@H_301_0@ 安装环境:
| IP | 系统 | 安装软件 |
| 192.168.1.103 | CentOS 7 | httpd,PHP,wordpress,PHPMyAdmin |
| 192.168.1.104 | CentOS 7 | mariadb |
@H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@开始前下载阿里云的base源到本地。 @H_301_0@
@H_301_0@
@H_301_0@1、 192.168.1.104主机配置(数据库的创建 ,授权等) @H_301_0@
@H_301_0@
@H_301_0@[root@localhost yum.repos.d]# yum install mariadb mariadb-server -y @H_301_0@[root@localhost yum.repos.d]# systemctl start mariadb.service @H_301_0@[root@localhost ~]# MysqL_secure_installation //设置安全向导,root密码改为mageedu
@H_301_0@
@H_301_0@/usr/bin/MysqL_secure_installation: line 379: find_MysqL_client: command not found @H_301_0@
@H_301_0@NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB @H_301_0@ SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! @H_301_0@
@H_301_0@In order to log into MariaDB to secure it,we'll need the current @H_301_0@password for the root user. If you've just installed MariaDB,and @H_301_0@you haven't set the root password yet,the password will be blank, @H_301_0@so you should just press enter here. @H_301_0@
@H_301_0@Enter current password for root (enter for none): @H_301_0@OK,successfully used password,moving on... @H_301_0@
@H_301_0@Setting the root password ensures that nobody can log into the MariaDB @H_301_0@root user without the proper authorisation. @H_301_0@
@H_301_0@Set root password? [Y/n] y @H_301_0@New password: @H_301_0@Re-enter new password: @H_301_0@Password updated successfully! @H_301_0@Reloading privilege tables.. @H_301_0@... Success! @H_301_0@
@H_301_0@
@H_301_0@By default,a MariaDB installation has an anonymous user,allowing anyone @H_301_0@to log into MariaDB without having to have a user account created for @H_301_0@them. This is intended only for testing,and to make the installation @H_301_0@go a bit smoother. You should remove them before moving into a @H_301_0@production environment. @H_301_0@
@H_301_0@Remove anonymous users? [Y/n] y @H_301_0@... Success! @H_301_0@
@H_301_0@Normally,root should only be allowed to connect from 'localhost'. This @H_301_0@ensures that someone cannot guess at the root password from the network. @H_301_0@
@H_301_0@Disallow root login remotely? [Y/n] n @H_301_0@... skipping. @H_301_0@
@H_301_0@By default,MariaDB comes with a database named 'test' that anyone can @H_301_0@access. This is also intended only for testing,and should be removed @H_301_0@before moving into a production environment. @H_301_0@
@H_301_0@Remove test database and access to it? [Y/n] n @H_301_0@... skipping. @H_301_0@
@H_301_0@Reloading the privilege tables will ensure that all changes made so far @H_301_0@will take effect immediately. @H_301_0@
@H_301_0@Reload privilege tables now? [Y/n] y @H_301_0@... Success! @H_301_0@
@H_301_0@Cleaning up... @H_301_0@
@H_301_0@All done! If you've completed all of the above steps,your MariaDB @H_301_0@installation should now be secure. @H_301_0@
@H_301_0@Thanks for using MariaDB! @H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@[root@localhost ~]# MysqL -uroot -pmageedu //验证用户登陆 @H_301_0@MariaDB [(none)]> CREATE DATABASE wpdb; //创建wordpress数据库 @H_301_0@ MariaDB [(none)]> GRANT ALL ON wpdb.* TO wpuser@'192.168.%.%' IDENTIFIED BY 'wppass'; //授权wordpress用户 @H_301_0@MariaDB [(none)]> FLUSH PRIVILEGES; @H_301_0@MariaDB [(none)]> SHOW DATABASES; @H_301_0@+--------------------+ @H_301_0@| Database | @H_301_0@+--------------------+ @H_301_0@| information_schema | @H_301_0@| MysqL | @H_301_0@| performance_schema | @H_301_0@| test | @H_301_0@| wpdb | @H_301_0@+--------------------+ @H_301_0@5 rows in set (0.00 sec) @H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@MariaDB [(none)]> CREATE DATABASE pma; //创建PHPMyAdmin数据库 @H_301_0@Query OK,1 row affected (0.00 sec) @H_301_0@MariaDB [(none)]> GRANT ALL ON pma.* TO pma@'192.168.%.%' IDENTIFIED BY 'pmapass'; @H_301_0@Query OK,0 rows affected (0.00 sec) @H_301_0@MariaDB [(none)]> FLUSH PRIVILEGES; @H_301_0@Query OK,0 rows affected (0.00 sec) @H_301_0@
@H_301_0@
MariaDB [(none)]> GRANT ALL ON *.* TO testuser@'192.168.%.%' IDENTIFIED BY 'testpass';
Query OK,0 rows affected (0.00 sec) //授权一个测试用户
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK,0 rows affected (0.00 sec)
@H_301_0@@H_301_0@
@H_301_0@
@H_301_0@2、 192.168.1.103主机配置 (httpd,PHP)
@H_301_0@ [root@localhost ~]# yum install httpd PHP PHP-MysqL PHP-mbstring -y
@H_301_0@ [root@localhost ~]# systemctl start httpd.service @H_301_0@
@H_301_0@ 编写测试代码,验证PHP是否可以连接数据库
@H_301_0@
@H_301_0@[root@localhost ~]# cd /var/www/html @H_301_0@[root@localhost html]# vim index.PHP @H_301_0@
@H_301_0@
@H_301_0@[root@localhost html]# systemctl reload httpd.service @H_301_0@
@H_301_0@@H_346_404@xcache可以选择编译安装,但epel源中也有提供,这里用编译安装的方式。 @H_301_0@[root@localhost~]#yumgroupinstall"DevelopmentTools""ServerPlatformDevelopment"-y //安装开发包组 @H_301_0@[root@localhost ~]# yum install PHP-devel -y //安装xcache依赖PHP的包 @H_301_0@
@H_301_0@ 下载xcache压缩包
@H_301_0@[root@localhost ~]# ls @H_301_0@anaconda-ks.cfg xcache-3.2.0.tar.bz2 @H_301_0@[root@localhost ~]# tar xf xcache-3.2.0.tar.bz2 @H_301_0@[root@localhost ~]# ls @H_301_0@anaconda-ks.cfg xcache-3.2.0 xcache-3.2.0.tar.bz2 @H_301_0@[root@localhost ~]# cd xcache-3.2.0/ @H_301_0@[root@localhost xcache-3.2.0]# PHPize @H_301_0@[root@localhost xcache-3.2.0]# ./configure --enable-xcache --with-PHP-config=/usr/bin/PHP-config @H_301_0@[root@localhost xcache-3.2.0]# make && make install @H_301_0@
@H_301_0@ @H_301_0@[root@localhost xcache-3.2.0]# cp xcache.ini /etc/PHP.d/ @H_301_0@[root@localhost xcache-3.2.0]# systemctl restart httpd.service @H_301_0@
@H_301_0@
@H_301_0@ 浏览器访问,发现xcache已经安装完,对应版本为3.2.0
@H_301_0@
@H_301_0@
@H_301_0@4、安装配置wordpress,配置虚拟主机 @H_301_0@
@H_301_0@
@H_301_0@配置虚拟主机
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf //注释掉httpd默认访问路径
#DocumentRoot "/var/www/html"
[root@localhost ~]# mkdir /web/vhost/test1 -pv //创建虚拟主机的访问路径
[root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf //创建虚拟主机的配置文件
@H_301_0@ <Directory "/web/vhost/test1"> @H_301_0@ Options None @H_301_0@ AllowOverride None @H_301_0@ Require all granted @H_301_0@ </Directory> @H_301_0@</VirtualHost> @H_301_0@
@H_301_0@
@H_301_0@下载wordpress(下载地址:https://wordpress.org/download/) @H_301_0@[root@localhost ~]# cd /web/vhost/test1 @H_301_0@ [root@localhost test1]# unzip wordpress-4.3.1-zh_CN.zip @H_301_0@[root@localhost test1]# cd wordpress/ @H_301_0@[root@localhost wordpress]# cp wp-config-sample.PHP wp-config.php //复制示例的访问配置PHP文件,修改即可。 @H_301_0@[root@localhost wordpress]# vim wp-config.php @H_301_0@
@H_301_0@
@H_301_0@浏览器访问测试 @H_301_0@
@H_301_0@
@H_301_0@5、安装PHPMyAdmin @H_301_0@
配置虚拟主机
[root@localhost vhost]# vim /etc/httpd/conf/httpd.conf
[root@localhost ~]# mkdir /web/vhost/test2 -pv //创建虚拟主机的访问路径
[root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf //编辑wordpress虚拟主机的配置文件即可
@H_301_0@ <Directory "/web/vhost/test1"> @H_301_0@ Options None @H_301_0@ AllowOverride None @H_301_0@ Require all granted @H_301_0@ </Directory> @H_301_0@</VirtualHost> @H_301_0@
@H_301_0@<VirtualHost 192.168.1.103:8080> @H_301_0@ DocumentRoot "/web/vhost/test2" @H_301_0@
@H_301_0@ <Directory "/web/vhost/test2"> @H_301_0@Options FollowSymlinks @H_301_0@ AllowOverride None @H_301_0@ Require all granted @H_301_0@ </Directory> @H_301_0@</VirtualHost>
@H_301_0@
@H_301_0@下载方式:https://www.phpmyadmin.net/downloads/ @H_301_0@
@H_301_0@ [root@localhost ~]# cd /web/vhost/test2 @H_301_0@[root@localhost test2]# unzip PHPMyAdmin-4.4.14.1-all-languages.zip @H_301_0@[root@localhost test2]# ln -sv PHPMyAdmin-4.4.14.1-all-languages pma @H_301_0@‘pma’ -> ‘PHPMyAdmin-4.4.14.1-all-languages’ @H_301_0@[root@localhost test2]# cd pma @H_301_0@[root@localhost pma]# cp config.sample.inc.PHP config.inc.PHP @H_301_0@[root@localhost pma]# openssl rand -base64 15 //生成15个随机数 @H_301_0@fgqvst4l0yODkOhq4FXC @H_301_0@
@H_301_0@[root@localhost pma]# vim config.inc.PHP //把随机数添加到访问配置文件中 @H_301_0@
@H_301_0@
@H_301_0@用浏览器访问测试 192.168.1.103:8080/pma @H_301_0@用户为 : pma @H_301_0@密码为 : pmapass @H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@
@H_301_0@6、为PHPMyAdmin提供https虚拟主机 @H_301_0@
@H_301_0@ 把192.168.1.104做CA主机,192.168.1.103服务器进行测试
@H_301_0@ 1)
@H_301_0@ a) 192.168.1.104主机上,创建私有CA
@H_301_0@
@H_301_0@[root@localhost ~]# cd /etc/pki/CA @H_301_0@[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048) //生成一个私钥 @H_301_0@Generating RSA private key,2048 bit long modulus @H_301_0@.....................+++ @H_301_0@.............+++ @H_301_0@e is 65537 (0x10001) @H_301_0@[root@localhost CA]# ll private/ @H_301_0@total 4 @H_301_0@-rw------- 1 root root 1679 May 27 07:09 cakey.pem @H_301_0@[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem //生成自己的自签证书 @H_301_0@[root@localhost CA]# ll @H_301_0@total 4 @H_301_0@-rw-r--r-- 1 root root 1391 May 27 07:12 cacert.pem @H_301_0@drwxr-xr-x. 2 root root 6 Jun 29 2015 certs @H_301_0@drwxr-xr-x. 2 root root 6 Jun 29 2015 crl @H_301_0@drwxr-xr-x. 2 root root 6 Jun 29 2015 newcerts @H_301_0@drwx------. 2 root root 22 May 27 07:09 private @H_301_0@
@H_301_0@
@H_301_0@ b)192.168.1.103主机,创建证书签署请求
@H_301_0@
@H_301_0@[root@localhost ~]# cd /etc/httpd @H_301_0@[root@localhost httpd]# mkdir ssl @H_301_0@[root@localhost httpd]# cd ssl @H_301_0@[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 1024) @H_301_0@Generating RSA private key,1024 bit long modulus @H_301_0@..........++++++ @H_301_0@..................++++++ @H_301_0@e is 65537 (0x10001) @H_301_0@[root@localhost ssl]# openssl req -new -key httpd.key -out httpd.csr @H_301_0@
@H_301_0@ c) 192.168.1.104 签署证书
@H_301_0@
@H_301_0@[root@localhost CA]# openssl ca -in /tmp/httpd.csr -out certs/httpd.crt @H_301_0@
@H_301_0@[root@localhost CA]# scp certs/httpd.crt root@192.168.1.103:/etc/httpd/ssl/ @H_301_0@
@H_301_0@ 2)、 192.168.1.103主机,配置httpd支持使用ssl,及使用的证书
@H_301_0@
@H_301_0@[root@localhost ssl]# ls @H_301_0@httpd.crt httpd.csr httpd.key @H_301_0@
@H_301_0@[root@localhost ssl]# yum install mod_ssl -y @H_301_0@[root@localhost ssl]# cd /etc/httpd/conf.d @H_301_0@[root@localhost conf.d]# ls @H_301_0@autoindex.conf PHP.conf README ssl.conf userdir.conf vhost.conf welcome.conf @H_301_0@[root@localhost conf.d]# mv ssl.conf ssl.conf.backup @H_301_0@[root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf @H_301_0@
@H_301_0@
@H_301_0@此时因为浏览器没有导入CA证书,所以基于https的访问将无法进行,需要浏览器中导入CA证书文件(把虚拟主机中/etc/pki/CA/cacert.pem文件复制到物理主机上进行导入) @H_301_0@
