基于CentOS7实现LAMP(上)

基于CentOS7实现LAMP(上)

 

情景模式:

1php以模块方式运行

 提供两个虚拟主机;

                                     web1: phpMyAdmin, 同时提供ssl

                                     web2: wordpress;

                                    

限于篇幅,本文的php采用模块方式运行于httpd中,在下一篇博文:基于CentOS7实现LAMP(下),我会再介绍phpfpm方式,即fastCGI方式运行的实现,敬请期待。

为便于理解,文中##处均是我的注解

 

##首先安装基础软件工具包                  

[root@localhost yum.repos.d]# yum groupinstall  "Development Tools" -y

 

##然后安装httpd服务

[root@localhost yum.repos.d]# yum install httpd -y

 

##安装mariadb

[root@localhost yum.repos.d]# yum install -y mariadb-server mariadb-devel mairadb

 

##安装php,以httpd模块方式

[root@localhost yum.repos.d]# yum install -y php php-devel php-mysql

yum install php php-devel php-mysql

 

##修改httpd.conf文件,配置两个虚拟主机站点

#vim /etc/httpd/conf/httpd.conf

 

         ServerName web.test.net:80

         ##DocumentRoot "/var/www/html"

 

#cd /etc/httpd/conf.modules.d

#vim 00-mpm.conf

         LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

 

 

##添加对php网页的支持    

#cd /etc/httpd/conf.d

#[root@web conf.d]# vim php.conf

       

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

 

DirectoryIndex index.php

 

<Directory "/www/web1">

  options none

  allowoverride none

  require all granted

</Directory>

 

<Directory "/www/web2">

  options none

  allowoverride none

  require all granted

</Directory>

 

 

[root@web conf.d]# vim vhosts.conf

<VirtualHost *:80>

  ServerName web1.test.net

  DocumentRoot /www/web1/

</VirtualHost>

 

<VirtualHost *:80>

  ServerName web2.test.net

  DocumentRoot /www/web2/

</VirtualHost>

 

##启动httpd

[root@web conf]# httpd -t

Syntax OK

[root@web conf]#

[root@web conf]# systemctl start httpd.service

 

[root@web conf]# ss -ntlp | grep httpd

LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=9

2530,fd=4),("httpd",pid=92529,fd=4),("httpd",pid=92528,fd=4),("httpd",pid=92527,fd=4),("httpd",pid=92

526,fd=4),("httpd",pid=92524,fd=4))

[root@web conf]#

 

 

##实验环境为避免影响,关闭本机的selinux及防火墙服务

[root@web /]# getenforce

Enforcing

[root@web /]# setenforce 0

[root@web /]#

[root@web /]# systemctl stop firewalld.service

 

[root@web /]# systemctl disable firewalld.service

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[root@web /]#

[root@web /]# vim /etc/selinux/config

SELINUX=disabled

##检查网页正常否

web1html.jpg

 

web2php.jpg

##安装phpMyAdmin

[root@web setup]# tar xzvf phpMyAdmin-4.4.15.7-all-languages.tar.gz -C /www/web1/

[root@web web1]# mv phpMyAdmin-4.4.15.7-all-languages pma

[root@web pma]# cp config.sample.inc.php config.inc.php

[root@web pma]# vim config.inc.php

 

[root@web pma]# vim /etc/httpd/conf/httpd.conf

<Directory "/www/web1/pma">

  options none

  allowoverride none

  require all granted

</Directory>

 

[root@web pma]# systemctl reload httpd.service

 

 

[root@web modules]# systemctl start mariadb

 

##修改mysqlroot密码为'redhat'

[root@web modules]# mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 5.5.50-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

 

Database changed

MariaDB [mysql]> update user set password=password('redhat');

Query OK, 6 rows affected (0.01 sec)

Rows matched: 6  Changed: 6  Warnings: 0

 

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.01 sec)

 

MariaDB [mysql]> bye

    -> quit

    -> quit

    -> ;

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'bye

quit

quit' at line 1

MariaDB [mysql]> quit

Bye

[root@web modules]#

 

##安装wordpress

[root@web LAMP]# unzip wordpress-4.5.3-zh_CN.zip

[root@web LAMP]# cd wordpress/

[root@web wordpress]#

[root@web LAMP]# mv wordpress /www/web2/

[root@web LAMP]# cd /www/web2/wordpress

[root@web wordpress]# cp wp-config-sample.php wp-config.php

[root@web wordpress]# vim wp-config.php

 

##mysql创建wordpress的连接帐号

[root@web wordpress]# mysql -p

Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 6

Server version: 5.5.50-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

 

Database changed

MariaDB [mysql]> create database wpdb;

Query OK, 1 row affected (0.01 sec)

MariaDB [mysql]> grant all on wpdb.* to 'wpuser'@'localhost' identified by 'redhat';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.01 sec)

 

MariaDB [mysql]> quit

Bye

 

##按上述创建的帐号信息,修改wordpressconfig文件

[root@web wordpress]# vim wp-config.php

// ** MySQL 设置具体信息来自您正在使用的主机 ** //

/** WordPress数据库的名称 */

define('DB_NAME', 'wpdb');

 

/** MySQL数据库用户名 */

define('DB_USER', 'wpuser');

 

/** MySQL数据库密码 */

define('DB_PASSWORD', 'redhat');

 

/** MySQL主机 */

define('DB_HOST', 'localhost');

 

/** 创建数据表时默认的文字编码 */

define('DB_CHARSET', 'utf8');

 

 

##测试

http://web2.test.net/wordpress/wp-admin/install.php

wordpress1.png

 

 wordpress3.png

 

##以下为为web1.test.net站点提供ssl功能,简单起建,将自建的证书服务器都放在本台机器上了。

因为搭建自建证书及https站点不是本文重点,所以只是简单show一下操作步骤,有兴趣了解详细内容的同学,请移步到我的另一篇博文:自建CA搭建SSL加密网站

 

##自建证书

[root@web wordpress]# cd /etc/pki/CA

You have new mail in /var/spool/mail/root

[root@web CA]# ls

certs  crl  newcerts  private

[root@web CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)

Generating RSA private key, 2048 bit long modulus

………………………………………………………………………………………………………+++

………………..+++

e is 65537 (0x10001)

[root@web CA]# touch index.txt

[root@web CA]# echo 01 > serial

[root@web CA]#

[root@web CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 7300

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:NanHai  

Locality Name (eg, city) [Default City]:NanHai

Organization Name (eg, company) [Default Company Ltd]:MageEdu Ltd

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:ca.test.net

Email Address []:caadmin@test.net

[root@web CA]#

 

 

[root@web CA]# cd /etc/httpd

[root@web httpd]# ls

conf  conf.d  conf.modules.d  logs  modules  run

[root@web httpd]# mkdir ssl

[root@web httpd]# cd ssl

[root@web ssl]# (umask 077; openssl genrsa -out httpd.key 1024)

Generating RSA private key, 1024 bit long modulus

……++++++

………………..++++++

e is 65537 (0x10001)

[root@web ssl]# openssl req -new -key httpd.key -out httpd.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:NanHai

Locality Name (eg, city) [Default City]:NanHai

Organization Name (eg, company) [Default Company Ltd]:MageEdu Ltd

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:web1.test.net

Email Address []:webadmin@test.net

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@web ssl]#

[root@web ssl]# cd /etc/pki/CA/

[root@web CA]# openssl ca -in /etc/httpd/ssl/httpd.csr -out certs/web1.test.net.crt -days 365

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 1 (0x1)

        Validity

            Not Before: Aug 15 17:04:05 2016 GMT

            Not After : Aug 15 17:04:05 2017 GMT

        Subject:

            countryName               = CN

            stateOrProvinceName       = NanHai

            organizationName          = MageEdu Ltd

            organizationalUnitName    = IT

            commonName                = web1.test.net

            emailAddress              = webadmin@test.net

        X509v3 extensions:

            X509v3 Basic Constraints:

                CA:FALSE

            Netscape Comment:

                OpenSSL Generated Certificate

            X509v3 Subject Key Identifier:

                A7:03:2F:F2:3D:9A:10:9D:4E:00:D7:01:F9:36:83:77:CA:77:04:BA

            X509v3 Authority Key Identifier:

                keyid:02:80:D4:1C:8D:69:7D:2B:1B:71:44:63:8B:51:DC:EE:2D:71:54:3E

 

Certificate is to be certified until Aug 15 17:04:05 2017 GMT (365 days)

Sign the certificate? [y/n]:y

 

 

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

[root@web CA]#

[root@web CA]# cd certs/

[root@web certs]# ls

web1.test.net.crt

[root@web certs]# pwd

/etc/pki/CA/certs

[root@web certs]# cp web1.test.net.crt  /etc/httpd/ssl/

[root@web certs]#

 

##为站点添加mod_ssl模块,以便支持ssl访问

[root@web certs]# httpd -M | grep ssl

[root@web certs]# yum install mod_ssl

[root@web certs]# httpd -M | grep ssl

 ssl_module (shared)

[root@web certs]#

 

 

[root@web certs]# cd /etc/httpd/conf.d/

[root@web conf.d]# ls

autoindex.conf  php.conf  README  ssl.conf  userdir.conf  vhosts.conf  welcome.conf

[root@web conf.d]# cp ssl.conf{,.bak}

[root@web conf.d]# vim ssl.conf

 

##添加ssl站点设置

<VirtualHost 172.16.10.1:443>

SSLEngine on

##SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateFile /etc/httpd/ssl/web1.test.net.crt

 

##SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

 

DocumentRoot "/www/web1"

ServerName web1.test.net

 

 

<Directory "/www/web1/">

   require all granted

</Directory>

 

<Directory "/www/web1/pma/">

    require all granted

</Directory>

 

 

##重启服务

[root@web conf.d]# httpd -t

Syntax OK

[root@web conf.d]# systemctl restart httpd.service

[root@web conf.d]#

 

[root@web conf.d]# ss -ntlp  | grep 443

LISTEN     0      128         :::443                     :::*                   users:(("httpd",pid=7621,fd=6),("httpd",pid=7620,fd=6),("httpd",pid=7619,fd=6),("httpd",pid=7618,fd=6),("httpd",pid=7617,fd=6),("httpd",pid=7615,fd=6))

[root@web conf.d]#

 

 

##检查网站

证书信息.png

##证书并未在客户端导入,所以会有出错的警示信息,请忽略,呵呵。重点是已经能够以https访问站点了。。。

##至此,网站创建完毕,测试使用正常。

 

 

 

 

原创文章,作者:马哥Net19_小斌斌,如若转载,请注明出处:http://www.178linux.com/36261

(0)
马哥Net19_小斌斌马哥Net19_小斌斌
上一篇 2016-08-22
下一篇 2016-08-22

相关推荐

  • 文本处理工具之grep正则表达式

    grep简介 grep 是一种强大的文本搜索工具,它能使用正则表达式搜索文本,并把匹配的行打印出来。 Unix的grep家族包括grep、egrep和fgrep。egrep和fgrep的命令只跟grep有很小不同。egrep是grep的扩展,支持更多的re元字符, fgrep就是fixed grep或fast grep,它们把所有的字母都看作单词,也就是说,…

    Linux干货 2016-08-08
  • 用户查找与添加 第四周

    1、复制/etc/skel目录为/home/tuser1,要求/home/tuser1及其内部文件的属组和其它用户均没有任何访问权限。 cp /etc/skel /home/tuser1  chmod -R go=— /home/tuser1 2、编辑/etc/group文件,添加组hadoop…

    Linux干货 2017-02-14
  • linux进程管理相关工具

    linux进程管理相关工具: pstree ,ps ,pidof ,pgrep ,top ,htop ,glances ,pmap ,vmstat ,kill ,killall ,job ,bg ,fg ,nohup ,nice ,renice ,pkill…… 1、pstree:查看进程树 2、ps:显示执行命令时间的进程状态信息 /proc 目录下存放内…

    Linux干货 2016-09-11
  • 源码编译安装dropbear

    tar -jxf dropbear-2013.58.tar.bz2 cd dropbear-2013.58 ./configure make PROGRAMS=”dropbear dbclient dropbearkey dropbearconvert scp” make PROGRAMS=”dropbear dbclie…

    Linux干货 2017-10-21
  • 正则表达式以及Linux文本搜索工具grep

    一正则表达式 regual Expression  简称REGEXP 定义:由一类特殊字符以及文本字所编写的模式,其中有些字符不表示其字面意义,而用于统配和统配功能 分类:     基本正则表达式:BRE 贪婪模式(尽可能长地去匹配符合模式的内容     扩展表达式:E…

    Linux干货 2016-08-07
  • Linux系统vim文本编辑器

                                                      &nbsp…

    Linux干货 2016-08-15