Shulou(Shulou.com)06/01 Report--

1. Experimental requirements:

1) CentOS 7, amp + xcache, rpm package, php-fpm

A) depth: httpd, php, mariadb are deployed on a separate host, and all on the same host

B) one virtual host provides phpMyAdmin and the other virtual host provides wordpress

C) provide https services for phpMyAdmim

2. Experimental environment:

1) Server environment

Linux server operating system version: CentOS release 6.7 (Final)

Http) IP: 172.16.66.60

Php-fpm) IP:172.16.66.70

Mariadb) IP:172.16.66.70

2) Test environment

WIN7 system client): IP:172.16.66.100

3. Experimental premise:

1) turn off the firewall and SELinux

# service iptables stop

# sed-is / SELINUX=enforcing/SELINUX=disabled/g / etc/selinux/config

# systemctl stop firewalld

# systemctl status firewalld

2) Development package group

# yum groupinstall Development Tools Server Platform Development-y

4. The process of experiment:

Part one:

Deployment host IP: 172.16.66.60

1 basic settings

1.1 set the httpd hostname HOSTNAME

Echo "HOSTNAME=www1" > > / etc/sysconfig/network

1.2 Update HOSTS configuration file / etc/hosts

# echo "172.16.66.60 www1 www2" > > / etc/hosts

1.3 modify DNS resolution settings

Vim / etc/resolv.conf

2 install httpd-2.4.6

2.0 install dependency library packages

# yum install pcre-devel openssl-devel libevent-devel apr-devel apr-util-devel

2.1 compile, install and configure httpd network server

Tools] # tar xf httpd-2.4.6.tar.bz2

2.2 compilation related parameters

#. / configure-prefix=/usr/local/apache24-sysconfdir=/etc/httpd24-enable-so-enable-ssl-enable-cgi--enable-rewrite\

-enable-modules=most-enable-mpms-shared=all-with-mpm=prefork-with-pcre-with-zlib-with-apr=/usr-with-apr-util=/usr

2.3 compilation

# make-j 4

2.4 start installation (install is a copy command)

# make install

2.5 check the corresponding path of the system library file

# ldconfig-v

2.6 loaded library file path

# ldconfig-v

2.7. add the following to vim apache.sh in the / etc/profile.d/ directory to add environment variables for httpd.

# export PATH=/usr/local/apache24/bin:$PATH

2.8 make its environment variable effective

# source / etc/profile.d/apache.sh

2.9 Import the apache header file into the usr header file

# ln-sv / usr/local/apache24/include / usr/include/httpd

2.10 if you do not want to configure man files, you can use full path, man help

# man / usr/local/apache24 httpd

2.11 start apachectl

# apachectl start

2.12 create a backup directory for the configuration file

# mkdir ~ / confbak

2.13 backup configuration file ~: indicates the currently logged in user folder-R: recursively all subdirectories

# cp-R / etc/httpd24/ ~ / confbak/

3. Create and configure virtual hosts

# cd / etc/httpd24/extra/

3.1 configure virtual hosts (/ etc/httpd24/extra/www1.conf)

Vim / etc/httpd/conf.d/www1.conf

Host www1

[root@www1 conf.d] # cat www1.conf

ServerName www1

# ServerAlias www

DocumentRoot / data/vhosts/www1 # be careful not to put / at the end of this line

ProxyRequests Off

DirectoryIndex index.php

ProxyPassMatch ^ / (. *\ .php) $fcgi://172.16.66.70:9000/data/vhosts/www1/$1

Options None

AllowOverride None

Require all granted

ErrorLog logs/www1-error_log

CustomLog logs/www1-access_log combien

# ServerSignature Off

3.2 configure virtual hosts (/ etc/httpd24/extra/www2.conf)

Vim / etc/httpd/conf.d/www2.conf

Host www2

[root@www1 conf.d] # cat www2.conf

ServerName www2

DocumentRoot / data/vhosts/www2

ProxyRequests Off

DirectoryIndex index.php

ProxyPassMatch ^ / (. *\ .php) $fcgi://172.16.66.70:9000/data/vhosts/www2/$1

Options None

AllowOverride None

Require all granted

ErrorLog logs/www2-error_log

CustomLog logs/www2-access_log combien

# ServerSignature Off

3.3 check for syntax errors

# httpd-t

3.4 reload apachectl service

# apachectl graceful

3. 5 create a website directory for the virtual host www {1 ~ 2}

# mkdir / data/vhosts/www {1Jue 2}-p

3.6 Test www1/index.html static web pages

# curl www1-I

4. Configure httpd24

4.1 launch the relevant modules / etc/httpd24/httpd.conf of httpd

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so

Include / etc/httpd24/extra/www2.conf

Include / etc/httpd24/extra/www1.conf

4.2 Delete the original / usr/local/apache24/htdocs/

# rm index.html

4.3 enable apache to recognize pages in php format

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

The second part:

Deploy mariadb host IP: 172.16.66.80

1 install and configure the Mariadb database service

1.1 create a catalog for storing tools tools

# mkdir / tools

1.2 extract the mariadb to the specified directory

# tar xf mariadb-5.5.46-linux-x86_64.tar.gz-C / usr/local/

1.3 create an mysql data directory

# mkdir-pv / data/mydata

1.4 create a mysql system group

# groupadd-r-g 306 mysql

1.5 create mysql system users

# useradd-r-g 306-u 306 mysql

1.6 authorized main affiliate / data/mydata

# chown-R mysql.mysql / data/mydata

1.7 create a soft connection

# ln-sv mariadb-5.5.46-linux-x86_64 mysql

1.8Licensing mysql installation package directory

# chown-R root.mysql. /

1.9 compile mariadb

# scripts/mysql_install_db-user=mysql-datadir=/data/mydata

1.10 create a mysql profile directory

# mkdir / etc/mysql

1.11 copy the configuration file to the specified directory

# cp support-files/my-large.cnf / etc/mysql/my.cnf

1.12 modify the configuration file / ect/mysql/my.cnf add the following three lines to server

Datadir = / data/mydata

Innodb_file_per_table = ON

Skip_name_resolve = ON

1.13 add mysqld service to boot self-startup

# cp support-files/mysql.server / etc/rc.d/init.d/mysqld

1.14 execute permissions for mysqld

# chmod + x / etc/rc.d/init.d/mysqld

1.14 add to the list of services

# chkconfig-add mysqld

1.14 add to boot auto boot

# chkconfig on

1.15 rename / etc/my.cnf to my.cnf.bak

# mv my.cnf my.cnf.bak

1.16 add mysql environment variable / etc/profile.d/myslqd.sh

Export PATH=/usr/local/mysql/bin:/usr/local/mysql/support-files:$PATH

1.17 to make its mysqld environment variable take effect

# source / etc/profile.d/mysqld.sh

1.18 Import mysqld header file into usr header file

# ln-sv / usr/local/mysql/include / usr/include/mysqld

1.19 start the mysqld service

# mysql.server start

1.20 to view memory footprint

# top-u mysql

two。 Configure using MariaDB's built-in security configuration script

2.1 execute a security configuration script for configuration

# mysql_secure_installation

Enter the password and enter. The following is an example of the output. You can see that the command prompt changes to MariaDB [(none)] >

# mysql-u root-p

2.3Create a new database for use by WordPress (here it is called wordpress, or you can use another name)

MariaDB [(none)] > create database wordpress

2.4 create a new user and grant him permissions for the database (here is just an example, user name is admin, password is admin)

MariaDB [(none)] > grant all on wordpress.* to 'admin'@'172.16.%.%' identified by' admin'

2.5 Update permissions

MariaDB [(none)] > flush privileges

2.6 exit the database

MariaDB [(none)] > quit

2.7 create a configuration file backup directory

# mkdir ~ / confbak

2.7 backup configuration fil

# cp / etc/my.cnf ~ / confbak/my.cnf.bak

The third part:

Deploy php5.4.40 host IP: 172.16.66.70

1 install and configure the php database service

1.1 create a catalog for storing tools tools

# mkdir / tools

1.2 create a configuration file backup directory

# mkdir ~ / confbak/

1.3 install dependent libraries

# yum install libxm12-devel gd-devel freetype-devel libmcrypt-devel-y

1.3 extract the php to the specified directory

# tar xf php-5.4.40.tar.bz

1.4 compile and install php

#. / configure-prefix=/usr/local/php54-with-mysql-with-mysqli-with-openssl-enable-mbstring-enable-xml-enable-sockets\

-enable-fpm-- with-freetype-dir-- with-gd-- with-libxml-dir=/usr-- with-zlib-- with-bz2-- with-png-dir-- with-mcrypt\

-with-config-file-path=/etc/php54.ini-with-config-file-scan-dir=/etc/php54.d

1.5 execute compilation commands

# make

1.6 execute installation command

# make install

1.7 copy the configuration file to the / etc/ directory

# cp / tools/php-5.4.40/php.ini-production / etc/php54.ini

1.8 soft connection connector file to / usr/include/

# ln-sv / usr/local/php54/include / usr/include/

two。 Configure php-fpm

2.1 provide init scripts for php-fpm

# cp sapi/fpm/init.d.php-fpm / etc/rc.d/init.d/php-fpm

2.2 execute permissions for php-fpm

# chmod + x / etc/rc.d/init.d/php-fpm

2.3 add to the list of services

~] # chkconfig-- add php-fpm

2.4 set up boot automatic operation

# chkconfig php-fpm on

2.5 provide configuration files for php-fpm

# cp / usr/local/php54/etc/php-fpm.conf.default / usr/local/etc/php-fpm.conf

2.6 back up the configuration file to the specified directory

# cp-R / usr/local/php54/etc/ ~ / confbak/

Edit the configuration file / usr/local/php54/etc/php-fpm.conf of the configuration php-fpm to modify the following 5 lines

Pm.max_children = 50

Pm.start_servers = 2

Pm.min_spare_servers = 2

Pm.max_spare_servers = 8

Pid = / usr/local/php54/var/run/php-fpm.pid

Listen = 172.16.66.70 9000 native monitoring ip

Listen.allowed_clients = 172.16.66.60 allowed ip

2.8Starting php-fpm service

# service php-fpm start

2.9 check whether the php-fpm service has started successfully

# ps aux | grep php-fpm

2.10 View monitoring sockets

# netstat-tnlp | grep php-fpm

Part IV: install and configure wordpress,phpMyAdmin

In the php-fpm host environment, IP: 172.16.66.70

1. Install and configure wordpress

1.1 decompress the wordpress package

Tools] # unzip wordpress-4.3.1-zh_CN.zip

1.2 copy to the site directory www1

Cp wordpress / data/vhosts/www1

1.3 rename wordpress configuration file to wp-config.php

] # cp wp-config-sample.php wp-config.php

1.4 modify wp-config.php files to connect to the database

~] # sed-n'22 Magi 38p'/ data/vhosts/www1/wordpress/wp-config.php

/ * * name of WordPress database * /

Define ('DB_NAME',' wordpress')

/ * * MySQL database user name * /

Define ('DB_USER',' admin')

/ * * MySQL database password * /

Define ('DB_PASSWORD',' admin')

/ * * MySQL host * /

Define ('DB_HOST',' 172.16.66.80')

/ * default text encoding when creating a datasheet * /

Define ('DB_CHARSET',' utf8')

/ * * Database collation type. If you are not sure, do not change * /

Define ('DB_COLLATE',')

two。 Install and configure phpMyAdmin

2.1 extract the phpMyAdmin package

Tools] # unzip phpMyAdmin-4.4.14.1-all-languages.zip

2.2 copy to the site directory www2

~] # cp-r phpMyAdmin-4.4.14.1-all-languages / data/vhosts/www2

2.3 configure phpMyAdmin softwar

# ln-sv phpMyAdmin-4.4.14.1-all-languages/ pma

2.4 rename profile name

~] # cp config.sample.inc.php config.inc.php

2.5 generate random numbers

~] # openssl rand-hex 8 #-- > (640b56f72820ace8)

2.6 modify profile connection database config.inc.php

~] # vim config.inc.php

$cfg ['blowfish_secret'] =' 640b56f72820ace8'

$cfg ['Servers'] [$I] [' host'] = '172.16.66.80'

$cfg ['Servers'] [$I] [' user'] = 'admin'

$cfg ['Servers'] [$I] [' password'] = 'admin'

$cfg ['Servers'] [$I] [' connect_type'] = 'tcp'

3. Test php and mariad connectivity

3.1 whether httpd-- > php can be accessed

Www1] # cat admin.php

3.2 whether httpd-- > php--mariadb can be accessed

Www1] # cat index.php

4. Test wordpress and phpMyAdmin

4.1 Test in a PC browser to see if wordpress works properly

Http://www1/wordpress/index.php is accessed through port 80

4.2 Test in a PC browser, enter the database name and password as prompted (the host account and password are users in authorized wordpress)

Http://www2/pma/index.php

5. Install and configure the xcache Accelerator for php-fpm

5.1 decompress the xcache3.3 package

# tar xf xcache-3.2.0.tar.bz2

5.2 execute the mount interface under the / tools/xcache-3.2.0 directory

# / usr/local/php54/bin/phpize

5.3 compilation and installation

#. / configure-enable-xcache-with-php-config=/usr/local/php54/bin/php-config

# make & & make install

5.4.Editing php.ini, integrating php and xcache

# cp / tools/xcache-3.2.0/xcache.ini / etc/php54.d

Part V: providing https services for phpMyAdmim

In the httpd host environment, IP: 172.16.66.60

Working directory: / etc/pki/CA/

1. Establish a private CA

1.1 generate a private key

CA] # (umask 077; openssl genrsa-out private/cakey.pem 2048)

1.2 generate self-signed certificate

CA] # openssl req-new-x509-key private/cakey.pem-out cacert.pem

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: Beijing

Common Name (eg, your name or your server's hostname) []: www2

1.3 provision of supporting documents

CA] # touch index.txt

CA] # echo 01 > serial serial number

CA] # tree

.

├── cacert.pem

├── certs

├── crl

├── index.txt

├── newcerts

├── private

│ └── cakey.pem

└── serial

two。 Node applies for certificate

2.1 generate a private key

~] # mkdir-pv / etc/httpd/ssl

Ssl] # (umask 077; openssl genrsa-out httpd.key 1024)

2.2 generate a certificate signing request:

Ssl] # openssl req-new-key httpd.key-out httpd.csr

Country Name (2 letter code) [XX]: CN

State or Province Name (full name) []: Beijing

Common Name (eg, your name or your server's hostname) []: www2

2.3 send the request to CA

Ssl] # cp httpd.csr / tmp/

Certificate issued by 3.CA

3.1 sign the certificate

~] # openssl ca-in / tmp/httpd.csr-out / etc/pki/CA/certs/httpd.crt

3.2 return the signed certificate to the requestor.

~] # cp / etc/pki/CA/certs/httpd.crt / etc/httpd/ssl/

Note: the private CA and the node application certificate are completed on the same machine.

4. Configure httpd to support the use of ssl and the certificates used

4.1 enable the mod_ssl module in httpd.conf

LoadModule ssl_module modules/mod_ssl.so

Include / etc/httpd24/extra/httpd-ssl.conf

4.2 modify the configuration file ssl.conf

~] # cat / etc/httpd/conf.d/ssl.conf

DocumentRoot "/ data/vhosts/www2"

ServerName www2:443

ProxyRequests Off

DirectoryIndex index.php

ProxyPassMatch ^ / (. *\ .php) $fcgi://172.16.66.70:9000/data/vhosts/www2/$1

SSLCertificateFile / etc/httpd24/ssl/httpd.crt

SSLCertificateKeyFile / etc/httpd24/ssl/httpd.key

SSLOptions + StdEnvVars

AllowOverride None

Require all granted

Part VI: stress test report

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.