部署LAMP之WordPress, PMA(https), Discuz
一、环境介绍 系统:CentOS 6.7软件:httpd-2.2, mysql-5.3, wordpress-4.3, pma4.0
网络:
pma.anyisalin.com部署MySQL, Bind, PMA, IP地址为192.168.2.6
wp.anyisalin.com部署WordPress并且为私有CA, IP地址为192.168.2.7
dz.anyisalin.com部署Discuz, IP地址为192.168.2.8
SELinux和iptables均为关闭
wp和dz主机的DNS地址指向pma主机
涉及知识点:httpd配置, httpd中https配置, openssl, bind, mysql基础知识, php安装...
声明:本文只介绍配置, 理论知识不进行说明
二、部署Bind和MySQL 我们在pma主机上配置bind, 如果不会bind的查看我的文章DNS and BIND配置指南
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# yum install bind bind-utils httpd mysql-server php-mysqlphp-mbstring mod_ssl#使用yum安装相关软件
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
Resolving Dependencies
# 中间内容过长省略
Installed:
bind.x86_64 32:9.8.2-0.37.rc1.el6 bind-utils.x86_64 32:9.8.2-0.37.rc1.el6 httpd.x86_64 0:2.2.15-45.el6.centos mysql-server.x86_64 0:5.1.73-5.el6_6
Dependency Installed:
apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 bind-libs.x86_64 32:9.8.2-0.37.rc1.el6 httpd-tools.x86_64 0:2.2.15-45.el6.centos
mailcap.noarch 0:2.1.31-2.el6 mysql.x86_64 0:5.1.73-5.el6_6 perl-DBD-MySQL.x86_64 0:4.013-3.el6 perl-DBI.x86_64 0:1.609-4.el6 portreserve.x86_64 0:0.0.4-9.el6
Complete!
使用Bind配置DNS服务器达到效果如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# host -t A pma.anyisalin.com 192.168.2.6
Using domain server:
Name: 192.168.2.6
Address: 192.168.2.6#53
Aliases:
pma.anyisalin.com has address 192.168.192.6
# host -t A wp.anyisalin.com 192.168.2.6
Using domain server:
Name: 192.168.2.6
Address: 192.168.2.6#53
Aliases:
wp.anyisalin.com has address 192.168.192.7
# host -t A dz.anyisalin.com 192.168.2.6
Using domain server:
Name: 192.168.2.6
Address: 192.168.2.6#53
Aliases:
dz.anyisalin.com has address 192.168.192.8
创建数据库和相应用户并赋予权限
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# mysql
Welcome to the MySQL monitor.Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> GRANT ALL ON wpdb.* TO 'wpuser'@'%' IDENTIFIED BY 'passwd'; #赋予wpuser用户对wpdb数据库的所有权限, 并设置密码为passwd
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL ON dzdb.* TO 'dzuser'@'%' IDENTIFIED BY 'passwd'; #赋予dzuser用户对dzdb数据库的所有权限, 并设置密码为passwd
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE DATABASE wpdb; #创建wpdb数据库
Query OK, 1 row affected (0.00 sec)
mysql> CREATE DATABASE dzdb; #创建dzdb数据库
Query OK, 1 row affected (0.00 sec)
三、部署WordPress
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# yum install httpd php php-mysql -y #安装相应软件
Loaded plugins: fastestmirror
Setting up Install Process
Determining fastest mirrors
anyisalin | 4.0 kB 00:00 ...
anyisalin/primary_db | 4.6 MB 00:00 ...
Resolving Dependencies
--> Running transaction check
#过程太长, 中间省略
12/12
Installed:
httpd.x86_64 0:2.2.15-45.el6.centos php.x86_64 0:5.3.3-40.el6_6 php-mysql.x86_64 0:5.3.3-40.el6_6
Dependency Installed:
apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 httpd-tools.x86_64 0:2.2.15-45.el6.centos libedit.x86_64 0:2.11-4.20080712cvs.1.el6
mailcap.noarch 0:2.1.31-2.el6 php-cli.x86_64 0:5.3.3-40.el6_6 php-common.x86_64 0:5.3.3-40.el6_6 php-pdo.x86_64 0:5.3.3-40.el6_6
Complete!
配置虚拟主机
1
2
3
4
5
6
7
8
# vim /etc/httpd/conf.d/wp.conf
#配置如下
NameVirtualHost 192.168.2.7:80
<VirtualHost *:80>
ServerName wp.anyisalin.com
DocumentRoot /var/www/wp/
</VirtualHost>
下载WordPress
1
2
3
4
5
6
7
8
9
10
11
12
13
# wget -O /var/www/wp/wordpress.zip https://cn.wordpress.org/wordpress-4.4.2-zh_CN.zip # 下载wordpress到指定目录
--2016-03-23 17:26:22--https://cn.wordpress.org/wordpress-4.4.2-zh_CN.zip
Resolving cn.wordpress.org... 66.155.40.249, 66.155.40.250
Connecting to cn.wordpress.org|66.155.40.249|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8168125 (7.8M)
Saving to: “/var/www/wp/wordpress.zip”
100%[===================================================================================================================================================>] 8,168,125 277K/s in 43s
2016-03-23 17:27:06 (187 KB/s) - “/var/www/wp/wordpress.zip” saved
#
配置WordPress
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# unzip wordpress.zip #解压缩wordpress安装包
inflating: wordpress/wp-content/themes/twentysixteen/search.php
inflating: wordpress/wp-content/themes/twentysixteen/searchform.php
inflating: wordpress/wp-content/themes/twentysixteen/page.php
creating: wordpress/wp-content/themes/twentysixteen/template-parts/
#过程省略
inflating: wordpress/wp-signup.php
inflating: wordpress/readme.html
inflating: wordpress/wp-config-sample.php
inflating: wordpress/wp-blog-header.php
inflating: wordpress/wp-links-opml.php
# cd wordpress #进入安装目录
# cp wp-config-sample.php wp-config.php #复制其配置模板然后配置
# vim wp-config.php #按自己的参数进行配置
/** WordPress数据库的名称 */
define('DB_NAME', 'wpdb');
/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'passwd');
/** MySQL主机 */
define('DB_HOST', '192.168.2.6');
# service httpd restart #重启httpd 服务
Stopping httpd:
Starting httpd:
httpd: Could not reliably determine the server's fully qualified domain name, using wp.anyisalin.com for ServerName
NameVirtualHost 192.168.2.7:80 has no VirtualHosts
# ln -sv wp wordpress.zip
测试WordPress
如果想查看详细安装过程, 请看我以前写的博客CentOS/RHEL6.5中使用WordPress快速建站
四、部署Discuz
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# yum install httpd php php-mysql -y #安装相应软件
Loaded plugins: fastestmirror
Setting up Install Process
Determining fastest mirrors
anyisalin | 4.0 kB 00:00 ...
anyisalin/primary_db | 4.6 MB 00:00 ...
Resolving Dependencies
--> Running transaction check
#过程太长, 中间省略
12/12
Installed:
httpd.x86_64 0:2.2.15-45.el6.centos php.x86_64 0:5.3.3-40.el6_6 php-mysql.x86_64 0:5.3.3-40.el6_6
Dependency Installed:
apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 httpd-tools.x86_64 0:2.2.15-45.el6.centos libedit.x86_64 0:2.11-4.20080712cvs.1.el6
mailcap.noarch 0:2.1.31-2.el6 php-cli.x86_64 0:5.3.3-40.el6_6 php-common.x86_64 0:5.3.3-40.el6_6 php-pdo.x86_64 0:5.3.3-40.el6_6
Complete!
配置虚拟主机
1
2
3
4
5
6
7
8
# vim /etc/httpd/conf.d/wp.conf
#配置如下
NameVirtualHost 192.168.2.7:80
<VirtualHost *:80>
ServerName dz.anyisalin.com
DocumentRoot /var/www/dz
</VirtualHost>
下载Discuz
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# wget -O /var/www/dz/dz.zip http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip #下载discuz到相应目录
--2016-03-24 04:54:19--http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip
Resolving download.comsenz.com... 101.227.130.115
Connecting to download.comsenz.com|101.227.130.115|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12486177 (12M)
Saving to: “/var/www/dz/dz.zip”
100%[===================================================================================================================================================>] 12,486,1777.65M/s in 1.6s
2016-03-24 04:54:21 (7.65 MB/s) - “/var/www/dz/dz.zip” saved
# cd /var/www/dz/
# unzip dz.zip
inflating: utility/convert/source/uch2.0_x2.0/table/home_blogfield.php
inflating: utility/convert/source/uch2.0_x2.0/table/home_class.php
inflating: utility/convert/source/uch2.0_x2.0/table/home_click.php
inflating: utility/convert/source/uch2.0_x2.0/table/home_clickuser.php
inflating: utility/convert/source/uch2.0_x2.0/table/home_comment.php
#过程过长省略
inflating: utility/oldprg/uchome/space.php
inflating: utility/restore.php
inflating: utility/update.php
# service httpd restart #重启httpd服务
Stopping httpd:
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using dz.anyisalin.com for ServerName
NameVirtualHost 192.168.2.8:80 has no VirtualHosts
# cd upload
# chmod 777 * -R #待会要用
配置Discuz(通过网页配置)
输入此URL进入安装界面
五、部署PMA 现在我们的Application 都已经搭建好了,由于我们的数据都在pma主机的数据库上,是非常便于管理的,我们可以通过安装phpMyAdmin去管理
配置虚拟主机(软件我们一开始已经安装过了)
1
2
3
4
5
6
7
8
# vim /etc/httpd/conf.d/virt.conf
NameVirtualHost 192.168.2.6:80
<VirtualHost *:80>
ServerName pma.anyisalin.com
DocumentRoot /var/www/pma
</VirtualHost>
下载PhpMyAdmin(由于我的MySQL版本太低, 所以用phpMyAdmin-4.0的
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# wget https://files.phpmyadmin.net/phpMyAdmin/4.0.10.15/phpMyAdmin-4.0.10.15-english.zip
--2016-03-23 18:23:48--https://files.phpmyadmin.net/phpMyAdmin/4.0.10.15/phpMyAdmin-4.0.10.15-english.zip
Resolving files.phpmyadmin.net...
61.191.206.4
Connecting to files.phpmyadmin.net|61.191.206.4|:443... failed: Connection refused.
#
# wget https://files.phpmyadmin.net/phpMyAdmin/4.0.10.15/phpMyAdmin-4.0.10.15-english.zip
--2016-03-23 18:24:12--https://files.phpmyadmin.net/phpMyAdmin/4.0.10.15/phpMyAdmin-4.0.10.15-english.zip
Resolving files.phpmyadmin.net... 37.235.108.9
Connecting to files.phpmyadmin.net|37.235.108.9|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4923535 (4.7M)
Saving to: “phpMyAdmin-4.0.10.15-english.zip”
100%[===================================================================================================================================================>] 4,923,535 45.4K/s in 3m 59s
2016-03-23 18:28:13 (20.1 KB/s) - “phpMyAdmin-4.0.10.15-english.zip” saved
# unzip phpMyAdmin-4.0.10.15-english #解压
inflating: phpMyAdmin-4.0.10.15-english/js/sql.js
inflating: phpMyAdmin-4.0.10.15-english/js/tbl_change.js
inflating: phpMyAdmin-4.0.10.15-english/js/tbl_chart.js
inflating: phpMyAdmin-4.0.10.15-english/js/tbl_gis_visualization.js
inflating: phpMyAdmin-4.0.10.15-english/js/tbl_relation.js
#过程太长,省略
inflating: phpMyAdmin-4.0.10.15-english/js/tbl_select.js
inflating: phpMyAdmin-4.0.10.15-english/js/tbl_structure.js
inflating: phpMyAdmin-4.0.10.15-english/js/tbl_zoom_plot_jqplot.js
inflating: phpMyAdmin-4.0.10.15-english/js/whitelist.php
creating: phpMyAdmin-4.0.10.15-english/libraries/
inflating: phpMyAdmin-4.0.10.15-english/libraries/Advisor.class.php
inflating: phpMyAdmin-4.0.10.15-english/libraries/Config.class.php
inflating: phpMyAdmin-4.0.10.15-english/libraries/DBQbe.class.php
inflating: phpMyAdmin-4.0.10.15-english/libraries/DbSearch.class.php
inflating: phpMyAdmin-4.0.10.15-english/libraries/DisplayResults.class.php
inflating: phpMyAdmin-4.0.10.15-english/libraries/Error.class.php
inflating: phpMyAdmin-4.0.10.15-english/libraries/Error_Handler.class.php
# ln -svphpMyAdmin-4.0.10.15-englishpma #建立软链接
`pma' -> `phpMyAdmin-4.0.10.15-english'
# service httpd restart #重启httpd服务
Stopping httpd:
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using pma.anyisalin.com for ServerName
NameVirtualHost 192.168.2.6:80 has no VirtualHosts
#
测试(一定要安装php-mbstring)
六、部署PMA为https 由于我们的数据库安全至关重要,所以要对pma.anyisalin.com进行加密
将wp主机建立成私有CA
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# (umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
...............................................................................................+++
......+++
e is 65537 (0x10001)
# openssl req -new -x509 -key private/cakey.pem-out cacert.pem -days 7300
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :CN
State or Province Name (full name) []:HeFei
Locality Name (eg, city) :HeFei
Organization Name (eg, company) :AnyISalIn
Organizational Unit Name (eg, section) []:OPS
Common Name (eg, your name or your server's hostname) []:wp.anyisalin.com
Email Address []:mail.anyisalin.com
# touch index.txt
# echo 01 > serial
PMA主机生成私钥和证书
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# cd /etc/httpd/
# mkdir certs/
# cd certs/
# (umask 077; openssl genrsa -out httpd.key 1024)
Generating RSA private key, 1024 bit long modulus
.......................................++++++
.......................................................................................++++++
e is 65537 (0x10001)
# openssl req -new-key httpd.key -out http.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :CN
State or Province Name (full name) []:HeFei
Locality Name (eg, city) :HeFei
Organization Name (eg, company) :AnyISalIn
Organizational Unit Name (eg, section) []:OPS
Common Name (eg, your name or your server's hostname) []:pma.anyisalin.com
Email Address []:mail.anyisalin.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# scp http.csr 192.168.2.7:/etc/pki/CA
The authenticity of host '192.168.2.7 (192.168.2.7)' can't be established.
RSA key fingerprint is af:4e:d8:d7:41:04:f4:3a:66:ba:ca:b4:b0:c0:86:e8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.7' (RSA) to the list of known hosts.
root@192.168.2.7's password:
http.csr 100%704 0.7KB/s 00:00
#
wp主机签署证书
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#openssl ca -in http.csr -out certs/httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Mar 23 22:54:29 2016 GMT
Not After : Mar 23 22:54:29 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = HeFei
organizationName = AnyISalIn
organizationalUnitName = OPS
commonName = pma.anyisalin.com
emailAddress = mail.anyisalin.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F0:B1:A8:2E:36:72:E5:D9:F7:20:22:61:67:49:29:63:7E:3E:37:24
X509v3 Authority Key Identifier:
keyid:BE:1B:E0:D0:B5:54:12:22:99:68:03:9D:BA:7A:01:E9:A4:AD:ED:5B
Certificate is to be certified until Mar 23 22:54:29 2017 GMT (365 days)
Sign the certificate? :y
1 out of 1 certificate requests certified, commit? y
Write out database with 1 new entries
Data Base Updated
# scp certs/httpd.crt 192.168.2.6:/etc/httpd/certs
The authenticity of host '192.168.2.6 (192.168.2.6)' can't be established.
RSA key fingerprint is af:4e:d8:d7:41:04:f4:3a:66:ba:ca:b4:b0:c0:86:e8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.6' (RSA) to the list of known hosts.
root@192.168.2.6's password:
httpd.crt 100% 3879 3.8KB/s 00:00
#
配置PMA主机支持SSL
mod_ssl软件开始已经安装过,我们直接修改虚拟主机配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# vim /etc/httpd/conf.d/virt.conf #必须注释/etc/httpd/conf/httpd.conf中DocumentRoot
Listen 443
<VirtualHost 192.168.2.6:443>
ServerName pma.anyisalin.com
DocumentRoot /var/www/pma
SSLengine ON
SSLprotocol ALL -sslv2 -sslv3
SSLcertificatefile /etc/httpd/certs/httpd.crt
SSLcertificatekeyfile /etc/httpd/certs/httpd.key
</VirtualHost>
# service httpd start #启动httpd
Starting httpd: _default_ VirtualHost overlap on port 443, the first has precedence
NameVirtualHost 192.168.2.6:443 has no VirtualHosts
测试
导入CA证书
刷新页面
七、总结 总结了近两天所学的知识,能够熟悉的在LAMP环境下部署Web Application,并且简单的使用MySQL,还是很有收获的,但是在https配置上还有点不熟,还有待提高。
页:
[1]