LAMP架构之httpd+php(module)+mariadb
CentOS 7, lamp(module);实现:
(1) 三者分离于两台主机;
(2) 一个虚拟主机用于提供phpMyAdmin;另一个虚拟主机用于提供wordpress;
(3) 为php提供xcache;
(4) 为phpMyAdmin网站提供https虚拟主机
http://s4.运维网.com/wyfs02/M01/7A/08/wKiom1ahcZrTGx63AABQE4J3bYQ743.png
ON http(172.16.17.7):
1)安装httpd及php程序包
# yum -y install httpd php php-mysql php-mbstring 2)httpd虚拟主机www.pma.com以及www.wordpress.com,新建/etc/httpd/conf.d/vhosts.conf
ServerName www.pma.com
DocumentRoot "/web/pma/htdocs"
Options None
AllowOverride None
Require all granted
ServerName www.wordpress.com
DocumentRoot "/web/wordpress/htdocs"
Options None
AllowOverride None
Require all granted
3)安装配置PHPmyadmin程序
# mkdir -pv /web/{pma,wordpress}
# unzip phpMyAdmin-4.4.14.1-all-languages.zip -d /web/pma/
# mv /web/pma/phpMyAdmin-4.4.14.1-all-languages/ /web/pma/htdocs
# cd /web/pma/htdocs
# cp config.sample.inc.php config.inc.php
# openssl rand -base64 20
5Cfn69rDk+6I3Twd4KtgLfT/v5k=
编辑config.inc.php文件,将生成的随机数复制到里面,然后更改数据库连接主机:
$cfg['blowfish_secret'] = '5Cfn69rDk+6I3Twd4KtgLfT/v5k';
$cfg['Servers'][$i]['host'] = '172.16.17.8'; 4)安装配置wordpress程序
# unzip wordpress-4.3.1-zh_CN.zip -d /web/wordpress/
# mv /web/wordpress/wordpress/ /web/wordpress/htdocs
# cd /web/wordpress/htdocs
# cp wp-config-sample.php wp-config.php
编辑wp-config.php文件,配置数据库连接信息:
define('DB_NAME', 'wpdb');
define('DB_USER', 'wpuser');
define('DB_PASSWORD', 'wppasswd');
define('DB_HOST', '172.16.17.8'); 5)启动httpd服务
# httpd -t
Syntax OK
# systemctl start httpd.service
ON mariadb(172.16.17.8):
1)创建运行mariadb的用户
# groupadd -r mysql
# useradd -r -g mysql mysql 2)创建数据库存放目录
# mkdir -pv /data/mysql
# chown -R mysql.mysql /data/mysql/ 3)解压mariadb程序包至/usr/local,并创建mysql软链接
# tar xf mariadb-5.5.46-linux-x86_64.tar.gz -C /usr/local/
# cd /usr/local/
# ln -sv mariadb-5.5.46-linux-x86_64/ mysql 4)初始化数据库
# chown -R root.mysql mysql/
# scripts/mysql_install_db --user=mysql --datadir=/data/mysql 5)提供mysql主配置文件并编辑之
# mkdir /etc/mysql
# cp support-files/my-medium.cnf /etc/mysql/my.cnf
在my.cnf配置文件中的端添加以下内容:
datadir = /data/mysql //设置mysql的数据存储目录
innodb_file_per_table = ON //设置innodb存储引擎独立存储数据库
skip_name_resolve = ON //禁止mysql进行反解主机名 6)提供mysql服务脚本
# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
# chmod +x /etc/rc.d/init.d/mysqld
# chkconfig --add mysqld
# chkconfig mysqld on 7)启动mysqld服务
# service mysqld start 8)创建wpdb库,授权wpuser用户连接
MariaDB [(none)]> CREATE SCHEMA wpdb;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wpdb.* TO 'wpuser'@'172.16.%.%' IDENTIFIED BY 'wppasswd';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'172.16.%.%' IDENTIFIED BY '123qwe!@#';
MariaDB [(none)]> FLUSH PRIVILEGES;
打开浏览器,添加hosts文件解析,访问网站:
http://s2.运维网.com/wyfs02/M00/7A/18/wKiom1aiBgigBEL7AAAKxMT5HO4623.png
http://s4.运维网.com/wyfs02/M02/7A/18/wKiom1aiBiXQ4zB1AAAxb2Jvj28463.png
http://s3.运维网.com/wyfs02/M02/7A/17/wKioL1aiBmeTHYcJAABcfAI1lJs141.png
http://s2.运维网.com/wyfs02/M00/7A/17/wKioL1aiBm7C_LpMAADHw3HD6hk011.png
http://s4.运维网.com/wyfs02/M01/7A/18/wKiom1aiBjTSjbGhAAA-3AG8vs0055.png
http://s2.运维网.com/wyfs02/M01/7A/17/wKioL1aiBnXBz_7sAABH8JgzHUM406.png
客户端使用ab命令对服务器进行压力测试:
# ab -c 50 -n 500 http://www.pma.com/index.php http://s3.运维网.com/wyfs02/M00/7A/4F/wKioL1anSKTyclESAAA9miJwC88091.png
ON http(172.16.17.7):为web服务器编译安装xcache
1)安装php-devel包及开发工具包组
# yum -y install php-devel
# yum -y groupinstall "Development Tools" "Server Platform Development" 2)解压xcache源码包至/usr/local下
# tar xf xcache-3.2.0.tar.bz2 -C /usr/local/
# mv /usr/local/xcache-3.2.0/ /usr/local/xcache 3)生成configure脚本
# phpize 4)执行编译安装
# ./configure --enable-xcache --with-php-config=/usr/bin/php-config
# make -j 4 && make install 5)复制xcache的ini文件至/etc/php.d目录下
# cp xcache.ini /etc/php.d/ 6)重启httpd服务
# systemctl restart httpd.service
再次在客户端使用ab命令对服务器进行压力测试:
# ab -c 50 -n 500 http://www.pma.com/index.phphttp://s1.运维网.com/wyfs02/M00/7A/4F/wKioL1anSoqj_5f-AAA9ldG-Ol8493.png
为PHPMyAdmin网站提供https虚拟主机:
ON mariadb(172.16.17.8):模拟私有CA,生成CA私钥及自签证书
# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
-----
Country Name (2 letter code) :CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) :Beijing
Organization Name (eg, company) :MageEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:ca.stu17.com
Email Address []:caadmin@stu17.com
# mkdir -pv /etc/pki/CA/{certs,crl,newcerts}
# touch /etc/pki/CA/{serial,index.txt}
# echo 02 > /etc/pki/CA/serial
# ls /etc/pki/CA/
cacert.pemcertscrlindex.txtnewcertsprivateserial
ON http(172.16.17.7):创建证书签署请求
# mkdir /etc/httpd/ssl
# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)
# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr -days 3650
-----
Country Name (2 letter code) :CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) :Beijing
Organization Name (eg, company) :MageEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www.pma.com
Email Address []:admin@pma.com
# scp /etc/httpd/ssl/httpd.csr root@172.16.17.8:/etc/pki/CA/
ON mariadb(172.16.17.8):CA签证
# openssl ca -in /etc/pki/CA/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 3650
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Jan 23 00:21:51 2016 GMT
Not After : Jan 20 00:21:51 2026 GMT
Subject:
countryName = CN
stateOrProvinceName = Beijing
organizationName = MageEdu
organizationalUnitName = Ops
commonName = www.pma.com
emailAddress = admin@pma.com
# scp /etc/pki/CA/certs/httpd.crt root@172.16.17.7:/etc/httpd/ssl/
ON http(172.16.17.7):配置httpd支持使用ssl,及使用的证书
# yum -y install mod_ssl
# vim /etc/httpd/conf.d/ssl.conf
DocumentRoot "/web/pma/htdocs"
ServerName www.pma.com:443
Options None
AllowOverride None
Require all granted
......
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
# httpd -t
Syntax OK
# systemctl restart httpd.service
将CA主机上的CA证书改名为cacert.crt导入到本地网站信任证书列表中,测试访问
http://s1.运维网.com/wyfs02/M02/7A/50/wKiom1anXe_x84jAAAEHvHiSWxc690.png
页:
[1]