lamp-module
要求: (1) 三者分离于两台主机;
(2) 一个虚拟主机用于提供phpMyAdmin;另一个虚拟主机用于提供wordpress;
(3) xcache
(4) 为phpMyAdmin提供https虚拟主机;
HTTPD AND PHP-module: 192.168.8.16
MariDB : 192.168.8.17
(1)192.168.8.16 配置
yum install httpd php php-mysql (安装apache程序及php模块)
vim /etc/httpd/conf/httpd.conf
Listen 80 (设定监听地址及端口,格式:192.168.8.x:80 ,不输入地址默认监听本机所有端口)
ServerName 80 (指定httpd应用程序服务域名或地址,不输入默认为本地地址80端口) 注:此处如不修改会提示serverName错误
DocumentRoot "/var/www/html" (指定URL映射路径)
wq
vim /etc/httpd/conf.d/Virtual1.conf (添加虚拟主机1配置文件,域名为 pma.vhosts.com , 作为 phpMyAdmin 服务器)
0 <VirtualHost *:80> (监听80端口)
1 ServerName "pma.vhosts.com" (指定服务域名,也可以理解为监听的域名,当客户端访问该域名时将URL路径映射到配置文件中指定的路径下)
DocumentRoot "/web/vhosts/www1" (指定URL映射路径)
<Directory "/web/vhosts/www1"> (权限设置允许客户端通过URL访问该目录)
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "/tmp/">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ErrorLog /var/log/httpd/pma/error_log (指定服务器错误日志路径)
CustomLog /var/log/httpd/pma/access_log combined (指定访问日志路径及日志格式:combined)
</VirtualHost>
vim /etc/httpd/conf.d/Virtual2.conf (新增虚拟主机2配置文件,域名为 wp.vhosts.com ,做为wordpress 服务器)
<VirtualHost *:>
ServerName "wp.vhosts.com"
DocumentRoot "/web/vhosts/www2"
<Directory "/web/vhosts/www2">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ErrorLog "/var/log/httpd/wp/error_log"
CustomLog "/var/log/httpd/wp/access_log" combined
</VirtualHost>
创建相关目录:
mkdir /web/vhosts/{www1,www2} -pv
mkdir /var/log/httpd/{wp,pma} -pv
下载 phpMyAdmin-4.0.10.20-all-languages.zip
unzip phpMyAdmin-4.0.10.20-all-languages.zip (解压)
cp -a phpMyAdmin-4.0.10.20-all-languages /web/vhosts/www1/
cd /web/vhosts/www1/
ln -sv phpMyAdmin-4.0.10.20-all-languages pma (指定软链接,客户端端通过软链接目录访问应用服务,便于日后版本更新等操作)
cd pma
cp config.sample.inc.php config.inc.php
openssl rand -base64 20 (生成20位随机字符串)
vim config.inc.php
$cfg['blowfish_secret'] = 'AzNv9me9gqEfC9Ya4rkTSHu598I'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! (将生成的20位字符串放入 = '此处')
*/
$cfg['Servers'][$i]['host'] = '192.168.20.243'; (指定mariadb 服务器地址) 注:需在mariadb服务器开通指定用户账号访问权限
测试: 客户端访问 pma.vhosts.com/pma (successd)
下载 wordpress -5.0.2
unzip wordpress-5.0.2.zip (解压)
cp wordpress /web/vhosts/www2/
cd /web/vhosts/www2/
ln -sv wordpress wp
cd wordpress
cp wp-config-sample.php wp-config.php
vim wp-config.php
define( 'DB_NAME', '192.168.8.17' ); (指定数据库名称) /** MySQL database username */
define( 'DB_USER', 'tom' ); (指定连接数据库用户) /** MySQL database password */
define( 'DB_PASSWORD', '' ); (指定数据库密码) /** MySQL hostname */
define( 'DB_HOST', '192.168.8.17' ); (指定数据库地址) /** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' ); (数据库字符集)
测试: http://wp.vhosts.com/wp (successd)
192.168.8.17 配置
yum install mariadb-server
vim /etc/my.cnf (插入以下行)
skip_name_resolve=ON
innodb_file_per_table=ON
mysql 进入mariadb管理界面
grant all on *.* to 'tom'@'192.168.8.%' identified by ''; (创建用户tom,允许通过192.168.8.* 网段访问)
如有需要可创建数据库及表
ss -tnl :检查3306端口是否监听
压测: ab -n 100000 -c 200 http://pma.vhosts.com/pma/index.php
Server Software: Apache/2.4.6 (请求的服务版本)
Server Hostname: pma.vhosts.com (请求的服务名称)
Server Port: 80 (请求的端口号) Document Path: /pma/index.php (URL路径映射)
Document Length: bytes (page size) Concurrency Level: 200 (请求并发数)
Time taken for tests: 92.017 seconds (共使用 秒数)
Complete requests: 4992 (请求的次数)
Failed requests: 0 (失败的请求)
Write errors: 0 (网络连接写入错误数)
Total transferred: bytes (完全传输page size)
HTML transferred: bytes (实际传输的 page size)
Requests per second: 54.25 [#/sec] (mean) (每 秒 多少个请求)
Time per request: 3686.596 [ms] (mean) (平均每个用户等待多长时间)
Time per request: 18.433 [ms] (mean, across all concurrent requests) (服务器平均用时多长时间处理)
Transfer rate: 540.61 [Kbytes/sec] received (每秒获取多少数据) Connection Times (ms)
min mean[+/-sd] median max
Connect: 92.5
Processing: 898.9
Waiting: 784.7
Total: 901.7 Percentage of the requests served within a certain time (ms)
% 3582 (%50的用户请求 3582ms内返回)
%
%
%
%
%
%
%
% (longest request)
192.168.1.16 安装xcache
yum install php-xcache
vim /etc/php.d/xcache
xcache.size = 60M (指定缓存用内存空间大小,越大缓存越多,速率越快)
systemctl restart httpd
附录: DNS and Bind 解析配置
yum install bind bind-utils
vim /etc/named.conf
options {
listen-on port { 192.168.20.243; 127.0.0.1; }; (指定监听地址与端口,可指定多个)
listen-on-v6 port { ::; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; (指定允许接收的请求,any为所有)
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes; (递归查询)
dnssec-enable no; (关闭dns校验)
dnssec-validation no; (关闭dns校验)
vim /etc/named.rfc1912.zone (添加下面的行,区域配置)
zone "vhosts.com" IN {
type master;
file "vhosts.com.zone";
};
vim /var/named/vhosts.com.zone (新增解析库文件)
$TTL
$ORIGIN vhosts.com.
@ IN SOA ns1.vhosts.com. admin.vhosts.com ( 2H
10M
1W
1D
)
@ IN NS ns1.vhosts.com.
ns1 IN A 192.168.20.244
pma IN A 192.168.20.242
wp IN A 192.168.20.242
测试配置文件
[root@test ~]# named-checkconf
[root@test ~]# named-checkzone vhosts.com /var/named/vhosts.com.zone
zone vhosts.com/IN: loaded serial
OK
启动并测试
[root@test ~]# systemctl start named
[root@test ~]# dig -t A pma.vhosts.com ; <<>> DiG 9.11.-P2-RedHat-9.11.-.P2.el7 <<>> -t A pma.vhosts.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;pma.vhosts.com. IN A ;; ANSWER SECTION:
pma.vhosts.com. IN A 192.168.20.242 ;; AUTHORITY SECTION:
vhosts.com. IN NS ns1.vhosts.com. ;; ADDITIONAL SECTION:
ns1.vhosts.com. IN A 192.168.20.244 ;; Query time: msec
;; SERVER: 192.168.20.243#(192.168.20.243)
;; WHEN: Tue Feb :: EST
;; MSG SIZE rcvd:
192.168.8.16 为phpmyadmin 提供https虚拟主机
(模拟 CA服务器:192.168.8.18)
cd /etc/pki/CA/
[root@test]# (umask 077;openssl genrsa -out private/cakey.pem 4096) (生成4096位私钥文件 cakey.pem)
Generating RSA private key, bit long modulus
......................................................................................................................++
...........................................................................................................++
e is (0x10001)
[root@test ]# openssl req -new -key private/cakey.pem -out httpd.csr -days 365 (生成证书签署请求文件) You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:DaWanQu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:pma.vhosts.com (此处指定服务域名一定要与指定访问的域名一致,否则客户端会验证不通过)
Email Address []: Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@centos7 CA]# scp httpd.csr root@192.168.8.18:/etc/pki/CA/ (将证书签署请求拷贝到CA服务器/etc/pki/CA/ 目录下)
The authenticity of host '192.168.8.18 (192.168.8.18)' can't be established.
ECDSA key fingerprint is SHA256:FKhie5UQHlmOtTV/TZol/k7UIf0nfDRosf2smlFoXak.
ECDSA key fingerprint is MD5:1b::4c:eb:5f::7d:a8::d3:be::b1:::.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.18' (ECDSA) to the list of known hosts.
root@192.168.8.18's password:
httpd.csr % .4MB/s :
[root@test ]#
192.168.8.18
CA 主机上配置
cd /etc/pki/CA/
[root@bogon CA]# (umask ;openssl genrsa -out private/cakey.pem ) (生成4096位私钥文件)
Generating RSA private key, bit long modulus
...........................++
......................................................................................................................................................................................................................................................................................++
e is (0x10001)
[root@bogon CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 (生成CA服务器自签证书, -days为证书有效期天数)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:DaWanQu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:DaWanQu
Email Address []: [root@bogon CA]# touch ./{serial,index.txt} (创建签署证书必需文件)
[root@bogon CA]# echo > serial (写入序列号01) [root@bogon CA]# openssl ca -in httpd.csr -out httpd.crt -days (签署httpd.csr 证书 ,输出为 httpd.crt)
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: (0x1)
Validity
Not Before: Feb :: GMT
Not After : Feb :: GMT
Subject:
countryName = CN
stateOrProvinceName = GD
organizationName = DaWanQu
organizationalUnitName = Ops
commonName = pma.vhosts.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
CA:A9::E2:::4C:::EE::D3::C1:B6:0B::::
X509v3 Authority Key Identifier:
keyid:E7::::::6E:5A::ED:6A:FF::D3:F4:::C5:B6:CE Certificate is to be certified until Feb :: GMT ( days)
Sign the certificate? [y/n]:yes out of certificate requests certified, commit? [y/n]yes
Write out database with new entries
Data Base Updated
67 [root@bogon CA]# scp httpd.crt root@192.168.8.16:/etc/pki/CA/ (将签署完成的证书文件拷贝到httpd服务器)
The authenticity of host '192.168.8.16 (192.168.8.16)' can't be established.
ECDSA key fingerprint is SHA256:I9f09gGvg6Zr5JFDYPLO5VKiAZ/Fzmy1F37f1SLgzkI.
ECDSA key fingerprint is MD5::::9f:f0:b0:9e::c0::ad::3f:be::.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.16' (ECDSA) to the list of known hosts.
root@192.168.8.16's password:
/etc/profile.d/vimrc.sh: line : autocmd: command not found
/etc/profile.d/vimrc.sh: line : syntax error near unexpected token `('
/etc/profile.d/vimrc.sh: line : `func SetTitle()'
httpd.crt % .9MB/s :
[root@bogon CA]#
192.168.8.16 httpd主机配置
yum install mod_ssl (安装ssl支持模块)
vim /etc/httpd/conf.d/ssl.conf
Listen https (默认监听443端口) #
DocumentRoot "/web/vhosts/www1" (SSL 连接URL映射路径)
ServerName "pma.vhosts.com" (服务域名) <Directory "web/vhosts/www1"> (授权URL映射路径允许访问)
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory> SSLCertificateFile /etc/pki/CA/httpd.crt (指定证书文件路径)
SSLCertificateKeyFile /etc/pki/CA/private/cakey.pem (指定私钥文件路径)
客户机配置
将ca服务器自签证书导入到浏览器受信根证书中
测试: https://pma.vhosts.com/pma/ (google浏览器测试不成功,火狐浏览器与IE测试成功)
lamp-module的更多相关文章
- LAMP 搭建练习
目录 LAMP 搭建 1:CentOS 7, lamp (module): http + php + phpMyAdmin + wordpress 192.168.1.7 配置虚拟主机 xcache ...
- LAMP的搭建与简易配置(apache,php已module方式结合)
测试所用环境:centos7.2 apache php 所在主机IP:9.110.187.120 mariadb 所在主机IP:9.110.187.121 第一部分:环境搭建 yum安装软件包 其中a ...
- LAMP.md
LAMP Linux+Apache+Mysql/MariaDB+Perl/PHP/Python一组常用来搭建动态网站或者服务器的开源软件,本身都是各自独立的程序,但是因为常被放在一起使用,拥有了越来越 ...
- CentOS6.3 编译安装LAMP(2):编译安装 Apache2.2.25
所需源码包: /usr/local/src/Apache-2.2.25/httpd-2.2.25.tar.gz 编译安装 Apache2.2.25 #切换到源码目录 cd /usr/local/src ...
- 再不写,我怕就再也不写了-LAMP基础
hi 经历了4天大餐的洗礼,整个人都思密达了...昨天的懒,是没有原因的懒,总之就是该提笔了亲 1.Ubuntu下的LAMP配置 -----Ubuntu基础知识----- ----管理员权限 出于安全 ...
- 年终福利,PHP7+Apache2.4+MySQL5.6 源码编译安装,环境配置,搭建你自己的LAMP环境
PHP7 都出来了,你还在玩PHP5吗? MySQL5.6 早都出来了,你还在玩MySql5.2吗? Apache2.4 早都出来了,你还在玩Apache2.2吗? 笔者不才,愿意亲自搭建环境,供搭建 ...
- 部署lamp服务器
系统:CentOS 6.5 64位 1.卸载旧版本软件 rpm -qa | grep mysql #查询是否已经安装MySQL,如有执行下面的操作将其全部删除 rpm -e mysql --nodep ...
- (原创)LAMP搭建之二:apache配置文件详解(中英文对照版)
LAMP搭建之二:apache配置文件详解(中英文对照版) # This is the main Apache server configuration file. It contains the # ...
- 在Debian下安装LAMP
准备工作: 1 sudo apt-get install build-essential 第一步:安装Apache 1 sudo apt-get install apache2 第二步:安装MySQL ...
- lamp环境centos6.4
http://www.centos.bz/2011/09/centos-compile-lamp-apache-mysql-php/comment-page-1/#comments 编译安装: 首先卸 ...
随机推荐
- 吴裕雄 Bootstrap 前端框架开发——Bootstrap 排版:设定文本对齐,段落中超出屏幕部分文字自动换行
<!DOCTYPE html> <html> <head> <title>菜鸟教程(runoob.com)</title> <meta ...
- 3_04_MSSQL课程_Ado.Net_.ExcuteReader()(SQLDataReader)
ExcuteNonQuery(); 返回影响的行数 ExcuteSacalar();返回第一行第一列 ExcuteReader(): Reader,指针,指向表的表头.只是指向,数据仍在数据库中. S ...
- Python学习第十一课——装饰器
#装饰器:本质就是函数,为其他函数附加功能原则:1.不修改被修饰函数的源代码2.不修改被修饰函数的调用方式 装饰器=高阶函数+函数嵌套+闭包 #高阶函数 ''' 高阶函数定义: 1.函数接受的参数是一 ...
- 避免学习Linux走弯路
我并不是一位Linux老鸟.在学习Linux的一路上.也是走了很多弯路,踩了不少坑.而今日就把自己趟过的那些坑给我们总结出来,期望能给初学Linux的童靴们带来一丝丝的帮助吧.文采可能没有那么高深,只 ...
- 实用类-<装箱与拆箱>
装箱:把基本数据类型装换为对应的对象类 作用:1.在需要使用对象类型的时候,装换成对应的对象类型(集合里面) 2.转换完成以后,拥有相应的属性和方法,方便咱们的数据操作 拆箱 Integer intO ...
- Languages-used-on-the-Internet
Languages-used-on-the-Internet 1. 互联网上使用的语言 1.1 网站内容语言 1.2 按语言互联网用户 1.3 维基百科文章统计 2. 综合以上表格数据出图表(2019 ...
- Linux centos7VMware Apache和PHP结合、Apache默认虚拟主机
一.Apache和PHP结合 httpd主配置文件/usr/local/apache2.4/conf/httpd.conf 启动报错 [root@davery ~]# /usr/local/apach ...
- 【IMU_Ops】------III------ IMU自动化运维平台之CMDB(admin)
说明本文中所有内容仅作为学习使用,请勿用于任何商业用途.本文为原创,遵循CC 4.0 by-sa版权协议,转载请附上原文出处链接和本声明. #A 首先启用admin 通过python manage.p ...
- 如何用AU3调用自己用VC++写的dll函数
这问题困扰我一个上午了,终于找到原因了,不敢藏私,和大家分享一下. 大家都知道,AU3下调用dll文件里的函数是很方便的,只要一个dllcall语句就可以了. 比如下面这个: $result = Dl ...
- OC中四种遍历方式
标准的C语言for循环.Objective-C 1.0出现的NSEnumerator.Objective-C 1.0出现的for in快速遍历.块遍历. 遍历的话,一般是NSArray.NSDicti ...