Shulou(Shulou.com)06/01 Report--

Lab requirements:

1. CentOS 7, npm rpm package, php-fpm

A) one virtual host provides wordpress and the other virtual host provides phpmysamin

B) provide https services for phpMyAdmim

Experimental environment:

Linux server operating system version: CentOS Linux release 7.2.1511 (Core) IP:172.16.252.113

WIN7 system client: IP:172.16.250.100

Experimental premise:

1) turn off the firewall and SELinux

~] # service iptables stop

~] # setenforce 0

The process of the experiment:

First, install amp environment

1.yum package installation nmp

# yum install nginx php-fpm php-mysql mariadb-server-y

1) check whether the package has been installed successfully

# rpm-qa nginx php-fpm php-mysql mariadb-server

2) start the service

# nginx

# systemctl start mariadb

3) check whether the service starts normally

# ss-nlt

# ps aux | grep nginx

# ps aux | grep myslq

# ps aux | grep php-fpm

4) set the boot to start automatically

# systemctl enable httpd

# systemctl enable mariadb

5) check whether it is set to boot

# systemctl is-enabled httpd

# systemctl is-enabled mariadb

two。 Configure virtual host

1) create virtual host directory and configuration file / conf.d/vhosts.conf

# mkdir-pv / etc/nginx/conf.d/vhosts.conf

2) add the following to the http section in nginx.conf

Include conf.d/*.conf; / / contains a custom virtual host path

Fastcgi_cache_path / var/cache/nginx/fastcgi levels=1:1 keys_zone=fcgicache:10m max_size=1g

/ / define cache path, level, cache space name, maximum number of disk caches

3) create a cache directory

# mkdir-pv / var/cache/nginx/fastcgi

4) configure virtual host / conf.d/vhosts.conf

Server {

Listen 80

Server_name www.yang.com

Gzip on

Gzip_disable chrome

Gzip_types text/plain text/css text/xml application/xml application/json application/x-javascript

Location / {

Root / web/host1/wordpress

Index index.php index.html index.htm

}

Location ~\ .php$ {

Root / web/host1/wordpress

Fastcgi_pass 127.0.0.1:9000

Fastcgi_index index.php

Fastcgi_param SCRIPT_FILENAME / web/host1/wordpress/$fastcgi_script_name

Fastcgi_cache fcgicache

Fastcgi_cache_key $request_uri

Fastcgi_cache_valid 200 10m

Fastcgi_cache_valid 301 302 2m

Fastcgi_cache_valid 404m

Include fastcgi.conf

}

}

Server {

Listen 80

Server_name web.yang.com

Root / web/host2/phpmyadmin

Location / {

Index index.php index.html index.html

}

Location ~\ .php$ {

Fastcgi_pass 127.0.0.1:9000

Fastcgi_index index.php

Fastcgi_param SCRIPT_FILENAME / web/host2/phpmyadmin/$fastcgi_script_name

Fastcgi_cache fcgicache

Fastcgi_cache_key $request_uri

Fastcgi_cache_valid 200 10m

Fastcgi_cache_valid 301 302 2m

Fastcgi_cache_valid 404 2m

Include fastcgi.conf

}

}

Server {

Ssl on

Listen 443 ssl

Server_name web.yang.com

Root / web/host2/phpmyadmin

Ssl_certificate / etc/nginx/ssl/nginx.crt

Ssl_certificate_key / etc/nginx/ssl/nginx.key

Ssl_session_cache shared:SSL:5m

Ssl_session_timeout 10m

Ssl_ciphers HIGH:!aNULL:!MD5

Ssl_prefer_server_ciphers on

Location / {

Index index.php index.html index.htm

}

Location ~\ .php$ {

Fastcgi_pass 127.0.0.1:9000

Fastcgi_index index.php

Fastcgi_param SCRIPT_FILENAME / web/host2/phpmyadmin/$fastcgi_script_name

Fastcgi_cache fcgicache

Fastcgi_cache_key $request_uri

Fastcgi_cache_valid 200 10m

Fastcgi_cache_valid 301 302 2m

Fastcgi_cache_valid 404 3m

Include fastcgi.conf

}

}

2. Deploy wordpress environment:

1) create a site directory

# mkdir / web/host1/-pv

2) decompress the wordpress package

# unzip wordpress-4.3.1-zh_CN.zip

3) copy to the site directory www1

# cp-R wordpress / web/host1/

4) modify the website owner and group

# chown-R nginx.nginx / web/host1/wordpress

5) modify the www.conf under php-fpm.conf

User = nginx

Group = nginx

6) Log in to the database

# mysql-uroot-p

7) create a database for bolg named: wordpress

MariaDB [(none)] > CREATE DATABASE wordpress

8) check whether the database is created successfully

MariaDB [(none)] > SHOW DATABASES

+-+

| | Database |

+-+

| | information_schema |

| | mysql |

| | performance_schema |

| | wordpress |

+-+

4 rows in set (0.00 sec)

9) authorized users

MariaDB [(none)] > GRANT ALL ON wordpress.* TO liyang@'localhost' IDENTIFIED BY 'liyang'

Query OK, 0 rows affected (0.03 sec)

MariaDB [(none)] > GRANT ALL ON wordpress.* TO liyang@'172.16.%.%' IDENTIFIED BY 'liyang'

Query OK, 0 rows affected (0.00 sec)

10) rename wordpress configuration file to wp-config.php

# cp wp-config-sample.php wp-config.php

11) modify wp-config.php file to connect to the database

# sed-n'22 38p' / web/host1/wordpress/wp-config.php

/ * * name of WordPress database * /

Define ('DB_NAME',' wordpress')

/ * * MySQL database user name * /

Define ('DB_USER',' liyang')

/ * * MySQL database password * /

Define ('DB_PASSWORD',' liyang')

/ * * MySQL host * /

Define ('DB_HOST',' localhost')

/ * default text encoding when creating a datasheet * /

Define ('DB_CHARSET',' utf8')

/ * * Database collation type. If you are not sure, do not change * /

Define ('DB_COLLATE',')

III. Testing

1) add domain name resolution on the server side

# echo "172.16.66.60 www.yang.com" > > / etc/hosts

2) add to the hosts file in PC

172.16.66.60 www.yang.com

3) whether httpd-- > php can be accessed

# cat admin.php

4) whether httpd-- > php--mariadb can be accessed

5) in the browser, install http://www.yang.com/index.php as prompted

6) check whether the database generates data

~] # mysql-uliyang-p

MariaDB [(none)] > show databases

MariaDB [(none)] > use wordpress

MariaDB [wordpress] > show tables

+-- +

| | Tables_in_wordpress |

+-- +

| | wp_commentmeta |

| | wp_comments |

| | wp_links |

| | wp_options |

| | wp_postmeta |

| | wp_posts |

| | wp_term_relationships |

| | wp_term_taxonomy |

| | wp_terms |

| | wp_usermeta |

| | wp_users |

+-- +

11 rows in set (0.00 sec)

4. Deploy the phpMyAdmin environment:

1) create a site directory

# mkdir / web/host2

2) decompress the phpMyAdmin package

# unzip phpMyAdmin-4.4.14.1-all-languages.zip

3) copy to the site directory www2

# cp-r phpMyAdmin-4.4.14.1-all-languages / web/host2/

4) create a soft connection phpMyAdmin

# ln-sv phpMyAdmin-4.4.14.1-all-languages/ phpmyadmin

5) modify the website owner and group

# chown-R nginx.nginx / web/host2/phpmyadmin

6) modify the configuration file

# cp config.sample.inc.php config.inc.php

7) generate random numbers

~] # openssl rand-hex 8

640b56f72820ace8

8) modify the configuration file config.inc.php

# vim config.inc.php

$cfg ['blowfish_secret'] =' 640b56f72820ace8'

7) Test in the browser and enter the database name and password according to the prompts (the host account and password are users in authorized wordpress)

Test in PC browser: http://web.yang.com/index.php is accessed through port 80

8) phpmyadmin error: The mbstring extension is missing. Please check your PHP configuration.

Solution:

# yum install php-mbstring-y

9) phpmyadmin error: Error during session start; please check your PHP and/or webserver log file and configure your PHP i

Solution:

# mkdir-pv / var/lib/php/session

# chown-R nginx.nginx / var/lib/php/session/

3. Provide https services for phpMyAdmim

Working directory: / etc/pki/CA/

First, establish a private CA

1) generate a private key

[root@www CA] # (umask 077; openssl genrsa-out private/cakey.pem 2048)

Generating RSA private key, 2048 bit long modulus

. +

. +

E is 65537 (0x10001)

2) generate self-signed certificate

[root@www CA] # openssl req-new-x509-key private/cakey.pem-out cacert.pem

You are about to be asked to enter information that will be incorporated

Into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value

If you enter'., the field will be left blank.

-

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: Beijing

Locality Name (eg, city) [Default City]: Beijing

Organization Name (eg, company) [Default Company Ltd]: liyang

Organizational Unit Name (eg, section) []: Ops

Common Name (eg, your name or your server's hostname) []: web.yang.com

Email Address []: admin@yang.com

3) provide supporting documents

[root@localhost CA] # touch index.txt

[root@localhost CA] # echo 01 > serial

[root@localhost CA] # tree

.

├── cacert.pem

├── certs

├── crl

├── index.txt

├── index.txt.attr

├── index.txt.old

├── newcerts

├── private

│ └── cakey.pem

├── serial

└── serial.old

II. Node applies for certificate

1) generate a private key

# mkdir-pv / etc/httpd/ssl

Ssl] # (umask 077; openssl genrsa-out nginx.key 1024)

2) generate a certificate signing request:

[root@www ssl] # openssl req-new-key nginx.key-out nginx.csr

You are about to be asked to enter information that will be incorporated

Into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value

If you enter'., the field will be left blank.

-

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: Beijing

Locality Name (eg, city) [Default City]: Beijing

Organization Name (eg, company) [Default Company Ltd]: liyang

Organizational Unit Name (eg, section) []: Ops

Common Name (eg, your name or your server's hostname) []: web.yang.com

Email Address []: admin@yang.com

Please enter the following 'extra' attributes

To be sent with your certificate request

A challenge password []:

An optional company name []:

Ssl] # cp nginx.csr / tmp/

III. Certificates issued by CA

1) sign the certificate

[root@www] # openssl ca-in / tmp/nginx.csr-out / etc/pki/CA/certs/nginx.crt

Using configuration from / etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

Serial Number: 1 (0x1)

Validity

Not Before: Jul 29 11:11:37 2016 GMT

Not After: Jul 29 11:11:37 2017 GMT

Subject:

CountryName = CN

StateOrProvinceName = Beijing

OrganizationName = liyang

OrganizationalUnitName = Ops

CommonName = web.yang.com

EmailAddress = admin@yang.com

X509v3 extensions:

X509v3 Basic Constraints:

CA:FALSE

Netscape Comment:

OpenSSL Generated Certificate

X509v3 Subject Key Identifier:

F5:73:F0:F1:7F:B6:B6:5D:41:F1:ED:7A:69:FE:6F:8E:A6:59:41:42

X509v3 Authority Key Identifier:

Keyid:91:41:DA:D3:44:05:36:98:14:A7:81:D6:64:AC:D5:8E:EB:6E:D3:97

Certificate is to be certified until Jul 29 11:11:37 2017 GMT (days)

Sign the certificate? [y/n]: y

1 out of 1 certificate requests certified, commit? [y/n] y

Write out database with 1 new entries

Data Base Updated

2) return the signed certificate to the requestor.

# cp / etc/pki/CA/certs/nginx.crt / etc/nginx/ssl/

Note: the private CA and the node application certificate are completed on the same machine.

4. Test results:

1) Test in PC browser: https://web.yang.com/index.php is accessed through port 443

4. Stress test:

1. Normal test

1) Test wordpress concurrency

# # ab-c 100-n 200 http://www.yang.com/index.php

Requests per second: 389.38 [# / sec] (mean)

Requests per second: 6949.27 [# / sec] (mean)

2) Test phpmyadmin http concurrency

# ab-c 100-n 200 http://web.yang.com/index.php

Requests per second: 5641.91 [# / sec] (mean)

Requests per second: 54.74 [# / sec] (mean)

3) Test phpmyadmin https concurrency

# ab-c 100-n 100 https://web.yang.com/index.php

Requests per second: 44.32 [# / sec] (mean)

Requests per second: 45.28 [# / sec] (mean)

Second, install xcache accelerator test data for php:

1) yum install php-xcache

~] # yum install php-xcache

2) Test concurrency

# ab-c 100-n 200 http://web.yang.com/index.php

Requests per second: 44.77 [# / sec] (mean)

# ab-c 100-n 200 https://web.yang.com/index.php

Requests per second: 44.12 [# / sec] (mean)

# ab-c 100-n 200 http://www.yang.com/index.php

Requests per second: 109.11 [# / sec] (mean)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.