Shulou(Shulou.com)06/01 Report--

CentOS 7, amp + xcache, rpm package, php-fpm

A) httpd, php, and mariadb are deployed on a separate host

B) one virtual host provides phpMyAdmin and the other virtual host provides wordpress

C) provide https services for phpMyAdmim

Deploy httpd, php-fpm and mariadb on three centos 7 hosts respectively

The first 172.16.100.31-> httpd

The second 172.16.100.32-> php-fpm deploys wordpress and phpmyadmin on two virtual hosts respectively

The third 172.16.100.33-- > mariadb

Before starting, turn off iptables and SElinux to facilitate testing.

# iptables-F

# setenforce 0

So let's start with the first one:

# install htppd

Yum-y instal httpd

# configure the files of 2 virtual hosts with FQDN:

[root@localhost ~] # vim / etc/httpd/conf.d/vhost1.conf

ServerName www1.wufeng.com

DocumentRoot "/ data/vhost/www1"

ProxyRequests on

DirectoryIndex index.php

ProxyPassMatch ^ / (. *\ .php) $fcgi://172.16.100.32:9000/data/vhost/www1/$1 dynamic Resource Agent forwards to the second host

Options None

AllowOverride None

Require all granted

[root@localhost ~] # vim / etc/httpd/conf.d/vhost2.conf

ServerName www2wufeng.com

DocumentRoot "/ data/vhost/www2"

ProxyRequests on

DirectoryIndex index.php

ProxyPassMatch ^ / (. *\ .php) $fcgi://172.16.100.32:9000/data/vhost/www2/$1 dynamic Resource Agent forwards to the second host

Options None

AllowOverride None

Require all granted

# modify 2 configuration files under etc to specify NDS and domain name resolution

[root@localhost ~] # vim / etc/resolv.conf

# Generated by NetworkManager

DNS=172.16.100.31

Nameserver 172.16.0.1

# Local domain name resolution

[root@localhost ~] # vim / etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

:: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6

172.16.100.31 www1.wufeng.com www2.wufeng.com

# create a static default file:

[root@localhost ~] # mkdir-pv / data/vhost/www {1jue 2}

[root@localhost ~] # vim / data/vhost/www1/index.html

Static data of the first physical machine of Fengge 1 172.16.100.31

[root@localhost ~] # vim / data/vhost/www2/index.html

Static data of the first physical machine of Fengge 2 172.16.100.31

# then test whether the native static data can be accessed properly

=

Second host:

# to install php-fpm

Yum-y install php-fpm

# modify configuration file

[root@localhost ~] # vim / etc/php-fpm.d/www.conf

Listen = 172.16.100.329000snooping native address port

Listen.allowed_clients = 172.16.100.31 allow the first host to connect

# create resource mapping directories and files

Mkdir-pv / data/vhost/www {1pr 2}

# write to the file of the test php

[root@localhost ~] # vim / data/vhost/www1/index.php

The second physical machine a

# then install Accelerator php-xcache

Yum-y install php-xcache

# then install wordpress and php-myadmin

# We need to deploy these two programs under two separate resource mapping paths on the second host

# I downloaded it directly from the ftp server, so I decompressed it directly

# first, let's take care of wordpress.

[root@localhost ~] # unzip wordpress-4.3.1-zh_CN.zip

# and move to the resource mapping path of the first virtual host

[root@localhost ~] # mv wordpress / data/vhost/www1

# cd enter this directory and modify the configuration file

# Note that what is added in this configuration file is the database information on the third host. We have not created the database yet. We can modify it first, and then create the database with this configuration.

# modify the configuration file name and modify it

[root@localhost ~] # cd / data/vhost/www1/wordpress/

[root@localhost wordpress] # ln-s wp-config-sample.php wp-config.php

[root@localhost wordpress] # vim wp-config.php

/ / * * MySQL settings-specific information comes from the host you are using * * / /

/ * * name of WordPress database * /

Define ('DB_NAME',' wpdb')

/ * * MySQL database user name * /

Define ('DB_USER',' wpuser')

/ * * MySQL database password * /

Define ('DB_PASSWORD',' wppass')

/ * * MySQL host * /

Define ('DB_HOST',' 172.16.100.33'); the address here is the database address that points to the third host

/ * default text encoding when creating a datasheet * /

Define ('DB_CHARSET',' utf8')

/ * * Database collation type. If you are not sure, do not change * /

Define ('DB_COLLATE',')

So wordpress is basically configured and there is no rush to test. Let's install php-myadmin together.

# php-myadmin is also downloaded from the ftp server, so it is decompressed directly.

[root@localhost ~] # unzip phpMyAdmin-4.4.14.1-all-languages.zip

# and put it under the second virtual host resource mapping path on the second host

[root@localhost ~] # mv phpMyAdmin-4.4.14.1-all-languages / data/vhost/www2/

# cd goes to this directory and modifies the file name to modify the configuration

[root@localhost ~] # cd / data/vhost/www2/ enter the directory

[root@localhost www2] # ln-s phpMyAdmin-4.4.14.1-all-languages myadmin create a link

[root@localhost www2] # cd myadmin/ enter the target directory

[root@localhost myadmin] # ln-s config.sample.inc.php config.inc.php create profile connection

[root@localhost myadmin] # vim config.inc.php

$cfg ['blowfish_secret'] =' 4pfPnJU4R8pA4WMWaQxDuring; / * YOU MUST FILL IN THIS FOR COOKIE AUTH! * /

The above two single quotation marks with random codes between them are generated with openssl rand-base64 15 for communication encryption.

/ *

* Servers configuration

, /

$I = 0

/ *

* First server

, /

$iTunes +

/ * Authentication type * /

$cfg ['Servers'] [$I] [' auth_type'] = 'cookie'

/ * Server parameters * /

$cfg ['Servers'] [$I] [' host'] = '172.16.100.33clients; here this points to the address of the mysql database host

$cfg ['Servers'] [$I] [' connect_type'] = 'tcp'

$cfg ['Servers'] [$I] [' compress'] = false

$cfg ['Servers'] [$I] [' AllowNoPassword'] = false

So now the configuration of our second host is basically complete.

=

Next, go to the third host to create a mysql database.

The third physical machine: the only function is as a database

# then install the database first

Yum-y install mariadb-server

# start up

Systemctl start mariadb.service

# and then authorize the creation of the user

Advanced mysql and then the following

Mysql > GRANT ALL ON wpdb.* TO 'wpuser'@'172.16.%.%' IDENTIFIED BY' wppass'

Mysql > FLUSH PRIVILEGES

Mysql > CREATE DATABASE wpdb

=

So now you can test whether php can connect to the database.

Http://www1.wufeng.com/ tests the static data of the first host

The static data connection of the first host of http://www2.wufeng.com/ succeeded.

The dynamic data access of the first virtual host of the second physical machine of http://www1.wufeng.com/index.php succeeded.

The dynamic data access of the second virtual host of the second physical machine of http://www2.wufeng.com/index.php was successful.

Http://www1.wufeng.com/wordpress/index.php test forwards the second host and the first virtual host

Http://www2.wufeng.com/myadmin/index.php test forwards the second host and the second virtual host

# next we are going to provide https services to php-myadmin on the second virtual host of the second physical host

# sign CA certificate and provide https service for phpmyadmin

# install the mod_ssl module on the first host because http is required to load the module and start port 443

[root@localhost CA] # yum install mod_ssl.x86_64

# then generate a CA self-signed certificate on the second host

1. Generate key

# first go to the CA directory

[root@1 wordpress] # cd / etc/pki/CA/

# generate keys in the CA directory

[root@1 CA] # (umask 077; openssl genrsa-out private/cakey.pem 2048)

Generating RSA private key, 2048 bit long modulus

. +

. +

E is 65537 (0x10001)

2. Generate self-signed certificate

[root@1 CA] # openssl req-new-x509-key private/cakey.pem-out cacert.pem

You are about to be asked to enter information that will be incorporated

Into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value

If you enter'., the field will be left blank.

-

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: beijing

Locality Name (eg, city) [Default City]: beijing

Organization Name (eg, company) [Default Company Ltd]: wufeng

Organizational Unit Name (eg, section) []: ops

Common Name (eg, your name or your server's hostname) []: ca.wufeng.com

Email Address []: admin@wufeng.com

Supplementary document

[root@1 CA] # touch index.txt

[root@1 CA] # echo 01 > serial

、

# then generate the request signature file and key on the first host

Create a directory under the / etc/httpd/ directory

~] # mkdir ssl

~] # cd ssl

Generate key

[root@1 ssl] # (umask 077; openssl genrsa-out httpd.key 1024)

Generating RSA private key, 1024 bit long modulus

. +

.. +

E is 65537 (0x10001)

Generate a signature request file:

[root@1 ssl] # openssl req-new-key httpd.key-out httpd.csr

You are about to be asked to enter information that will be incorporated

Into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value

If you enter'., the field will be left blank.

-

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: beijing

Locality Name (eg, city) [Default City]: beijing

Organization Name (eg, company) [Default Company Ltd]: wufeng

Organizational Unit Name (eg, section) []: ops

Common Name (eg, your name or your server's hostname) []: www2.wufeng.com is the same as the hostname to be encrypted for customer access.

Email Address []: www1admin@wufeng.com

Please enter the following 'extra' attributes

To be sent with your certificate request

A challenge password []:

An optional company name []:

Copy to the CA host to sign the certificate

[root@1 ssl] # scp httpd.csr 172.16.100.32:/tmp

Then go to the centos7 host to sign the file

[root@2 CA] # openssl ca-in / tmp/httpd.csr-out / etc/pki/CA/certs/httpd.crt

2 consecutive yes abbreviations y

Copy to the requesting host after the signature is completed

[root@2 CA] # scp certs/httpd.crt 172.16.100.31:/etc/httpd/ssl/

On the requesting host, that is, on the second centos7

Edit this file

[root@2 ~] # vim / etc/httpd/conf.d/ssl.conf

DocumentRoot "/ data/vhost/www2/myadmin" is enabled to remove the previous # and change it to its own resource mapping path.

The ServerName www2.wufeng.com:443 host name has also been changed to its own.

SSLCertificateFile / etc/httpd/ssl/httpd.crt indicates the path of the signed certificate file

SSLCertificateKeyFile / etc/httpd/ssl/httpd.key indicates the path to the private key file

# the most important thing is that you need to forward

# need to be defined here

ProxyPassMatch ^ / (. *\ .php) $fcgi://172.16.100.32:9000/data/vhost/www2/$1

Then reload a bit.

Then ss-tnl to check whether port 443 is up or not.

Test the https-based access to the corresponding host on the centos7 main CA machine

[root@localhost CA] # openssl s_client-connect 172.16.100.31 connect 443-CAfile / etc/pki/CA/cacert.pem

# then open a browser and enter a myadmin address to access to see if a https service is provided

Test https in ip with the browser above winds

Finally, check whether the xcache service is started.

Finally, we can do a stress test.

First, do the static data test of the httpd host: html

[root@localhost ~] # ab-c 100-n 1000 http://www1.wufeng.com/data/vhost/www1/index.html static data

Time per request: 21.244 [ms] (mean) Ten test data are stable at this value.

Time per request: 0.212 [ms] (mean, across all concurrent requests)

Transfer rate: 1995.00 [Kbytes/sec] received

# dynamic data testing info () php

[root@localhost] # ab-c 100-n 1000 http://www1.wufeng.com/data/vhost/www1/index.php

Concurrency Level: 100

Time taken for tests: 0.523 seconds

Complete requests: 1000

Failed requests: 0

Write errors: 0

Non-2xx responses: 1000

Total transferred: 226000 bytes

HTML transferred: 16000 bytes

Requests per second: 1913.59 [# / sec] (mean)

Time per request: 52.258 [ms] (mean) Ten test data are stable at this value.

Time per request: 0.523 [ms] (mean, across all concurrent requests)

Transfer rate: 422.33 [Kbytes/sec] received

# testing wordpress dynamic data

[root@localhost] # ab-c 100-n 1000 http://www1.wufeng.com/data/vhost/www1/wordpress/index.php

Concurrency Level: 100

Time taken for tests: 0.517 seconds

Complete requests: 1000

Failed requests: 0

Write errors: 0

Non-2xx responses: 1000

Total transferred: 226000 bytes

HTML transferred: 16000 bytes

Requests per second: 1934.61 [# / sec] (mean)

Time per request: 51.690 [ms] (mean) Ten test data are stable at this value.

Time per request: 0.517 [ms] (mean, across all concurrent requests)

Transfer rate: 426.97 [Kbytes/sec] received

# dynamic testing myadmin data

[root@localhost] # ab-c 100-n 1000 http://www2.wufeng.com/data/vhost/www2/myadmin/index.php

Document Path: / data/vhost/www2/myadmin/index.php

Document Length: 16 bytes

Concurrency Level: 100

Time taken for tests: 0.520 seconds

Complete requests: 1000

Failed requests: 0

Write errors: 0

Non-2xx responses: 1000

Total transferred: 226000 bytes

HTML transferred: 16000 bytes

Requests per second: 1923.43 [# / sec] (mean)

Time per request: 51.990 [ms] (mean) Ten test data are stable at this value.

Time per request: 0.520 [ms] (mean, across all concurrent requests)

Transfer rate: 424.51 [Kbytes/sec] received

# Friendship tips not to be too unrestrained, such as:

[root@localhost] # ab-c 1000-n 10000 http://www2.wufeng.com/data/vhost/www2/index.php

Then the second php host hung up.

Compare the performance differences between the two architectures

Deployment of LAMP on a single host

Three hosts deploy LAMP respectively

Conclusion it is obvious that the performance of deploying LAMP on three hosts is twice as high as that of a single host.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.