基于CentOS7实现LAMP(上)

基于CentOS7实现LAMP(上)

 

情景模式:

1php以模块方式运行

 提供两个虚拟主机;

                                     web1: phpMyAdmin, 同时提供ssl

                                     web2: wordpress;

                                    

限于篇幅,本文的php采用模块方式运行于httpd中,在下一篇博文:基于CentOS7实现LAMP(下),我会再介绍phpfpm方式,即fastCGI方式运行的实现,敬请期待。

为便于理解,文中##处均是我的注解

 

##首先安装基础软件工具包                  

[root@localhost yum.repos.d]# yum groupinstall  "Development Tools" -y

 

##然后安装httpd服务

[root@localhost yum.repos.d]# yum install httpd -y

 

##安装mariadb

[root@localhost yum.repos.d]# yum install -y mariadb-server mariadb-devel mairadb

 

##安装php,以httpd模块方式

[root@localhost yum.repos.d]# yum install -y php php-devel php-mysql

yum install php php-devel php-mysql

 

##修改httpd.conf文件,配置两个虚拟主机站点

#vim /etc/httpd/conf/httpd.conf

 

         ServerName web.test.net:80

         ##DocumentRoot "/var/www/html"

 

#cd /etc/httpd/conf.modules.d

#vim 00-mpm.conf

         LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

 

 

##添加对php网页的支持    

#cd /etc/httpd/conf.d

#[root@web conf.d]# vim php.conf

       

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

 

DirectoryIndex index.php

 

<Directory "/www/web1">

  options none

  allowoverride none

  require all granted

</Directory>

 

<Directory "/www/web2">

  options none

  allowoverride none

  require all granted

</Directory>

 

 

[root@web conf.d]# vim vhosts.conf

<VirtualHost *:80>

  ServerName web1.test.net

  DocumentRoot /www/web1/

</VirtualHost>

 

<VirtualHost *:80>

  ServerName web2.test.net

  DocumentRoot /www/web2/

</VirtualHost>

 

##启动httpd

[root@web conf]# httpd -t

Syntax OK

[root@web conf]#

[root@web conf]# systemctl start httpd.service

 

[root@web conf]# ss -ntlp | grep httpd

LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=9

2530,fd=4),("httpd",pid=92529,fd=4),("httpd",pid=92528,fd=4),("httpd",pid=92527,fd=4),("httpd",pid=92

526,fd=4),("httpd",pid=92524,fd=4))

[root@web conf]#

 

 

##实验环境为避免影响,关闭本机的selinux及防火墙服务

[root@web /]# getenforce

Enforcing

[root@web /]# setenforce 0

[root@web /]#

[root@web /]# systemctl stop firewalld.service

 

[root@web /]# systemctl disable firewalld.service

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[root@web /]#

[root@web /]# vim /etc/selinux/config

SELINUX=disabled

##检查网页正常否

web1html.jpg

 

web2php.jpg

##安装phpMyAdmin

[root@web setup]# tar xzvf phpMyAdmin-4.4.15.7-all-languages.tar.gz -C /www/web1/

[root@web web1]# mv phpMyAdmin-4.4.15.7-all-languages pma

[root@web pma]# cp config.sample.inc.php config.inc.php

[root@web pma]# vim config.inc.php

 

[root@web pma]# vim /etc/httpd/conf/httpd.conf

<Directory "/www/web1/pma">

  options none

  allowoverride none

  require all granted

</Directory>

 

[root@web pma]# systemctl reload httpd.service

 

 

[root@web modules]# systemctl start mariadb

 

##修改mysqlroot密码为'redhat'

[root@web modules]# mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 5.5.50-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

 

Database changed

MariaDB [mysql]> update user set password=password('redhat');

Query OK, 6 rows affected (0.01 sec)

Rows matched: 6  Changed: 6  Warnings: 0

 

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.01 sec)

 

MariaDB [mysql]> bye

    -> quit

    -> quit

    -> ;

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'bye

quit

quit' at line 1

MariaDB [mysql]> quit

Bye

[root@web modules]#

 

##安装wordpress

[root@web LAMP]# unzip wordpress-4.5.3-zh_CN.zip

[root@web LAMP]# cd wordpress/

[root@web wordpress]#

[root@web LAMP]# mv wordpress /www/web2/

[root@web LAMP]# cd /www/web2/wordpress

[root@web wordpress]# cp wp-config-sample.php wp-config.php

[root@web wordpress]# vim wp-config.php

 

##mysql创建wordpress的连接帐号

[root@web wordpress]# mysql -p

Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 6

Server version: 5.5.50-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

 

Database changed

MariaDB [mysql]> create database wpdb;

Query OK, 1 row affected (0.01 sec)

MariaDB [mysql]> grant all on wpdb.* to 'wpuser'@'localhost' identified by 'redhat';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.01 sec)

 

MariaDB [mysql]> quit

Bye

 

##按上述创建的帐号信息,修改wordpressconfig文件

[root@web wordpress]# vim wp-config.php

// ** MySQL 设置具体信息来自您正在使用的主机 ** //

/** WordPress数据库的名称 */

define('DB_NAME', 'wpdb');

 

/** MySQL数据库用户名 */

define('DB_USER', 'wpuser');

 

/** MySQL数据库密码 */

define('DB_PASSWORD', 'redhat');

 

/** MySQL主机 */

define('DB_HOST', 'localhost');

 

/** 创建数据表时默认的文字编码 */

define('DB_CHARSET', 'utf8');

 

 

##测试

http://web2.test.net/wordpress/wp-admin/install.php

wordpress1.png

 

 wordpress3.png

 

##以下为为web1.test.net站点提供ssl功能,简单起建,将自建的证书服务器都放在本台机器上了。

因为搭建自建证书及https站点不是本文重点,所以只是简单show一下操作步骤,有兴趣了解详细内容的同学,请移步到我的另一篇博文:自建CA搭建SSL加密网站

 

##自建证书

[root@web wordpress]# cd /etc/pki/CA

You have new mail in /var/spool/mail/root

[root@web CA]# ls

certs  crl  newcerts  private

[root@web CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)

Generating RSA private key, 2048 bit long modulus

………………………………………………………………………………………………………+++

………………..+++

e is 65537 (0x10001)

[root@web CA]# touch index.txt

[root@web CA]# echo 01 > serial

[root@web CA]#

[root@web CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 7300

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:NanHai  

Locality Name (eg, city) [Default City]:NanHai

Organization Name (eg, company) [Default Company Ltd]:MageEdu Ltd

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:ca.test.net

Email Address []:caadmin@test.net

[root@web CA]#

 

 

[root@web CA]# cd /etc/httpd

[root@web httpd]# ls

conf  conf.d  conf.modules.d  logs  modules  run

[root@web httpd]# mkdir ssl

[root@web httpd]# cd ssl

[root@web ssl]# (umask 077; openssl genrsa -out httpd.key 1024)

Generating RSA private key, 1024 bit long modulus

……++++++

………………..++++++

e is 65537 (0x10001)

[root@web ssl]# openssl req -new -key httpd.key -out httpd.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:NanHai

Locality Name (eg, city) [Default City]:NanHai

Organization Name (eg, company) [Default Company Ltd]:MageEdu Ltd

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:web1.test.net

Email Address []:webadmin@test.net

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@web ssl]#

[root@web ssl]# cd /etc/pki/CA/

[root@web CA]# openssl ca -in /etc/httpd/ssl/httpd.csr -out certs/web1.test.net.crt -days 365

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 1 (0x1)

        Validity

            Not Before: Aug 15 17:04:05 2016 GMT

            Not After : Aug 15 17:04:05 2017 GMT

        Subject:

            countryName               = CN

            stateOrProvinceName       = NanHai

            organizationName          = MageEdu Ltd

            organizationalUnitName    = IT

            commonName                = web1.test.net

            emailAddress              = webadmin@test.net

        X509v3 extensions:

            X509v3 Basic Constraints:

                CA:FALSE

            Netscape Comment:

                OpenSSL Generated Certificate

            X509v3 Subject Key Identifier:

                A7:03:2F:F2:3D:9A:10:9D:4E:00:D7:01:F9:36:83:77:CA:77:04:BA

            X509v3 Authority Key Identifier:

                keyid:02:80:D4:1C:8D:69:7D:2B:1B:71:44:63:8B:51:DC:EE:2D:71:54:3E

 

Certificate is to be certified until Aug 15 17:04:05 2017 GMT (365 days)

Sign the certificate? [y/n]:y

 

 

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

[root@web CA]#

[root@web CA]# cd certs/

[root@web certs]# ls

web1.test.net.crt

[root@web certs]# pwd

/etc/pki/CA/certs

[root@web certs]# cp web1.test.net.crt  /etc/httpd/ssl/

[root@web certs]#

 

##为站点添加mod_ssl模块,以便支持ssl访问

[root@web certs]# httpd -M | grep ssl

[root@web certs]# yum install mod_ssl

[root@web certs]# httpd -M | grep ssl

 ssl_module (shared)

[root@web certs]#

 

 

[root@web certs]# cd /etc/httpd/conf.d/

[root@web conf.d]# ls

autoindex.conf  php.conf  README  ssl.conf  userdir.conf  vhosts.conf  welcome.conf

[root@web conf.d]# cp ssl.conf{,.bak}

[root@web conf.d]# vim ssl.conf

 

##添加ssl站点设置

<VirtualHost 172.16.10.1:443>

SSLEngine on

##SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateFile /etc/httpd/ssl/web1.test.net.crt

 

##SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

 

DocumentRoot "/www/web1"

ServerName web1.test.net

 

 

<Directory "/www/web1/">

   require all granted

</Directory>

 

<Directory "/www/web1/pma/">

    require all granted

</Directory>

 

 

##重启服务

[root@web conf.d]# httpd -t

Syntax OK

[root@web conf.d]# systemctl restart httpd.service

[root@web conf.d]#

 

[root@web conf.d]# ss -ntlp  | grep 443

LISTEN     0      128         :::443                     :::*                   users:(("httpd",pid=7621,fd=6),("httpd",pid=7620,fd=6),("httpd",pid=7619,fd=6),("httpd",pid=7618,fd=6),("httpd",pid=7617,fd=6),("httpd",pid=7615,fd=6))

[root@web conf.d]#

 

 

##检查网站

证书信息.png

##证书并未在客户端导入,所以会有出错的警示信息,请忽略,呵呵。重点是已经能够以https访问站点了。。。

##至此,网站创建完毕,测试使用正常。

 

 

 

 

原创文章,作者:马哥Net19_小斌斌,如若转载,请注明出处:http://www.178linux.com/36261

(0)
马哥Net19_小斌斌马哥Net19_小斌斌
上一篇 2016-08-22
下一篇 2016-08-22

相关推荐

  • 用户组和用户权限的使用2

    touch /etc/nologin  echo system is maintanining >> /etc/nologin  可以控制非管理员root之外的所有普通用户不能登陆 7版本里面 cd /run/ touch /run/nologin 效果一样让普通用户不能登陆 ehho weihu > /run/nolo…

    Linux干货 2016-08-04
  • vim 编辑器介绍

         vi: Visual Interface ,文本编辑器  文本:ASCII, Unicode  文本编辑种类: 行编辑器: sed 全屏编辑器:nano, vi vim – Vi Improved  其他编辑器: gedit 一个简单的图形编辑器 gvim 一个 Vim 编辑器…

    2017-06-03
  • phpMyAdmin安装部署

    phpMyAdmin安装部署 phpMyAdmin 是一个用PHP编写的软件工具,可以通过web方式控制和操作MySQL数据库。通过phpMyAdmin 可以完全对数据库进行操作,例如建立、复制和删除数据等等。如果使用合适的工具,MySQL数据库的管理就会变得相当简单。应用 MySQL 命令行方式需要对 MySQL 知识非常熟悉,对SQL语言也是同样的道理。…

    2017-06-13
  • 马哥教育21期网络班—第8周课程+练习—-成长进行时–不退步

    1、请描述网桥、集线器、二层交换机、三层交换机、路由器的功能、使用场景与区别。 网桥:一种网路装置,负责网路桥接,将网络的多个网段在数据链路层连接起来。 集线器:将多条以太网线或光纤集合连接在同一段物理介质下的装置。工作在物理层。 二层交换机:工作在数据链路层,交换机内部的CPU会在每个端口成功连接时,通过将MAC地址和端口对应,形成一张MAC表。在今后的通…

    Linux干货 2016-08-24
  • Centos7下的systemd管理

    systemd简介 Systemd是由红帽公司的一名叫做Lennart Poettering的员工开发,systemd是Linux系统中最新的初始化系统(init),它主要的设计目的是克服Sys V 固有的缺点,提高系统的启动速度,systemd和upstart是竞争对手,ubantu上使用的是upstart的启动方式,centos7上使用systemd替换…

    Linux干货 2016-09-23
  • NFS服务器的安装与配置

    一、NFS服务简介 NFS 是Network File System的缩写,即网络文件系统。一种使用于分散式文件系统的协定,由Sun公司开发,于1984年向外公布。功能是通过网络让不同的机器、不同的操作系统能够彼此分享个别的数据,让应用程序在客户端通过网络访问位于服务器磁盘中的数据,是在类Unix系统间实现磁盘文件共享的一种方法。 NFS 的基本原则是“容许…

    Linux干货 2017-05-02