LAMP架构是一个提供web服务的整体架构,它的组件分别是Linux、Apache、Mysql(Mariadb)、PHP。本文介绍如何快速构建一个LAMP架构,并将PHP编译为apache的模块。之后并使用xcache加速引擎来加速php页面的处理速度。
一、配置前准备
- 两台CentOS 7主机。主机A地址为172.16.25.71,主机B为172.16.25.72
- 在两台主机配置好yum源。
- 下载两个web架构包phpMyAdmin-4.4.14.1-all-languages.zip和wordpress-4.4.1-zh_CN.zip
二、在主机A安装apache程序(httpd)并安装php程序。
1、安装httpd程序,并启动之;查看服务是否启动(查看80端口是否处于监听状态)
[[email protected] ~]# yum install httpd [[email protected] ~]# systemctl start httpd.service [[email protected] ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 127.0.0.1:6010 *:* LISTEN 0 128 :::80 :::*
2、安装php程序包,使用rpm包安装的php会自动成为httpd的模块
[[email protected] ~]# yum install php [[email protected] ~]# rpm -ql php /etc/httpd/conf.d/php.conf ------> 此处php成为httpd的一个子配置文件 /etc/httpd/conf.modules.d/10-php.conf /usr/lib64/httpd/modules/libphp5.so /usr/share/httpd/icons/php.gif /var/lib/php/session
3、在/var/www/html/下提供一个测试页面index.php如下
[[email protected] ~]# vim /var/www/html/index.php [[email protected] ~]# cat /var/www/html/index.php <h1> This is a Test Page </h1> <?php phpinfo(); ------> phpinfo() 是php的内置函数,我们可以使用这个来测试php页面 ?>
4、测试访问页面.
注意:此处如不可访问,请确保关闭防火墙;但是在生产环境中不建议这么做,而是应该自己定义iptables规则,此处仅为测试,一切简单起见
[[email protected] ~]# iptables -F
[[email protected] ~]# iptables -X
5、在主机A安装php-mysql待用
[[email protected] html]# yum install php-mysql
三、在主机B安装数据库服务器,并测试连接
1、安装mariadb-server并启动服务且查看端口(3306是mysql的默认端口)
[[email protected] ~]# yum install mariadb-server [[email protected] ~]# systemctl start mariadb.service [[email protected] ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 *:3306 *:*
2、运行mysql-secure-install脚本来给简单设置mariadb
[[email protected] ~]# mysql_secure_installation /usr/bin/mysql_secure_installation: line 379: find_mysql_client: command notfound NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we‘ll need the current password for the root user. If you‘vejust installed MariaDB, and you haven‘t set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have a root password set, so you can safely answer ‘n‘. Change the root password? [Y/n] Y ---->更改root用户密码 New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing,and to make the installation go a bit smoother. You should removethem before moving into a production environment. Remove anonymous users? [Y/n] Y ---->移除多余用户 ... Success! Normally, root should only be allowed to connect from ‘localhost‘. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ----->是否禁止root用户远程登录 ... Success! By default, MariaDB comes with a database named ‘test‘ that anyone can access. This is also intended only fortesting, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y --->移除数据库test - Dropping test database... ERROR 1HY000) at line 1: Can‘t drop database ‘test‘; database doesn‘texist ... Failed! Not critical, keep moving... - Removing privileges on testdatabase... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ---->刷新权限列表 ... Success! Cleaning up... All done! If you‘ve completed all of theabove steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
3、在主机B上登录mariadb来授权一个用户,使php可以访问数据库
[[email protected] ~]# mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commandsend with ; or \g. Your MariaDB connection id is 20 Server version: 5.5.41-MariaDB MariaDB Server Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others. Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement. MariaDB [(none)]> GRANT ALL ON *.* TO ‘root‘@172.16.25.71 IDENTIFIED BY‘123456‘; Query OK, 0 rows affected (0.00 sec)
4、测试连接mysql,编辑主机A的/var/www/html/index.php如下,并测试连接
[[email protected] ~]# vim /var/www/html/index.php [[email protected] ~]# cat /var/www/html/index.php <h1> This is a Test Page </h1> <?php $conn =mysql_connect(‘172.16.25.72‘,‘root‘,‘123456‘); ---> 此处指明mysql服务器ip,和mysql用户名以及密码 if($conn) echo "The phpconnect to mysql-sever successfully."; else echo "The phpconnect to mysql-server failing."; ?>
注:此处的mysql如果连接不上,原因也是防火墙,可以使用如上方式关闭防火墙;
至此,LAMP架构成功完成,下面我们提供两个现成的web架构;
四、配置http两个虚拟主机为两个web架构提供服务;
(1)配置httpd
1、在/etc/httpd/conf.d/目录下新建两个配置文件,写入如下内容
[[email protected] ~]# vim /etc/httpd/conf.d/phpAdmin.conf [[email protected] ~]# cat /etc/httpd/conf.d/phpAdmin.conf DirectoryIndex index.php <VirtualHost *:80> Servername www.pma.net DocumentRoot /var/www/pma <Directory "/var/www/pma"> Options None AllowOverride None Require all granted </Directory> </VirtualHost> [[email protected] ~]# vim /etc/httpd/conf.d/wordpress.conf [[email protected] ~]# cat/etc/httpd/conf.d/wordpress.conf DirectoryIndex index.php <VirtualHost *:80> Servername www.wordpress.net DocumentRoot /var/www/wordpress <Directory"/var/www/wordpress"> Options None AllowOverride None Require all granted </Directory> </VirtualHost>
2、更改主机A的apache主配置文件如下
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf #DocumentRoot "/var/www/html" ----> 找到此行并注释掉
(2)配置phpMyAdmin
1、解压phpMyAdmin-4.4.14.1-all-languages.zip/var/www目录下并重命名解压后的phpadmin文件为pma
[[email protected] ~]# unzip /var/www/phpMyAdmin-4.4.14.1-all-languages.zip -d /var/www/ [[email protected] ~]# mv /var/www/phpMyAdmin-4.4.14.1-all-languages /var/www/pma
2、修改/var/www/pma/目录下的配置文件config.inc.php并安装php-mbstring包
[[email protected] ~]# mv /var/www/pma/config.sample.inc.php /var/www/pma/config.inc.php [[email protected] ~]# openssl rand -base64 20 ----> 生成一段随机数加入下面的配置文件对应位置 86yJwGtVrrd2xX2CrQSfGcvG/gk= [[email protected] ~]# vim /var/www/pma/config.inc.php 更改如下两行 $cfg[‘blowfish_secret‘] = ‘86yJwGtVrrd2xX2CrQSfGcvG/gk‘; /* YOU MUST FILL INTHIS FOR COOKIE AUTH! */ $cfg[‘Servers‘][$i][‘host‘] = ‘172.16.25.72‘; -----> 更改为mysql服务器地址 [[email protected] ~]# yum install php-mbstring
3、更改测试主机的hosts文件,本次测试是windows主机,故在C:\Windows\System32\drivers
\etc\hosts文件添加如下内容
172.16.25.71 www.pma.net 172.16.25.71 www.wordpress.net
4、重载httpd服务
[[email protected] ~]# systemctlreload httpd.service
5、并测试phpAdmin,输入www.pma.net,并键入刚刚授权的数据库用户名和密码
6、登录进入即可管理数据库
(3)配置wordpress
1、解压wordpress-4.3.1-zh_CN.zip至/var/www目录下
[[email protected] ~]# unzip /var/www/wordpress-4.3.1-zh_CN.zip -d /var/www/
2、进入/var/www/wordpress/目录下,对wordpress的配置文件做出如下更改;
[[email protected] ~]# cd /var/www/wordpress/ [[email protected] wordpress]# cp wp-config-sample.php wp-config.php [[email protected] www]# vim wp-config.php ----> 主要更改如下四项 // ** MySQL 设置 - 具体信息来自您正在使用的主机 ** // /** WordPress数据库的名称 */ define(‘DB_NAME‘, ‘wordpress‘); /** MySQL数据库用户名 */ define(‘DB_USER‘, ‘root‘); /** MySQL数据库密码 */ define(‘DB_PASSWORD‘, ‘123456‘); /** MySQL主机 */ define(‘DB_HOST‘, ‘172.16.25.72‘);
3、因为wordpress不能自己建立数据库,所以我们在主机B mysql服务器给它手动创建wordpress数据库
[[email protected] ~]# mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 43 Server version: 5.5.41-MariaDB MariaDB Server Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others. Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement. MariaDB [(none)]> CREATE DATABASE wordpress; Query OK, 1 row affected (0.00 sec)
4、测试访问,在浏览器键入www.wordpress.net,可看到如下效果
5、简单填写之后,便可以使用这个很强大的个人信息发布平台。
五、为php提供加速引擎Xcache并设置phpMyAdmin站点为https协议访问
1、在主机A下载php-xcache包
[[email protected] ~]# yum install php-xcache
2、向CA发送证书签署请求,并保存签署过的证书至本地主机A/etc/httpd/ssl目录如下
[[email protected] ~]# mkdir /etc/httpd/ssl [[email protected] ssl]# (umask 077;openssl genrsa -out httpd.key 2048) Generating RSA private key, 2048 bit long modulus ..........................+++ .............+++ e is 65537 (0x10001) #生成证书请求 [[email protected] ssl]# openssl req -new -key httpd.key -out httpd.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BeiJing Locality Name (eg, city) [Default City]:BeiJing Organization Name (eg, company) [Default Company Ltd]:Univser fly Organizational Unit Name (eg, section) []:ops Common Name (eg, your name or your server‘s hostname) []:www.pma.net Email Address []:[email protected] Please enter the following ‘extra‘ attributes to be sent with your certificate request A challenge password []: An optional company name []: [[email protected] ssl]# ls httpd.crt httpd.csr httpd.key ----> httpd.crt即为签署过的证书
注:关于此部分,如果仅为测试或学习所用可以私建一个CA;相关方法可参考我的另一篇博客加密解密技术介绍和OpenSSL介绍
3、下载mod_ssl模块,并编辑ssl模块的配置文件ssl.conf
[[email protected] ssl]# yum install mod_ssl ---> 会变为httpd的一个模块 [[email protected] ~]# vim /etc/httpd/conf.d/ssl.conf --->更改如下四行内容如下 DocumentRoot "/var/www/pma" ServerName www.pma.net:443 SSLCertificateFile /etc/httpd/ssl/httpd.crt SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
4、此时让原有对phpAdmin的虚拟主机配置文件失效。
[[email protected] ~]# mv /etc/httpd/conf.d/phpAdmin.conf{,.bak}
# 因为监听了新的端口,所以重启服务
[[email protected] ~]# systemctl restart httpd.service
5、测试,此处若为私建的CA,则需要在浏览器中导入CA服务器的证书。
注:此篇博文所做测试都是在CentOS 7上完成;
时间: 2024-10-10 09:58:46