lamp-module
要求: (1) 三者分离于两台主机;
(2) 一个虚拟主机用于提供phpMyAdmin;另一个虚拟主机用于提供wordpress;
(3) xcache
(4) 为phpMyAdmin提供https虚拟主机;
HTTPD AND PHP-module: 192.168.8.16
MariDB : 192.168.8.17
(1)192.168.8.16 配置
yum install httpd php php-mysql (安装apache程序及php模块)
vim /etc/httpd/conf/httpd.conf
Listen 80 (设定监听地址及端口,格式:192.168.8.x:80 ,不输入地址默认监听本机所有端口)
ServerName 80 (指定httpd应用程序服务域名或地址,不输入默认为本地地址80端口) 注:此处如不修改会提示serverName错误
DocumentRoot "/var/www/html" (指定URL映射路径)
wq
vim /etc/httpd/conf.d/Virtual1.conf (添加虚拟主机1配置文件,域名为 pma.vhosts.com , 作为 phpMyAdmin 服务器)
0 <VirtualHost *:80> (监听80端口)
1 ServerName "pma.vhosts.com" (指定服务域名,也可以理解为监听的域名,当客户端访问该域名时将URL路径映射到配置文件中指定的路径下)
DocumentRoot "/web/vhosts/www1" (指定URL映射路径)
<Directory "/web/vhosts/www1"> (权限设置允许客户端通过URL访问该目录)
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "/tmp/">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ErrorLog /var/log/httpd/pma/error_log (指定服务器错误日志路径)
CustomLog /var/log/httpd/pma/access_log combined (指定访问日志路径及日志格式:combined)
</VirtualHost>
vim /etc/httpd/conf.d/Virtual2.conf (新增虚拟主机2配置文件,域名为 wp.vhosts.com ,做为wordpress 服务器)
<VirtualHost *:>
ServerName "wp.vhosts.com"
DocumentRoot "/web/vhosts/www2"
<Directory "/web/vhosts/www2">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ErrorLog "/var/log/httpd/wp/error_log"
CustomLog "/var/log/httpd/wp/access_log" combined
</VirtualHost>
创建相关目录:
mkdir /web/vhosts/{www1,www2} -pv
mkdir /var/log/httpd/{wp,pma} -pv
下载 phpMyAdmin-4.0.10.20-all-languages.zip
unzip phpMyAdmin-4.0.10.20-all-languages.zip (解压)
cp -a phpMyAdmin-4.0.10.20-all-languages /web/vhosts/www1/
cd /web/vhosts/www1/
ln -sv phpMyAdmin-4.0.10.20-all-languages pma (指定软链接,客户端端通过软链接目录访问应用服务,便于日后版本更新等操作)
cd pma
cp config.sample.inc.php config.inc.php
openssl rand -base64 20 (生成20位随机字符串)
vim config.inc.php
$cfg['blowfish_secret'] = 'AzNv9me9gqEfC9Ya4rkTSHu598I'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! (将生成的20位字符串放入 = '此处')
*/
$cfg['Servers'][$i]['host'] = '192.168.20.243'; (指定mariadb 服务器地址) 注:需在mariadb服务器开通指定用户账号访问权限
测试: 客户端访问 pma.vhosts.com/pma (successd)
下载 wordpress -5.0.2
unzip wordpress-5.0.2.zip (解压)
cp wordpress /web/vhosts/www2/
cd /web/vhosts/www2/
ln -sv wordpress wp
cd wordpress
cp wp-config-sample.php wp-config.php
vim wp-config.php
define( 'DB_NAME', '192.168.8.17' ); (指定数据库名称) /** MySQL database username */
define( 'DB_USER', 'tom' ); (指定连接数据库用户) /** MySQL database password */
define( 'DB_PASSWORD', '' ); (指定数据库密码) /** MySQL hostname */
define( 'DB_HOST', '192.168.8.17' ); (指定数据库地址) /** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' ); (数据库字符集)
测试: http://wp.vhosts.com/wp (successd)
192.168.8.17 配置
yum install mariadb-server
vim /etc/my.cnf (插入以下行)
skip_name_resolve=ON
innodb_file_per_table=ON
mysql 进入mariadb管理界面
grant all on *.* to 'tom'@'192.168.8.%' identified by ''; (创建用户tom,允许通过192.168.8.* 网段访问)
如有需要可创建数据库及表
ss -tnl :检查3306端口是否监听
压测: ab -n 100000 -c 200 http://pma.vhosts.com/pma/index.php
Server Software: Apache/2.4.6 (请求的服务版本)
Server Hostname: pma.vhosts.com (请求的服务名称)
Server Port: 80 (请求的端口号) Document Path: /pma/index.php (URL路径映射)
Document Length: bytes (page size) Concurrency Level: 200 (请求并发数)
Time taken for tests: 92.017 seconds (共使用 秒数)
Complete requests: 4992 (请求的次数)
Failed requests: 0 (失败的请求)
Write errors: 0 (网络连接写入错误数)
Total transferred: bytes (完全传输page size)
HTML transferred: bytes (实际传输的 page size)
Requests per second: 54.25 [#/sec] (mean) (每 秒 多少个请求)
Time per request: 3686.596 [ms] (mean) (平均每个用户等待多长时间)
Time per request: 18.433 [ms] (mean, across all concurrent requests) (服务器平均用时多长时间处理)
Transfer rate: 540.61 [Kbytes/sec] received (每秒获取多少数据) Connection Times (ms)
min mean[+/-sd] median max
Connect: 92.5
Processing: 898.9
Waiting: 784.7
Total: 901.7 Percentage of the requests served within a certain time (ms)
% 3582 (%50的用户请求 3582ms内返回)
%
%
%
%
%
%
%
% (longest request)
192.168.1.16 安装xcache
yum install php-xcache
vim /etc/php.d/xcache
xcache.size = 60M (指定缓存用内存空间大小,越大缓存越多,速率越快)
systemctl restart httpd
附录: DNS and Bind 解析配置
yum install bind bind-utils
vim /etc/named.conf
options {
listen-on port { 192.168.20.243; 127.0.0.1; }; (指定监听地址与端口,可指定多个)
listen-on-v6 port { ::; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; (指定允许接收的请求,any为所有)
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes; (递归查询)
dnssec-enable no; (关闭dns校验)
dnssec-validation no; (关闭dns校验)
vim /etc/named.rfc1912.zone (添加下面的行,区域配置)
zone "vhosts.com" IN {
type master;
file "vhosts.com.zone";
};
vim /var/named/vhosts.com.zone (新增解析库文件)
$TTL
$ORIGIN vhosts.com.
@ IN SOA ns1.vhosts.com. admin.vhosts.com ( 2H
10M
1W
1D
)
@ IN NS ns1.vhosts.com.
ns1 IN A 192.168.20.244
pma IN A 192.168.20.242
wp IN A 192.168.20.242
测试配置文件
[root@test ~]# named-checkconf
[root@test ~]# named-checkzone vhosts.com /var/named/vhosts.com.zone
zone vhosts.com/IN: loaded serial
OK
启动并测试
[root@test ~]# systemctl start named
[root@test ~]# dig -t A pma.vhosts.com ; <<>> DiG 9.11.-P2-RedHat-9.11.-.P2.el7 <<>> -t A pma.vhosts.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
;; flags: qr aa rd ra; QUERY: , ANSWER: , AUTHORITY: , ADDITIONAL: ;; OPT PSEUDOSECTION:
; EDNS: version: , flags:; udp:
;; QUESTION SECTION:
;pma.vhosts.com. IN A ;; ANSWER SECTION:
pma.vhosts.com. IN A 192.168.20.242 ;; AUTHORITY SECTION:
vhosts.com. IN NS ns1.vhosts.com. ;; ADDITIONAL SECTION:
ns1.vhosts.com. IN A 192.168.20.244 ;; Query time: msec
;; SERVER: 192.168.20.243#(192.168.20.243)
;; WHEN: Tue Feb :: EST
;; MSG SIZE rcvd:
192.168.8.16 为phpmyadmin 提供https虚拟主机
(模拟 CA服务器:192.168.8.18)
cd /etc/pki/CA/
[root@test]# (umask 077;openssl genrsa -out private/cakey.pem 4096) (生成4096位私钥文件 cakey.pem)
Generating RSA private key, bit long modulus
......................................................................................................................++
...........................................................................................................++
e is (0x10001)
[root@test ]# openssl req -new -key private/cakey.pem -out httpd.csr -days 365 (生成证书签署请求文件) You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:DaWanQu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:pma.vhosts.com (此处指定服务域名一定要与指定访问的域名一致,否则客户端会验证不通过)
Email Address []: Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@centos7 CA]# scp httpd.csr root@192.168.8.18:/etc/pki/CA/ (将证书签署请求拷贝到CA服务器/etc/pki/CA/ 目录下)
The authenticity of host '192.168.8.18 (192.168.8.18)' can't be established.
ECDSA key fingerprint is SHA256:FKhie5UQHlmOtTV/TZol/k7UIf0nfDRosf2smlFoXak.
ECDSA key fingerprint is MD5:1b::4c:eb:5f::7d:a8::d3:be::b1:::.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.18' (ECDSA) to the list of known hosts.
root@192.168.8.18's password:
httpd.csr % .4MB/s :
[root@test ]#
192.168.8.18
CA 主机上配置
cd /etc/pki/CA/
[root@bogon CA]# (umask ;openssl genrsa -out private/cakey.pem ) (生成4096位私钥文件)
Generating RSA private key, bit long modulus
...........................++
......................................................................................................................................................................................................................................................................................++
e is (0x10001)
[root@bogon CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 (生成CA服务器自签证书, -days为证书有效期天数)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:DaWanQu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:DaWanQu
Email Address []: [root@bogon CA]# touch ./{serial,index.txt} (创建签署证书必需文件)
[root@bogon CA]# echo > serial (写入序列号01) [root@bogon CA]# openssl ca -in httpd.csr -out httpd.crt -days (签署httpd.csr 证书 ,输出为 httpd.crt)
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: (0x1)
Validity
Not Before: Feb :: GMT
Not After : Feb :: GMT
Subject:
countryName = CN
stateOrProvinceName = GD
organizationName = DaWanQu
organizationalUnitName = Ops
commonName = pma.vhosts.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
CA:A9::E2:::4C:::EE::D3::C1:B6:0B::::
X509v3 Authority Key Identifier:
keyid:E7::::::6E:5A::ED:6A:FF::D3:F4:::C5:B6:CE Certificate is to be certified until Feb :: GMT ( days)
Sign the certificate? [y/n]:yes out of certificate requests certified, commit? [y/n]yes
Write out database with new entries
Data Base Updated
67 [root@bogon CA]# scp httpd.crt root@192.168.8.16:/etc/pki/CA/ (将签署完成的证书文件拷贝到httpd服务器)
The authenticity of host '192.168.8.16 (192.168.8.16)' can't be established.
ECDSA key fingerprint is SHA256:I9f09gGvg6Zr5JFDYPLO5VKiAZ/Fzmy1F37f1SLgzkI.
ECDSA key fingerprint is MD5::::9f:f0:b0:9e::c0::ad::3f:be::.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.16' (ECDSA) to the list of known hosts.
root@192.168.8.16's password:
/etc/profile.d/vimrc.sh: line : autocmd: command not found
/etc/profile.d/vimrc.sh: line : syntax error near unexpected token `('
/etc/profile.d/vimrc.sh: line : `func SetTitle()'
httpd.crt % .9MB/s :
[root@bogon CA]#
192.168.8.16 httpd主机配置
yum install mod_ssl (安装ssl支持模块)
vim /etc/httpd/conf.d/ssl.conf
Listen https (默认监听443端口) #
DocumentRoot "/web/vhosts/www1" (SSL 连接URL映射路径)
ServerName "pma.vhosts.com" (服务域名) <Directory "web/vhosts/www1"> (授权URL映射路径允许访问)
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory> SSLCertificateFile /etc/pki/CA/httpd.crt (指定证书文件路径)
SSLCertificateKeyFile /etc/pki/CA/private/cakey.pem (指定私钥文件路径)
客户机配置
将ca服务器自签证书导入到浏览器受信根证书中
测试: https://pma.vhosts.com/pma/ (google浏览器测试不成功,火狐浏览器与IE测试成功)
lamp-module的更多相关文章
- LAMP 搭建练习
目录 LAMP 搭建 1:CentOS 7, lamp (module): http + php + phpMyAdmin + wordpress 192.168.1.7 配置虚拟主机 xcache ...
- LAMP的搭建与简易配置(apache,php已module方式结合)
测试所用环境:centos7.2 apache php 所在主机IP:9.110.187.120 mariadb 所在主机IP:9.110.187.121 第一部分:环境搭建 yum安装软件包 其中a ...
- LAMP.md
LAMP Linux+Apache+Mysql/MariaDB+Perl/PHP/Python一组常用来搭建动态网站或者服务器的开源软件,本身都是各自独立的程序,但是因为常被放在一起使用,拥有了越来越 ...
- CentOS6.3 编译安装LAMP(2):编译安装 Apache2.2.25
所需源码包: /usr/local/src/Apache-2.2.25/httpd-2.2.25.tar.gz 编译安装 Apache2.2.25 #切换到源码目录 cd /usr/local/src ...
- 再不写,我怕就再也不写了-LAMP基础
hi 经历了4天大餐的洗礼,整个人都思密达了...昨天的懒,是没有原因的懒,总之就是该提笔了亲 1.Ubuntu下的LAMP配置 -----Ubuntu基础知识----- ----管理员权限 出于安全 ...
- 年终福利,PHP7+Apache2.4+MySQL5.6 源码编译安装,环境配置,搭建你自己的LAMP环境
PHP7 都出来了,你还在玩PHP5吗? MySQL5.6 早都出来了,你还在玩MySql5.2吗? Apache2.4 早都出来了,你还在玩Apache2.2吗? 笔者不才,愿意亲自搭建环境,供搭建 ...
- 部署lamp服务器
系统:CentOS 6.5 64位 1.卸载旧版本软件 rpm -qa | grep mysql #查询是否已经安装MySQL,如有执行下面的操作将其全部删除 rpm -e mysql --nodep ...
- (原创)LAMP搭建之二:apache配置文件详解(中英文对照版)
LAMP搭建之二:apache配置文件详解(中英文对照版) # This is the main Apache server configuration file. It contains the # ...
- 在Debian下安装LAMP
准备工作: 1 sudo apt-get install build-essential 第一步:安装Apache 1 sudo apt-get install apache2 第二步:安装MySQL ...
- lamp环境centos6.4
http://www.centos.bz/2011/09/centos-compile-lamp-apache-mysql-php/comment-page-1/#comments 编译安装: 首先卸 ...
随机推荐
- Spark入门:第4节 Spark程序:1 - 9
五. Spark角色介绍 Spark是基于内存计算的大数据并行计算框架.因为其基于内存计算,比Hadoop中MapReduce计算框架具有更高的实时性,同时保证了高效容错性和可伸缩性.从2009年诞生 ...
- CSS - 滑动门技术
1. 概念: 1.1 为了使各种特殊形状的背景能够自适应元素中文本内容的多少,出现了CSS滑动门技术. 1.2 使各种特殊形状的背景能够自由拉伸滑动,以适应元素内部的文本内容,可用性更强. 1.3 最 ...
- 人物 - Larry Elison
甲骨文公司创始人 甲骨文公司首席執行官 狂人,偏执狂 曾说:"Winning is not enough. All others must lose" Only the paran ...
- mysql学习指令
mysql 用户管理和权限设置 参考文章:http://www.cnblogs.com/fslnet/p/3143344.html Mysql命令大全 参考文章: http://www.cnblogs ...
- C#二维数组的初始化和存取
static void Main(string[] args) { ,]; ; j < ; j++) { strings[j, ] = $"{j}.0"; strings[j ...
- 【剑指Offer面试编程题】题目1352:和为S的两个数字--九度OJ
题目描述: 输入一个递增排序的数组和一个数字S,在数组中查找两个数,是的他们的和正好是S,如果有多对数字的和等于S,输出两个数的乘积最小的. 输入: 每个测试案例包括两行: 第一行包含一个整数n和k, ...
- python基础面试题1
Python面试重点(基础篇) 注意:只有必答题部分计算分值,补充题不计算分值. 第一部分 必答题(每题2分) 简述列举了解的编程语言及语言间的区别? c语言是编译型语言,运行速度快,但翻译时间长py ...
- Android 获取当前日期距离过期时间的日期差值的完整方法直接使用
/*** * 获取当前日期距离过期时间的日期差值 * @param endTime * @return */public String dateDiff(String endTime) { Strin ...
- ROS学习笔记INF-重要操作列表
该笔记将重要操作的步骤进行列表,以便查询: 添加消息 在包中的msg文件夹中创建msg文件 确保package.xml中的如下代码段被启用: <build_depend>message_g ...
- springboot,dubbo,nacos,spring-cloud-alibaba的整合
最近,自去年阿里开源了dubbo2.7及一系列产品后,阿里也打造了融入spring-cloud 的生态体系,本人关注,今年阿里开源的的spring-cloud-alibaba基本孵化完成,笔者更是对这 ...