CentOS 7.2 amp + xcache, rpm包,php-fpm
1、實驗需求:
1)CentOS 7, amp + xcache, rpm包,php-fpm;
a) httpd, php, mariadb分別部署在一個單獨的主機上;
b) 一個虛擬主機提供wordpress,另一個虛擬主機提供;phpMyAdmin
c) 爲phpMyAdmim提供https服務;
2、實驗環境:
1)服務器環境
Linux服務器操作系統版本:CentOS release 6.7 (Final)
http) IP: 172.16.66.60
php-fpm) IP:172.16.66.70
mariadb) IP:172.16.66.70
2)測試環境
WIN7系統客戶機):IP:172.16.66.100
3、實驗前提:
1)關閉防火牆和SELinux
~]# service iptables stop
~]# sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
4、實驗過程:
第一部分:
部署主機IP: 172.16.66.60
1 基本設置
1.1 設置 httpd 主機名 HOSTNAME
echo "HOSTNAME=www1" >> /etc/sysconfig/network
1.2 更新 HOSTS 配置文件 /etc/hosts
vim /etc/hosts
172.16.66.60 www1
1.3 修改 DNS 解析設置
vim /etc/resolv.conf
2 安裝 LAMP
2.2 安裝並配置 Apache 網絡服務器
yum install httpd
2.3備份配置文件(建議對於所有的配置文件,做任何更改前都先備份一份,以便應對未知錯誤)
mkdir ~/confbak
cp -R /etc/httpd ~/confbak
其中 ~ 表示當前登錄用戶的用戶文件夾;-R 參數表示遞歸到所有子目錄。
2.4配置虛擬主機(/etc/httpd/conf.d/www1.conf )
vim /etc/httpd/conf.d/www1.conf
主機www1
[root@www1 conf.d]# cat www1.conf
<VirtualHost *:80>
ServerName www1
# ServerAlias www
DocumentRoot /data/vhosts/www1 #注意這行末尾不要帶 /
ProxyRequests Off
DirectoryIndex index.php
ProxyPassMatch ^/(.*\.php)$ fcgi://172.16.66.70:9000/data/vhosts/www1/$1
<Directory "/data/vhosts/www1">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog logs/www1-error_log
CustomLog logs/www1-access_log combien
#ServerSignature Off
</VirtualHost>
2.5配置虛擬主機(/etc/httpd/conf.d/www2.conf )
vim /etc/httpd/conf.d/www2.conf
主機 www2
[root@www1 conf.d]# cat www2.conf
<VirtualHost *:80>
ServerName www2
DocumentRoot /data/vhosts/www2
ProxyRequests Off
DirectoryIndex index.php
ProxyPassMatch ^/(.*\.php)$ fcgi://172.16.66.70:9000/data/vhosts/www2/$1
<Directory "/data/vhosts/www2">
Options None
AllowOverride None
Require all granted
</Directory>
ErrorLog logs/www2-error_log
CustomLog logs/www2-access_log combien
#ServerSignature Off
</VirtualHost>
2.6爲虛擬主機創建(網站目錄)
主機 1 的
mkdir /data/vhosts/www1/ -p
主機 2 的
mkdir /data/vhosts/www2/ -p
2.7爲了能夠在系統啓動時自動運行 Apache 服務器,需要運行下面的指令:
systemctl enable httpd
輸出類似於
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
2.8啓動 Apache 服務
systemctl start httpd
2.9提示Apache已啓動重啓加載
systemctl reload httpd
現在需要將 http 服務加入防火牆以允許外部訪問(也就是將 HTTP 默認使用的端口 80 加入到防火牆允許列表裏),
firewall-cmd --add-service=http --permanent
–permanent 參數表示這是一條永久防火牆規則,如果不加這個參數則重啓系統後就沒有這條規則了。
重啓 Firewalld 使該規則生效
systemctl restart firewalld
如果防火牆默認沒有啓動,則上述指令會提示錯誤,“FirewallD is not running”。那麼先啓用防火牆服務。
systemctl enable firewalld && systemctl start firewalld
如果要查看加入後的防火牆規則,使用如下命令。
firewall-cmd --list-all
總結一下關鍵點,httpd 服務默認配置文件:
默認配置文件: /etc/httpd/conf/httpd.conf
加載模塊的配置文件: /etc/httpd/conf.modules.d/ directory (e.g. PHP)
選擇 MPMs (處理模式) [worker, prefork (默認是這個)] 和 event: /etc/httpd/conf.modules.d/00-mpm.conf
默認端口: 80 和 443 (SSL)
默認日誌: /var/log/httpd/{access_log,error_log}
還可以直接用 apachectl 來控制 Apache 服務執行一些操作,比如優雅地重新加載配置,
apachectl graceful
“優雅地”的意思是不中斷客戶的訪問的情況下逐漸地將所有 httpd 進程更新爲使用新配置的新進程。
詳情需要查看其簡單的幫助文件,
apachectl -h
其它重要的防火牆 Firewalld 選項有,
# firewall-cmd --state
# firewall-cmd --list-all
# firewall-cmd --list-interfaces
# firewall-cmd --get-service
# firewall-cmd --query-service service_name
# firewall-cmd --add-port=8080/tcp
第二部分:
部署php-fpm主機IP: 172.16.66.70
1安裝和配置 php-fpm
1.1安裝 php-fpm
yum install php-fpm mysql-server -y
1.2備份配置文件 /etc/php.ini,還有 php.conf 以及 00-php.conf,
cp /etc/php.ini ~/confbak/php.ini.bak
cp /etc/httpd/conf.d/php.conf ~/confbak/httpd/conf.d/php.conf.bak
cp /etc/httpd/conf.modules.d/00-php.conf ~/confbak/httpd/conf.modules.d/00-php.conf.bak
1.3並確保 /etc/php.ini 中有下面的語句(不同的就修改,沒有的就添加,某些數值可以後再調整,這是針對一個簡單的運行 WordPress 的服務器的配置):
error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR
display_errors = Off
log_errors = On
max_execution_time = 300
memory_limit = 32M
2安裝和配置php-mysql (爲了在 PHP 中使用 MySQL,還需要安裝這個 php-mysql 包):
2.1安裝php-mysql
yum install php-mysql -y
第三部分:
部署mariadb主機IP: 172.16.66.80
1安裝和配置 Mariadb 數據庫服務
MariaDB 是在 MySQL 基礎上重建的一個數據庫軟件,各 Linux 發行版都陸陸續續從 MySQL 切換到了 MariaDB。CentOS 從 7 開始默認使用 MariaDB。
1.1安裝
yum install mariadb-server mariadb
1.2 加入隨系統啓動
systemctl enable mariadb
1.3 啓動 mariadb 守護進程(mysqld)其默認用戶名還是 mysql
systemctl start mariadb
1.4以查看內存佔用情況。
top -u mysql
1.5停止/重啓或停用 mariadb 服務的一些指令:
停止
sudo systemctl stop mariad
重啓
sudo systemctl restart mariadb
禁用
sudo systemctl disable mariadb
檢查
sudo systemctl is-active mariadb
2安全配置 MariaDB
使用 MariaDB 內建的安全配置腳本進行配置
mysql_secure_installation
這裏需要配置 mysql 根用戶和密碼、清除其他用戶、清除不需要的數據庫等。輸出類似於下面的執行過程,其中需要我們從鍵盤輸入的內容用藍色註釋出來了:
/usr/bin/mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):這裏直接回車,這裏可不是 Linux root 用戶,而是 MariaDB 數據庫的 root 用戶
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:輸入你的數據庫root用戶密碼
Re-enter new password:再輸入一遍
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y --刪除匿名用戶?
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y --不允許遠程root登錄嗎?
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y --刪除測試數據庫和訪問嗎?
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y --現在重新加載權限表嗎?
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
2.1輸入密碼後回車,下面是輸出示例,可以看到命令提示符變爲 MariaDB [(none)]>
mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.37-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
2.1創建一個新數據庫給 WordPress 用(這裏取名爲 wordpress,也可以用別的名字)
MariaDB [(none)]> create database wordpress;
2.3創建一個新用戶,並將該數據庫的權限賦給他(這裏只是舉例,用戶名爲 ly,密碼爲 lyuserpassword)
MariaDB [(none)]> grant all on wordpress.* to 'ly'@'172.16.%.%' identified by 'lyuserpassword';
2.4更新權限
MariaDB [(none)]> flush privileges;
2.5退出數據庫
MariaDB [(none)]> quit
2.6備份配置文件
cp /etc/my.cnf ~/confbak/my.cnf.bak
第四部分: 安裝和配置 wordpress,phpMyAdmin
在php-fpm主機環境中 IP: 172.16.66.70
1.安裝和配置wordpress
1.1解壓wordpress包
tools]# unzip wordpress-4.3.1-zh_CN.zip
1.2拷貝到站點目錄www1中
cp wordpress /data/vhosts/www1
1.3改名wordpress配置文件爲wp-config.php
]# cp wp-config-sample.php wp-config.php
1.4修改wp-config.php文件連接數據庫
~]# sed -n '22,38p' /data/vhosts/www1/wordpress/wp-config.php
/** WordPress數據庫的名稱 */
define('DB_NAME', 'wordpress');
/** MySQL數據庫用戶名 */
define('DB_USER', 'ly');
/** MySQL數據庫密碼 */
define('DB_PASSWORD', 'liyang');
/** MySQL主機 */
define('DB_HOST', '172.16.66.80');
/** 創建數據表時默認的文字編碼 */
define('DB_CHARSET', 'utf8');
/** 數據庫整理類型。如不確定請勿更改 */
define('DB_COLLATE', '');
2.安裝和配置phpMyAdmin
2.1解壓phpMyAdmin包
tools]# unzip phpMyAdmin-4.4.14.1-all-languages.zip
2.2拷貝到站點目錄www2中
~]# cp -r phpMyAdmin-4.4.14.1-all-languages /data/vhosts/www2
2.3配置phpMyAdmin軟件
# ln -sv phpMyAdmin-4.4.14.1-all-languages/ phpMyAdmin
2.4改名配置文件名
~]# cp config.sample.inc.php config.inc.php
2.5生成隨機數
~]# openssl rand -hex 8 #-->(640b56f72820ace8)
2.6修改配置文件config.inc.php
~]# vim config.inc.php
$cfg['blowfish_secret'] = '640b56f72820ace8'
3.測試php和mariad連通性
3.1 httpd-->php是否可以訪問
www1]# cat admin.php
<?php
phpinfo();
?>
3.2 httpd-->php--mariadb是否可以訪問
www1]#cat index.php
<?php
$conn = mysql_connect('172.16.100.71','testuser','testpass');
if($conn)
cho "OK";
else
echo "Failure";
?>
4.測試wordpress和phpMyAdmin
4.1在PC瀏覽器中測試,wordpress是否能正常方式
http://www1/wordpress通過80端口訪問
4.2訪問提示:沒有擴展,安裝 php-mbstring 可以解決
~]# yum install php-mbstring
5.3在PC瀏覽器中測試,根據提示輸入數據庫名和密碼(主機賬號和密碼是授權wordpress中用戶)
http://www2/phpMyAdmin/index.php
5.爲php-fpm安裝xcache加速器並配置
5.1yum 安裝php-xcache
~]# yum install php-xcache
第五部分:爲phpMyAdmim提供https服務
在httpd主機環境中 IP: 172.16.66.60
工作目錄:/etc/pki/CA/
1.建立私有CA
1.1生成私鑰
CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
1.2生成自簽證書
CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Common Name (eg, your name or your server's hostname) []:www2
1.3提供輔助文件
CA]# touch index.txt
CA]# echo 01 > serial 序列號
CA]# tree
.
├── cacert.pem
├── certs
├── crl
├── index.txt
├── newcerts
├── private
│ └── cakey.pem
└── serial
2.節點申請證書
2.1生成私鑰
~]# mkdir -pv /etc/httpd/ssl
ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
2.2生成證書籤署請求:
ssl]# openssl req -new -key httpd.key -out httpd.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Common Name (eg, your name or your server's hostname) []:www2
2.3把請求發給CA
ssl]# cp httpd.csr /tmp/
3.CA簽發證書
3.1簽署證書
~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt
3.2把簽署好的證書發還給請求者。
~]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/
注意:本次私建CA和節點申請證書在同一臺機器完成。
4.配置httpd支持使用ssl,及使用的證書
4.1yum安裝mod_ssl模塊
~]# httpd -M | grep ssl
~]# yum install mod_ssl -y
~]# rpm -ql mod_ssl
4.2修改配置文件
~]# cat /etc/httpd/conf.d/ssl.conf
<VirtualHost>
DocumentRoot "/data/vhosts/www2"
ServerName www2:443
ProxyRequests Off
DirectoryIndex index.php
ProxyPassMatch ^/(.*\.php)$ fcgi://172.16.66.70:9000/data/vhosts/www2/$1
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
<Directory "/data/vhosts/www2">
SSLOptions +StdEnvVars
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
第六部分:壓力測試報告
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章