基于三台主机的LAMP,httpd,php-fpm,mariadb,WordPress,phpMyAdmin
172.16.59.10主机, httpd:# yuminstall httpd
# apachectlstart
# ss -tnl |grep 80
LISTEN 0 128 :::80 :::*
# vim/etc/httpd/conf/httpd.conf
#DocumentRoot"/var/www/html"
#DirectoryIndexindex.html
# vim /var/www/html/a.com/index.html
172.16.59.10a.com
创建虚拟主机:https默认把第一个虚拟主机作为https服务器,
# cd/etc/httpd/conf.d
# vimvhosts.conf
# catvhosts.conf
DirectoryIndex index.php
<VirtualHost172.16.59.10:80>
ServerName www.a.com
DocumentRoot /var/www/html/a.com
ProxyRequests off
ProxyPassmatch ^/(.*\.php)$fcgi://172.16.59.20:9000/var/www/html/a.com/$1
<Directory "/var/www/html/a.com">
Options FollowSymLinks
Require all granted
AllowOverride None
</Directory>
</VirtualHost>
<VirtualHost172.16.59.10:80>
ServerName www.b.com
DocumentRoot /var/www/html/b.com
ProxyRequests off
ProxyPassmatch ^/(.*\.php)$fcgi://172.16.59.20:9000/var/www/html/b.com/$1
<Directory "/var/www/html/b.com">
Options FollowSymLinks
Require all granted
AllowOverride None
</Directory>
</VirtualHost>
# mkdir/var/www/html/{a,b}.com
安装WordPress----/var/www/html/a.com/wordpress
#unzip wordpress-4.3.1-zh_CN.zip
# cdwordpress/
# cpwp-config-sample.php wp-config.php
#vim wp-config.php
define('DB_NAME','wpdb');
define('DB_USER','wpuser');
define('DB_PASSWORD','magedu');
define('DB_HOST','172.16.59.30');
安装phpMyAdmin:
# scp -rroot@172.16.59.20:/var/www/html/b.com/phpMyAdmin-4.4.14.1-all-languages pma
申请CA签证:
# mkdir/etc/httpd/ssl
# cd/etc/httpd/ssl
创建私钥
#(umask077; opensslgenrsa -out /etc/httpd/ssl/httpd.key2048)
创建申请信
#opensslreq-new -key /etc/httpd/ssl/httpd.key-out/etc/httpd/ssl/httpd.csr-days365
Country Name (2 lettercode) :cn
State or Province Name(full name) []:beijing
Locality Name (eg, city):beijing
Organization Name (eg,company) :ali
Organizational Unit Name(eg, section) []:ops
Common Name (eg, yourname or your server's hostname) []:www.a.com
Email Address[]:admin@a.com
发送申请信
# scphttpd.csrroot@172.16.59.30:/tmp/ ------正常是必须亲自用U盘考走的,通过网络太危险
构建https协议:
# cd/etc/httpd/conf.d
# vimssl.conf
# cpssl.conf{,.bak}
# vimssl.conf----------修改下列几项
DocumentRoot "/var/www/html/a.com" ----服务器根目录
#ServerName www.a.com:443--注销掉,因为在<VirtualHost_default_:443>里有定义端口,vhosts.conf定义了主机名
SSLCertificateFile /etc/httpd/ssl/httpd.crt-----自己网站的证书,即公钥
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key ----自己网站的私钥
<VirtualHost_default_:443>_default_是默认虚拟主机,就是第一个虚拟主机,后面配置的几个不是默认的
这个地方的端口改为443,vhosts.conf里的端口就可以都为80 了。
# vim/etc/httpd/conf.d/vhosts.conf
<VirtualHost172.16.59.10:80>----------端口为80,www.a.com主机既可以访问http协议又可以访问https协议,否则如果端口为也443,访问http协议只会访问到www.b.com上的内容,访问不到www.a.com的内容,因为www.a.com只能访问https协议,二者又是同一个IP,所以会跳到www.b.com上去。
ServerName www.a.com
DocumentRoot /var/www/html/a.com
# httpd –t-------检查语法。若果服务重启失败,找不到原因,不要忘记这个
Syntax OK
#systemctl restart httpd.service
# ss -tnl| grep 443
LISTEN 0 128 :::443 :::*
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
172.16.59.20 php-fpm:
安装php-fpm并测试:
# yuminstall php-fpm
#yum install php-mysql -----------这个包必须安装,否则phpMyAdmin无法运行
# vim/etc/php-fpm.d/www.conf
listen =172.16.59.20:9000----只监听本机的哪些IP的端口,如果多IP可以使用0.0.0.0,允许本机所有IP
#listen.allowed_clients =172.16.59.10 -----------,必须注释掉这行,否则表示只允许与这个IP进行交互;或者把第二个的ip也加在后面。与MySQL服务器无法连接就是这个原因
# systemctlstart php-fpm.service
# ss -tnl
LISTEN 0 128 *:9000 *:* --------9000端口被监听,正常启动
下面是为了测试三台主机的链接情况:
# vim/var/www/html/a.com/index.php
172.16.59.20 a.com
<?php
phpinfo();
?>
# vim/var/www/html/b.com/index.php
172.16.59.20b.com
<?php
$conn =mysql_connect('172.16.59.30','wpuser','magedu');
if($conn)
echo "OK";
else
echo "Failure";
?>
浏览器输入www.a.com和www.b.com 看到” 172.16.59.20OK”说明三个主机连接成功。因为index.php是放在172.16.59.20主机上的,OK是表示与172.16.59.30数据库主机连接成功
安装WordPress:/var/www/html/a.com/wordpress过程同上
安装phpMyAdmin:/var/www/html/b.com
# yuminstall -y php-mbstring
# yuminstall -y php-mysql
# yuminstall -y mariadb-server --------上面这三个都是必须装的,血的代价换来的
# unzip phpMyAdmin-4.4.14.1-all-languages.zip
#ln -svphpMyAdmin-4.4.14.1-all-languages pma
#opensslrand -base64 20
#cd pma
#cpconfig.sample.inc.phpconfig.inc.php
#vimconfig.inc.php
$cfg['blowfish_secret'] ='fG9NH5b7OmmGRohmjBO0Jpnk4kg'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
$cfg['Servers'][$i]['host']= '172.16.59.30';---------设定远程连接主机,若写入密码就会自动登录,一般不要写密码
因为没装mariadb-server,无法初始化,没那个文件,装完重启服务就可以了
# yum install-y mariadb-server
#systemctl start mariadb.service
#systemctl restart php-fpm.service
#mysql_secure_installation ----------初始化,设置密码等功能,此处设置密码只是本地数据库的root密码;不论指向的是本地数据库还是远程数据库都是本地数据库的密码;与远程主机的root和普通用户密码无关,
把PHPMyAdmin复制到172.16.59.10/var/www/html/b.com一份后就可以用浏览器输入www.b.com/pma访问了,
输入用户名“wpuser”,密码“magedu”就可以登录了
安装php-xcache
换台主机压力测试
# ab -n1000 -c 10 http://172.16.59.10/wordpress/index.php
Requests per second: 8.70 [#/sec] (mean)
# yuminstall -y php-devel
# yumgroupinstall -y"ServerPlatformDevelopment ""Development Tools"
# tar xfxcache-3.2.0.tar.bz2
# cdxcache-3.2.0/
#phpize
#./configure --enable-xcache --with-php-config=/usr/bin/php-config
#make && make install
#vim /etc/php.d/xcache.ini
xcache.admin.enable_auth = On
xcache.size= 60M
在59.10和59.20主机的/var/www/html/a.com/index.php都写入phpinfo();函数
#systemctl restart php-fpm.service ------httpd主机的httpd服务或许需要重启
xcache.admin.enable_auth On On
xcache.cacher On On
xcache.size 60M
再换台主机压测:效果果然提升了三倍左右
#ab -n 1000 -c 10http://172.16.59.10/wordpress/index.php
Requests per second: 27.40 [#/sec] (mean)
这次实验用不着这一步:
这一步在某种情况下要用,不改权限无权访问网页
创建session目录,并确保运行php-fpm进程的用户对此目录有读写权限;
# mkdir /var/lib/php/session
# chown -R apache.apache /var/lib/php/session
apache用户是php-fpm子进程的身份
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
172.16.59.30 MySQL:
安装mariadb-server:
# yuminstall -y mariadb-server
# systemctlstart mariadb.service
# mysql
MariaDB [(none)]>grant all on wpdb.* to wpuser@'172.16.%.%' identified by 'magedu';
允许wpuser用户可以通过172.16网段的IP连接MySQL数据库,用来作为WordPress数据库
MariaDB [(none)]>flush privileges;
# ss -tnl
LISTEN 0 50 *:3306 *:*
# vim/etc/my.cnf
skip_name_resolve = ON
建立CA私有机构:
# cd/etc/pki/CA
创建私钥
# (umask077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
给自己发证书
# opensslreq -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem-days 3655
Country Name (2 lettercode) :cn
State or Province Name(full name) []:beijing
Locality Name (eg, city):beijing
Organization Name (eg,company) :ali
Organizational Unit Name(eg, section) []:ops
Common Name (eg, yourname or your server's hostname) []:ca.ali.com
Email Address[]:admin@ali.com
创建必备目录及文件
# mkdir-pv /etc/pki/CA/{certs,crl,newcerts}
#touch/etc/pki/CA/{serial,index.txt}
# echo01 > /etc/pki/CA/serial
等申请方把申请书发过来,做证书
# opensslca-in /tmp/httpd.csr-out/etc/pki/CA/certs/httpd.crt-days 365
把证书发给申请者
# scpcerts/httpd.crt 172.16.59.10:/etc/httpd/ssl/
查看证书
#opensslx509-in /etc/pki/CA/certs/httpd.crt-noout -serial-subject
serial=01
subject= /C=cn/ST=beijing/O=ali/OU=ops/CN=www.a.com/emailAddress=admin@a.com
测试时,记得改hosts文件:
# openssls_client -connect www.a.com:443 -CAfile cacert.pem
GET /index.html HTTP/1.1
Host: www.a.com
将/etc/pki/CA/cacert.pem复制到windows桌面。并该格式为crt,双加就可以安装证书,在浏览器输入https://www.a.com验证,默认安装的是IE浏览器。
页:
[1]