CentOS 7系統(tǒng)之 lamp ( module )詳解

    安裝要求：CentOS 7系統(tǒng)之 lamp ( module )

             (1) 三者分離于兩臺主機(jī)；

            (2) 一個虛擬主機(jī)用于提供phpMyAdmin；另一個虛擬主機(jī)用于提供wordpress；

           (3) xcache

           (4) 為phpMyAdmin提供https虛擬主機(jī)；

    安裝環(huán)境：

開始前下載阿里云的base源到本地。

 1、 192.168.1.104主機(jī)配置(數(shù)據(jù)庫的創(chuàng)建 ，授權(quán)等)

    [root@localhost yum.repos.d]# yum install mariadb mariadb-server -y

    [root@localhost yum.repos.d]# systemctl start mariadb.service

    [root@localhost ~]# mysql_secure_installation  //設(shè)置安全向?qū)?，root密碼改為mageedu

    /usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found

    NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

          SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

    In order to log into MariaDB to secure it, we'll need the current

    password for the root user.  If you've just installed MariaDB, and

    you haven't set the root password yet, the password will be blank,

    so you should just press enter here.

    Enter current password for root (enter for none): 

    OK, successfully used password, moving on...

    Setting the root password ensures that nobody can log into the MariaDB

    root user without the proper authorisation.

    Set root password? [Y/n] y

    New password: 

    Re-enter new password: 

    Password updated successfully!

    Reloading privilege tables..

     ... Success!

    By default, a MariaDB installation has an anonymous user, allowing anyone

    to log into MariaDB without having to have a user account created for

    them.  This is intended only for testing, and to make the installation

    go a bit smoother.  You should remove them before moving into a

    production environment.

    Remove anonymous users? [Y/n] y

     ... Success!

    Normally, root should only be allowed to connect from 'localhost'.  This

    ensures that someone cannot guess at the root password from the network.

    Disallow root login remotely? [Y/n] n

     ... skipping.

    By default, MariaDB comes with a database named 'test' that anyone can

    access.  This is also intended only for testing, and should be removed

    before moving into a production environment.

    Remove test database and access to it? [Y/n] n

     ... skipping.

    Reloading the privilege tables will ensure that all changes made so far

    will take effect immediately.

    Reload privilege tables now? [Y/n] y

     ... Success!

    Cleaning up...

    All done!  If you've completed all of the above steps, your MariaDB

    installation should now be secure.

    Thanks for using MariaDB!

    [root@localhost ~]# mysql -uroot -pmageedu   //驗證用戶登陸

    MariaDB [(none)]> CREATE DATABASE wpdb; //創(chuàng)建wordpress數(shù)據(jù)庫

     MariaDB [(none)]> GRANT ALL ON wpdb.* TO wpuser@'192.168.%.%' IDENTIFIED BY 'wppass';         //授權(quán)wordpress用戶

    MariaDB [(none)]> FLUSH PRIVILEGES;

    MariaDB [(none)]> SHOW DATABASES;

    +--------------------+

    | Database           |

    +--------------------+

    | information_schema |

    | mysql              |

    | performance_schema |

    | test               |

    | wpdb               |

    +--------------------+

    5 rows in set (0.00 sec)

    MariaDB [(none)]> CREATE DATABASE pma;  //創(chuàng)建phpMyAdmin數(shù)據(jù)庫

    Query OK, 1 row affected (0.00 sec)

    MariaDB [(none)]> GRANT ALL ON pma.* TO pma@'192.168.%.%' IDENTIFIED BY     'pmapass';   

    Query OK, 0 rows affected (0.00 sec)

    MariaDB [(none)]> FLUSH PRIVILEGES;   

    Query OK, 0 rows affected (0.00 sec)

    MariaDB [(none)]> GRANT ALL ON *.* TO testuser@'192.168.%.%' IDENTIFIED BY           'testpass';

    Query OK, 0 rows affected (0.00 sec)  //授權(quán)一個測試用戶

    MariaDB [(none)]> FLUSH PRIVILEGES;

    Query OK, 0 rows affected (0.00 sec)

2、 192.168.1.103主機(jī)配置 （httpd,php）

    [root@localhost ~]# yum install httpd php php-mysql php-mbstring -y    

    [root@localhost ~]# systemctl start httpd.service

    編寫測試代碼，驗證php是否可以連接數(shù)據(jù)庫

    [root@localhost ~]# cd /var/www/html

    [root@localhost html]# vim index.php

    [root@localhost html]# systemctl reload httpd.service

3、xcache的編譯安裝

  xcache可以選擇編譯安裝，但epel源中也有提供,這里用編譯安裝的方式。

    [root@localhost ~]# yum groupinstall "Development Tools" "Server Platform Development" -y  //安裝開發(fā)包組

    [root@localhost ~]# yum install php-devel -y //安裝xcache依賴php的包

  下載xcache壓縮包

    [root@localhost ~]# ls

    anaconda-ks.cfg  xcache-3.2.0.tar.bz2

    [root@localhost ~]# tar xf xcache-3.2.0.tar.bz2 

    [root@localhost ~]# ls

    anaconda-ks.cfg  xcache-3.2.0  xcache-3.2.0.tar.bz2

    [root@localhost ~]# cd xcache-3.2.0/

    [root@localhost xcache-3.2.0]# phpize

    [root@localhost xcache-3.2.0]# ./configure --enable-xcache --with-php-config=/usr/bin/php-config

    [root@localhost xcache-3.2.0]# make && make install

    [root@localhost xcache-3.2.0]# cp xcache.ini /etc/php.d/ 

    [root@localhost xcache-3.2.0]# systemctl restart httpd.service

  瀏覽器訪問，發(fā)現(xiàn)xcache已經(jīng)安裝完，對應(yīng)版本為3.2.0

4、安裝配置wordpress,配置虛擬主機(jī)

 配置虛擬主機(jī)  

    [root@localhost ~]# vim /etc/httpd/conf/httpd.conf  //注釋掉httpd默認(rèn)訪問路徑

    #DocumentRoot "/var/www/html"

     [root@localhost ~]# mkdir /web/vhost/test1 -pv //創(chuàng)建虛擬主機(jī)的訪問路徑

    [root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf  //創(chuàng)建虛擬主機(jī)的配置文件

    <VirtualHost 192.168.1.103:80>

        DocumentRoot "/web/vhost/test1"

        <Directory "/web/vhost/test1">

                Options None

                AllowOverride None

                Require all granted

        </Directory>

    </VirtualHost>

 下載wordpress（下載地址：https://wordpress.org/download/ ）

    [root@localhost ~]# cd /web/vhost/test1

              [root@localhost test1]# unzip wordpress-4.3.1-zh_CN.zip

    [root@localhost test1]# cd wordpress/           

    [root@localhost wordpress]# cp wp-config-sample.php wp-config.php  //復(fù)制示例的訪問配置php文件，修改即可。      

    [root@localhost wordpress]# vim wp-config.php

    [root@localhost ~]# systemctl restart httpd.service

瀏覽器訪問測試

5、安裝phpMyAdmin

 配置虛擬主機(jī)  

    [root@localhost vhost]# vim /etc/httpd/conf/httpd.conf

       //添加8080端口

    [root@localhost ~]# mkdir /web/vhost/test2 -pv //創(chuàng)建虛擬主機(jī)的訪問路徑

    [root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf  //編輯wordpress虛擬主機(jī)的配置文件即可

    <VirtualHost 192.168.1.103:80>

            DocumentRoot "/web/vhost/test1"

            <Directory "/web/vhost/test1">

                    Options None

                    AllowOverride None

                    Require all granted

            </Directory>

    </VirtualHost>

    <VirtualHost 192.168.1.103:8080>

            DocumentRoot "/web/vhost/test2"

            <Directory "/web/vhost/test2">

                Options FollowSymlinks 

                    AllowOverride None

                    Require all granted

            </Directory>

    </VirtualHost>

 下載方式：https://www.phpmyadmin.net/downloads/

     [root@localhost ~]# cd /web/vhost/test2

    [root@localhost test2]# unzip phpMyAdmin-4.4.14.1-all-languages.zip

    [root@localhost test2]# ln -sv phpMyAdmin-4.4.14.1-all-languages pma

    ‘pma’ -> ‘phpMyAdmin-4.4.14.1-all-languages’

    [root@localhost test2]# cd pma

    [root@localhost pma]# cp config.sample.inc.php config.inc.php

    [root@localhost pma]# openssl rand -base64 15  //生成15個隨機(jī)數(shù)

    fgqvst4l0yODkOhq4FXC

    [root@localhost pma]# vim config.inc.php  //把隨機(jī)數(shù)添加到訪問配置文件中

用瀏覽器訪問測試 192.168.1.103：8080/pma

    用戶為 :  pma

    密碼為 :  pmapass

6、為phpMyAdmin提供https虛擬主機(jī)

   把192.168.1.104做CA主機(jī)，192.168.1.103服務(wù)器進(jìn)行測試

  1）

   a) 192.168.1.104主機(jī)上，創(chuàng)建私有CA

    [root@localhost ~]# cd /etc/pki/CA

    [root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)   //生成一個私鑰

    Generating RSA private key, 2048 bit long modulus

    .....................+++

    .............+++

    e is 65537 (0x10001)

    [root@localhost CA]#  ll private/

    total 4

    -rw------- 1 root root 1679 May 27 07:09 cakey.pem

    [root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem  //生成自己的自簽證書

    [root@localhost CA]# ll

    total 4

    -rw-r--r--  1 root root 1391 May 27 07:12 cacert.pem

    drwxr-xr-x. 2 root root    6 Jun 29  2015 certs

    drwxr-xr-x. 2 root root    6 Jun 29  2015 crl

    drwxr-xr-x. 2 root root    6 Jun 29  2015 newcerts

    drwx------. 2 root root   22 May 27 07:09 private

    [root@localhost CA]# touch serial index.txt

    [root@localhost CA]# echo 01 >serial

   b）192.168.1.103主機(jī)，創(chuàng)建證書簽署請求

    [root@localhost ~]# cd /etc/httpd

    [root@localhost httpd]# mkdir ssl

    [root@localhost httpd]# cd ssl

    [root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 1024)

    Generating RSA private key, 1024 bit long modulus

    ..........++++++

    ..................++++++

    e is 65537 (0x10001)

    [root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr

    [root@localhost ssl]# ls

    httpd.csr  httpd.key

    [root@localhost ssl]# scp httpd.csr root@192.168.1.104:/tmp

   c) 192.168.1.104  簽署證書

    [root@localhost CA]# openssl ca -in /tmp/httpd.csr -out certs/httpd.crt

    [root@localhost CA]# scp certs/httpd.crt root@192.168.1.103:/etc/httpd/ssl/

  2）、 192.168.1.103主機(jī)，配置httpd支持使用ssl,及使用的證書

    [root@localhost ssl]# ls

    httpd.crt  httpd.csr  httpd.key

    [root@localhost ssl]# yum install mod_ssl -y

    [root@localhost ssl]# cd /etc/httpd/conf.d

    [root@localhost conf.d]# ls

    autoindex.conf  php.conf  README  ssl.conf  userdir.conf  vhost.conf     welcome.conf

    [root@localhost conf.d]# mv ssl.conf ssl.conf.backup

    [root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf

    [root@localhost conf.d]# httpd -t    

    Syntax OK

    [root@localhost conf.d]# systemctl restart httpd.service

    此時因為瀏覽器沒有導(dǎo)入CA證書，所以基于https的訪問將無法進(jìn)行，需要瀏覽器中導(dǎo)入CA證書文件（把虛擬主機(jī)中/etc/pki/CA/cacert.pem文件復(fù)制到物理主機(jī)上進(jìn)行導(dǎo)入）