马哥教育网络班19期第十二周课程练习

1、请描述一次完整的http请求处理过程；

一次完整的http请求处理过程如下：

(1) 建立或处理连接：接收客户端的请求，建立连接，或是拒绝其请求

(2) 接收请求：

接收来自于网络的请求报文中对某资源的一次请求的过程时，web服务器也分几种模型对并发请求进行响应：

               a. 单进程I/O结构：启动一个进程处理用户请求，而且一次只处理一个；多个请求被串行响应；实质就是排队机制，第一个用户的请求处理完再处理第二个，其它排队等待。这种方式串行执行，效率不高。

  b. 多进程I/O结构：并行启动多个进程，每个进程响应一个请求；

  c. 复用I/O结构：一个进程响应n个请求；

  d. 多线程模型：一个进程生成N个线程，每个线程响应一个用户请求；

  e. 复用的多进程I/O结构：启动多个（m）进程，每个进程响应n个请求；此模式实质上为事件驱动：event-driven，效率最高。

(3) 处理请求：对请求报文进行解析，并获取请求的资源及请求方法等相关信息

(4) 访问资源：获取请求报文中请求的资源

(5) 拿到需要的资源之后，就会构建响应报文，准备向用户回复

(6) 发送响应报文，回复请求

(7) 记录日志：对每个请求资源，详细记录访问日志信息，以便于以后的安全审查或数据分析。

以上就是一次完整的http请求的处理过程。

2、httpd所支持的处理模型有哪些，他们的分别使用于哪些环境。

httpd所支持的事务处理模型主要有：

prefork

worker

event

他们分别使用于以下场景：、

prefork: 多进程模型，每个进程负责响应一个请求。prefork模型在工作时，由一个主进程负责生成n个子进程，即工作进程。每个工作进程

响应一个用户请求，即使当前没有用户请求，它亦会预先生成多个空闲进程，随时等待请求连接，这样的好处是，服务器不用等到请求到达时，

才去临时建立进程，缩短了进程创建的时间。提高连接效率。但受限于linux的特性，工作进程数上限为1024个，如超出该数量，服务器性能会急剧降低。

因而，prefork模型的最大并发连接数量最大为1024。由于每个工作进程相对独立，就算崩溃了，也不会对其它进程有明显影响。所以，该模型的特点是稳定可靠，

适合于并发量适中而又追求稳定的用户使用。

worker：多线程模型，每个线程响应一个请求。worker模型在工作时，也有一个主进程负责生成多个子进程，同时每个子进程负责生个多个线程，每个线程响应一个用户

请求。同理，worker模型也会预先创建一些空闲线程来等待用户连接。并发连接数，如果生成进程数为m，线程为n，则并发数可达到m*n个。但由于在linux中，原生不支持

线程，且进程本身就足够轻量化，与线程的区别不是十分巨大，因而，worker模型在linux环境中的实际性能表现与prefork相差无几。

event：事件驱动模型，每个线程响应n个用户请求。event模型工作时，由主进程生成m个子进程，每个单独的子进程可响应n个用户请求。因而，event的并发数量可达到m*n

个，同时，因为event的子进程为一对多，节省了大量CPU进程间切换上下文的时间，也没有了linux系统的1024个进程限制，所以,event模型是三种模型中效率最高的一种。

可以实破c10k的限制(即并发数1w)，对海量并发的系统特别适用。

3、源码编译安装LAMP环境（基于wordpress程序），并写出详细的安装、配置、测试过程。

以CentOS7,httpd2.4.23,mariadb10.1.16,php5.6.23为例，源码编译安装LAMP，详细步骤如下：

首先，编译安装httpd

    编译安装httpd，先要准备好安装环境，需要升级apr(apache portable runtime)及apr-util组件到较新版本(1.5以上)

    ##首先装上开发工具

[root@localhost LAMP]#yum groupinstall -y "Development Tools"

##解压apr，并安装

[root@localhost LAMP]# tar xzvf apr-1.5.2.tar.gz

[root@localhost LAMP]# cd apr-1.5.2/

[root@localhost apr-1.5.2]# ./configure –prefix=/usr/local/apr

[root@localhost apr-1.5.2]# make && make install 

##解压apr-util,并安装 

[root@localhost LAMP]# tar xzvf apr-util-1.5.4.tar.gz 

[root@localhost LAMP]# cd apr-util-1.5.4/

[root@localhost apr-util-1.5.4]# ./configure –prefix=/usr/local/apr-util –with-apr=/usr/local/apr

[root@localhost apr-util-1.5.4]# make && make install

##解压httpd 

[root@localhost LAMP]# tar xzvf httpd-2.4.23.tar.gz

[root@localhost LAMP]# cd httpd-2.4.23/

##再安装几个必备软件

[root@localhost httpd-2.4.23]# yum install -y openssl openssl-devel pcre pcre-devel 

[root@localhost httpd-2.4.23]# ./configure –prefix=/usr/local/apache –sysconfdir=/etc/httpd –enable-so –enable-ssl –enable-cgi –enable-rewrite –with-zlib –with-pcre –with-apr=/usr/local/apr –with-apr-util=/usr/local/apr-util –enable-modules=most –enable-mpms-shared=all –with-mpm=event

[root@localhost httpd-2.4.23]# make && make install 

##将apache的bin加入PATH变量中

[root@localhost httpd-2.4.23]# vim /etc/profile.d/httpd.sh

   export PATH=/usr/local/apache/bin:$PATH

##输出头文件

[root@localhost apache]# ln -sv /usr/local/apache/include/ /usr/include/apache 

‘/usr/include/apache’ -> ‘/usr/local/apache/include/’

##输出帮助文件

[root@localhost apache]# vim /etc/man_db.conf 

MANPATH_MAP     /usr/local/apache/bin   /usr/local/apache/man

##启动httpd,检查正常与否

[root@localhost httpd]# apachectl start 

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message

[root@localhost httpd]# ss -ntlp | grep httpd

LISTEN     0      128                      :::80                      :::*      users:(("httpd",71402,4),("httpd",71401,4),("httpd",71400,4),("httpd",71399,4))

[root@localhost httpd]#

[root@localhost httpd]# curl http://172.16.100.100

<html><body><h1>It works!</h1></body></html>

[root@localhost httpd]# 

##网站正常启动

然后，安装mariadb

    ##mariadb编译安装需要cmake，先安装cmake

[root@lamp mariadb-10.1.16]# yum install -y cmake

##解压:

[root@lamp LAMP]# tar xzvf mariadb-10.1.16.tar.gz -C /usr/local/

##创建专用用户及用户组

[root@lamp local]# groupadd -r -g 3306 mysql 

[root@lamp local]# useradd -r -g 3306 -u 3306 mysql

[root@lamp local]# id mysql

uid=3306(mysql) gid=3306(mysql) groups=3306(mysql)

##开始编译mariadb

[root@lamp local]# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mariadb -DMYSQL_DATADIR=/usr/local/mariadb/data  -DSYSCONFDIR=/etc -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DWITH_SSL=system -DWITH_ZLIB=system -DWITH_LIBWRAP=0 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci

CMake Error at cmake/readline.cmake:85 (MESSAGE):

 Curses library not found.  Please install appropriate package,

 remove CMakeCache.txt and rerun cmake.On Debian/Ubuntu, package name is libncurses5-dev, on Redhat and derivates it is ncurses-devel.

Call Stack (most recent call first):

 cmake/readline.cmake:196 (FIND_CURSES)

 CMakeLists.txt:334 (MYSQL_CHECK_READLINE)

— Configuring incomplete, errors occurred!

##报错了，这里提示缺少了ncurses-devel，马上装上

[root@lamp mariadb-10.1.16]# yum install -y ncurses-devel

##重新cmake,这次没问题了。

##通过之后make && make install 

[root@lamp mariadb-10.1.16]# make && make install

##安装完成之后，同样需要设置环境参数

[root@lamp local]# chmod 660 -R mariadb/

[root@lamp local]# chown mysql.mysql -R mariadb/

##安装管理数据库

[root@lamp mariadb]# ./scripts/mysql_install_db 

##安装完毕后，启动数据库

[root@lamp /]# /usr/local/mariadb/bin/mysqld_safe –user=mysql &

    ##检查端口有没有监听

[root@lamp mariadb]# ss -ntlp | grep mysqld

LISTEN     0      80                       :::3306                    :::*      users:(("mysqld",3436,20))

##使用客户端连接，并修改默认的root密码，将其空密码更改为redhat

[root@lamp /]# mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.16-MariaDB Source distribution

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

MariaDB [mysql]> update user set password=password('redhat');

Query OK, 6 rows affected (0.00 sec)

Rows matched: 6  Changed: 6  Warnings: 0

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> select user,host,password from user ;

+——+—————+——————————————-+

| user | host          | password                                  |

+——+—————+——————————————-+

| root | localhost     | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

| root | lamp.test.net | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

| root | 127.0.0.1     | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

| root | ::1           | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

|      | localhost     | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

|      | lamp.test.net | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |

+——+—————+——————————————-+

6 rows in set (0.00 sec)

MariaDB [mysql]> 

安装php 

##数据库正常，接着，安装php 

    ##解压

[root@LAMP setup]# tar xf  php-5.6.23.tar.bz2 

##编译 

[root@localhost php-5.6.23]# ./configure –prefix=/usr/local/php –with-mysql=mysqlnd –with-openssl –with-mysqli=mysqlnd –enable-mbstring –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr/lib64 –enable-xml  –enable-sockets –with-apxs2=/usr/local/apache/bin/apxs –with-mcrypt=/usr/local/libmcrypt  –with-config-file-path=/etc –with-config-file-scan-dir=/etc/php.d –with-bz2  –enable-maintainer-zts

## vim /etc/httpd/httpd.conf

##添加php网页类型

AddType application/x-httpd-php  .php

AddType application/x-httpd-php-source  .phps

##定位至DirectoryIndex index.html 

修改为：

    DirectoryIndex  index.php  index.html

    

##重启httpd服务

##安装phpMyAdmin

##解压phpMyAdmin-4.6.3-all-languages 到 htdoc目录下,创建链接文件

[root@localhost htdocs]# ln -sv phpMyAdmin-4.6.3-all-languages pma

‘pma’ -> ‘phpMyAdmin-4.6.3-all-languages’

##访问phpMyAdmin

##配置wordpress 

   ##连接mairadb,创建用于wordpress连接的数据库用户wpuser,密码为redhat

   [root@localhost htdocs]# mysql -p

Enter password: 

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 8

Server version: 10.1.16-MariaDB Source distribution

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> grant all on wpdb.* TO 'wpuser'@'127.0.0.1' IDENTIFIED by 'redhat';

Query OK, 0 rows affected (0.09 sec)

MariaDB [(none)]> create database wpdb;

Query OK, 1 row affected (0.04 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit

Bye

   ##解压

[root@localhost LAMP]# unzip wordpress-4.5.3-zh_CN.zip 

##移到htdoc目录下

[root@localhost LAMP]# mv wordpress /usr/local/apache/htdocs/

[root@localhost wordpress]# mv wp-config-sample.php wp-config.php

##编辑wp-config.php，修改数据库连接相关的参数

[root@localhost wordpress]# vim wp-config.php

define('DB_NAME', 'wpdb');

/** MySQL数据库用户名 */

define('DB_USER', 'wpuser');

/** MySQL数据库密码 */

define('DB_PASSWORD', 'redhat');

/** MySQL主机 */

define('DB_HOST', '127.0.0.1');

/** 创建数据表时默认的文字编码 */

define('DB_CHARSET', 'utf8');

/** 数据库整理类型。如不确定请勿更改 */

define('DB_COLLATE', '');

##重启httpd服务

完成  

4、建立httpd服务器(基于编译的方式进行)，要求：

     提供两个基于名称的虚拟主机:

    (a)www1.stuX.com，页面文件目录为/web/vhosts/www1；错误日志为/var/log/httpd/www1.err，访问日志为/var/log/httpd/www1.access；

    (b)www2.stuX.com，页面文件目录为/web/vhosts/www2；错误日志为/var/log/httpd/www2.err，访问日志为/var/log/httpd/www2.access；

    (c)为两个虚拟主机建立各自的主页文件index.html，内容分别为其对应的主机名；

    (d)通过www1.stuX.com/server-status输出httpd工作状态相关信息，且只允许提供帐号密码才能访问(status:status)；

编译安装httpd 

首先编译apr apache portable runtime,

[root@www LAMP]# cd apr-1.5.2/

[root@www apr-1.5.2]# ./configure –prefix=/usr/local/apr

[root@www apr-1.5.2]# make && make install

然后编译apr-util

[root@www LAMP]# cd apr-util-1.5.4/

[root@www apr-util-1.5.4]# ./configure –prefix=/usr/local/apr-util –with-apr=/usr/local/apr

[root@www apr-util-1.5.4]# make && make install

开始编译httpd2.4.16

[root@www LAMP]# cd httpd-2.4.16/

[root@www httpd-2.4.16]# groupadd -r apache 

[root@www httpd-2.4.16]# useradd -r -g apache apache

##mpm选择prefork方式，编译安装

[root@www httpd-2.4.16]# ./configure –prefix=/usr/local/apache –sysconf=/etc/httpd24 –enable-so –enable-ssl –enable-cgi –enable-rewrite –with-zlib –with-pcre –with-apr=/usr/local/apr –with-apr-util=/usr/local/apr-util/ –enable-modules=most –enable-mpms-shared=all –with-mpm=prefork

[root@www httpd-2.4.16]# make && make install

##关闭selinux

[root@www bin]# setenforce 0

[root@www bin]# getenforce

Permissive

##关闭防火墙

[root@www selinux]# systemctl stop  firewalld.service

[root@www selinux]# systemctl disable firewalld.service

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[root@www selinux]# 

##将apache的bin加入PATH变量中

[root@www profile.d]# vim /etc/profile.d/httpd.sh 

PATH=$PATH:/usr/local/apache/bin

##输出头文件

[root@www apache]# ln -sv /usr/local/apache/include/ /usr/include/apache

a/usr/include/apachea -> a/usr/local/apache/include/a

[root@www apache]# 

##检查帮助文件

[root@www etc]# vim man_db.conf 

MANDB_MAP       /usr/local/apache/man

##启动apache

[root@www httpd]# apachectl start

[root@www httpd]# ss -ntlp | grep :80

LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=26283,fd=4),("httpd",pid=26282,fd=4),("httpd",pid=26281,fd=4),("httpd",pid=26280,fd=4))

##配置网站，添加两个虚拟主机

[root@www httpd]# vim /etc/httpd/httpd.conf

##禁用主站的目录

#DocumentRoot "/usr/local/apache/htdocs"

##启用虚拟主机

# Virtual hosts

Include /etc/httpd/extra/httpd-vhosts.conf

##测试配置

[root@www httpd]# httpd -t

AH00112: Warning: DocumentRoot [/web/vhosts/www1] does not exist

AH00112: Warning: DocumentRoot [/web/vhosts/www2] does not exist

(2)No such file or directory: AH02291: Cannot access directory '/var/log/httpd/' for error log of vhost defined at /etc/httpd/extra/httpd-vhosts.conf:48

(2)No such file or directory: AH02291: Cannot access directory '/var/log/httpd/' for error log of vhost defined at /etc/httpd/extra/httpd-vhosts.conf:41

AH00014: Configuration check failed

[root@www httpd]# 

##建好相应的目录

[root@www httpd]# mkdir -pv /web/vhosts/{www1,www2} 

mkdir: created directory a/weba

mkdir: created directory a/web/vhostsa

mkdir: created directory a/web/vhosts/www1a

mkdir: created directory a/web/vhosts/www2

[root@www httpd]# mkdir /var/log/httpd -pv 

mkdir: created directory a/var/log/httpda

##编辑httpd.conf主配置文件，添加两个虚拟主机目录的访问权限

[root@www httpd]# vim  /etc/httpd/httpd.conf

###############################

<Directory "/web/vhosts/www1">

  options none

  allowoverride none

  Require all granted

</Directory>

<Directory "/web/vhosts/www2">

  options none

  allowoverride none

  Require all granted

</Directory>

###############################

##编辑httpd-vhosts.conf文件，添加以下内容

[root@www extra]# vim /etc/httpd/extra/httpd-vhosts.conf 

<VirtualHost *:80>

    DocumentRoot "/web/vhosts/www1"

    ServerName www1.stuX.com

    ErrorLog "/var/log/httpd/www1.err"

    CustomLog "/var/log/httpd/www1.access" common

</VirtualHost>

<VirtualHost *:80>

    DocumentRoot "/web/vhosts/www2"

    ServerName www2.stuX.com

    ErrorLog "/var/log/httpd/www2.err"

    CustomLog "/var/log/httpd/www2.cacess" common

</VirtualHost>

[root@www httpd]# 

[root@www httpd]# httpd -t

Syntax OK

##重启服务

[root@www httpd]# apachectl stop

[root@www httpd]# apachectl start

[root@www httpd]# 

##构建网站主页文件

[root@www www2]# vim /web/vhosts/www1/index.html

<h1>www1.stuX.com</h1>

[root@www www2]# vim /web/vhosts/www2/index.html

<h1>www2.stuX.com</h1>

##在其它电脑访问这台主机，检验网站能否正常工作

[root@www httpd]# curl http://www1.stuX.com

<h1>www1.stuX.com</h1>

[root@www httpd]# curl http://www2.stuX.com

<h1>www2.stuX.com</h1>

[root@www httpd]# 

##构建Server-Status设置

##在www1.stuX.com里，增加server-status的设置，具体内容如下：

<VirtualHost *:80>

    DocumentRoot "/web/vhosts/www1"

    ServerName www1.stuX.com

    ErrorLog "/var/log/httpd/www1.err"

    CustomLog "/var/log/httpd/www1.access" common

  <Location /server-status>

    SetHandler server-status

    AuthType Basic

    AuthName "Server-Status"

    AuthUserFile "/etc/httpd/.htpasswd"

    Require valid-user

  </Location>

</VirtualHost>

##生成.htpasswd密码验证文件

[root@www httpd]# htpasswd -c -m .htpasswd status

New password: 

Re-type new password: 

Adding password for user status

##重启服务后访问验证

5、为第4题中的第2个虚拟主机提供https服务，使得用户可以通过https安全的访问此web站点；

   (1)要求使用证书认证，证书中要求使用的国家(CN)、州(HA)、城市(ZZ)和组织(MageEdu)；

   (2)设置部门为Ops，主机名为www2.stuX.com，邮件为admin@stuX.com；

##演示目的，CA与Web在同一主机上   

[root@www CA]# touch index.txt

[root@www CA]# echo 01 > serial

[root@www CA]# 

[root@www CA]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

Generating RSA private key, 2048 bit long modulus

………………………………………+++

…………………………………………………………………………………………………+++

e is 65537 (0x10001)

[root@www CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.epm -days 7300 -out /etc/pki/CA/cacert.pem

Error opening Private Key /etc/pki/CA/private/cakey.epm

140239236687776:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/CA/private/cakey.epm','r')

140239236687776:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:

unable to load Private Key

[root@www CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 7300 -out /etc/pki/CA/cacert.pem

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:HA

Locality Name (eg, city) [Default City]:ZZ

Organization Name (eg, company) [Default Company Ltd]:MageEdu

Organizational Unit Name (eg, section) []:Ops

Common Name (eg, your name or your server's hostname) []:ca.stuX.com

Email Address []:admin@stuX.com

[root@www CA]#    

   

[root@www CA]# cd /etc/httpd/

[root@www httpd]# mkdir ssl

[root@www httpd]# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)

Generating RSA private key, 2048 bit long modulus

……………………………………………………………………………………………………………………………………………………………………………+++

………………………………………………………………………………………………………………………………+++

e is 65537 (0x10001)

[root@www httpd]# openssl req -new -key /etc/httpd/ssl/httpd.key -days 365 -out /etc/httpd/ssl/httpd.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:HA

Locality Name (eg, city) [Default City]:ZZ

Organization Name (eg, company) [Default Company Ltd]:MageEdu

Organizational Unit Name (eg, section) []:Ops

Common Name (eg, your name or your server's hostname) []:www2.stuX.com

Email Address []:admin@stuX.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@www httpd]# 

[root@www httpd]# openssl ca -in /etc/httpd/ssl/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 1 (0x1)

        Validity

            Not Before: Jul 29 10:01:20 2016 GMT

            Not After : Jul 29 10:01:20 2017 GMT

        Subject:

            countryName               = CN

            stateOrProvinceName       = HA

            organizationName          = MageEdu

            organizationalUnitName    = Ops

            commonName                = www2.stuX.com

            emailAddress              = admin@stuX.com

        X509v3 extensions:

            X509v3 Basic Constraints: 

                CA:FALSE

            Netscape Comment: 

                OpenSSL Generated Certificate

            X509v3 Subject Key Identifier: 

                AB:81:27:C8:00:58:44:0E:56:5C:AD:2D:10:4F:5C:0B:02:29:A8:BB

            X509v3 Authority Key Identifier: 

                keyid:37:98:CA:7C:F9:75:5B:5A:40:4F:95:28:7B:7D:BB:25:BB:26:FC:5B

Certificate is to be certified until Jul 29 10:01:20 2017 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

[root@www httpd]# 

[root@www httpd]# ls /etc/pki/CA/certs/httpd.crt

/etc/pki/CA/certs/httpd.crt

[root@www httpd]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/

[root@www httpd]# ls /etc/httpd/ssl/

httpd.crt  httpd.csr  httpd.key

[root@www httpd]# 

#<VirtualHost _default_:443>

<VirtualHost 172.16.100.100:443>

#   General setup for the virtual host

#DocumentRoot "/usr/local/apache/htdocs"

#ServerName www.example.com:443

#ServerAdmin you@example.com

#ErrorLog "/usr/local/apache/logs/error_log"

#TransferLog "/usr/local/apache/logs/access_log"

DocumentRoot "/web/vhosts/www2"

ServerName www2.stuX.com:443

ErrorLog "/var/log/httpd/www2_ssl.err"

SSLCertificateFile "/etc/httpd/ssl/httpd.crt"

SSLCertificateKeyFile "/etc/httpd/ssl/httpd.key"

##启用ssl模块

LoadModule ssl_module modules/mod_ssl.so

     

6、在LAMP架构中，请分别以php编译成httpd模块形式和php以fpm工作为独立守护进程的方式来支持httpd，列出详细的过程。

LAMP架构中php以模块形式或以fpm模式，LAM都是不变的，因而本文重点关注php的安装方法。

PHP以模块方式运行：

安装php 

##解压

[root@LAMP setup]# tar xf  php-5.6.23.tar.bz2 

##编译 

[root@localhost php-5.6.23]# ./configure –prefix=/usr/local/php –with-mysql=mysqlnd –with-openssl –with-mysqli=mysqlnd –enable-mbstring –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr/lib64 –enable-xml  –enable-sockets –with-apxs2=/usr/local/apache/bin/apxs –with-mcrypt=/usr/local/libmcrypt  –with-config-file-path=/etc –with-config-file-scan-dir=/etc/php.d –with-bz2  –enable-maintainer-zts

##php是以模块方式运行，所以需要在编译时指定apache的apxs2的目录路径 –with-apxs2=/usr/local/apache/bin/apxs

##copy配置文件到/etc目录

[root@LAMP php-5.6.23]# cp php.ini-production /etc/php.ini

## vim /etc/httpd/httpd.conf

##添加php网页类型

AddType application/x-httpd-php  .php

AddType application/x-httpd-php-source  .phps

##定位至DirectoryIndex index.html 

修改为：

    DirectoryIndex  index.php  index.html

    

##重启httpd服务

##安装phpMyAdmin

##解压phpMyAdmin-4.6.3-all-languages 到 htdoc目录下,创建链接文件

[root@localhost htdocs]# ln -sv phpMyAdmin-4.6.3-all-languages pma

‘pma’ -> ‘phpMyAdmin-4.6.3-all-languages’

##访问phpMyAdmin进行测试

    

##以fpm模式运行

##解压

[root@LAMP setup]# tar xf  php-5.6.23.tar.bz2 

##编译 

[root@LAMP php-5.6.23]#./configure –prefix=/usr/local/php5 –with-mysql=mysqlnd –with-openssl –with-mysqli=mysqlnd –enable-mbstring –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml  –enable-sockets –enable-fpm –with-mcrypt  –with-config-file-path=/etc –with-config-file-scan-dir=/etc/php.d –with-bz2

##以fpm模式运行，使能fpm选项，–enable-fpm， –with-apxs2一项就不需要启用了

[root@LAMP php-5.6.23]#make 

[root@LAMP php-5.6.23]#make install

##copy配置文件到/etc目录

[root@LAMP php-5.6.23]# cp php.ini-production /etc/php.ini

##php-fpm配置文件,取消pid的注释

[root@LAMP etc]# cp /usr/local/php5/etc/php-fpm.conf.default  /usr/local/php5/etc/php-fpm.conf

pid = /usr/local/php5/var/run/php-fpm.pid

    ## 

[root@LAMP fpm]# cp php-fpm.service /lib/systemd/system/

 

    ## 

[root@LAMP system]# systemctl enable php-fpm.service

Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.

[root@LAMP system]# systemctl enable php-fpm.service

##./php-fpm –nodaemonize –fpm-config /usr/local/php5/etc/php-fpm.conf

##更改httpd.conf配置文件,取消proxy_module及proxy_fcgi_module的注释

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so

    AddType application/x-httpd-php .php

    AddType application/x-httpd-php-source .phps

##重启httpd服务即可