|
1 搭建开始 环境准备开始: 1
2
| [root ~]# service httpd24 stop # 关闭此前编译的2.4
[root ~]# yum install -y php
|
php和httpd结合的方式是模块化的: 1
2
3
4
5
| [root ~]# rpm -ql php
/etc/httpd/conf.d/php.conf
/usr/lib64/httpd/modules/libphp5.so # 就这个模块
/var/lib/php/session
/var/www/icons/php.gif
|
既然是模块,就无需启动服务,启动httpd即可 1
2
3
4
5
| [root ~]# service httpd start
[root ~]# /usr/sbin/httpd -M|grep php
httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
php5_module (shared) # 模块已加载
Syntax OK
|
使用浏览器访问IP地址: 测试php是否已经启动: 1
2
3
4
5
6
7
8
9
| [root ~]# cd /vhosts/a.com/htdocs/
[root htdocs]# mv index.html index.php
[root htdocs]# vim index.php
<h1>www.a.com</h1> # 在此行下面添加测试代码
<?php
phpinfo();
?>
<h2>PHP Test Page</h2>
|
刷新浏览器,出现一堆信息: php解释器不会和数据库打交道,和数据库打交道的是php应用程序本身,但是这种打交道是通过驱动完成的。这种驱动php和MySQL都有提供。安装驱动: 1
2
| [root htdocs]# yum install -y php-mysql
[root htdocs]# service httpd reload
|
刷新浏览器可以看到结果: Additional .ini files parsed
| /etc/php.d/curl.ini, /etc/php.d/fileinfo.ini, /etc/php.d/json.ini, /etc/php.d/mysql.ini, /etc/php.d/mysqli.ini, /etc/php.d/pdo.ini, /etc/php.d/pdo_mysql.ini, /etc/php.d/pdo_sqlite.ini, /etc/php.d/phar.ini, /etc/php.d/sqlite3.ini, /etc/php.d/zip.ini
|
安装mysql服务器端: 1
2
3
| [root htdocs]# yum install -y mysql-server
[root htdocs]# service mysqld start
[root htdocs]# ss -tunl|grep :3306
|
测试mysql确实启动: 1
2
3
4
5
6
7
8
9
10
11
12
| [root htdocs]# vim index.php
<h1>www.a.com</h1>
<?php
$conn = mysql_connect('127.0.0.1','root','');
if ($conn)
echo "OK";
else
echo "Failure";
mysql_close($conn);
?>
|
刷新浏览器显示OK,lamp环境就这样简单的搭建起来了。
2 WordPress搞起1
2
3
4
5
6
7
8
9
10
11
| [root htdocs]# unzip wordpress-3.3.1-zh_CN.zip
[root htdocs]# cd wordpress
[root wordpress]# vim wp-config-sample.php # 修改三项
define('DB_NAME', 'wpdb');
/** MySQL 数据库用户名 */
define('DB_USER', 'wpuser');
/** MySQL 数据库密码 */
define('DB_PASSWORD', 'wppass');
[root wordpress]# cp wp-config-sample.php wp-config.php
|
建立数据库: 1
2
3
4
5
| [root wordpress]# mysql
mysql> CREATE DATABASE wpdb;
mysql> GRANT ALL ON wpdb.* TO 'wpuser'@'127.0.0.1' IDENTIFIED BY 'wppass';
mysql> GRANT ALL ON wpdb.* TO 'wpuser'@'localhost' IDENTIFIED BY 'wppass';
mysql> FLUSH PRIVILEGES;
|
3 phpMyAdmin搞起1
2
3
4
5
| [root htdocs]# unzip phpMyAdmin-4.0.5-all-languages.zip
[root htdocs]# ln -s phpMyAdmin-4.0.5-all-languages pma
[root htdocs]# cd pma/
[root pma]# yum install php-mbstring –y # 多字节字串,为了支持中文需要启动此功能
[root pma]# service httpd reload
|
给mysql root设置密码: 1
2
3
| mysql> SET PASSWORD FOR 'root'@'localhost'=PASSWORD('123456');
mysql> SET PASSWORD FOR 'root'@'127.0.0.1'=PASSWORD('123456');
mysql> FLUSH PRIVILEGES;
|
可以使用root身份登录了
4 搞两个虚拟主机1
2
3
4
5
6
7
8
9
10
11
12
| [root ~]# vim /etc/httpd/conf/httpd.conf
#DocumentRoot "/var/www/html" # 注释掉
NameVirtualHost *:80 # 将这行注释取消
<VirtualHost *:80>
servername www.a.com
documentroot /vhosts/a.com/htdocs/
</virtualhost>
<VirtualHost *:80>
servername www.c.net
documentroot /vhosts/c.net/htdocs
</virtualhost>
|
5 配置httpd支持https1、为服务器申请数字证书 (a) 为了测试,创建私有CA 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| [root ~]# cd /etc/pki/CA/ # 另开一个虚拟机
[root CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) # 创建私钥
[root CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 10000
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:ca.magedu.com
Email Address []:
# 此证书需要共享给其他用户,因为需要此证书里面的公钥做验证。
[root CA]# touch index.txt
[root CA]# echo 01 > serial
|
(b) 在服务器创建证书签署请求 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| [root ~]# cd /etc/httpd/
[root httpd]# mkdir ssl
[root httpd]# cd ssl/
[root ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
[root ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root ssl]# scp httpd.csr root@172.16.45.1:/tmp # 将请求发给CA
|
(c) CA签证 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| [root CA]# cd /tmp/
[root tmp]# openssl ca -in httpd.csr -out httpd.crt -days 3653
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 25 17:27:07 2015 GMT
Not After : Apr 25 17:27:07 2025 GMT
Subject:
countryName = CN
stateOrProvinceName = HA
organizationName = MageEdu
organizationalUnitName = Ops
commonName = www.a.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
56:8C:DA:7F:FE:18:59:C5:C4:82:C8:20:30:88:8B:BF:1F:8C:6A:67
X509v3 Authority Key Identifier:
keyid:C5:77:A0:E0:54:72:42:99:83:0D:7A:F8:53:6D:24:E4:CF:6D:CA:30
Certificate is to be certified until Apr 25 17:27:07 2025 GMT (3653 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root tmp]# scp httpd.crt 172.16.45.10:/etc/httpd/ssl/ # 将签署好的证书发回
|
2、配置httpd支持使用ssl,及使用的证书。但是http默认是不支持ssl的,使用httpd -M|grep ssl命令是没有结果的。因此需要安装mod_ssl这个支包。 1
2
3
4
5
6
7
8
| # yum -y install mod_ssl
[root ssl]# rpm -ql mod_ssl # 查看该包生成的文件
/etc/httpd/conf.d/ssl.conf
/usr/lib64/httpd/modules/mod_ssl.so # 模块文件
/var/cache/mod_ssl
/var/cache/mod_ssl/scache.dir # 缓存功能,加速ssl握手过程
/var/cache/mod_ssl/scache.pag
/var/cache/mod_ssl/scache.sem
|
编辑配置文件后,重启监听443端口 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| [root ssl]# cp /etc/httpd/conf.d/ssl.conf{,.bak}
[root ssl]# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost *:443>
ServerName www.a.com:443 # 虚拟主机的主机名
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log # 二进制格式
LogLevel warn
SSLEngine on # ssl功能的总开关
SSLProtocol all -SSLv2 # 不使用ssl v2版
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW # 加密的算法
SSLCertificateFile /etc/httpd/ssl/httpd.crt # 签署好的证书文件
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key # 私钥文件
</VirtualHost>
[root ssl]# httpd -t
[root ssl]# service httpd restart
|
3、测试基于https访问相应的主机 # openssl s_client [-connect host:port] [-cert filename] [-CApath directory] [-CAfile filename]:s_client可以将自己扮演成客户端 1
2
| [root tmp]# scp /etc/pki/CA/cacert.pem 172.16.45.10:/tmp # 将CA的证书发给扮演的客户端,用来验证服务器的证书
[root ssl]# openssl s_client -connect www.a.com:443 -CAfile /tmp/cacert.pem
|
在windows上测试: 将CA变为受信任的机构:把CA的证书发送到windows桌面并更名为cacert.crt后,就能安装了。安装完成后,编辑hosts文件,添加172.16.45.10 www.a.com,最后重启浏览器再次进行访问就没问题了。
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-5-4 08:35:03
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡