CentOS 7 安装lamp,并实现https
题目:新建三个基于域名的虚拟主机,如下: vhost1: pma.xujunmin.com, phpMyAdmin,同时提供https服务; vhost2: wp.xujunmin.com, wordpress vhost3: dz.xujunmin.com, Discuz一、编译安装Apache1、编译安装apr及apr-utilapr是Apache的可移植运行库,主要为上层的应用程序提供一个可以跨越多操作系统平台使用的底层支持接口库。
1
2
3
4
# tar -xf apr-1.5.2.tar.bz2
# cd apr-1.5
# ./configure --prefix=/usr/local/apr
# make && make install
1
2
3
# tar -xf apr-util-1.5.4.tar.bz2
# cd apr-util-1.5.4
# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
1
2
# vim /etc/ld.so.conf.d/apr_apr-util.conf
# make && make install
# 导出库文件
1
2
3
# vim /etc/ld.so.conf.d/apr_apr-util.conf
添加:/usr/local/apr/lib
/usr/local/apr-util/lib
# 使库文件生效并验证
1
2
# ldconfig
# ldconfig -p | grep apr
2、安装依赖包pcre-devel为http进行正则匹配的时候需要,而openssl-devel为http开启ssl功能的时候需要。
1
# yum install pcre-devel openssl-devel.x86_64
3、编译httpd包
1
2
3
4
5
6
7
8
9
# tar xf httpd-2.4.16.tar.gz
# cd httpd-2.4.16
# ./configure --prefix=/usr/local/apache \
> --sysconfdir=/etc/httpd--enable-so --enable-ssl --enable-cgi \
> --with-pcre --with-zlib --enable-rewrite --with-apr=/usr/local/apr \
> --with-apr-util=/usr/local/apr-util --enable-modules=most \
> --enable-mpms-shared=all --with-mpm=event
# make && make install
4、其他操作#编辑httpd,指定PidFile
1
2
# vim /etc/httpd/httpd.conf
添加:PidFile "/var/run/httpd.pid"
# 导出库文件
1
2
# vim /etc/ld.so.conf.d/httpd.conf
/usr/local/apache/lib
# 为可执行程序添加PATH路径
1
2
# echo 'export PATH=$PATH:/usr/local/apache/bin' > /etc/profile.d/httpd.sh
# . /etc/profile.d/httpd.sh
# 导出man文件
1
2
# vim /etc/man_db.conf
添加:MANDATORY_MANPATH /usr/local/apache/man
# 添加服务
1
# httpd -k start
-----------------------------------------------------------------------------------------二、编译mysql 此处使用MariaDB的二进制程序安装,无需编译1、 解压到指定目录
1
2
# tar -xf mariadb-5.5.36-linux-x86_64.tar.gz -C /usr/local/
# cd /usr/local/
2、建立软链接,方便管理及以后升级
1
2
3
#ln -sv mariadb-5.5.36-linux-x86_64 mysql
# mkdir /data # 建立mysql数据存放目录
# chown -R mysql:mysql /data
3、创建mysql系统用户
1
2
3
# groupadd -r mysql
# useradd -g mysql -r -s /sbin/nologin -d /data mysql
# chown -R mysql:mysql *
4、进行数据库安装
1
# scripts/mysql_install_db --datadir=/data --user=mysql
5、编辑mysql配置文件
1
2
3
# cp support-files/my-large.cnf /etc/my.cnf # 覆盖/etc/my.cnf下的 配置文件
# vim /etc/my.cnf
datadir = /data #在添加datadir
6、添加mysql的服务脚本
1
2
3
4
5
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig mysqld on
# service mysql start
# ps -ef | grep mysqld # 查看进程启动是否正常
7、查看端口监听是否正常
1
2
# ss -ant | grep 3306
LISTEN 0 50 *:3306 *:*
8、其他操作# 添加二进制程序的PATH路径
1
# echo 'export PATH=$PATH:/usr/local/mysql/bin' > /etc/profile.d/mysqld.sh
1
# . /etc/profile.d/mysqld.sh
# 导出头文件
1
# ln -sv include /usr/include/mysql
# 导出库文件
1
# echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
# 修改root密码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
MariaDB [(none)]>UPDATE mysql.user SET Password = password('123456') where User = 'root';
MariaDB [(none)]>create database wordpress; # 为安装wordpress做准备
Query OK, 1 row affected
(0.00 sec)
MariaDB [(none)]> show
databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
| wordpress |
+--------------------+
5 rows in set (0.13 sec)
MariaDB [(none)]>
flush privileges;
Query OK, 0 rows affected
(0.00 sec)
-----------------------------------------------------------------------------------------
三、编译安装PHP1、解压
1
2
# tar xf php-5.4.40.tar.bz2
# cd php-5.4.40
2、编译安装
1
2
3
4
5
6
# ./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql \
> --with-openssl --with-mysqli=/usr/local/mysql/bin/mysql_config \
> --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir \
> --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets \
> --with-apxs2=/usr/local/apache/bin/apxs --with-mcrypt --with-config-file-path=/etc \
> --with-config-file-scan-dir=/etc/php.d --with-bz2--enable-maintainer-zts
1
# make && make install
3、为php提供配置文件
1
# cp php.ini-production /etc/php.ini
4、编辑apache配置文件httpd.conf,使apache支持php
1
2
3
4
# vim /etc/httpd/httpd.conf
# AddType 添加对.php及.phps后缀文件的支持
AddType application/x-httpd-php.php
AddType application/x-httpd-php-source.phps
# 添加php的索引文件
1
DirectoryIndexindex.php index.html
四、建立虚拟主机 三个基于域名的虚拟主机: vhost1: pma.xujunmin.com, phpMyAdmin, 同时提供https服务; vhost2: wp.xujunmin.com,wordpress
vhost3: dz.xujunmin.com,Discuz
1、 分别创建三个虚拟主机的家目录,并将phpMyAdmin,wordpress,Discuz分别移至对应的目 录下
1
2
3
4
5
6
7
8
9
# mkdir -pv /www/{vhost1,vhost2,vhost3}
# unzip phpMyAdmin-4.4.14.1-all-languages.zip
# mv phpMyAdmin-4.4.14.1-all-languages/*/www/vhost1/
# unzip wordpress-4.3.1-zh_CN.zip
# mv wordpress/* /www/vhost2/
# unzip Discuz_X3.2_SC_UTF8.zip
# mv upload/* /www/vhost3/
[iyunv@localhost PKGS# cd /www/vhost3/
# chown -R daemon:root *# 更改属主信息否则安装过程中提示无权限
2、配置httpd.conf文件:
1
2
3
4
5
6
7
8
# vim /etc/httpd/httpd.conf
#DocumentRoot "/usr/local/apache/htdocs" # 注释掉DocumentRoot
#Virtual hosts
Include /etc/httpd/extra/httpd-vhosts.conf #去掉注释,使httpd-vhosts配置生效
# Secure (SSL/TLS) connections
Include /etc/httpd/extra/httpd-ssl.conf # 去掉前面的注释,开启https
LoadModule ssl_module modules/mod_ssl.so# 去掉前面的注释,开始ssl功能
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so # 去掉前面的注释
3、 配置 httpd-vhosts.conf:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# vim
/etc/httpd/extra/httpd-vhosts.conf
# 配置基于域名wp.xujunmin.com的虚拟主机
<VirtualHost *:80>
ServerAdmin admin@wp.xujunmin.com
DocumentRoot /www/vhost2
ServerName wp.xujunmin.com
<Directory /www/vhost2>
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "logs/wp.com-error_log"
CustomLog
"logs/wp.com-access_log" combine
</VirtualHost>
# 配置基于域名dz.xujunmin.com的虚拟主机
<VirtualHost *:80>
ServerAdmin admin@dz.xujunmin.com
DocumentRoot /www/vhost3
ServerName dz.xujunmin.com
<Directory /www/vhost3>
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "logs/dz.com-error_log"
CustomLog
"logs/dz.com-access_log" combine
</VirtualHost>
# 重启httpd服务
1
2
3
# httpd -k start
# ss -ant | grep 443
LISTEN 0 128 :::443 :::*
4、 配置httpd-ssl.conf:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# vim /etc/httpd/extra/httpd-ssl.conf
<VirtualHost 192.168.52.132:443>
DocumentRoot "/www/vhost1/"
ServerName pma.xujunmin.com:443
ServerAdmin admin@xujunmin.com
<Directory /www/vhost1/>
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog "/usr/local/apache/logs/pma.com-rror_log"
TransferLog "/usr/local/apache/logs/pma.com-access_log"
...
</VirtualHost>
5、HTTPS认证:#自建CA:
1
2
3
4
5
6
root@localhost ~]# cd /etc/pki/CA/
# (umask 077;openssl genrsa -out private/cakey.pem 2048)
# 生成密钥对
# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650# 生成自签证书
# touch index.txt serial crlnumber
# echo 01 > serial
# 客户端:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# mkdir /etc/httpd/ssl
# cd /etc/httpd/ssl
# (umask 077;openssl genrsa -out httpd.key 1024) # 生成密钥对
# openssl req -new -key httpd.key -out httpd.csr # 生成证书申请请求
Country Name (2 letter code) :CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) :Beijing
Organization Name (eg,company) :Magedu
Organizational Unit Name (eg, section) []:OPS
Common Name (eg, your name or your server's hostname) []:pma.xujunmin.com
Email Address []:admin.xujunmin.com
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []:
An optional company name []:
1
2
# ls
httpd.csrhttpd.key
# CA签署客户申请证书:
1
# openssl ca -in /etc/httpd/ssl/httpd.csr -out /etc/httpd/ssl/httpd.crt -days 365
# 将证书导入到IE证书的受信任的根证书颁发机构栏
# 在window hosts(C:\Windows\System32\drivers\etc)中添加域名解析项192.168.52.132pma.xujunmin.com192.168.52.132wp.xujunmin.com192.168.52.132dz.xujunmin.com
五、测试1、 vhost1: pma.xujunmin.com
2、wp.xujunmin.com(安装具体过程省略)
3、dz.xujunmin.com(安装过程省略)
页:
[1]