基于CentOS7實現LAMP（上）

基于CentOS7實現LAMP（上）

 

情景模式：

（1）php以模塊方式運行

 提供兩個虛擬主機；

                                     web1: phpMyAdmin, 同時提供ssl；

                                     web2: wordpress;

                                    

限于篇幅，本文的php采用模塊方式運行于httpd中，在下一篇博文：基于CentOS7實現LAMP（下），我會再介紹php以fpm方式，即fastCGI方式運行的實現，敬請期待。

為便于理解，文中##處均是我的注解

 

##首先安裝基礎軟件工具包                  

[root@localhost yum.repos.d]# yum groupinstall  "Development Tools" -y

 

##然后安裝httpd服務

[root@localhost yum.repos.d]# yum install httpd -y

 

##安裝mariadb

[root@localhost yum.repos.d]# yum install -y mariadb-server mariadb-devel mairadb

 

##安裝php，以httpd模塊方式

[root@localhost yum.repos.d]# yum install -y php php-devel php-mysql

yum install php php-devel php-mysql

 

##修改httpd.conf文件，配置兩個虛擬主機站點

#vim /etc/httpd/conf/httpd.conf

 

         ServerName web.test.net:80

         ##DocumentRoot "/var/www/html"

 

#cd /etc/httpd/conf.modules.d

#vim 00-mpm.conf

         LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

 

 

##添加對php網頁的支持    

#cd /etc/httpd/conf.d

#[root@web conf.d]# vim php.conf

       

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

 

DirectoryIndex index.php

 

<Directory "/www/web1">

  options none

  allowoverride none

  require all granted

</Directory>

 

<Directory "/www/web2">

  options none

  allowoverride none

  require all granted

</Directory>

 

 

[root@web conf.d]# vim vhosts.conf

<VirtualHost *:80>

  ServerName web1.test.net

  DocumentRoot /www/web1/

</VirtualHost>

 

<VirtualHost *:80>

  ServerName web2.test.net

  DocumentRoot /www/web2/

</VirtualHost>

 

##啟動httpd

[root@web conf]# httpd -t

Syntax OK

[root@web conf]#

[root@web conf]# systemctl start httpd.service

 

[root@web conf]# ss -ntlp | grep httpd

LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=9

2530,fd=4),("httpd",pid=92529,fd=4),("httpd",pid=92528,fd=4),("httpd",pid=92527,fd=4),("httpd",pid=92

526,fd=4),("httpd",pid=92524,fd=4))

[root@web conf]#

 

 

##實驗環境為避免影響，關閉本機的selinux及防火墻服務

[root@web /]# getenforce

Enforcing

[root@web /]# setenforce 0

[root@web /]#

[root@web /]# systemctl stop firewalld.service

 

[root@web /]# systemctl disable firewalld.service

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[root@web /]#

[root@web /]# vim /etc/selinux/config

SELINUX=disabled

##檢查網頁正常否

 

##安裝phpMyAdmin

[root@web setup]# tar xzvf phpMyAdmin-4.4.15.7-all-languages.tar.gz -C /www/web1/

[root@web web1]# mv phpMyAdmin-4.4.15.7-all-languages pma

[root@web pma]# cp config.sample.inc.php config.inc.php

[root@web pma]# vim config.inc.php

 

[root@web pma]# vim /etc/httpd/conf/httpd.conf

<Directory "/www/web1/pma">

  options none

  allowoverride none

  require all granted

</Directory>

 

[root@web pma]# systemctl reload httpd.service

 

 

[root@web modules]# systemctl start mariadb

 

##修改mysql的root密碼為'redhat'

[root@web modules]# mysql

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 5.5.50-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

 

Database changed

MariaDB [mysql]> update user set password=password('redhat');

Query OK, 6 rows affected (0.01 sec)

Rows matched: 6  Changed: 6  Warnings: 0

 

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.01 sec)

 

MariaDB [mysql]> bye

    -> quit

    -> quit

    -> ;

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'bye

quit

quit' at line 1

MariaDB [mysql]> quit

Bye

[root@web modules]#

 

##安裝wordpress

[root@web LAMP]# unzip wordpress-4.5.3-zh_CN.zip

[root@web LAMP]# cd wordpress/

[root@web wordpress]#

[root@web LAMP]# mv wordpress /www/web2/

[root@web LAMP]# cd /www/web2/wordpress

[root@web wordpress]# cp wp-config-sample.php wp-config.php

[root@web wordpress]# vim wp-config.php

 

##在mysql創建wordpress的連接帳號

[root@web wordpress]# mysql -p

Enter password:

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 6

Server version: 5.5.50-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> use mysql

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

 

Database changed

MariaDB [mysql]> create database wpdb;

Query OK, 1 row affected (0.01 sec)

MariaDB [mysql]> grant all on wpdb.* to 'wpuser'@'localhost' identified by 'redhat';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.01 sec)

 

MariaDB [mysql]> quit

Bye

 

##按上述創建的帳號信息，修改wordpress的config文件

[root@web wordpress]# vim wp-config.php

// ** MySQL 設置 – 具體信息來自您正在使用的主機 ** //

/** WordPress數據庫的名稱 */

define('DB_NAME', 'wpdb');

 

/** MySQL數據庫用戶名 */

define('DB_USER', 'wpuser');

 

/** MySQL數據庫密碼 */

define('DB_PASSWORD', 'redhat');

 

/** MySQL主機 */

define('DB_HOST', 'localhost');

 

/** 創建數據表時默認的文字編碼 */

define('DB_CHARSET', 'utf8');

 

 

##測試

http://web2.test.net/wordpress/wp-admin/install.php

 

 

 

##以下為為web1.test.net站點提供ssl功能，簡單起建，將自建的證書服務器都放在本臺機器上了。

因為搭建自建證書及https站點不是本文重點，所以只是簡單show一下操作步驟，有興趣了解詳細內容的同學，請移步到我的另一篇博文：自建CA搭建SSL加密網站

 

##自建證書

[root@web wordpress]# cd /etc/pki/CA

You have new mail in /var/spool/mail/root

[root@web CA]# ls

certs  crl  newcerts  private

[root@web CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)

Generating RSA private key, 2048 bit long modulus

………………………………………………………………………………………………………+++

………………..+++

e is 65537 (0x10001)

[root@web CA]# touch index.txt

[root@web CA]# echo 01 > serial

[root@web CA]#

[root@web CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 7300

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:NanHai  

Locality Name (eg, city) [Default City]:NanHai

Organization Name (eg, company) [Default Company Ltd]:MageEdu Ltd

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:ca.test.net

Email Address []:caadmin@test.net

[root@web CA]#

 

 

[root@web CA]# cd /etc/httpd

[root@web httpd]# ls

conf  conf.d  conf.modules.d  logs  modules  run

[root@web httpd]# mkdir ssl

[root@web httpd]# cd ssl

[root@web ssl]# (umask 077; openssl genrsa -out httpd.key 1024)

Generating RSA private key, 1024 bit long modulus

……++++++

………………..++++++

e is 65537 (0x10001)

[root@web ssl]# openssl req -new -key httpd.key -out httpd.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:NanHai

Locality Name (eg, city) [Default City]:NanHai

Organization Name (eg, company) [Default Company Ltd]:MageEdu Ltd

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:web1.test.net

Email Address []:webadmin@test.net

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@web ssl]#

[root@web ssl]# cd /etc/pki/CA/

[root@web CA]# openssl ca -in /etc/httpd/ssl/httpd.csr -out certs/web1.test.net.crt -days 365

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 1 (0x1)

        Validity

            Not Before: Aug 15 17:04:05 2016 GMT

            Not After : Aug 15 17:04:05 2017 GMT

        Subject:

            countryName               = CN

            stateOrProvinceName       = NanHai

            organizationName          = MageEdu Ltd

            organizationalUnitName    = IT

            commonName                = web1.test.net

            emailAddress              = webadmin@test.net

        X509v3 extensions:

            X509v3 Basic Constraints:

                CA:FALSE

            Netscape Comment:

                OpenSSL Generated Certificate

            X509v3 Subject Key Identifier:

                A7:03:2F:F2:3D:9A:10:9D:4E:00:D7:01:F9:36:83:77:CA:77:04:BA

            X509v3 Authority Key Identifier:

                keyid:02:80:D4:1C:8D:69:7D:2B:1B:71:44:63:8B:51:DC:EE:2D:71:54:3E

 

Certificate is to be certified until Aug 15 17:04:05 2017 GMT (365 days)

Sign the certificate? [y/n]:y

 

 

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

[root@web CA]#

[root@web CA]# cd certs/

[root@web certs]# ls

web1.test.net.crt

[root@web certs]# pwd

/etc/pki/CA/certs

[root@web certs]# cp web1.test.net.crt  /etc/httpd/ssl/

[root@web certs]#

 

##為站點添加mod_ssl模塊，以便支持ssl訪問

[root@web certs]# httpd -M | grep ssl

[root@web certs]# yum install mod_ssl

[root@web certs]# httpd -M | grep ssl

 ssl_module (shared)

[root@web certs]#

 

 

[root@web certs]# cd /etc/httpd/conf.d/

[root@web conf.d]# ls

autoindex.conf  php.conf  README  ssl.conf  userdir.conf  vhosts.conf  welcome.conf

[root@web conf.d]# cp ssl.conf{,.bak}

[root@web conf.d]# vim ssl.conf

 

##添加ssl站點設置

<VirtualHost 172.16.10.1:443>

SSLEngine on

##SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateFile /etc/httpd/ssl/web1.test.net.crt

 

##SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

 

DocumentRoot "/www/web1"

ServerName web1.test.net

 

 

<Directory "/www/web1/">

   require all granted

</Directory>

 

<Directory "/www/web1/pma/">

    require all granted

</Directory>

 

 

##重啟服務

[root@web conf.d]# httpd -t

Syntax OK

[root@web conf.d]# systemctl restart httpd.service

[root@web conf.d]#

 

[root@web conf.d]# ss -ntlp  | grep 443

LISTEN     0      128         :::443                     :::*                   users:(("httpd",pid=7621,fd=6),("httpd",pid=7620,fd=6),("httpd",pid=7619,fd=6),("httpd",pid=7618,fd=6),("httpd",pid=7617,fd=6),("httpd",pid=7615,fd=6))

[root@web conf.d]#

 

 

##檢查網站

##證書并未在客戶端導入，所以會有出錯的警示信息，請忽略，呵呵。重點是已經能夠以https訪問站點了。。。

##至此，網站創建完畢，測試使用正常。