@H_301_3@
@H_301_3@
安装要求:CentOS 7系统之 lamp ( module )@H_301_3@
(1) 三者分离于两台主机;@H_301_3@
(2) 一个虚拟主机用于提供PHPMyAdmin;另一个虚拟主机用于提供wordpress;@H_301_3@
(3) xcache@H_301_3@
(4) 为PHPMyAdmin提供https虚拟主机;@H_301_3@
@H_301_3@
安装环境:@H_301_3@
IP | 系统 | 安装软件 |
192.168.1.103 | CentOS 7 | httpd,PHP,wordpress,PHPMyAdmin |
192.168.1.104 | CentOS 7 | mariadb |
@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
开始前下载阿里云的base源到本地。@H_301_3@
@H_301_3@
@H_301_3@
1、 192.168.1.104主机配置(数据库的创建 ,授权等)@H_301_3@
@H_301_3@
@H_301_3@
[root@localhost yum.repos.d]# yum install mariadb mariadb-server -y@H_301_3@
[root@localhost yum.repos.d]# systemctl start mariadb.service@H_301_3@
[root@localhost ~]# MysqL_secure_installation //设置安全向导,root密码改为mageedu@H_301_3@
@H_301_3@
/usr/bin/MysqL_secure_installation: line 379: find_MysqL_client: command not found@H_301_3@
@H_301_3@
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB@H_301_3@
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!@H_301_3@
@H_301_3@
In order to log into MariaDB to secure it,we'll need the current@H_301_3@
password for the root user. If you've just installed MariaDB,and@H_301_3@
you haven't set the root password yet,the password will be blank,@H_301_3@
so you should just press enter here.@H_301_3@
@H_301_3@
Enter current password for root (enter for none):@H_301_3@
OK,successfully used password,moving on...@H_301_3@
@H_301_3@
Setting the root password ensures that nobody can log into the MariaDB@H_301_3@
root user without the proper authorisation.@H_301_3@
@H_301_3@
Set root password? [Y/n] y@H_301_3@
New password:@H_301_3@
Re-enter new password:@H_301_3@
Password updated successfully!@H_301_3@
Reloading privilege tables..@H_301_3@
... Success!@H_301_3@
@H_301_3@
@H_301_3@
By default,a MariaDB installation has an anonymous user,allowing anyone@H_301_3@
to log into MariaDB without having to have a user account created for@H_301_3@
them. This is intended only for testing,and to make the installation@H_301_3@
go a bit smoother. You should remove them before moving into a@H_301_3@
production environment.@H_301_3@
@H_301_3@
Remove anonymous users? [Y/n] y@H_301_3@
... Success!@H_301_3@
@H_301_3@
Normally,root should only be allowed to connect from 'localhost'. This@H_301_3@
ensures that someone cannot guess at the root password from the network.@H_301_3@
@H_301_3@
Disallow root login remotely? [Y/n] n@H_301_3@
... skipping.@H_301_3@
@H_301_3@
By default,MariaDB comes with a database named 'test' that anyone can@H_301_3@
access. This is also intended only for testing,and should be removed@H_301_3@
before moving into a production environment.@H_301_3@
@H_301_3@
Remove test database and access to it? [Y/n] n@H_301_3@
... skipping.@H_301_3@
@H_301_3@
Reloading the privilege tables will ensure that all changes made so far@H_301_3@
will take effect immediately.@H_301_3@
@H_301_3@
Reload privilege tables now? [Y/n] y@H_301_3@
... Success!@H_301_3@
@H_301_3@
Cleaning up...@H_301_3@
@H_301_3@
All done! If you've completed all of the above steps,your MariaDB@H_301_3@
installation should now be secure.@H_301_3@
@H_301_3@
Thanks for using MariaDB!@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
[root@localhost ~]# MysqL -uroot -pmageedu //验证用户登陆@H_301_3@
MariaDB [(none)]> CREATE DATABASE wpdb; //创建wordpress数据库@H_301_3@
MariaDB [(none)]> GRANT ALL ON wpdb.* TO wpuser@'192.168.%.%' IDENTIFIED BY 'wppass'; //授权wordpress用户@H_301_3@
MariaDB [(none)]> FLUSH PRIVILEGES;@H_301_3@
MariaDB [(none)]> SHOW DATABASES;@H_301_3@
+--------------------+@H_301_3@
| Database |@H_301_3@
+--------------------+@H_301_3@
| information_schema |@H_301_3@
| performance_schema |@H_301_3@
| test |@H_301_3@
| wpdb |@H_301_3@
+--------------------+@H_301_3@
5 rows in set (0.00 sec)@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
MariaDB [(none)]> CREATE DATABASE pma; //创建PHPMyAdmin数据库@H_301_3@
Query OK,1 row affected (0.00 sec)@H_301_3@
MariaDB [(none)]> GRANT ALL ON pma.* TO pma@'192.168.%.%' IDENTIFIED BY 'pmapass'; @H_301_3@
Query OK,0 rows affected (0.00 sec)@H_301_3@
MariaDB [(none)]> FLUSH PRIVILEGES; @H_301_3@
Query OK,0 rows affected (0.00 sec)@H_301_3@
@H_301_3@
@H_301_3@
MariaDB [(none)]> GRANT ALL ON *.* TO testuser@'192.168.%.%' IDENTIFIED BY 'testpass';@H_301_3@
Query OK,0 rows affected (0.00 sec) //授权一个测试用户@H_301_3@
@H_301_3@
MariaDB [(none)]> FLUSH PRIVILEGES;@H_301_3@
Query OK,0 rows affected (0.00 sec)@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
2、 192.168.1.103主机配置 (httpd,PHP)
@H_301_3@
[root@localhost ~]# yum install httpd PHP PHP-MysqL PHP-mbstring -y
@H_301_3@
[root@localhost ~]# systemctl start httpd.service@H_301_3@
@H_301_3@
编写测试代码,验证PHP是否可以连接数据库
@H_301_3@
@H_301_3@
[root@localhost ~]# cd /var/www/html@H_301_3@
[root@localhost html]# vim index.PHP@H_301_3@
@H_301_3@
@H_301_3@
[root@localhost html]# systemctl reload httpd.service@H_301_3@
@H_301_3@3、xcache的编译安装@H_301_3@
@H_301_3@
@H_547_404@xcache可以选择编译安装,但epel源中也有提供,这里用编译安装的方式。@H_301_3@
[root@localhost~]#yumgroupinstall"DevelopmentTools""ServerPlatformDevelopment"-y //安装开发包组@H_301_3@
[root@localhost ~]# yum install PHP-devel -y //安装xcache依赖PHP的包@H_301_3@
@H_301_3@
下载xcache压缩包
@H_301_3@
[root@localhost ~]# ls@H_301_3@
anaconda-ks.cfg xcache-3.2.0.tar.bz2@H_301_3@
[root@localhost ~]# tar xf xcache-3.2.0.tar.bz2@H_301_3@
[root@localhost ~]# ls@H_301_3@
anaconda-ks.cfg xcache-3.2.0 xcache-3.2.0.tar.bz2@H_301_3@
[root@localhost ~]# cd xcache-3.2.0/@H_301_3@
[root@localhost xcache-3.2.0]# PHPize@H_301_3@
[root@localhost xcache-3.2.0]# ./configure --enable-xcache --with-PHP-config=/usr/bin/PHP-config@H_301_3@
[root@localhost xcache-3.2.0]# make && make install@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
[root@localhost xcache-3.2.0]# cp xcache.ini /etc/PHP.d/@H_301_3@
[root@localhost xcache-3.2.0]# systemctl restart httpd.service@H_301_3@
@H_301_3@
@H_301_3@
浏览器访问,发现xcache已经安装完,对应版本为3.2.0
@H_301_3@
@H_301_3@
@H_301_3@
4、安装配置wordpress,配置虚拟主机@H_301_3@
@H_301_3@
@H_301_3@
配置虚拟主机 @H_301_3@
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf //注释掉httpd默认访问路径@H_301_3@
#DocumentRoot "/var/www/html"@H_301_3@
@H_301_3@
[root@localhost ~]# mkdir /web/vhost/test1 -pv //创建虚拟主机的访问路径@H_301_3@
[root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf //创建虚拟主机的配置文件@H_301_3@
@H_301_3@
<VirtualHost 192.168.1.103:80>@H_301_3@
DocumentRoot "/web/vhost/test1"@H_301_3@
@H_301_3@
<Directory "/web/vhost/test1">@H_301_3@
Options None@H_301_3@
AllowOverride None@H_301_3@
Require all granted@H_301_3@
</Directory>@H_301_3@
</VirtualHost>@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
下载wordpress(下载地址:https://wordpress.org/download/)@H_301_3@
[root@localhost ~]# cd /web/vhost/test1@H_301_3@
[root@localhost test1]# unzip wordpress-4.3.1-zh_CN.zip@H_301_3@
[root@localhost test1]# cd wordpress/ @H_301_3@
[root@localhost wordpress]# cp wp-config-sample.PHP wp-config.php //复制示例的访问配置PHP文件,修改即可。 @H_301_3@
[root@localhost wordpress]# vim wp-config.php@H_301_3@
@H_301_3@[root@localhost ~]# systemctl restart httpd.service@H_301_3@
@H_301_3@
@H_301_3@
浏览器访问测试@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
配置虚拟主机 @H_301_3@
@H_301_3@
[root@localhost vhost]# vim /etc/httpd/conf/httpd.conf@H_301_3@
//添加8080端口@H_301_3@
@H_301_3@
[root@localhost ~]# mkdir /web/vhost/test2 -pv //创建虚拟主机的访问路径
@H_301_3@
[root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf //编辑wordpress虚拟主机的配置文件即可@H_301_3@
@H_301_3@
@H_301_3@
<VirtualHost 192.168.1.103:80>@H_301_3@
DocumentRoot "/web/vhost/test1"@H_301_3@
@H_301_3@
<Directory "/web/vhost/test1">@H_301_3@
Options None@H_301_3@
AllowOverride None@H_301_3@
Require all granted@H_301_3@
</Directory>@H_301_3@
</VirtualHost>@H_301_3@
@H_301_3@
<VirtualHost 192.168.1.103:8080>@H_301_3@
DocumentRoot "/web/vhost/test2"@H_301_3@
@H_301_3@
<Directory "/web/vhost/test2">@H_301_3@
Options FollowSymlinks@H_301_3@
AllowOverride None@H_301_3@
Require all granted@H_301_3@
</Directory>@H_301_3@
</VirtualHost>@H_301_3@
@H_301_3@
@H_301_3@
下载方式:https://www.phpmyadmin.net/downloads/@H_301_3@
@H_301_3@
[root@localhost ~]# cd /web/vhost/test2@H_301_3@
[root@localhost test2]# unzip PHPMyAdmin-4.4.14.1-all-languages.zip@H_301_3@
[root@localhost test2]# ln -sv PHPMyAdmin-4.4.14.1-all-languages pma@H_301_3@
‘pma’ -> ‘PHPMyAdmin-4.4.14.1-all-languages’@H_301_3@
[root@localhost test2]# cd pma@H_301_3@
[root@localhost pma]# cp config.sample.inc.PHP config.inc.PHP@H_301_3@
[root@localhost pma]# openssl rand -base64 15 //生成15个随机数@H_301_3@
fgqvst4l0yODkOhq4FXC@H_301_3@
@H_301_3@
[root@localhost pma]# vim config.inc.PHP //把随机数添加到访问配置文件中@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
用浏览器访问测试 192.168.1.103:8080/pma@H_301_3@
密码为 : pmapass@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
@H_301_3@
6、为PHPMyAdmin提供https虚拟主机@H_301_3@
@H_301_3@
把192.168.1.104做CA主机,192.168.1.103服务器进行测试
@H_301_3@
1)
@H_301_3@
a) 192.168.1.104主机上,创建私有CA
@H_301_3@
@H_301_3@
[root@localhost ~]# cd /etc/pki/CA@H_301_3@
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成一个私钥@H_301_3@
Generating RSA private key,2048 bit long modulus@H_301_3@
.....................+++@H_301_3@
.............+++@H_301_3@
e is 65537 (0x10001)@H_301_3@
[root@localhost CA]# ll private/@H_301_3@
total 4@H_301_3@
-rw------- 1 root root 1679 May 27 07:09 cakey.pem@H_301_3@
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem //生成自己的自签证书@H_301_3@
[root@localhost CA]# ll@H_301_3@
total 4@H_301_3@
-rw-r--r-- 1 root root 1391 May 27 07:12 cacert.pem@H_301_3@
drwxr-xr-x. 2 root root 6 Jun 29 2015 certs@H_301_3@
drwxr-xr-x. 2 root root 6 Jun 29 2015 crl@H_301_3@
drwxr-xr-x. 2 root root 6 Jun 29 2015 newcerts@H_301_3@
drwx------. 2 root root 22 May 27 07:09 private@H_301_3@
@H_301_3@
[root@localhost CA]# touch serial index.txt@H_301_3@
[root@localhost CA]# echo 01 >serial@H_301_3@
@H_301_3@
b)192.168.1.103主机,创建证书签署请求
@H_301_3@
@H_301_3@
[root@localhost ~]# cd /etc/httpd@H_301_3@
[root@localhost httpd]# mkdir ssl@H_301_3@
[root@localhost httpd]# cd ssl@H_301_3@
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 1024)@H_301_3@
Generating RSA private key,1024 bit long modulus@H_301_3@
..........++++++@H_301_3@
..................++++++@H_301_3@
e is 65537 (0x10001)@H_301_3@
[root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr@H_301_3@
@H_301_3@[root@localhost ssl]# ls@H_301_3@
httpd.csr httpd.key@H_301_3@
[root@localhost ssl]# scp httpd.csr root@192.168.1.104:/tmp@H_301_3@
@H_301_3@
c) 192.168.1.104 签署证书
@H_301_3@
@H_301_3@
[root@localhost CA]# openssl ca -in /tmp/httpd.csr -out certs/httpd.crt@H_301_3@
@H_301_3@
@H_301_3@
[root@localhost CA]# scp certs/httpd.crt root@192.168.1.103:/etc/httpd/ssl/@H_301_3@
@H_301_3@
2)、 192.168.1.103主机,配置httpd支持使用ssl,及使用的证书
@H_301_3@
@H_301_3@
[root@localhost ssl]# ls@H_301_3@
httpd.crt httpd.csr httpd.key@H_301_3@
@H_301_3@
[root@localhost ssl]# yum install mod_ssl -y@H_301_3@
[root@localhost ssl]# cd /etc/httpd/conf.d@H_301_3@
[root@localhost conf.d]# ls@H_301_3@
autoindex.conf PHP.conf README ssl.conf userdir.conf vhost.conf welcome.conf@H_301_3@
[root@localhost conf.d]# mv ssl.conf ssl.conf.backup@H_301_3@
[root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf@H_301_3@
@H_301_3@[root@localhost conf.d]# httpd -t @H_301_3@
[root@localhost conf.d]# systemctl restart httpd.service@H_301_3@
@H_301_3@
@H_301_3@
此时因为浏览器没有导入CA证书,所以基于https的访问将无法进行,需要浏览器中导入CA证书文件(把虚拟主机中/etc/pki/CA/cacert.pem文件复制到物理主机上进行导入)@H_301_3@
@H_301_3@