Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to realize LAMP and Virtual Host based on https under CentOS7

2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >

Share

Shulou(Shulou.com)05/31 Report--

This article Xiaobian for you to introduce in detail "CentOS7 LAMP and https-based virtualization host how to achieve", detailed content, clear steps, details handled properly, I hope that this "CentOS7 LAMP and https-based virtualization host how to achieve" article can help you solve doubts, the following with the editor's ideas slowly in-depth, together to learn new knowledge.

System environment:

Centos 7

Apache 2.4

Php 5.4

Mariadb 5.5

Project requirements:

Create 3 virtual hosts and set up phpmyadmin,wordpress,discuz respectively

Phpmyadmin provides https service.

Using yum to install the components required by the environment

Httpd,php,php-mysql,mariadb-server

# yum install httpd php php-mysql mariadb-server

Turn off selinux and configure the firewall

1. For the convenience of testing, close selinux first

Temporary shutdown:

Setenforce 0

Permanently close:

Vim / etc/sysconfig/selinux

Selinux=disabled

two。 Add port 80gime 443 to centos 7 built-in firewall port 3306

View firewall running status

# firewall-cmd-state

Add Port

# firewall-cmd-add-port=80/tcp-permanent

# firewall-cmd-add-port=443/tcp-permanent

# firewall-cmd-add-port=3306/tcp-permanent

Reload firewall configuration

# firewall-cmd-reload

View existing rules

# iptables-l-n

Third, test whether the software is normal.

1. Start httpd and test access:

# systemctl start httpd

If nothing unexpected, browser access to the test page should be successful at this time.

two。 Test database

Start mariadb

# systemctl start mariadb

You can enter the mariadb command line

# mysql

3. Check the php version, my version is 5.4.16

# php-v

4. Configure apache

1. Create a new required folder

Create folders for each of the three virtual hosts under / web/vhosts, pma,wp,dz

# mkdir-p / web/vhosts/ {pma,wp,dz}

two。 Give apache users access to the entire / web directory:

# chown-r apache:apache / web

3. Create a test page

# vim / web/vhosts/pma/index.php

The content is:

# vim / web/vhosts/wp/index.php content: # vim / web/vhosts/dz/index.php content is:

4. Cancel the welcome page, otherwise there will be interference

# mv / etc/httpd/conf.d/welcome.conf / etc/httpd/conf.d/welcome.conf.bak

5. Add three virtual hosts

Create a profile called vhosts.conf

# vim / etc/httpd/conf.d/vhosts.conf

Content:

Documentroot / web/vhosts/pma servername pma.buybybuy.com errorlog logs/pma.err customlog logs/pma.access combined options indexes followsymlinks allowoverride none require all granted documentroot / web/vhosts/wp servername wp.buybybuy.com errorlog logs/wp.err customlog logs/wp. Access combined options indexes followsymlinks allowoverride none require all granted documentroot / web/vhosts/dz servername dz.buybybuy.com errorlog logs/dz.err customlog logs/dz.access combined options indexes followsymlinks allowoverride none require all granted

6. Reload the httpd configuration:

# systemctl reload httpd

7. Test the three virtual hosts:

The test was successful!

5. Configure mariadb

1. Initialize the security settings just after installing mariadb

Run the security initialization script

# / usr/bin/mysql_secure_installation

Here are my own options for reference

1) do you want to set the root password? (yes)

2) do you want to delete anonymous users? (yes)

3) prohibit root users from logging in remotely? (no, but if the production environment is recommended to prohibit)

4) do you want to delete the test database? (no, keep it if there is a test requirement in the future)

5) reload the authorization form? (yes, the settings you just set are effective immediately)

two。 Attach the command for root user to change password

# mysql set password for 'root'@'localhost'=password (' 123456'); set password for 'root'@'127.0.0.1'=password (' 123456')

six。 Install the package

1. Install phpmyadmin,discuz,wordpress

Download the installation package to the home directory

You can use wget or ftp tools. Because I use xshell to connect to the server, I directly use the matching xftp to throw the installation package in the controller directly into the home directory.

two。 Ensure that the necessary compression / decompression tools are installed

I lack bzip2,zip and unzip here, so

# yum-y install bzip2 zip unzip

Decompress separately

# unzip discuz_x3.2_sc_utf8.zip-d discuz_x3.2_sc_utf8 # tar-xf wordpress-4.5.3-zh_cn.tar.gz # tar-xf phpmyadmin-4.4.15.8-all-languages.tar.bz2

3. Copy to the defined virtual host directory respectively, and only copy the required documents

# cp-a phpmyadmin-4.4.15.8-all-languages/* / web/vhosts/pma/ # cp-a wordpress/* / web/vhosts/wp/ # cp-a discuz_x3.2_sc_utf8/upload/* / web/vhosts/dz/

VII. Debugging the website

1. Configure phpmyadmin

# cd / web/vhosts/pma

Locate the default profile and rename it to the standard name

# cp config.sample.inc.php config.inc.php

Edit configuration file

About 17 lines. Find it.

$cfg ['blowfish_secret'] =''

You need to add a random string here, which can be generated under bash with the following command:

# tr-d 'a-za-z0-9'

< /dev/urandom | head -30 | md5sum     比如生成的字串为     e2d8e1132dc737b3dc1f05cd44c0cc9e     将生成的字串加入到上面的参数的引号中.如图:     保存退出.     访问pma.buybybuy.com的时候发现程序报错:     意思是需要mbstring模块支持,mbstring是一个多语言包.     所以要安装这个包     # yum install php-mbstring     重载httpd以便配置生效     # systemctl reload httpd     重新访问pma.buybybuy.com,页面成功打开     此时可以使用之前配置的mysql的root用户登陆.   2.创建所需数据库     为了安装wordpress和discuz,可以先使用phpmyadmin来为他们创建数据库.     新增->

Fill in the database name-> Select sort code-> create

In addition, we want each website to be accessed by separate database users, so here we create our own users for each database and bind to the corresponding database.

Go back to the home page-> users-> add users

For convenience, I keep the database name consistent with the corresponding user name, which can be created by following the figure below

Because the database has been created in advance, the red underline command skips the step of creating the database, and the blue underline command binds the user to the database.

3. Configure wordpress

Enter the wp directory

# cd / web/vhosts/wp

Copy a profile and rename it to the standard name of the profile

# cp wp-config-sample.php wp-config.php

Edit configuration file

# vim / web/vhosts/wp/wp-config.php

Modify the corresponding value.

Visit wp.buybybuy.com and dz.buybybuy.com, and the installation interface will be displayed. You can install it using the parameters set before.

Configure https for pma.buybybuy.com

1. Make sure openssl is installed because you are using openssl to generate a self-signed certificate

# httpd-m | grep ssl

If not, install

# yum install mod_ssl openssl

two。 Configure the ca server

My method is to configure a ca server (centos a), and then let the current server (centos b) apply for authentication to centos a.

3. Configure the ca server (centos a)

Initialize the ca service and create the required files

# cd / etc/pki/ca/

# touch index.txt / / create an index file

# echo 01 > serial / / create a serial number file

3.2 ca self-signed certificate

Generate a private key

# (umask 077; openssl genrsa-out / etc/pki/ca/private/cakey.pem 2048)

Use the private key to generate a signing certificate

# openssl req-new-x509-key / etc/pki/ca/private/cakey.pem-days 7300-out / etc/pki/ca/cacert.pem

4. Apply for a certificate (centos b):

4.1 create a directory where certificates are stored

# mkdir / etc/httpd/ssl

# cd / etc/httpd/ssl

4.2 generate secret key

# (umask 007 th OpenSSL genrsa-out httpd.key 1024)

4.3 generate request file

# openssl req-new-key httpd.key-out httpd.csr

4.4 fill in the form and write according to your own situation

Country name (2 letter code) [xx]: cn

State or province name (full name) []: beijing

Locality name (eg, city) [default city]: beijing

Organization name (eg, company) [default company ltd]: quintin ltd

Organizational unit name (eg, section) []: ops

Common name (eg, your name or your server's hostname) []: pma.buybybuy.com

Email address []: admin@buybybuy.com

Send the generated file to the ca server centos a, where I use the scp command:

# scp httpd.csr root@192.168.3.67:/tmp/

After following the prompts successfully, httpd.csr should already be in the / tmp/ directory of centos a.

5. Sign the certificate (centos a):

5.1 signed, valid for ten years

# openssl ca-in / tmp/httpd.csr-out / etc/pki/ca/certs/pma.buybybuy.com.crt-days 3650

5.2 pass the generated crt back to centos b

# scp / etc/pki/ca/certs/pma.buybybuy.com.crt root@192.168.3.77:/etc/httpd/ssl/

After following the prompts successfully, pma.buybybuy.com.crt should already be in the / etc/httpd/ssl/ directory of centos b.

6. Configure ssl (centos b):

6.1 backup in advance

# cd / etc/httpd/conf.d/

# cp ssl.conf {, .bak}

6.2Editing ssl.conf

# vim ssl.conf

The following are modifications

= >

Basic settings

Documentroot "/ web/vhosts/pma"

Servername pma.buybybuy.com:443

Certificate location

Sslcertificatefile / etc/pki/tls/certs/localhost.crt

= >

Sslcertificatefile / etc/httpd/ssl/pma.buybybuy.com.crt

Private key location

Sslcertificatekeyfile / etc/pki/tls/private/localhost.key

= >

Sslcertificatekeyfile / etc/httpd/ssl/httpd.key

Save and exit.

6.3 check for configuration file syntax errors:

# httpd-t

6.4 restart httpd:

# systemctl restart httpd

6.5 check to see if port 443 is open:

# ss-tnl

6.6 go to the browser access format:

It is right to see the word https. But will prompt invalid, just add trust.

After reading this, the article "how to implement LAMP and https-based virtualized hosts under CentOS7" has been introduced. If you want to master the knowledge points of this article, you still need to practice and use it yourself. If you want to know more about related articles, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Internet Technology

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report