir -pv/var/www/vhost{1,2}
[root@zj06 ~]# echo"www1.zrs.com" >> /var/www/vhost1/index.html
[root@zj06 ~]# echo"www2.zrs.com" >> /var/www/vhost2/index.html
[root@zj06 ~]# vim /etc/nginx/nginx.conf
server {
listen 80;
server_name www1.zrs.com;
location / {
root /var/www/vhost1;
index index.php index.html index.htm;
}
}
server_name www2.zrs.com;
location / {
root /var/www/vhost2;
index index.php index.html index.htm;
[root@zj06 ~]#nginx -t ///檢查文法沒問題
[root@zj06~]# nginx -s reload ///重新開機服務
用戶端測試
<a href="https://s4.51cto.com/wyfs02/M01/A7/20/wKioL1nhaVbihErZAAAXCuDqNq0556.png" target="_blank"></a>
<a href="https://s5.51cto.com/wyfs02/M00/08/6A/wKiom1nhbBjB14TVAAAXnYat7jA722.png" target="_blank"></a>
三、安裝php和mariadb,測試連接配接
[root@zj06 ~]# yum install -y php-fpm mariadb-server mariadb
配置nginx支援php解析
location ~ \.php$ {
root /var/www/vhost1;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/vhost1/$fastcgi_script_name;
include fastcgi_params;
}
root /var/www/vhost2;
fastcgi_param SCRIPT_FILENAME /var/www/vhost2/$fastcgi_script_name;
include fastcgi_params;
[root@zj06 ~]# nginx -t ///檢查文法沒問題
[root@zj06 ~]# nginx -s reload ///重新開機服務
修改兩個首頁index.html為index.php
并添加測試段内容:
<?php
Phpinfo();
?>
<a href="https://s4.51cto.com/wyfs02/M00/08/6A/wKiom1nhbFng7SM5AAEOjOu5h2w799.png" target="_blank"></a>
<a href="https://s4.51cto.com/wyfs02/M02/A7/20/wKioL1nhaaPCyPIOAAEMsYJiC0E933.png" target="_blank"></a>
建立資料庫,授權使用者,并重新整理
MariaDB [(none)]> create database wpsdb;
MariaDB [(none)]> grant all on wpsdb.*TO 'wpuser'@'172.16.%.%'IDENTIFIED BY'123456';
MariaDB [(none)]> create database pma;
MariaDB [(none)]> grant all on pma.* TO'pmauser'@'172.16.%.%'IDENTIFIED BY'123456';
MariaDB [(none)]> FLUSH PRIVILEGES;
測試php和資料庫能否正常連接配接
[root@zj06 ~]# vim/var/www/vhost1/index.php
vhost2也同樣設定成這樣,相關資料庫内容要改為pma的。
<a href="https://s5.51cto.com/wyfs02/M00/08/6A/wKiom1nhbfOwaOXWAAAkXFJajMY892.png" target="_blank"></a>
<a href="https://s5.51cto.com/wyfs02/M02/A7/20/wKioL1nhaz2wmA4WAAAkEXWfHik445.png" target="_blank"></a>
四、部署wordpress和phpmyadmin
下載下傳這兩個應用并導入虛拟機中,分别解壓
[root@zj06 ~]# unzipwordpress-3.9-zh_CN.zip
[root@zj06 ~]# tar -zxvfphpMyAdmin-4.0.10.20.tar.gz
1.部署wordpress
[root@zj06 ~]# mv wordpress/var/www/vhost1/
[root@zj06 ~]# cd /var/www/vhost1/wordpress/
[root@zj06 wordpress]# mvwp-config-sample.php wp-config.php
[root@zj06 wordpress]# vim wp-config.php ///修改配置檔案
/** WordPress資料庫的名稱*/
define('DB_NAME', 'wpsdb');
/** MySQL資料庫使用者名 */
define('DB_USER', 'wpuser');
/** MySQL資料庫密碼 */
define('DB_PASSWORD', '123456');
/** MySQL主機 */
define('DB_HOST', '172.16.1.6');
2. 部署phpmyadmin
[root@zj06 ~]# mkdir/var/www/vhost2/phpmyadmin
[root@zj06 ~]# mv phpMyAdmin-4.0.10.20-all-languages/*/var/www/vhost2/phpmyadmin/
[root@zj06 ~]# cd /var/www/vhost2/phpmyadmin/
[root@zj06 phpmyadmin]# mvconfig.sample.inc.php config.inc.php
[root@zj06 phpmyadmin]# vim config.inc.php ///修改這個檔案中的下面一行配置為主機位址
$cfg['Servers'][$i]['host'] = '172.16.1.6';
<a href="https://s5.51cto.com/wyfs02/M02/08/6A/wKiom1nhbk7R4epxAAILs_RrSrw546.png" target="_blank"></a>
五、為phpmyadmin提供https
在主機上安裝mod_ssl子產品
[root@zj06 ~]# yum -y install mod_ssl
切換到CA目錄下,生成密鑰和自簽證書
[root@zj06 ~]# cd /etc/pki/CA
[root@zj06 CA]# (umask 077; openssl genrsa-out private/cakey.pem 2048)
Generating RSA private key, 2048 bit longmodulus
.......+++
...................................+++
e is 65537 (0x10001)
[root@zj06 CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will be leftblank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Hebei
Locality Name (eg, city) [DefaultCity]:QinHuangdao
Organization Name (eg, company) [DefaultCompany Ltd]:Link
Organizational Unit Name (eg, section)[]:ops
Common Name (eg, your name or your server'shostname) []:ca.link.com
Email Address []:[email protected]
提供輔助檔案
[root@zj06 CA]# touch index.txt
[root@zj06 CA]# echo 01 > serial
生成私鑰并且生成證書簽署請求
[root@zj06~]# mkdir -pv /etc/nginx/ssl
[root@zj06~]# cd /etc/nginx/ssl
[root@zj06 ssl]# (umask 077; openssl genrsa-out nginx.key 1024) ///生成私鑰
Generating RSA private key, 1024 bit longmodulus
....++++++
...............................++++++
[root@zj06 ssl]# openssl req -new -keynginx.key -out nginx.csr ///生成證書請求
State or Province Name (full name)[]:Hebei
Please enter the following 'extra'attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
簽發證書
[root@zj06 ssl]# cp nginx.csr /tmp/
[root@zj06 ssl]# openssl ca -in/tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt ///根據提示連續按兩個“y”
[root@zj06 ssl]# cp/etc/pki/CA/certs/nginx.crt /etc/nginx/ssl/ ///把簽署好的證書發給請求者
修改nginx配置檔案,添加支援ssl
[root@zj06 ssl]# vim /etc/nginx/nginx.conf
listen 443 ssl;
server_name www2.zrs.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
<a href="https://s2.51cto.com/wyfs02/M01/08/6A/wKiom1nhbpaSxMc5AACciue6Q2M207.png" target="_blank"></a>
<a href="https://s5.51cto.com/wyfs02/M01/08/6A/wKiom1nhbrTy5hEbAABJx1hn99k992.png" target="_blank"></a>
<a href="https://s4.51cto.com/wyfs02/M00/08/6A/wKiom1nhbsiy9q-dAAB84BOckEc667.png" target="_blank"></a>
六、配置rewrite,即使使用者使用http協定通路phpmyadmin的站點,最終也會使用https重新請求資源
當使用者通路www2.zrs.com的時候自動跳轉到https://www2.zrs.com,直接用rewrite功能即可
在www2.zrs.com主機的配置檔案中添加rewrite即可
<a href="https://s4.51cto.com/wyfs02/M02/A7/2A/wKioL1niDwCQxK8HAABDqrJyKCY664.png" target="_blank"></a>
<a href="https://s4.51cto.com/wyfs02/M00/08/76/wKiom1niEcXCp5aNAABPszxuPWo302.png" target="_blank"></a>
本文轉自 Runs_ 51CTO部落格,原文連結:http://blog.51cto.com/12667170/1972297,如需轉載請自行聯系原作者
![Apache配置SSLApache配置SSL[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)