|
|
友情提示:本文系统环境:Centos 6.6 X86_64 KDE DISKTOP + VirtualBOX(Centos 6.6 X86_64,安装类型选择为server), KSnapshot抓图,Konsole 终端连接远程虚拟机。
LAMP是Linux,Apache,Mysql,Php(perl/python)的简写,Linux提供OS平台,Apche(现在应该称为httpd)提供html协议报文的解析和响应,Mysql提供结构化数据的查询,Php(或者perl,python)的应用程序提供脚本语言的解析,4者合力实现了web动态网站,是种非常经典的wen站点的构架。现在非常著名的电商站点淘宝,当初创建之时也就是采用的这种构架,详见子柳所著《淘宝技术这十年》。
Apache(下面称为httpd),Mysql,Php这三者可以放置以同一服务器,也可各自各自以独立守护进程形式安装在不同的服务器上。在一台服务器上实现时,httpd同php可以以3种形式组合:php作为httpd的一个模块;使用fastcgi做为协议来组合;使用cgi做为协议来组合。本文采用:Centos系统光盘自带rpm包在一台服务器上实现LAMP构架模型,php采用模块形式同httpd组合在一起。
实验环境:
实验网络为:172.16.0.0/16
实验步骤:
一。构建yum环境,提供程序包的安装源。
1.1)使用Centos6.6 x86_64 DVD1系统光盘,挂载至系统。
1
2
3
4
5
6
7
8
9
10
| [lijun@Test02 ~]$ mount | egrep '(cdrom|sr0|media)'
[lijun@Test02 ~]$ sudo mount -r /dev/sr0 /media
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for lijun:
[lijun@Test02 ~]$ mount | egrep '(cdrom|sr0|media)'
/dev/sr0 on /media type iso9660 (ro)
|
1.2)建立本地yum repo文件,指导yum程序安装rpm包
#设定本地repo文件
1
2
3
4
5
6
7
8
9
10
11
| [lijun@Test02 ~]$ cd /etc/yum.repos.d/
[lijun@Test02 yum.repos.d]$ sudo mkdir beifen
[lijun@Test02 yum.repos.d]$ sudo mv CentOS* beifen/
[lijun@Test02 yum.repos.d]$ sudo touch local.repo
[lijun@Test02 yum.repos.d]$ sudo vim local.repo
[localyumrepo]
name='this is local yum source'
baseurl=file:///media/
enable=1
gpgcheck=0
:wq
|
#建立本地yum库缓存
1
2
3
4
5
6
7
8
9
10
11
12
| [lijun@Test02 yum.repos.d]$ sudo yum clean all
已加载插件:fastestmirror, security
Cleaning repos: localyumrepo
清理一切
[lijun@Test02 yum.repos.d]$ sudo yum repolist
已加载插件:fastestmirror, security
Determining fastest mirrors
localyumrepo | 4.0 kB 00:00 ...
localyumrepo/primary_db | 4.5 MB 00:00 ...
仓库标识 仓库名称 状态
localyumrepo 'this is local yum source' 6,518
repolist: 6,518
|
1
2
3
4
5
6
7
8
9
|
[lijun@Test02 yum.repos.d]$ sudo yum makecache
已加载插件:fastestmirror, security
Loading mirror speeds from cached hostfile
localyumrepo | 4.0 kB 00:00 ...
localyumrepo/group_gz | 216 kB 00:00 ...
localyumrepo/filelists_db | 6.0 MB 00:00 ...
localyumrepo/other_db | 2.8 MB 00:00 ...
元数据缓存已建立
|
#安装tree命令包做测试
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| [lijun@Test02 yum.repos.d]$ sudo yum -y install tree
已加载插件:fastestmirror, security
设置安装进程
Loading mirror speeds from cached hostfile
解决依赖关系
--> 执行事务检查
---> Package tree.x86_64 0:1.5.3-2.el6 will be 安装
--> 完成依赖关系计算
依赖关系解决
=======================================================================================================
软件包 架构 版本 仓库 大小
=======================================================================================================
正在安装:
tree x86_64 1.5.3-2.el6 localyumrepo 36 k
事务概要
=======================================================================================================
Install 1 Package(s)
总下载量:36 k
Installed size: 65 k
下载软件包:
运行 rpm_check_debug
执行事务测试
事务测试成功
执行事务
正在安装 : tree-1.5.3-2.el6.x86_64 1/1
Verifying : tree-1.5.3-2.el6.x86_64 1/1
已安装:
tree.x86_64 0:1.5.3-2.el6
完毕!
[lijun@Test02 yum.repos.d]$
|
二.安装程序包,并设定程序启动
php-mysql是php应用程序服务程序中提供mysql查询的驱动程序。
1
2
3
4
5
6
7
8
9
10
11
| [lijun@Test02 yum.repos.d]$ sudo yum -y install httpd php mysql-server php-mysql mod_ssl
。。。。。。
已安装:
httpd.x86_64 0:2.2.15-39.el6.centos mod_ssl.x86_64 1:2.2.15-39.el6.centos mysql-server.x86_64 0:5.1.73-3.el6_5
php.x86_64 0:5.3.3-38.el6 php-mysql.x86_64 0:5.3.3-38.el6
作为依赖被安装:
apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 httpd-tools.x86_64 0:2.2.15-39.el6.centos mysql.x86_64 0:5.1.73-3.el6_5
perl-DBD-MySQL.x86_64 0:4.013-3.el6 php-cli.x86_64 0:5.3.3-38.el6 php-common.x86_64 0:5.3.3-38.el6
php-pdo.x86_64 0:5.3.3-38.el6
完毕!
[lijun@Test02 yum.repos.d]$
|
#mysql启动并初始化
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| [lijun@Test02 ~]$ sudo service mysqld start
Initializing MySQL database: WARNING: The host 'Test02.lijun.com' could not be looked up with resolveip.
This probably means that your libc libraries are not 100 % compatible
with this binary MySQL version. The MySQL daemon, mysqld, should work
normally with the exception that host name resolving will not work.
This means that you should use IP addresses instead of hostnames
when specifying MySQL privileges !
Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h Test02.lijun.com password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
[ OK ]
Starting mysqld: [ OK ]
[lijun@Test02 ~]$
|
三 修改httpd配置文件,配置虚拟主机
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| [lijun@Test02 ~]$ cd /etc/httpd/conf
[lijun@Test02 conf]$ sudo cp httpd.conf{,.bak}
[lijun@Test02 conf]$ sudo vim httpd.conf
ServerName 127.0.0.1:80
#DocumentRoot "/var/www/html"
NameVirtualHost *:80
<VirtualHost 172.16.34.1:80>
ServerAdmin admin@mywordpress.com
DocumentRoot /var/www/mywordpress.com
ServerName www.mywordpress.com
ErrorLog logs/mywordpress.com-error_log
CustomLog logs/mywordpress.com-access_log common
</VirtualHost>
:wq
[lijun@Test02 conf]$ cd ../conf.d/
[lijun@Test02 conf.d]$ sudo cp ssl.conf{,.bak}
[lijun@Test02 conf.d]$ sudo vim ssl.conf
<VirtualHost 192.168.1.20:443>
DocumentRoot "/var/www/myphpadmin.com"
ServerName
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
:wq
[lijun@Test02 conf.d]$ cd /var/www
[lijun@Test02 www]$ sudo mkdir mywordpress.com
[lijun@Test02 www]$ sudo mkdir myphpadmin.com
|
四 建立私有CA,自己给自己签署证书用于https站点
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
| #建立https站点使用证书和私钥目录
[lijun@Test02 www]$ sudo mkdir /etc/httpd/ssl/
[lijun@Test02 www]$ cd /etc/pki/CA
[lijun@Test02 CA]$ ls
certs crl newcerts private
[lijun@Test02 CA]$ su -
密码:
#生成CA私钥
[iyunv@Test02 ~]# cd /etc/pki/CA
[iyunv@Test02 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus.................................
..........+++.......................................................................
....................................................................................
........+++e is 65537 (0x10001)
#生成CA自签证书
[iyunv@Test02 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3660
You are about to be asked to enter information that will be incorporatedinto your
certificate request.What you are about to enter is what is called a Distinguished
Name or a DN.There are quite a few fields but you can leave some blankFor some
fields there will be a default value,If you enter '.',
the field will be left blank.-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:lijun
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:ca.lijun.com
Email Address []:admin@lijun.com
[iyunv@Test02 CA]# ls
cacert.pem certs crl newcerts private
[iyunv@Test02 CA]# touch index.txt
[iyunv@Test02 CA]# touch serial
[iyunv@Test02 CA]# echo 01 > serial
[iyunv@Test02 CA]# cat serial
01
#为https站点生成私钥
[iyunv@Test02 CA]# (umask 077;openssl genrsa -out /etc/httpd/ssl/httpd.key 1024)
Generating RSA private key, 1024 bit long modulus
.......................++++++
.......++++++e is 65537 (0x10001)
#为https站点生成证书申请
[iyunv@Test02 CA]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blankFor some fields there will be
a default value,If you enter '.', the field will be left blank.-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HN
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:lijun
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www,myphpadmin.com
Email Address []:admin@myphpadmin.comPlease enter the following 'extra'
attributesto be sent with your certificate requestA
challenge password []:
An optional company name []:
[iyunv@Test02 CA]# ls /etc/httpd/ssl/
httpd.csr httpd.key
[iyunv@Test02 CA]#
#为https站点签署证书
[iyunv@Test02 CA]# openssl ca -in /etc/httpd/ssl/httpd.csr -out /etc/httpd/ssl/httpd.crt -days 366
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Apr 30 20:05:16 2015 GMT
Not After : Apr 30 20:05:16 2016 GMT
Subject:
countryName = CN
stateOrProvinceName = HN
organizationName = lijun
organizationalUnitName = Ops
commonName = www,myphpadmin.com
emailAddress = admin@myphpadmin.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
6D:45:30:0B:DC:12:11:83:9C:37:63:FF:3A:14:49:18:5D:71:D8:D6
X509v3 Authority Key Identifier:
keyid:BD:88:4A:1C:EC:CF:95:E4:03:41:B0:60:9E:A2:69:B3:66:8A:ED:5D
Certificate is to be certified until Apr 30 20:05:16 2016 GMT (366 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[iyunv@Test02 CA]# ls /etc/httpd/ssl
httpd.crt httpd.csr httpd.key
[iyunv@Test02 CA]#
|
五 建立基于80端口的虚拟主机站点www.mywordpress.com的站点文档
#建立wordpress程序需要使用的mysql库和用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [lijun@Test02 ~]$ sudo mysql
mysql> create database wordpress;
Query OK, 1 row affected (0.00 sec)
mysql> create user 'lijun'@'localhost' identified by 'redhat'; -->若密码,纯测试
Query OK, 0 rows affected (0.00 sec)
mysql> grant all on wordpress.*TO 'lijun'@'localhost'; -->权限过大,纯测试
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
[lijun@Test02 ~]$
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| #建立www.mywordpress.com的站点文档
[lijun@Test02 ~]$ cd /var/www/mywordpress.com/
[lijun@Test02 mywordpress.com]$sudo cp ~lijun/source/wordpress-3.2.1-zh_CN.zip .
[lijun@Test02 mywordpress.com]$sudo unzip wordpress-3.2.1-zh_CN.zip
[lijun@Test02 mywordpress.com]$ sudo cp -a wordpress/* .
[lijun@Test02 mywordpress.com]$ sudo cp wp-config-sample.php wp-config.php
[lijun@Test02 mywordpress.com]$ sudo vim wp-config.php
define('DB_NAME', 'wordpress');
/** MySQL 数据库用户名 */
define('DB_USER', 'lijun');
/** MySQL 数据库密码 */
define('DB_PASSWORD', 'redhat');
/** MySQL 主机 */
define('DB_HOST', 'localhost');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE', '');
:wq
|
六.建立https虚拟主机站点使用文档
1
2
3
4
5
6
| [lijun@Test02 httpd]$ cd /var/www/myphpadmin.com/
[lijun@Test02 myphpadmin.com]$ sudo cp ~lijun/source/phpMyAdmin-3.2.5-all-languages.tar.gz .
[lijun@Test02 myphpadmin.com]$ sudo tar -xf phpMyAdmin-3.2.5-all-languages.tar.gz
[lijun@Test02 myphpadmin.com]$ ls
phpMyAdmin-3.2.5-all-languages phpMyAdmin-3.2.5-all-languages.tar.gz
[lijun@Test02 myphpadmin.com]$ sudo cp -a phpMyAdmin-3.2.5-all-languages/* .
|
七设定防火墙和selinux
可以通过#server iptables stop 和 #setenforce 0 来关闭防火墙和设定selinux状态,防止干扰测试
也可以按下面的设定:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| [lijun@Test02 httpd]$ sudo iptables -IINPUT -p tcp -s 172.16.0.0/16 -d 172.16.34.2 -m multiport --dports 80,443 -j ACCEPT
[lijun@Test02 httpd]$ sudo iptables -IINPUT 2 -p tcp -d 172.16.34.2 -m multiport --dports 80,443 -j DROP
[lijun@Test02 httpd]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 172.16.0.0/16 172.16.34.2 multiport dports http,https
DROP tcp -- anywhere 172.16.34.2 multiport dports http,https
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
|
1
2
3
| Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[lijun@Test02 httpd]$setselinux 0
|
八 测试机上进行测试:
#因没有设定DNS,只能使用测试主机的host文件进行设定
1
2
3
4
| [lijun@server ~]$ sudo vim /etc/hosts
172.16.34.2 www.mywordpress.com
172.16.34.2 www,myphpadmin.com
:wq
|
下面时https站点:
PS:KDE桌面着实让我惊艳了一下,无论笔记本散热量还是程序启动速度与稳定性,都比win7表现要好,
现在除了聊QQ,观看加密视频不方便外,其他均可胜任平常使用需要。
路人甲: 什么?你把Centos 6.6 X86_64 社区企业版装在笔记本上用?你个疯子!!!
海盗哥:再敢嘲讽拉仇恨,哥放狗狗---斯派克去咬你的丁丁。
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-5-4 08:59:57
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡