Shulou(Shulou.com)06/01 Report--

Single-host LAMP deployment

Requirements: on one host, one virtual host provides phpMyAdmin, another virtual host provides wordpress, and provides https services for phpMyAdmim:

I. install the required rpm package

Yuminstall-y httpd php php-mysql php-gd php-mbstring php-xml mariadb-servermod_ssl

Two. Open and test the service, configure the database, and test whether the web page is connected

Start the httpd service: systemctl start htppd.service

Check the enabled status of the service: systemctlstatus httpd.service

● httpd.service-The Apache HTTP Server

Loaded: loaded (/ usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)

Active: active (running) since Mon2016-07-18 22:59:32 CST

Set the service to be enabled by default: systemctl enable httpd.service

View port 80 status: ss-tnl

LISTEN 0 128: 80: *

Check the httpd process: ps-aux | grep httpd

Root 1709 0.0 1.6 468464 16304? Ss 22:59 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 2013 0.0 0.8 470680 8560? S 22:59 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 2014 0.0 0.8 470680 8560? S 22:59 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 2015 0.0 0.8 470680 8560? S 22:59 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 2017 0.0 0.8 470680 8560? S 22:59 0:00 / usr/sbin/httpd-DFOREGROUND

Apache 2018 0.0 0.8 470680 8560? S 22:59 0:00 / usr/sbin/httpd-DFOREGROUND

Root 4499 0.0 112644 952 pts/1 R + 23:05 0:00 grep-color=auto httpd

Check whether it is a prefork module: httpd-M | grep mpm:

Mpm_prefork_module (shared)

Confirm whether the ssl module is enabled successfully: httpd-M | grep ssl

Ssl_module (shared)

Start the mysql service; systemctl start mariadb.service

Mysql database initialization: mysql_secure_installation

Authorize the creation of users

[root@zq~] # mysql

Mysql > GRANT ALL ON qqdb.* TO 'qquser'@'172.16.%.%' IDENTIFIED BY' qqpass'

Mysql > FLUSH PRIVILEGES

Mysql > CREATE DATABASE qqdb

Create a resource mapping path for FQDN for the virtual host, and configure the default test page:

[root@zq~] # mkdir-p / data/vhost/www {1Jing 2}

Configure the default page 1:vim / data/vhost/www1/index.php

Number1

Configure the default page 2:cp / data/vhost/www1/index.php/data/vhost/www2/index.php

Vim/data/vhost/www2/index.php

Just change 1 to 2.

Change the configuration file of httpd

Vim / etc/httpd/conf.d/vhost1.conf

ServerNamewww1.test.com

DocumentRoot "/ data/vhost/www1"

ProxyRequestson

DirectoryIndexindex.php

OptionsNone

AllowOverrideNone

Requireall granted

Vim/etc/httpd/conf.d/vhost2.conf

ServerNamewww2.test.com

DocumentRoot "/ data/vhost/www2"

ProxyRequestson

DirectoryIndexindex.php

OptionsNone

AllowOverrideNone

Requireall granted

Modify DNS to point to yourself and add local domain name resolution

Vim/etc/resolv.conf

DNS=172.16.35.1

Vim/etc/hosts

172.16.100.31www1.test.comwww2.test.com

Enter the URL www1.test.com or www2.test.com to display ok, which means the above steps are correct

And the accelerator to enable:

III. Install wordpress and php-myadmin

Download wordpress with lftp on the classroom server and put it in / data/vhost/www1 and php-myadmin in / data/vhost/www2

1. Install wordpress:

[root@zq~] # unzip wordpress-4.3.1-zh_CN.zip

Modify the configuration file

[root@zq~] # vim / data/vhost/www1/wp-config-sample.php

/ / * * MySQL settings-specific information comes from the host you are using * * / /

/ * * name of WordPress database * /

Define ('DB_NAME','qqdb')

/ * * MySQL database user name * /

Define ('DB_USER','qquser')

/ * * MySQL database password * /

Define ('DB_PASSWORD','qqpass')

/ * * MySQL host * /

Define ('DB_HOST','172.16.35.1')

/ * default text encoding when creating a datasheet * /

Define ('DB_CHARSET','utf8')

/ * * Database collation type. If you are not sure, do not change * /

Define ('DB_COLLATE','')

two。 Install php-myadmin:

[root@zq ~] # unzipphpMyAdmin-4.4.14.1-all-languages.zip

[root@zq ~] # mv / data/vhost/www2/config.sample.inc.php / data/vhost/www2/config.inc.php

[root@zq~] # vim / data/vhost/www2/config.inc.php

$cfg ['blowfish_secret'] =' 4pfPnJU4R8pA4WMWaQxDuring; / * YOU MUST FILL IN THIS FOR COOKIE AUTH! * /

/ *

* Serversconfiguration

, /

$I = 0

/ *

* Firstserver

, /

$iTunes +

/ * Authentication type * /

$cfg ['Servers'] [$I] [' auth_type'] = 'cookie'

/ * Serverparameters * /

$cfg ['Servers'] [$I] [' host'] = '172.16.35.1'; here this points to the address of the mysql database host

$cfg ['Servers'] [$I] [' connect_type'] = 'tcp'

$cfg ['Servers'] [$I] [' compress'] = false

$cfg ['Servers'] [$I] [' AllowNoPassword'] = false

3. Test whether wordpress and php-myadmin can be connected

Enter authentication information when logging in for the first time.

IV. Sign the CA certificate and provide https services for phpmyadmin

1. Generate key

Enter the CA directory

[root@zq~] # cd / etc/pki/CA/

[root@zq CA] # (umask 077; openssl genrsa-out private/cakey.pem 1024)

GeneratingRSA private key, 1024 bit long modulus

. +

. +

E is65537 (0x10001)

2. Generate self-signed certificate

[root@zq CA] # openssl req-new-x509-keyprivate/cakey.pem-out cacert.pem

You are about to be asked to enterinformation that will be incorporated

Into your certificate request.

What you are about to enter is what iscalled a Distinguished Name or a DN.

There are quite a few fields but you canleave some blank

For some fields there will be a defaultvalue

If you enter'., the field will be leftblank.

-

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: beijing

Locality Name (eg, city) [Default City]: haidian

Organization Name (eg, company) [DefaultCompany Ltd]: mage

Organizational Unit Name (eg, section) []: magedu

Common Name (eg, your name or your

Supplementary document

[root@zq CA] # touch index.txt

[root@zq CA] # echo 01 > serial

3. Generate the request signature file and key on the second host

Create a ssl directory under the / etc/httpd/ directory and enter the cd

Generate key:

[root@zq ssl] # (umask 077; openssl genrsa-outhttpd.key 1024)

GeneratingRSA private key, 1024 bit long modulus

. +

.. +

E is65537 (0x10001)

Generate a signature request file:

[root@ ssl] # openssl req-new-key httpd.key-outhttpd.csr

You areabout to be asked to enter information that will be incorporated

Into yourcertificate request.

What youare about to enter is what is called a Distinguished Name or a DN.

There arequite a few fields but you can leave some blank

For somefields there will be a default value

If youenter'., the field will be left blank.

-

CountryName (2 letter code) [XX]: CN

State orProvince Name (full name) []: beijing

LocalityName (eg, city) [Default City]: haidian

OrganizationName (eg, company) [Default Company Ltd]: mage

OrganizationalUnit Name (eg, section) []: magedu

CommonName (eg, your name or your server's hostname) []: www2.test.com is the same as the hostname to be encrypted for customer access.

EmailAddress []: www1admin@test.com

Pleaseenter the following 'extra' attributes

To besent with your certificate request

A challengepassword []:

Anoptional company name []:

4. Copy to the CA host to sign the certificate

[root@zq ssl] # scp httpd.csr 172.16.35.2:/tmp

5. Sign the file on the centos7 host

[root@1 CA] # openssl ca-in / tmp/httpd.csr-out/etc/pki/CA/certs/httpd.crt

6. Copy to the requesting host after the signature is completed

[root@1 CA] # scp certs/httpd.crt 172.16.35.1:/etc/httpd/ssl/

Edit this file

[root@zq~] # vim / etc/httpd/conf.d/ssl.conf

DocumentRoot "/ data/vhost/www2/myadmin"

The ServerNamewww2.test.com:443 host name has also been changed to its own.

SSLCertificateFile/etc/httpd/ssl/httpd.crt indicates the path of the signed certificate file

SSLCertificateKeyFile/etc/httpd/ssl/httpd.key indicates the path to the private key file

7. Reload configuration fil

Systemctl reload httpd

8. View port 443:

Ss-tnl | grep 443

9. Disable the default root directory in the main configuration file:

# DocumentRoot "/ var/www/html"

10. Open a browser and enter a myadmin address to access it to see if a https service is provided

Five. do a stress test:

Ab-n 1000-c 1000-k www1.test.com

Ab-n 1000-c 1000-k www2.test.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.