Centos7.2 lnmp rpm包，php-fpm 搭建wordpress博客

1. 實(shí)驗(yàn)需求：
         1、CentOS 7, npm rpm包, php-fpm;
           a) 一個(gè)虛擬主機(jī)提供wordpress，另一個(gè)虛擬主機(jī)提供phpmysamin；
           b) 為phpMyAdmim提供https服務(wù)；

2. 實(shí)驗(yàn)環(huán)境：
   
   Linux服務(wù)器操作系統(tǒng)版本：CentOS Linux release 7.2.1511 (Core) IP：172.16.252.113
   WIN7系統(tǒng)客戶機(jī)：IP：172.16.250.100
   

3. 實(shí)驗(yàn)前提：
       1）關(guān)閉防火墻和SELinux    
       ~]# service iptables stop
       ~]# setenforce 0
       
   

4. 實(shí)驗(yàn)過程：

   
   

一、安裝amp環(huán)境    

1.yum包安裝nmp
    
# yum install nginx php-fpm php-mysql  mariadb-server -y
    
    1)檢查是否成功安裝包
# rpm -qa nginx php-fpm php-mysql  mariadb-server

    2)啟動服務(wù)
# nginx

# systemctl start mariadb    

    3)查看服務(wù)是否正常啟動
    
# ss -nlt
# ps aux | grep nginx    
# ps aux | grep myslq
# ps aux | grep php-fpm
                
    4)設(shè)置開機(jī)自動啟動
# systemctl enable httpd                
# systemctl enable mariadb

    5)檢查是否設(shè)置成開機(jī)自啟動
# systemctl is-enabled httpd
# systemctl is-enabled mariadb

2. 配置虛擬主機(jī)
        
    1）創(chuàng)建虛擬主機(jī)目錄和配置文件/conf.d/vhosts.conf
# mkdir -pv /etc/nginx/conf.d/vhosts.conf
    
    2）在nginx.conf中的http段添加如下內(nèi)容
include conf.d/*.conf;   //包含自定義虛擬主機(jī)路徑
fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:1 keys_zone=fcgicache:10m max_size=1g;
//定義緩存路徑,級別,緩存空間名稱,磁盤緩存最大緩存數(shù)


    3）創(chuàng)建緩存目錄
# mkdir -pv /var/cache/nginx/fastcgi
    
    4）配置虛擬主機(jī)/conf.d/vhosts.conf
server {
    listen       80;
    server_name  www.yang.com;
    gzip on;
    gzip_disable chrome;
    gzip_types text/plain text/css text/xml application/xml application/json application/x-javascript;
location / {
        root /web/host1/wordpress;
        index index.php index.html index.htm;
    }    
location ~ \.php$ {
    root /web/host1/wordpress;
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_index    index.php;
    fastcgi_param    SCRIPT_FILENAME /web/host1/wordpress/$fastcgi_script_name;
    fastcgi_cache    fcgicache;
    fastcgi_cache_key $request_uri;
    fastcgi_cache_valid 200 10m;
    fastcgi_cache_valid 301 302 2m;
    fastcgi_cache_valid 404m;
    include        fastcgi.conf;
    }
}

server {
    listen    80;
    server_name    web.yang.com;
    root /web/host2/phpmyadmin;
    location / {
    index index.php index.html index.html;
}
location ~ \.php$ {
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_index    index.php;
    fastcgi_param    SCRIPT_FILENAME /web/host2/phpmyadmin/$fastcgi_script_name;
    fastcgi_cache    fcgicache;
    fastcgi_cache_key $request_uri;
    fastcgi_cache_valid 200 10m;
    fastcgi_cache_valid 301 302 2m;
    fastcgi_cache_valid 404 2m;
    include        fastcgi.conf;
    }
}

server {
    ssl on;
    listen  443 ssl;
    server_name  web.yang.com;
    root /web/host2/phpmyadmin;
    
    ssl_certificate   /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key  /etc/nginx/ssl/nginx.key;

    ssl_session_cache  shared:SSL:5m;
    ssl_session_timeout 10m;
    
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        index index.php index.html index.htm;
    }
    location ~ \.php$ {
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_index    index.php;
        fastcgi_param    SCRIPT_FILENAME /web/host2/phpmyadmin/$fastcgi_script_name;
        fastcgi_cache    fcgicache;
        fastcgi_cache_key $request_uri;
        fastcgi_cache_valid 200 10m;
        fastcgi_cache_valid 301 302 2m;
        fastcgi_cache_valid 404 3m;
        include        fastcgi.conf;
    }
}

二、部署wordpress環(huán)境：

    1)創(chuàng)建站點(diǎn)目錄
# mkdir /web/host1/ -pv

    2)解壓wordpress包
# unzip wordpress-4.3.1-zh_CN.zip

    3)拷貝到站點(diǎn)目錄www1中
# cp -R wordpress /web/host1/
    
    4)修改網(wǎng)站屬主和屬組
# chown -R nginx.nginx /web/host1/wordpress

    5)修改php-fpm.conf下的www.conf
user = nginx    
group = nginx

    6)登錄數(shù)據(jù)庫
# mysql -uroot -p

    7)為bolg創(chuàng)建數(shù)據(jù)庫名為：wordpress
MariaDB [(none)]> CREATE DATABASE wordpress;

    8)查數(shù)據(jù)庫是否創(chuàng)建成功
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| wordpress          |
+--------------------+
4 rows in set (0.00 sec)

    9)授權(quán)用戶
MariaDB [(none)]> GRANT ALL ON wordpress.* TO liyang@'localhost' IDENTIFIED BY 'liyang';
Query OK, 0 rows affected (0.03 sec)

MariaDB [(none)]> GRANT ALL ON wordpress.* TO liyang@'172.16.%.%' IDENTIFIED BY 'liyang';
Query OK, 0 rows affected (0.00 sec)

    10)改名wordpress配置文件為wp-config.php
# cp wp-config-sample.php wp-config.php
    
    11)修改wp-config.php文件連接數(shù)據(jù)庫
# sed -n '22,38p' /web/host1/wordpress/wp-config.php
 
/** WordPress數(shù)據(jù)庫的名稱 */
define('DB_NAME', 'wordpress');

/** MySQL數(shù)據(jù)庫用戶名 */
define('DB_USER', 'liyang');

/** MySQL數(shù)據(jù)庫密碼 */
define('DB_PASSWORD', 'liyang');

/** MySQL主機(jī) */
define('DB_HOST', 'localhost');

/** 創(chuàng)建數(shù)據(jù)表時(shí)默認(rèn)的文字編碼 */
define('DB_CHARSET', 'utf8');

/** 數(shù)據(jù)庫整理類型。如不確定請勿更改 */
define('DB_COLLATE', '');
    
三、測試
    1)在服務(wù)器端添加域名解析
# echo "172.16.66.60 www.yang.com" >> /etc/hosts

    2)在PC中的hosts文件中添加
172.16.66.60 www.yang.com

    3)httpd-->php是否可以訪問
# cat admin.php
<?php
    phpinfo();
?>
    4)httpd-->php--mariadb是否可以訪問
    
    5)在瀏覽器中，根據(jù)提示安裝http://www.yang.com/index.php

    6）查看數(shù)據(jù)庫是否生成數(shù)據(jù)
~]# mysql -uliyang -p
MariaDB [(none)]> show databases;

MariaDB [(none)]> use wordpress;

MariaDB [wordpress]> show tables;
+-----------------------+
| Tables_in_wordpress   |
+-----------------------+
| wp_commentmeta        |
| wp_comments           |
| wp_links              |
| wp_options            |
| wp_postmeta           |
| wp_posts              |
| wp_term_relationships |
| wp_term_taxonomy      |
| wp_terms              |
| wp_usermeta           |
| wp_users              |
+-----------------------+
11 rows in set (0.00 sec)
    
                        
四、部署phpMyAdmin環(huán)境：

    1)創(chuàng)建站點(diǎn)目錄
# mkdir /web/host2
    
    2)解壓phpMyAdmin包
# unzip phpMyAdmin-4.4.14.1-all-languages.zip

    3)拷貝到站點(diǎn)目錄www2中
# cp -r phpMyAdmin-4.4.14.1-all-languages /web/host2/

    4)創(chuàng)建軟連接phpMyAdmin
# ln -sv phpMyAdmin-4.4.14.1-all-languages/ phpmyadmin

    5)修改網(wǎng)站屬主和屬組
# chown -R nginx.nginx /web/host2/phpmyadmin

    6)修改配置文件
# cp config.sample.inc.php config.inc.php

    7)生成隨機(jī)數(shù)
~]# openssl rand -hex 8  
640b56f72820ace8

    8)修改配置文件config.inc.php
# vim config.inc.php
$cfg['blowfish_secret'] = '640b56f72820ace8'

    7)在瀏覽器中測試，根據(jù)提示輸入數(shù)據(jù)庫名和密碼（主機(jī)賬號和密碼是授權(quán)wordpress中用戶）
在PC機(jī)瀏覽器中測試：http://web.yang.com/index.php 通過80端口訪問

    8）phpmyadmin錯(cuò)誤：The mbstring extension is missing. Please check your PHP configuration.
解決方法：
# yum install php-mbstring -y

    9)phpmyadmin錯(cuò)誤:Error during session start; please check your PHP and/or webserver log file and configure your PHP i
解決方法:
# mkdir -pv /var/lib/php/session
# chown -R nginx.nginx /var/lib/php/session/

3.為phpMyAdmim提供https服務(wù)

工作目錄:/etc/pki/CA/

一、建立私有CA

    1)生成私鑰

[root@www CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
..............................................................................+++
............+++
e is 65537 (0x10001)

    2)生成自簽證書
[root@www CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN      
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:Ops   
Common Name (eg, your name or your server's hostname) []:web.yang.com
Email Address []:admin@yang.com

    3)提供輔助文件

[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 > serial
[root@localhost CA]# tree
.
├── cacert.pem
├── certs
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
├── private
│   └── cakey.pem
├── serial
└── serial.old


二、節(jié)點(diǎn)申請證書
    
    1)生成私鑰
# mkdir -pv /etc/httpd/ssl
ssl]# (umask 077; openssl genrsa -out nginx.key 1024)

    2）生成證書簽署請求：
[root@www ssl]# openssl req -new -key nginx.key -out nginx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:web.yang.com
Email Address []:admin@yang.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

ssl]# cp nginx.csr /tmp/


三、CA簽發(fā)證書

    1)簽署證書
[root@www ~]# openssl ca -in /tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul 29 11:11:37 2016 GMT
            Not After : Jul 29 11:11:37 2017 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = Beijing
            organizationName          = liyang
            organizationalUnitName    = Ops
            commonName                = web.yang.com
            emailAddress              = admin@yang.com
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                F5:73:F0:F1:7F:B6:B6:5D:41:F1:ED:7A:69:FE:6F:8E:A6:59:41:42
            X509v3 Authority Key Identifier:
                keyid:91:41:DA:D3:44:05:36:98:14:A7:81:D6:64:AC:D5:8E:EB:6E:D3:97

Certificate is to be certified until Jul 29 11:11:37 2017 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

    2)把簽署好的證書發(fā)還給請求者。
# cp /etc/pki/CA/certs/nginx.crt /etc/nginx/ssl/

注意：本次私建CA和節(jié)點(diǎn)申請證書在同一臺機(jī)器完成。
    
四、測試結(jié)果：

    1)在PC機(jī)瀏覽器中測試：https://web.yang.com/index.php 通過443端口訪問

4.壓力測試：
    
一、正常測試

    1)測試wordpress并發(fā)
# # ab -c 100 -n 200 http://www.yang.com/index.php
Requests per second:    389.38 [#/sec] (mean)
Requests per second:    6949.27 [#/sec] (mean)
    
    2)測試phpmyadmin http 并發(fā)
# ab -c 100 -n 200 http://web.yang.com/index.php    
Requests per second:    5641.91 [#/sec] (mean)
Requests per second:    54.74 [#/sec] (mean)
    
    3)測試phpmyadmin https 并發(fā)
# ab -c 100 -n 100 https://web.yang.com/index.php    
Requests per second:    44.32 [#/sec] (mean)
Requests per second:    45.28 [#/sec] (mean)

二、為php安裝xcache加速器測試數(shù)據(jù)：
    1)yum 安裝php-xcache
~]# yum install php-xcache
 
    2)測試并發(fā)
# ab -c 100 -n 200 http://web.yang.com/index.php
Requests per second:    44.77 [#/sec] (mean)
# ab -c 100 -n 200 https://web.yang.com/index.php
Requests per second:    44.12 [#/sec] (mean)
# ab -c 100 -n 200 http://www.yang.com/index.php
Requests per second:    109.11 [#/sec] (mean)