LAMP架构是一个提供web服务的整体架构,它的组件分别是Linux、Apache、Mysql(Mariadb)、PHP。本文介绍如何快速构建一个LAMP架构,并将PHP编译为apache的模块。之后并使用xcache加速引擎来加速php页面的处理速度。
一、配置前准备
- 两台CentOS 7主机。主机A地址为172.16.25.71,主机B为172.16.25.72
- 在两台主机配置好yum源。
- 下载两个web架构包phpMyAdmin-4.4.14.1-all-languages.zip和wordpress-4.4.1-zh_CN.zip
phpMyAdmin下载
wordpress下载
二、在主机A安装apache程序(httpd)并安装php程序。 1、安装httpd程序,并启动之;查看服务是否启动(查看80端口是否处于监听状态) 1
2
3
4
5
6
7
8
| [iyunv@A ~]# yum install httpd
[iyunv@A ~]# systemctl start httpd.service
[iyunv@A ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6010 *:*
LISTEN 0 128 :::80 :::*
|
2、安装php程序包,使用rpm包安装的php会自动成为httpd的模块 1
2
3
4
5
6
7
| [iyunv@A ~]# yum install php
[iyunv@A ~]# rpm -ql php
/etc/httpd/conf.d/php.conf ------> 此处php成为httpd的一个子配置文件
/etc/httpd/conf.modules.d/10-php.conf
/usr/lib64/httpd/modules/libphp5.so
/usr/share/httpd/icons/php.gif
/var/lib/php/session
|
3、在/var/www/html/下提供一个测试页面index.php如下 1
2
3
4
5
6
| [iyunv@A ~]# vim /var/www/html/index.php
[iyunv@A ~]# cat /var/www/html/index.php
<h1> This is a Test Page </h1>
<?php
phpinfo(); ------> phpinfo() 是php的内置函数,我们可以使用这个来测试php页面
?>
|
4、测试访问页面. 注意:此处如不可访问,请确保关闭防火墙;但是在生产环境中不建议这么做,而是应该自己定义iptables规则,此处仅为测试,一切简单起见 [iyunv@A ~]# iptables -F
[iyunv@A ~]# iptables -X 5、在主机A安装php-mysql待用 1
| [iyunv@A html]# yum install php-mysql
|
三、在主机B安装数据库服务器,并测试连接 1、安装mariadb-server并启动服务且查看端口(3306是mysql的默认端口) 1
2
3
4
5
| [iyunv@B ~]# yum install mariadb-server
[iyunv@B ~]# systemctl start mariadb.service
[iyunv@B ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
|
2、运行mysql-secure-install脚本来给简单设置mariadb 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
| [iyunv@B ~]# mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command notfound
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you'vejust installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] Y ---->更改root用户密码
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing,and to make the installation
go a bit smoother. You should removethem before moving into a
production environment.
Remove anonymous users? [Y/n] Y ---->移除多余用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y ----->是否禁止root用户远程登录
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only fortesting, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y --->移除数据库test
- Dropping test database...
ERROR 1HY000) at line 1: Can't drop database 'test'; database doesn'texist
... Failed! Not critical, keep moving...
- Removing privileges on testdatabase...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y ---->刷新权限列表
... Success!
Cleaning up...
All done! If you've completed all of theabove steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
|
3、在主机B上登录mariadb来授权一个用户,使php可以访问数据库 1
2
3
4
5
6
7
8
9
10
11
12
| [iyunv@B ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commandsend with ; or \g.
Your MariaDB connection id is 20
Server version: 5.5.41-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> GRANT ALL ON *.* TO 'root'@172.16.25.71 IDENTIFIED BY'123456';
Query OK, 0 rows affected (0.00 sec)
|
4、测试连接mysql,编辑主机A的/var/www/html/index.php如下,并测试连接 1
2
3
4
5
6
7
8
9
10
| [iyunv@A ~]# vim /var/www/html/index.php
[iyunv@A ~]# cat /var/www/html/index.php
<h1> This is a Test Page </h1>
<?php
$conn =mysql_connect('172.16.25.72','root','123456'); ---> 此处指明mysql服务器ip,和mysql用户名以及密码
if($conn)
echo "The phpconnect to mysql-sever successfully.";
else
echo "The phpconnect to mysql-server failing.";
?>
|
注:此处的mysql如果连接不上,原因也是防火墙,可以使用如上方式关闭防火墙; 至此,LAMP架构成功完成,下面我们提供两个现成的web架构;
四、配置http两个虚拟主机为两个web架构提供服务; (1)配置httpd 1、在/etc/httpd/conf.d/目录下新建两个配置文件,写入如下内容 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| [iyunv@A ~]# vim /etc/httpd/conf.d/phpAdmin.conf
[iyunv@A ~]# cat /etc/httpd/conf.d/phpAdmin.conf
DirectoryIndex index.php
<VirtualHost *:80>
Servername www.pma.net
DocumentRoot /var/www/pma
<Directory "/var/www/pma">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
[iyunv@A ~]# vim /etc/httpd/conf.d/wordpress.conf
[iyunv@A ~]# cat/etc/httpd/conf.d/wordpress.conf
DirectoryIndex index.php
<VirtualHost *:80>
Servername www.wordpress.net
DocumentRoot /var/www/wordpress
<Directory"/var/www/wordpress">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
|
2、更改主机A的apache主配置文件如下 1
2
| [iyunv@A ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot "/var/www/html" ----> 找到此行并注释掉
|
(2)配置phpMyAdmin 1、解压phpMyAdmin-4.4.14.1-all-languages.zip/var/www目录下并重命名解压后的phpadmin文件为pma 1
2
| [iyunv@A ~]# unzip /var/www/phpMyAdmin-4.4.14.1-all-languages.zip -d /var/www/
[iyunv@A ~]# mv /var/www/phpMyAdmin-4.4.14.1-all-languages /var/www/pma
|
2、修改/var/www/pma/目录下的配置文件config.inc.php并安装php-mbstring包 1
2
3
4
5
6
7
| [iyunv@A ~]# mv /var/www/pma/config.sample.inc.php /var/www/pma/config.inc.php
[iyunv@A ~]# openssl rand -base64 20 ----> 生成一段随机数加入下面的配置文件对应位置
86yJwGtVrrd2xX2CrQSfGcvG/gk=
[iyunv@A ~]# vim /var/www/pma/config.inc.php 更改如下两行
$cfg['blowfish_secret'] = '86yJwGtVrrd2xX2CrQSfGcvG/gk'; /* YOU MUST FILL INTHIS FOR COOKIE AUTH! */
$cfg['Servers'][$i]['host'] = '172.16.25.72'; -----> 更改为mysql服务器地址
[iyunv@A ~]# yum install php-mbstring
|
3、更改测试主机的hosts文件,本次测试是windows主机,故在C:\Windows\System32\drivers \etc\hosts文件添加如下内容
4、重载httpd服务 1
| [iyunv@A ~]# systemctlreload httpd.service
|
6、登录进入即可管理数据库
(3)配置wordpress
1、解压wordpress-4.3.1-zh_CN.zip至/var/www目录下 1
| [iyunv@A ~]# unzip /var/www/wordpress-4.3.1-zh_CN.zip -d /var/www/
|
2、进入/var/www/wordpress/目录下,对wordpress的配置文件做出如下更改; 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| [iyunv@A ~]# cd /var/www/wordpress/
[iyunv@A wordpress]# cp wp-config-sample.php wp-config.php
[iyunv@A www]# vim wp-config.php ----> 主要更改如下四项
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');
/** MySQL数据库用户名 */
define('DB_USER', 'root');
/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');
/** MySQL主机 */
define('DB_HOST', '172.16.25.72');
|
3、因为wordpress不能自己建立数据库,所以我们在主机B mysql服务器给它手动创建wordpress数据库 1
2
3
4
5
6
7
8
9
10
11
12
| [iyunv@COS7 ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 43
Server version: 5.5.41-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE wordpress;
Query OK, 1 row affected (0.00 sec)
|
5、简单填写之后,便可以使用这个很强大的个人信息发布平台。
五、为php提供加速引擎Xcache并设置phpMyAdmin站点为https协议访问 1、在主机A下载php-xcache包 1
| [iyunv@A ~]# yum install php-xcache
|
2、向CA发送证书签署请求,并保存签署过的证书至本地主机A/etc/httpd/ssl目录如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| [iyunv@A ~]# mkdir /etc/httpd/ssl
[iyunv@A ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus
..........................+++
.............+++
e is 65537 (0x10001)
#生成证书请求
[iyunv@A ssl]# openssl req -new -key httpd.key -out httpd.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:BeiJing
Organization Name (eg, company) [Default Company Ltd]:Univser fly
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:www.pma.net
Email Address []:admin@pma.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[iyunv@A ssl]# ls
httpd.crt httpd.csr httpd.key ----> httpd.crt即为签署过的证书
|
注:关于此部分,如果仅为测试或学习所用可以私建一个CA;相关方法可参考我的另一篇博客加密解密技术介绍和OpenSSL介绍
3、下载mod_ssl模块,并编辑ssl模块的配置文件ssl.conf
1
2
3
4
5
6
| [iyunv@A ssl]# yum install mod_ssl ---> 会变为httpd的一个模块
[iyunv@A ~]# vim /etc/httpd/conf.d/ssl.conf --->更改如下四行内容如下
DocumentRoot "/var/www/pma"
ServerName www.pma.net:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
|
4、此时让原有对phpAdmin的虚拟主机配置文件失效。
1
2
3
| [iyunv@A ~]# mv /etc/httpd/conf.d/phpAdmin.conf{,.bak}
# 因为监听了新的端口,所以重启服务
[iyunv@A ~]# systemctl restart httpd.service
|
5、测试,此处若为私建的CA,则需要在浏览器中导入CA服务器的证书。
注:此篇博文所做测试都是在CentOS 7上完成;
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2016-1-22 09:09:38
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡