Shulou(Shulou.com)05/31 Report--

Editor to share with you a centos7 host how to deploy LAMP and provide https services, I believe most people do not know much about it, so share this article for your reference, I hope you will learn a lot after reading this article, let's learn about it!

Deploy LAMP and xcache on one centos7 and install wordpress and php-myadmin on 2 virtual hosts respectively and provide https services for phpmyadmin

# Rapid deployment with rpm package: LAMP

1. Yum installation:

Yum install-y httpd php php-mysql php-gd php-mbstring php-xml mariadb-server mod_ssl

Installed:

Httpd.x86_64 0RO 2.4.6-40.el7.centos mariadb-server.x86_64 1 2.el7.centos php.x86_64 5.5.44-2.el7.centos php.x86_64 0RO 5.4.16-36.el7_1 php-gd.x86_64 0RO 5.4.16-36.el7_1 php-mbstring.x86_64 0RV 5.4.16-36.el7_1

Php-mysql.x86_64 0RO 5.4.16-36.el7_1 php-xml.x86_64 0RO 5.4.16-36.el7_1

2. Check whether the httpd service can be started successfully and whether the php page can be opened successfully:

Start after checking whether the httpd service can be started successfully and whether port 80 is enabled:

Systemctl start htppd.service Startup Service

Systemctl status httpd.service checks the enabled status of the service

Ss-tnl view port 80

Ps-aux check process

Httpd-M | grep mpm: check whether it is a prefork module and whether it is on (shared)

# confirm that the httpd service starts successfully

[root@1 ~] # systemctl status httpd

● httpd.service-The Apache HTTP Server

Loaded: loaded (/ usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

Active: active (running) since Sat 2016-07-16 15:32:43 CST; 4min 18s ago

Docs: man:httpd (8)

Man:apachectl (8)

Main PID: 6535 (httpd)

Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"

CGroup: / system.slice/httpd.service

├─ 6535 / usr/sbin/httpd-DFOREGROUND

├─ 6537 / usr/sbin/httpd-DFOREGROUND

├─ 6538 / usr/sbin/httpd-DFOREGROUND

├─ 6539 / usr/sbin/httpd-DFOREGROUND

├─ 6540 / usr/sbin/httpd-DFOREGROUND

└─ 6541 / usr/sbin/httpd-DFOREGROUND

# confirm the open status of port 80

[root@1~] # ss-tnl

State Recv-Q Send-Q Local Address:Port Peer Address:Port

LISTEN 0 5 192.168.122.1 LISTEN 53 *: *

LISTEN 0 128 *: 22 *: *

LISTEN 0 128 127.0.0.1 631 *: *

LISTEN 0 100 127.0.0.1 purl 25 *: *

LISTEN 0 128: 80: *

LISTEN 0 128:: 22: *

LISTEN 0 128:: 1 LISTEN:: *

LISTEN 0 100:: 1:25

# confirm that the process starts

[root@1 ~] # ps-aux

Root 6535 0.0 0.8 450548 15064? Ss 15:32 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 6537 0.0 0.4 452632 7888? S 15:32 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 6538 0.0 0.4 452632 7888? S 15:32 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 6539 0.0 0.4 452632 7888? S 15:32 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 6540 0.0 0.4 452632 7888? S 15:32 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 6541 0.0 0.4 452632 7888? S 15:32 0:00 / usr/sbin/httpd-DFOREGROUND

# confirm that the default startup module prefok is in shared status

[root@1 ~] # httpd-M | grep mpm

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 0.0.0.1. Set the 'ServerName' directive globally to suppress this message

Mpm_prefork_module (shared)

# confirm whether the ssl module is enabled successfully

[root@1 ~] # httpd-M | grep ssl

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 0.0.0.1. Set the 'ServerName' directive globally to suppress this message

Ssl_module (shared)

# configure the mysql database and start it

Systemctl start mariadb.service

# and then authorize the creation of the user

Advanced mysql and then the following

Mysql > GRANT ALL ON wpdb.* TO 'wpuser'@'172.16.%.%' IDENTIFIED BY' wppass'

Mysql > FLUSH PRIVILEGES

Mysql > CREATE DATABASE wpdb

# create 2 directories as the resource mapping path of the virtual host FQDN

[root@1 ~] # mkdir-pv / data/vhost/www {1jue 2}

# configure the default test page

[root@1 ~] # vim / data/vhost/www1/index.php

The first virtual host

[root@1 ~] # vim / data/vhost/www2/index.php

The second virtual host

# configure configuration files for 2 FQDN virtual hosts

[root@1 ~] # vim / etc/httpd/conf.d/vhost1.conf

ServerName www1.wufeng.com

DocumentRoot "/ data/vhost/www1"

ProxyRequests on

DirectoryIndex index.php

Options None

AllowOverride None

Require all granted

[root@1 ~] # vim / etc/httpd/conf.d/vhost2.conf

ServerName www2.wufeng.com

DocumentRoot "/ data/vhost/www2"

ProxyRequests on

DirectoryIndex index.php

Options None

AllowOverride None

Require all granted

# temporarily modify the DNS to point to yourself

[root@1 ~] # vim / etc/resolv.conf

# Generated by NetworkManager

DNS=172.16.100.34

# added entries for local domain name resolution

[root@1 ~] # vim / etc/hosts

172.16.100.31 www1.wufeng.com www2.wufeng.com

# Test whether the php page can be connected properly and whether the database connection is normal

# there is no problem with www2.wufeng.com access and the accelerator has been successfully installed

# all we have left is to take care of wordpress and php-myadmin

# because I am a local ftp server, I downloaded it directly and decompressed it

[root@1~] # unzip wordpress-4.3.1-zh_CN.zip

# and move to the resource mapping path of the first virtual host

[root@1~] # mv wordpress / data/vhost/www1

# cd enter this directory and modify the configuration file

# modify the configuration file name and modify it

[root@localhost ~] # cd / data/vhost/www1/wordpress/

[root@localhost wordpress] # ln-s wp-config-sample.php wp-config.php

[root@localhost wordpress] # vim wp-config.php

/ / * * MySQL settings-specific information comes from the host you are using * * / /

/ * * name of WordPress database * /

Define ('DB_NAME',' wpdb')

/ * * MySQL database user name * /

Define ('DB_USER',' wpuser')

/ * * MySQL database password * /

Define ('DB_PASSWORD',' wppass')

/ * * MySQL host * /

Define ('DB_HOST',' 172.16.100.34'); the address here points to the database address

/ * default text encoding when creating a datasheet * /

Define ('DB_CHARSET',' utf8')

/ * * Database collation type. If you are not sure, do not change * /

Define ('DB_COLLATE',')

So wordpress is basically configured and there is no rush to test. Let's install php-myadmin together.

# php-myadmin is also downloaded from the ftp server, so it is decompressed directly.

[root@1 ~] # unzip phpMyAdmin-4.4.14.1-all-languages.zip

# and put it under the second virtual host resource mapping path on the second host

[root@1 myadmin] # mv phpMyAdmin-4.4.14.1-all-languages / data/vhost/www2/myadmin

# cd goes to this directory and modifies the file name to modify the configuration

[root@1 www2] # cd myadmin/ enter the target directory

[root@1 myadmin] # mv config.sample.inc.php config.inc.php modify configuration file name

[root@1 myadmin] # vim config.inc.php modify configuration file

$cfg ['blowfish_secret'] =' 4pfPnJU4R8pA4WMWaQxDuring; / * YOU MUST FILL IN THIS FOR COOKIE AUTH! * /

The above two single quotes with random codes in the middle are generated with openssl rand-base64 15 for transmission encryption

/ *

* Servers configuration

, /

$I = 0

/ *

* First server

, /

$iTunes +

/ * Authentication type * /

$cfg ['Servers'] [$I] [' auth_type'] = 'cookie'

/ * Server parameters * /

$cfg ['Servers'] [$I] [' host'] = '172.16.100.34"; here this points to the address of the mysql database host

$cfg ['Servers'] [$I] [' connect_type'] = 'tcp'

$cfg ['Servers'] [$I] [' compress'] = false

$cfg ['Servers'] [$I] [' AllowNoPassword'] = false

# Let's test whether these two programs can connect.

# you need to install and create an account password and then log in

# Test myadmin on the second virtual host

# all the tests are successful here, and then we finally have to provide https services for myadmin

# sign CA certificate and provide https service for phpmyadmin

# install the mod_ssl module on the host because we have already installed it because we need http to load the module and start port 443

[root@localhost CA] # yum install mod_ssl.x86_64

# find a host to do CA, such as the first host

# then generate a CA self-signed certificate on the first host

1. Generate key

# first go to the CA directory

[root@1 wordpress] # cd / etc/pki/CA/

# generate keys in the CA directory

[root@1 CA] # (umask 077; openssl genrsa-out private/cakey.pem 2048)

Generating RSA private key, 2048 bit long modulus

. +

. +

E is 65537 (0x10001)

2. Generate self-signed certificate

[root@1 CA] # openssl req-new-x509-key private/cakey.pem-out cacert.pem

You are about to be asked to enter information that will be incorporated

Into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value

If you enter'., the field will be left blank.

-

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: beijing

Locality Name (eg, city) [Default City]: beijing

Organization Name (eg, company) [Default Company Ltd]: wufeng

Organizational Unit Name (eg, section) []: ops

Common Name (eg, your name or your server's hostname) []: ca.wufeng.com

Email Address []: admin@wufeng.com

Supplementary document

[root@1 CA] # touch index.txt

[root@1 CA] # echo 01 > serial

、

# then generate the request signature file and key on the second host

Create a directory under the / etc/httpd/ directory

~] # mkdir ssl

~] # cd ssl

Generate key

[root@ ssl] # (umask 077; openssl genrsa-out httpd.key 1024)

Generating RSA private key, 1024 bit long modulus

. +

.. +

E is 65537 (0x10001)

Generate a signature request file:

[root@ ssl] # openssl req-new-key httpd.key-out httpd.csr

You are about to be asked to enter information that will be incorporated

Into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value

If you enter'., the field will be left blank.

-

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: beijing

Locality Name (eg, city) [Default City]: beijing

Organization Name (eg, company) [Default Company Ltd]: wufeng

Organizational Unit Name (eg, section) []: ops

Common Name (eg, your name or your server's hostname) []: www2.wufeng.com is the same as the hostname to be encrypted for customer access.

Email Address []: www1admin@wufeng.com

Please enter the following 'extra' attributes

To be sent with your certificate request

A challenge password []:

An optional company name []:

Copy to the CA host to sign the certificate

[root@ ssl] # scp httpd.csr 172.16.100.32:/tmp

Then go to the centos7 host to sign the file

[root@1 CA] # openssl ca-in / tmp/httpd.csr-out / etc/pki/CA/certs/httpd.crt

2 consecutive yes abbreviations y

Copy to the requesting host after the signature is completed

[root@1 CA] # scp certs/httpd.crt 172.16.100.31:/etc/httpd/ssl/

On the requesting host, that is, on the second centos7

Edit this file

[root@1 ~] # vim / etc/httpd/conf.d/ssl.conf

DocumentRoot "/ data/vhost/www2/myadmin" is enabled to remove the previous # and change it to its own resource mapping path.

The ServerName www2.wufeng.com:443 host name has also been changed to its own.

SSLCertificateFile / etc/httpd/ssl/httpd.crt indicates the path of the signed certificate file

SSLCertificateKeyFile / etc/httpd/ssl/httpd.key indicates the path to the private key file

Then reload a bit.

Then ss-tnl to check whether port 443 is up or not.

Test the https-based access to the corresponding host on the centos7 main CA machine

[root@localhost CA] # openssl s_client-connect 172.16.100.31 connect 443-CAfile / etc/pki/CA/cacert.pem

# then open a browser and enter a myadmin address to access to see if a https service is provided

Disable this in the main configuration file to avoid conflict

# DocumentRoot "/ var/www/html"

It worked. Let's do an ab stress test.

And compare the performance differences between the two architectures.

Deployment of LAMP on a single host

Three hosts deploy LAMP respectively

These are all the contents of the article "how a centos7 host deploys LAMP and provides https services". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.