基於模塊類型php部署LAMP
前言:php
L:Linuxhtml
A:Apachemysql
M:MariaDB sql
P:PHP數據庫
當咱們要基於模塊PHP去部署LAMP時,須要在兩臺主機上進行操做,一臺主機提供http以及php,另外一臺主機提供MariDB。
vim
本博客就基於模塊類型的PHP部署兩臺服務器的LAMP:windows
如圖所示:咱們要基於此種模型進行部署:centos
第一部分:瀏覽器
首先咱們要準備兩臺Linux(CentOS7)主機;一臺主機做爲HTTP/PHP主機;bash
第一步:(部署httpd/php)
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.16.249.130 netmask 255.255.0.0 broadcast 172.16.255.255 #httpd服務器的ip地址
[root@HTTP ~]# yum install -y httpd #在http主機上安裝httpd
[root@HTTP ~]# rpm -q httpd
httpd-2.4.6-40.el7.centos.x86_64 #CentOS 7 版本爲httpd-2.4
[root@HTTP ~]# yum install -y php #安裝php 此種方法直接裝爲基於httpd模塊化的php
[root@httpd ~]# rpm -q php
php-5.4.16-36.el7_1.x86_64
[root@HTTP httpd]# httpd -M | grep php #肯定httpd已經加載php模塊;
php5_module (shared)
[root@HTTP ~]# yum install -y php-mysql #安裝鏈接數據庫的驅動
[root@HTTP ~]# rpm -q php-mysql
php-mysql-5.4.16-36.el7_1.x86_64
[root@HTTP ~]# vim /etc/httpd/conf.d/www.conf
<VirtualHost *:80> #建立虛擬主機
ServerName www.a.com
DocumentRoot "/www/
ErrorLog "/www/logs/a.error.log"
CustomLog "/www/logs/a.access.log" combined
<Directory "/www/www.a.com">
Options FollowSymLinks
Require all granted
AllowOverride None
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.b.com
DocumentRoot "/www/www.b.com"
ErrorLog "/www/logs/b.error.log"
CustomLog "/www/logs/b.access.log" combined
<Directory "/www/www.b.com">
Options FollowSymLinks
Require all granted
AllowOverride None
</Directory>
</VirtualHost>
[root@HTTP ~]# mkdir - pv /www/{logs, #爲虛擬主機建立主頁文檔目錄以及日誌目錄;
[root@HTTP ~]# touch /www/logs/{a.error.log,a.access.log,b.error.log,b.access.log} #爲兩個虛擬主機提供日誌文件;
[root@HTTP httpd]# vim conf/httpd.conf
.....
#DocumentRoot "/var/www/html" #主配置文件中註釋掉中心主機的主文檔目錄;
.....
第二步:(部署MariaDB服務器)
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.16.61.100 netmask 255.255.0.0 broadcast 172.16.255.255 #MariaDB服務器的地址;
[root@MariaDB ~]# yum install -y mariadb #安裝MariaDB [root@MariaDB ~]# systemctl start mariadb #啓動數據庫 [root@MariaDB ~]# ss -tanl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 *:3306 *:* #肯定3306端口處於監聽狀態 LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* [root@MariaDB ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 194 Server version: 5.5.46-MariaDB-log MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> GRANT ALL ON *.* TO 'root'@'172.16.%.%' IDENTIFIED BY 'tianzhuang'; #受權遠程鏈接的賬號;
第三步(測試http服務器可否鏈接數據庫)
[root@HTTP httpd]# vim /www/www.a.com/index.php #在虛擬主機中建立測試頁面
<?php
$conn = mysql_connect('172.16.61.100','root','tianzhuang'); #遠程鏈接數據庫的ip地址以及已經受權的賬號和密碼
if ($conn)
echo "ok";
else
echo "failed";
?>
[root@HTTP httpd]# systemctl start httpd #啓動httpd
[root@HTTP httpd]# systemctl start php-mysql #啓動數據庫驅動
[root@HTTP httpd]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:* #肯定3306端口處於監聽狀態
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::* #肯定80端口處於監聽狀態
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
在瀏覽器中測試是否能鏈接數據庫,在windows上測試須要將windows hosts文件中增長虛擬主機的FQDN解析;
測試結果:
顯示ok表示測試代碼生效,可以遠程鏈接到數據庫服務器中。
第二部分:
分別爲兩臺虛擬主機裝入phpMyAdmin以及wordpress程序;
[root@HTTP www.a.com]# ls index.php phpMyAdmin-4.4.14.1-all-languages.zip #下載phpMyAdmin安裝包 [root@HTTP www.a.com]# unzip phpMyAdmin-4.4.14.1-all-languages.zip #解壓縮 [root@HTTP www.a.com]# ln -sv phpMyAdmin-4.4.14.1-all-languages phpadmin #爲了方便使用建立符號連接 ‘phpadmin’ -> ‘phpMyAdmin-4.4.14.1-all-languages’ [root@HTTP www.a.com]# ll total 9836 -rw-r--r-- 1 root root 132 Jan 19 11:23 index.php lrwxrwxrwx 1 root root 33 Jan 19 11:53 phpadmin -> phpMyAdmin-4.4.14.1-all-languages drwxr-xr-x 10 root root 4096 Sep 8 12:07 phpMyAdmin-4.4.14.1-all-languages -rw-r--r-- 1 root root 10057503 Sep 18 11:38 phpMyAdmin-4.4.14.1-all-languages.zip
使用瀏覽器登陸:
輸入遠程鏈接的帳戶和密碼以後登陸到phpMyAdmin
[root@HTTP www.b.com]# ls wordpress wordpress-4.3.1-zh_CN.zip #下載wordpress安裝包並解壓縮 [root@HTTP www.b.com]# unzip wordpress-4.3.1-zh_CN.zip [root@HTTP www.b.com]# ls wordpress wordpress-4.3.1-zh_CN.zip [root@HTTP wordpress]# cp wp-config-sample.php wp-config.php #複製示例爲配置文件
MariaDB [(none)]> create database wp; #在數據庫主機中爲wordpress建立數據庫wp
[root@HTTP wordpress]# vim wp-config.php
/** WordPress數據庫的名稱 */
define('DB_NAME','wp');
/** MySQL數據庫用戶名 */
define('DB_USER', 'root');wp
/** MySQL數據庫密碼 */
define('DB_PASSWORD', 'tianzhuang');
/** MySQL主機 */
define('DB_HOST', '172.16.61.100');
/** 建立數據表時默認的文字編碼 */
define('DB_CHARSET', 'utf8');
/** 數據庫整理類型。如不肯定請勿更改 */
define('DB_COLLATE', '');
按照提示進行安裝便可!
===========================================================================================
第三部分:爲phpMyadmin提供https虛擬主機:
第一步:爲虛擬主機申請數字證書:
[root@CA ~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) #生成CA的私鑰
Generating RSA private key, 2048 bit long modulus
..........................................................................+++
...............................................+++
e is 65537 (0x10001)
[root@CA ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem #生成CA的自簽證書
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:mageedu
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:ca.mageedu.com
Email Address []:ca@admin.com
[root@CA ~]# ls /etc/pki/CA
cacert.pem certs crl newcerts private
[root@CA ~]# touch /etc/pki/CA/{serial,index.txt} #建立CA須要的文件
[root@CA ~]# echo 01 > /etc/pki/CA/serial
[root@HTTP httpd]# mkdir ssl #在服務器端建立ssl目錄
[root@HTTP httpd]# cd ssl
[root@HTTP ssl]# (umask 077;openssl genrsa -out httpd.key 1024) #生成服務器的私鑰
Generating RSA private key, 1024 bit long modulus
.............................++++++
............................++++++
e is 65537 (0x10001)
[root@HTTP ssl]# openssl req -new -key httpd.key -out httpd.csr #生成證書請求
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:mageedu
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:a@admin.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@HTTP ssl]# scp httpd.csr root@172.16.61.100:/tmp #遠程複製到ca主機上
The authenticity of host '172.16.61.100 (172.16.61.100)' can't be established.
ECDSA key fingerprint is 61:77:91:fd:34:1b:0d:2e:f8:ff:cf:f9:f6:7c:2d:09.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.61.100' (ECDSA) to the list of known hosts.
root@172.16.61.100's password:
Permission denied, please try again.
root@172.16.61.100's password:
httpd.csr 100% 688 0.7KB/s 00:00
[root@HTTP ~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt #在CA主機上籤署httpd的證書請求
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jan 19 15:52:08 2016 GMT
Not After : Jan 18 15:52:08 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = beijing
organizationName = mageedu
organizationalUnitName = ops
commonName = www.a.com
emailAddress = a@admin.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
0D:48:41:4D:E4:8A:C2:8F:89:B4:2A:CE:B5:D6:61:B4:94:0D:D3:B4
X509v3 Authority Key Identifier:
keyid:94:DF:49:28:82:9E:57:B0:A6:C8:8D:5F:D9:63:2C:8F:F3:7B:46:F3
Certificate is to be certified until Jan 18 15:52:08 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@HTTP ~]# scp /etc/pki/CA/certs/httpd.crt root@172.16.249.130:/etc/httpd/ssl #將簽署過的證書遠程複製給服務器
The authenticity of host '172.16.249.130 (172.16.249.130)' can't be established.
ECDSA key fingerprint is 88:93:ff:8b:6e:ac:a0:c1:10:1f:4b:7d:ac:44:85:f0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.249.130' (ECDSA) to the list of known hosts.
root@172.16.249.130's password:
httpd.crt 100% 3833 3.7KB/s 00:00
第二步:配置httpd支持使用ssl,及使用的證書;
[root@HTTP ~]# yum install -y mod_ssl [root@HTTP ~]# vim /etc/httpd/conf.d/ssl.conf #編輯ssl的配置文件 ..... DocumentRoot "/www/ #主文檔目錄 ServerName #httpds的FQDN ..... # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. SSLCertificateFile /etc/httpd/ssl/httpd.crt #證書位置 # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile /etc/httpd/ssl/httpd.key #私鑰位置 [root@HTTP ~]# systemctl reload httpd #重載服務 [root@HTTP ~]# ss -tan State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 *:3306 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* ESTAB 0 52 172.16.249.130:22 172.16.61.1:49912 LISTEN 0 128 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 128 :::443 :::* #443端口已經監聽
第三步:測試
[root@localhost ~]# openssl s_client -connect 172.16.249.130:443
CONNECTED(00000003)
depth=0 C = CN, ST = beijing, O = mageedu, OU = ops, CN = www.a.com, emailAddress = a@admin.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = CN, ST = beijing, O = mageedu, OU = ops, CN = www.a.com, emailAddress = a@admin.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = CN, ST = beijing, O = mageedu, OU = ops, CN = www.a.com, emailAddress = a@admin.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=CN/ST=beijing/O=mageedu/OU=ops/CN=www.a.com/emailAddress=a@admin.com
i:/C=CN/ST=beijing/L=beijing/O=mageedu/OU=ops/CN=ca.mageedu.com/emailAddress=ca@admin.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDaTCCAlGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCQ04x
EDAOBgNVBAgMB2JlaWppbmcxEDAOBgNVBAcMB2JlaWppbmcxEDAOBgNVBAoMB21h
Z2VlZHUxDDAKBgNVBAsMA29wczEXMBUGA1UEAwwOY2EubWFnZWVkdS5jb20xGzAZ
BgkqhkiG9w0BCQEWDGNhQGFkbWluLmNvbTAeFw0xNjAxMTkxNTUyMDhaFw0xNzAx
MTgxNTUyMDhaMG8xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdiZWlqaW5nMRAwDgYD
VQQKDAdtYWdlZWR1MQwwCgYDVQQLDANvcHMxEjAQBgNVBAMMCXd3dy5hLmNvbTEa
MBgGCSqGSIb3DQEJARYLYUBhZG1pbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAOBkKXz/lJOZNH5sC+VOqDed357ic4TsceerrJuw3SHn7wKeGI0cBL1+
e+XhCCcU6t4abv8sZqpMQR/pAfUoouF73Vp1MCu1W/MQhKl/RUixudsYMkiNB5aQ
E97egkVOTrcvcTcB10BiPyvuOi2lsZ8nQ86tiGgawPEUVyv35VXJAgMBAAGjezB5
MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
cnRpZmljYXRlMB0GA1UdDgQWBBQNSEFN5IrCj4m0Ks611mG0lA3TtDAfBgNVHSME
GDAWgBSU30kogp5XsKbIjV/ZYyyP83tG8zANBgkqhkiG9w0BAQsFAAOCAQEAVqOH
LKhD4MKgx8E+8Lwe268BNbGOhc5z0q0pq1imjrJ0Y/QAqgni3PBn/2AGwqGZISbj
KBRZxcMHJdDuVRDHWsgWeeo8+ui7KVaNiAOE77pyYSK4HNdq9DZwwgk607a9GLvu
fTq8umBP2mZAKHWkZkBcnpP1vFDgrE/s5XsLGBXmfjd4UnPehFpSqpsVcSWr8+nz
NRUVxmBpSE7Os4GtpHRmGmJSXlRCOtnppWOpFjmgTEX8BBogfi02zJ9PncJV3LO9
8v93iwI56LBHhx97U7afFPSNlgjfL5HbFFVqF0nHkQuqtjgJ/FSvmCq2Ei7FkPQz
zT0pFBM8N3+Ktj5OQw==
-----END CERTIFICATE-----
subject=/C=CN/ST=beijing/O=mageedu/OU=ops/CN=www.a.com/emailAddress=a@admin.com
issuer=/C=CN/ST=beijing/L=beijing/O=mageedu/OU=ops/CN=ca.mageedu.com/emailAddress=ca@admin.com
---
No client certificate CA names sent
Server Temp Key: ECDH, secp521r1, 521 bits
---
SSL handshake has read 1508 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 46EAFD7AA09035829482E579C92EA5F502D46B9809E909C7359B3F770BFA7052
Session-ID-ctx:
Master-Key: 63EAD37CEFF0CDF4D3F60D3B964AB551562A2BDB32EC3620B2AB0B62D82D455ED27A4653CFB1A8CE9483B09541DC3DFB
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - f8 cb 27 97 83 d1 6b d4-ee ca 50 0e d1 ac 8a 55 ..'...k...P....U
0010 - 32 71 98 37 6a 4d 16 34-68 69 44 30 57 34 03 6d 2q.7jM.4hiD0W4.m
0020 - 0f 85 a9 57 d6 08 5b d2-05 63 a5 09 71 5c 2b f0 ...W..[..c..q\+.
0030 - 16 60 0a 7d 66 1c fe 9b-7b 5d 16 98 14 44 c9 c2 .`.}f...{]...D..
0040 - 02 da 0b b2 b3 06 44 c9-28 43 45 4b 72 5c ad 8c ......D.(CEKr\..
0050 - fd 39 1f 71 bd 60 d7 16-95 70 28 ad 92 7b aa 40 .9.q.`...p(..{.@
0060 - db 0f b9 f6 87 03 6c 3c-41 21 b8 bc 25 39 b1 63 ......l<A!..%9.c
0070 - 64 a2 91 e1 0d c5 86 9f-f9 58 ce ba 83 c7 dc 0a d........X......
0080 - 20 78 d3 da c6 28 04 fd-91 6c a9 cf a2 96 28 59 x...(...l....(Y
0090 - dd 6e 3f a2 88 da 4e bb-8f 00 96 c4 2f f1 cb c0 .n?...N...../...
00a0 - fd ae 4b 0d 71 ab a3 a3-67 d9 3c 19 68 e7 3a df ..K.q...g.<.h.:.
00b0 - 35 2a bd 9e e6 18 30 6d-01 28 00 a2 a9 4c 2e cf 5*....0m.(...L..
Start Time: 1453219861
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
相關文章
- 1. CentOS7部署LAMP+xcache (php-fpm模式)
- 2. Docker 之 基於LAMP容器部署WordPress
- 3. 基於LAMP和XAMPP部署MantisBT
- 4. 基於C++的PyTorch模型部署
- 5. Linux網絡服務-LAMP之Php基於Apache的模塊實現
- 6. CentOS7.2 安裝部署 LAMP(Linux+Apache+Mysql+Php)
- 7. 部署LAMP架構之PHP安裝
- 8. Ubuntu16.04 部署LAMP
- 9. lamp+wordpress部署
- 10. LAMP的部署
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • Lua 模塊與包 - Lua 教程
- • Kotlin學習(二)基本類型
- • ☆基於Java Instrument的Agent實現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. No provider available from registry 127.0.0.1:2181 for service com.ddbuy.ser 解決方法
- 2. Qt5.7以上調用虛擬鍵盤(支持中文),以及源碼修改(可拖動,水平縮放)
- 3. 軟件測試面試- 購物車功能測試用例設計
- 4. ElasticSearch(概念篇):你知道的, 爲了搜索…
- 5. redux理解
- 6. gitee創建第一個項目
- 7. 支持向量機之硬間隔(一步步推導,通俗易懂)
- 8. Mysql 異步複製延遲的原因及解決方案
- 9. 如何在運行SEPM配置嚮導時將不可認的複雜數據庫密碼改爲簡單密碼
- 10. windows系統下tftp服務器使用
歡迎關注本站公眾號,獲取更多信息
