Shulou(Shulou.com)06/01 Report--

Installation requirements: lamp (module) of CentOS 7 system

(1) the three are separated from two hosts

(2) one virtual host is used to provide phpMyAdmin; and the other virtual host is used to provide wordpress

(3) xcache

(4) provide https virtual host for phpMyAdmin

Installation environment:

IP system installation software 192.168.1.103CentOS 7httpdline php, wordpress,phpMyAdmin192.168.1.104CentOS 7mariadb

Download Aliyun's base source locally before starting.

1. 192.168.1.104 host configuration (database creation, authorization, etc.)

[root@localhost yum.repos.d] # yum install mariadb mariadb-server-y

[root@localhost yum.repos.d] # systemctl start mariadb.service

[root@localhost ~] # mysql_secure_installation / / set Security Wizard, change the root password to mageedu

/ usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

Password for the root user. If you've just installed MariaDB, and

You haven't set the root password yet, the password will be blank

So you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB

Root user without the proper authorisation.

Set root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

To log into MariaDB without having to have a user account created for

Them. This is intended only for testing, and to make the installation

Go a bit smoother. You should remove them before moving into a

Production environment.

Remove anonymous users? [Y/n] y

... Success!

Normally, root should only be allowed to connect from 'localhost'. This

Ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n

... Skipping.

By default, MariaDB comes with a database named 'test' that anyone can

Access. This is also intended only for testing, and should be removed

Before moving into a production environment.

Remove test database and access to it? [Y/n] n

... Skipping.

Reloading the privilege tables will ensure that all changes made so far

Will take effect immediately.

Reload privilege tables now? [Y/n] y

... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB

Installation should now be secure.

Thanks for using MariaDB!

[root@localhost ~] # mysql-uroot-pmageedu / / verify user login

MariaDB [(none)] > CREATE DATABASE wpdb; / / create wordpress database

MariaDB [(none)] > GRANT ALL ON wpdb.* TO wpuser@'192.168.%.%' IDENTIFIED BY 'wppass'; / / authorized wordpress user

MariaDB [(none)] > FLUSH PRIVILEGES

MariaDB [(none)] > SHOW DATABASES

+-+

| | Database |

+-+

| | information_schema |

| | mysql |

| | performance_schema |

| | test |

| | wpdb |

+-+

5 rows in set (0.00 sec)

MariaDB [(none)] > CREATE DATABASE pma; / / create phpMyAdmin database

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)] > GRANT ALL ON pma.* TO pma@'192.168.%.%' IDENTIFIED BY 'pmapass'

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)] > FLUSH PRIVILEGES

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)] > GRANT ALL ON *. * TO testuser@'192.168.%.%' IDENTIFIED BY 'testpass'

Query OK, 0 rows affected (0.00 sec) / / authorize a test user

MariaDB [(none)] > FLUSH PRIVILEGES

Query OK, 0 rows affected (0.00 sec)

2. 192.168.1.103 host configuration (httpd,php)

[root@localhost ~] # yum install httpd php php-mysql php-mbstring-y

[root@localhost ~] # systemctl start httpd.service

Write test code to verify that php can connect to the database

[root@localhost ~] # cd / var/www/html

[root@localhost html] # vim index.php

[root@localhost html] # systemctl reload httpd.service

3. Compilation and installation of xcache

Xcache can be compiled and installed, but it is also available in the epel source, where it is compiled and installed.

[root@localhost ~] # yum groupinstall "Development Tools"Server Platform Development"-y / / install the development package group

[root@localhost ~] # yum install php-devel-y / / install xcache packages that depend on php

Download the xcache package

[root@localhost ~] # ls

Anaconda-ks.cfg xcache-3.2.0.tar.bz2

[root@localhost ~] # tar xf xcache-3.2.0.tar.bz2

[root@localhost ~] # ls

Anaconda-ks.cfg xcache-3.2.0 xcache-3.2.0.tar.bz2

[root@localhost ~] # cd xcache-3.2.0/

[root@localhost xcache-3.2.0] # phpize

[root@localhost xcache-3.2.0] # / configure-- enable-xcache-- with-php-config=/usr/bin/php-config

[root@localhost xcache-3.2.0] # make & & make install

[root@localhost xcache-3.2.0] # cp xcache.ini / etc/php.d/

[root@localhost xcache-3.2.0] # systemctl restart httpd.service

Browser access, found that xcache has been installed, the corresponding version is 3.2.0

4. Install and configure wordpress and configure virtual host

Configure virtual host

[root@localhost ~] # vim / etc/httpd/conf/httpd.conf / / comment out the default access path for httpd

# DocumentRoot "/ var/www/html"

[root@localhost ~] # mkdir / web/vhost/test1-pv / / create the access path of the virtual host

[root@localhost ~] # vim / etc/httpd/conf.d/vhost.conf / / create a configuration file for the virtual host

DocumentRoot "/ web/vhost/test1"

Options None

AllowOverride None

Require all granted

Download wordpress (download address: https://wordpress.org/download/)

[root@localhost ~] # cd / web/vhost/test1

[root@localhost test1] # unzip wordpress-4.3.1-zh_CN.zip

[root@localhost test1] # cd wordpress/

[root@localhost wordpress] # cp wp-config-sample.php wp-config.php / / copy the php file of the sample access configuration and modify it.

[root@localhost wordpress] # vim wp-config.php

[root@localhost ~] # systemctl restart httpd.service

Browser access test

5. Install phpMyAdmin

Configure virtual host

[root@localhost vhost] # vim / etc/httpd/conf/httpd.conf

/ / add port 8080

[root@localhost ~] # mkdir / web/vhost/test2-pv / / create the access path of the virtual host

[root@localhost ~] # vim / etc/httpd/conf.d/vhost.conf / / Edit the configuration file of the wordpress virtual host

DocumentRoot "/ web/vhost/test1"

Options None

AllowOverride None

Require all granted

DocumentRoot "/ web/vhost/test2"

Options FollowSymlinks

AllowOverride None

Require all granted

Download method: https://www.phpmyadmin.net/downloads/

[root@localhost ~] # cd / web/vhost/test2

[root@localhost test2] # unzip phpMyAdmin-4.4.14.1-all-languages.zip

[root@localhost test2] # ln-sv phpMyAdmin-4.4.14.1-all-languages pma

'pma'->' phpMyAdmin-4.4.14.1-all-languages'

[root@localhost test2] # cd pma

[root@localhost pma] # cp config.sample.inc.php config.inc.php

[root@localhost pma] # openssl rand-base64 15 / / generate 15 random numbers

Fgqvst4l0yODkOhq4FXC

[root@localhost pma] # vim config.inc.php / / add random numbers to the access profile

Use browser to access test 192.168.1.103:8080/pma

User: pma

Password: pmapass

6. Provide https virtual host for phpMyAdmin

Use 192.168.1.104 as CA host and 192.168.1.103 server to test

1)

A) create a private CA on the 192.168.1.104 host

[root@localhost ~] # cd / etc/pki/CA

[root@localhost CA] # (umask 077 / OpenSSL genrsa-out private/cakey.pem 2048) / / generate a private key

Generating RSA private key, 2048 bit long modulus

. +

. +

E is 65537 (0x10001)

[root@localhost CA] # ll private/

Total 4

-rw- 1 root root 1679 May 27 07:09 cakey.pem

[root@localhost CA] # openssl req-new-x509-key private/cakey.pem-out cacert.pem / / generate your own self-signed certificate

[root@localhost CA] # ll

Total 4

-rw-r--r-- 1 root root 1391 May 27 07:12 cacert.pem

Drwxr-xr-x. 2 root root 6 Jun 29 2015 certs

Drwxr-xr-x. 2 root root 6 Jun 29 2015 crl

Drwxr-xr-x. 2 root root 6 Jun 29 2015 newcerts

Drwx-. 2 root root 22 May 27 07:09 private

[root@localhost CA] # touch serial index.txt

[root@localhost CA] # echo 01 > serial

B) 192.168.1.103 host to create a certificate signing request

[root@localhost ~] # cd / etc/httpd

[root@localhost httpd] # mkdir ssl

[root@localhost httpd] # cd ssl

[root@localhost ssl] # (umask 077 / OpenSSL genrsa-out httpd.key 1024)

Generating RSA private key, 1024 bit long modulus

. +

. +

E is 65537 (0x10001)

[root@localhost ssl] # openssl req-new-key httpd.key-out httpd.csr

[root@localhost ssl] # ls

Httpd.csr httpd.key

[root@localhost ssl] # scp httpd.csr root@192.168.1.104:/tmp

C) 192.168.1.104 signing certificate

[root@localhost CA] # openssl ca-in / tmp/httpd.csr-out certs/httpd.crt

[root@localhost CA] # scp certs/httpd.crt root@192.168.1.103:/etc/httpd/ssl/

2), 192.168.1.103 host, configure httpd to support the use of ssl, and the certificates used

[root@localhost ssl] # ls

Httpd.crt httpd.csr httpd.key

[root@localhost ssl] # yum install mod_ssl-y

[root@localhost ssl] # cd / etc/httpd/conf.d

[root@localhost conf.d] # ls

Autoindex.conf php.conf README ssl.conf userdir.conf vhost.conf welcome.conf

[root@localhost conf.d] # mv ssl.conf ssl.conf.backup

[root@localhost ~] # vim / etc/httpd/conf.d/vhost.conf

[root@localhost conf.d] # httpd-t

Syntax OK

[root@localhost conf.d] # systemctl restart httpd.service

At this time, because the browser did not import the CA certificate, https-based access will not be possible. You need to import the CA certificate file in the browser (copy the / etc/pki/CA/cacert.pem file in the virtual host to the physical host for import).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.