基于CentOS7实现LAMP(上)
情景模式:
(1)php以模块方式运行
提供两个虚拟主机;
web1: phpMyAdmin, 同时提供ssl;
web2: wordpress;
限于篇幅,本文的php采用模块方式运行于httpd中,在下一篇博文:基于CentOS7实现LAMP(下),我会再介绍php以fpm方式,即fastCGI方式运行的实现,敬请期待。
为便于理解,文中##处均是我的注解
##首先安装基础软件工具包
[root@localhost yum.repos.d]# yum groupinstall "Development Tools" -y
##然后安装httpd服务
[root@localhost yum.repos.d]# yum install httpd -y
##安装mariadb
[root@localhost yum.repos.d]# yum install -y mariadb-server mariadb-devel mairadb
##安装php,以httpd模块方式
[root@localhost yum.repos.d]# yum install -y php php-devel php-mysql
yum install php php-devel php-mysql
##修改httpd.conf文件,配置两个虚拟主机站点
#vim /etc/httpd/conf/httpd.conf
ServerName web.test.net:80
##DocumentRoot "/var/www/html"
#cd /etc/httpd/conf.modules.d
#vim 00-mpm.conf
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
##添加对php网页的支持
#cd /etc/httpd/conf.d
#[root@web conf.d]# vim php.conf
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
DirectoryIndex index.php
<Directory "/www/web1">
options none
allowoverride none
require all granted
</Directory>
<Directory "/www/web2">
options none
allowoverride none
require all granted
</Directory>
[root@web conf.d]# vim vhosts.conf
<VirtualHost *:80>
ServerName web1.test.net
DocumentRoot /www/web1/
</VirtualHost>
<VirtualHost *:80>
ServerName web2.test.net
DocumentRoot /www/web2/
</VirtualHost>
##启动httpd
[root@web conf]# httpd -t
Syntax OK
[root@web conf]#
[root@web conf]# systemctl start httpd.service
[root@web conf]# ss -ntlp | grep httpd
LISTEN 0 128 :::80 :::* users:(("httpd",pid=9
2530,fd=4),("httpd",pid=92529,fd=4),("httpd",pid=92528,fd=4),("httpd",pid=92527,fd=4),("httpd",pid=92
526,fd=4),("httpd",pid=92524,fd=4))
[root@web conf]#
##实验环境为避免影响,关闭本机的selinux及防火墙服务
[root@web /]# getenforce
Enforcing
[root@web /]# setenforce 0
[root@web /]#
[root@web /]# systemctl stop firewalld.service
[root@web /]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@web /]#
[root@web /]# vim /etc/selinux/config
SELINUX=disabled
##检查网页正常否
##安装phpMyAdmin
[root@web setup]# tar xzvf phpMyAdmin-4.4.15.7-all-languages.tar.gz -C /www/web1/
[root@web web1]# mv phpMyAdmin-4.4.15.7-all-languages pma
[root@web pma]# cp config.sample.inc.php config.inc.php
[root@web pma]# vim config.inc.php
[root@web pma]# vim /etc/httpd/conf/httpd.conf
<Directory "/www/web1/pma">
options none
allowoverride none
require all granted
</Directory>
[root@web pma]# systemctl reload httpd.service
[root@web modules]# systemctl start mariadb
##修改mysql的root密码为'redhat'
[root@web modules]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.50-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> update user set password=password('redhat');
Query OK, 6 rows affected (0.01 sec)
Rows matched: 6 Changed: 6 Warnings: 0
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.01 sec)
MariaDB [mysql]> bye
-> quit
-> quit
-> ;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'bye
quit
quit' at line 1
MariaDB [mysql]> quit
Bye
[root@web modules]#
##安装wordpress
[root@web LAMP]# unzip wordpress-4.5.3-zh_CN.zip
[root@web LAMP]# cd wordpress/
[root@web wordpress]#
[root@web LAMP]# mv wordpress /www/web2/
[root@web LAMP]# cd /www/web2/wordpress
[root@web wordpress]# cp wp-config-sample.php wp-config.php
[root@web wordpress]# vim wp-config.php
##在mysql创建wordpress的连接帐号
[root@web wordpress]# mysql -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 5.5.50-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> create database wpdb;
Query OK, 1 row affected (0.01 sec)
MariaDB [mysql]> grant all on wpdb.* to 'wpuser'@'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.01 sec)
MariaDB [mysql]> quit
Bye
##按上述创建的帐号信息,修改wordpress的config文件
[root@web wordpress]# vim wp-config.php
// ** MySQL 设置 – 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wpdb');
/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'redhat');
/** MySQL主机 */
define('DB_HOST', 'localhost');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');
##测试
http://web2.test.net/wordpress/wp-admin/install.php
##以下为为web1.test.net站点提供ssl功能,简单起建,将自建的证书服务器都放在本台机器上了。
因为搭建自建证书及https站点不是本文重点,所以只是简单show一下操作步骤,有兴趣了解详细内容的同学,请移步到我的另一篇博文:自建CA搭建SSL加密网站
##自建证书
[root@web wordpress]# cd /etc/pki/CA
You have new mail in /var/spool/mail/root
[root@web CA]# ls
certs crl newcerts private
[root@web CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
………………………………………………………………………………………………………+++
………………..+++
e is 65537 (0x10001)
[root@web CA]# touch index.txt
[root@web CA]# echo 01 > serial
[root@web CA]#
[root@web CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 7300
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
—–
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:NanHai
Locality Name (eg, city) [Default City]:NanHai
Organization Name (eg, company) [Default Company Ltd]:MageEdu Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:ca.test.net
Email Address []:caadmin@test.net
[root@web CA]#
[root@web CA]# cd /etc/httpd
[root@web httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@web httpd]# mkdir ssl
[root@web httpd]# cd ssl
[root@web ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
Generating RSA private key, 1024 bit long modulus
……++++++
………………..++++++
e is 65537 (0x10001)
[root@web ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
—–
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:NanHai
Locality Name (eg, city) [Default City]:NanHai
Organization Name (eg, company) [Default Company Ltd]:MageEdu Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:web1.test.net
Email Address []:webadmin@test.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@web ssl]#
[root@web ssl]# cd /etc/pki/CA/
[root@web CA]# openssl ca -in /etc/httpd/ssl/httpd.csr -out certs/web1.test.net.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Aug 15 17:04:05 2016 GMT
Not After : Aug 15 17:04:05 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = NanHai
organizationName = MageEdu Ltd
organizationalUnitName = IT
commonName = web1.test.net
emailAddress = webadmin@test.net
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
A7:03:2F:F2:3D:9A:10:9D:4E:00:D7:01:F9:36:83:77:CA:77:04:BA
X509v3 Authority Key Identifier:
keyid:02:80:D4:1C:8D:69:7D:2B:1B:71:44:63:8B:51:DC:EE:2D:71:54:3E
Certificate is to be certified until Aug 15 17:04:05 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@web CA]#
[root@web CA]# cd certs/
[root@web certs]# ls
web1.test.net.crt
[root@web certs]# pwd
/etc/pki/CA/certs
[root@web certs]# cp web1.test.net.crt /etc/httpd/ssl/
[root@web certs]#
##为站点添加mod_ssl模块,以便支持ssl访问
[root@web certs]# httpd -M | grep ssl
[root@web certs]# yum install mod_ssl
[root@web certs]# httpd -M | grep ssl
ssl_module (shared)
[root@web certs]#
[root@web certs]# cd /etc/httpd/conf.d/
[root@web conf.d]# ls
autoindex.conf php.conf README ssl.conf userdir.conf vhosts.conf welcome.conf
[root@web conf.d]# cp ssl.conf{,.bak}
[root@web conf.d]# vim ssl.conf
##添加ssl站点设置
<VirtualHost 172.16.10.1:443>
SSLEngine on
##SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/ssl/web1.test.net.crt
##SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
DocumentRoot "/www/web1"
ServerName web1.test.net
<Directory "/www/web1/">
require all granted
</Directory>
<Directory "/www/web1/pma/">
require all granted
</Directory>
##重启服务
[root@web conf.d]# httpd -t
Syntax OK
[root@web conf.d]# systemctl restart httpd.service
[root@web conf.d]#
[root@web conf.d]# ss -ntlp | grep 443
LISTEN 0 128 :::443 :::* users:(("httpd",pid=7621,fd=6),("httpd",pid=7620,fd=6),("httpd",pid=7619,fd=6),("httpd",pid=7618,fd=6),("httpd",pid=7617,fd=6),("httpd",pid=7615,fd=6))
[root@web conf.d]#
##检查网站
##证书并未在客户端导入,所以会有出错的警示信息,请忽略,呵呵。重点是已经能够以https访问站点了。。。
##至此,网站创建完毕,测试使用正常。
原创文章,作者:马哥Net19_小斌斌,如若转载,请注明出处:http://www.178linux.com/36261