lnmp下實現部署wordpress和phpmyadmin,並實現https和URL重定向
項目要求:
1.lnmp實現多個虛擬主機,分別部署wordpress和phpmyadmin應用,並設置phpmyadmin僅能經過https協議訪問;
2.配置即便客戶端經過http協議訪問phpmyadmin站點,最終也可讓用戶使用https從新請求訪問;php
1、環境:lnmp=Linux+Nginx+MariaDB+PHP
在Linux中配置所需必要的環境:
1.在CentOS系和RHEL系列的發行版操做系統中,本地光盤並無提供Nginx應用程序,因此咱們通常有兩種方法安裝:
1).編譯安裝Nginx;(此項目使用安裝方式)
2).rpm安裝Nginx;html
1).編譯安裝:
編譯源代碼(測試環境安裝,例如安裝淘寶的TNginx):
1.安裝好編譯環境:yum -y groupinstall Development tools Server Platform Development
2.可能須要提供額外的開發包:
openssl-devel(支持ssl,從而實現網站的https訪問), pcre-devel(基於正則表達式去匹配), libevent-devel(基於事件完成數據的IO調度)
3. nginx-1.12.1]# ./configure --prefix=/usr/local/nginx112 --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --http-log-path=/var/log/nginx/access_log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx.lock --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-pcre --with-stream
4. ~]# make -j # && make install
注意:在啓動nginx服務進程以前,須要建立出nginx用戶和nginx組;
這裏是在聯網環境下編譯安裝Nginx:
配置安裝環境:
[root@chenliang ~]# yum -y groupinstall Development tools Server Platform Development
[root@chenliang ~]# yum -y install openssl-devel pcre-devel libevent-devel
在指定站點下載Nginx程序的源代碼包:
[root@chenliang ~]# wget -c http://nginx.org/download/nginx-1.12.0.tar.gz
解壓下載的源代碼包:
[root@chenliang ~]# tar xvf nginx-1.12.0.tar.gz
進入解壓後的目錄:
[root@chenliang ~]# cd nginx-1.12.0/
編譯:
[root@chenliang nginx-1.12.0]# ./configure --prefix=/usr/local/nginx112 --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --http-log-path=/var/log/nginx/access_log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx.lock --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-pcre --with-stream
安裝:
[root@chenliang nginx-1.12.0]# make -j 4 && make install
建立Nginx用戶和組:
[root@chenliang ~]# id nginx
uid=990(nginx) gid=985(nginx) 組=985(nginx)
啓動Nginx服務:
語法檢查:
[root@chenliang nginx-1.12.0]# nginx -t
啓動:
[root@chenliang nginx-1.12.0]# nginx
查看服務啓動狀態:
[root@chenliang ~]# ss -tnlp
LISTEN 0 128 *:80 *:* users:(("nginx",pid=3184,fd=6),("nginx",pid=3183,fd=6),("nginx",pid=3182,fd=6),("nginx",pid=3181,fd=6))
至此,編譯安裝Nginx程序完成。
2)rpm安裝:
設置對應的yum安裝源,實現rpm包安裝Nginx(標準化安裝,大規模服務器或集羣上安裝,方便往後進行自動化管理):
nginx官方預製的安裝包:
http://nginx.org/packages/centos/$releasever/$basearch
Fedora-EPEL源中提供的安裝包:
http://mirrors.sohu.com/fedora-epel/7/x86_64/Packages/n/
在yum源中設置添加Nginx的下載地址(須要在聯網狀態下進行):
[root@chenliang ~]# vim /etc/yum.repos.d/CentOS-Base.repo
> [nginx]
> name=nginx repo
> baseurl=http://nginx.org/packages/centos/7/$basearch/
> gpgcheck=0
> enabled=1
[root@chenliang ~]#yum clean all
[root@chenliang ~]#yum makecache
安裝Nginx:
[root@chenliang ~]#yum install nginx -y
啓動Nginx服務:
[root@chenliang ~]#nginx
查看啓動Nginx的狀態(能夠看到如今服務器的80端口是nginx在監聽):
[root@chenliang ~]# ss -tnlp
LISTEN 0 128 *:80 *:* users:(("nginx",pid=4481,fd=6),("nginx",pid=4477,fd=6))
2.安裝數據庫環境,PHP應用程序環境:
[root@chenliang ~]# yum install -y php-fpm php-mysql mariadb-server
並啓動相應的服務:
[root@chenliang ~]# systemctl start mariadb.service //啓動數據庫
[root@chenliang nginx-1.12.2]# systemctl start php-fpm.service
3.防火牆和SELinux配置:
[root@chenliang ~]# getenforce
Permissive
[root@chenliang ~]# iptables -vnL
Chain INPUT (policy ACCEPT 2493 packets, 238K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1837 packets, 279K bytes)
pkts bytes target prot opt in out source destination
4.在 /etc/nginx/nginx.conf 中配置Nginx基於域名的虛擬主機:
第一臺虛擬主機用來部署搭建WordPress:
server {
listen 80;
server_name www.clhost1.com;
location / {
root /myweb/host1;
index index.php index.html index.htm;
}
location ~* \.php$ {
root /myweb/host1;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /myweb/host1/$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
第二臺虛擬主機用來搭建phpmyadmin:
server {
listen 80;
server_name www.clhost2.com;
location / {
root /myweb/host2;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /myweb/host2;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /myweb/host2/$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
在本地主機系統C盤下\Windows\System32\drivers\etc\hosts文件添加:172.16.72.1 www.clhost1.com www.clhost2.com
5.建立站點首頁訪問路徑:
[root@chenliang ~]# mkdir /myweb/host{1,2} -pv
mkdir: 已建立目錄 "/myweb"
mkdir: 已建立目錄 "/myweb/host1"
mkdir: 已建立目錄 "/myweb/host2"
建立首頁文件:
[root@chenliang ~]# echo "nginx's page1" >> /myweb/host1/index.html
[root@chenliang ~]# echo "nginx's page2" >> /myweb/host2/index.html
然後檢查語法錯誤後啓動Nginx服務:
[root@chenliang ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@chenliang ~]# nginx -s reload
啓動各項服務後查看:
[root@chenliang ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 *:80 *:*
6.配置php-fpm:
1)配置php-fpm服務:
更改進程全部者:
[root@chenliang ~]# vim /etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000
user = nginx
group = nginx
2)建立訪問路徑:
[root@chenliang ~]# mkdir /myweb/host{1,2} -pv
mkdir: 已建立目錄 "/myweb"
mkdir: 已建立目錄 "/myweb/host1"
mkdir: 已建立目錄 "/myweb/host2"
建立首頁文件:
[root@chenliang ~]# vim /myweb/host1/index.php
nginx host1's page.</br>
<?php
phpinfo();
$conn = mysql_connect('172.16.72.1','wpuser','wppass');
if ($conn)
echo "YES";
else
echo "NO";
?>
[root@chenliang ~]# vim /myweb/host2/index.php
nginx host2's page.</br>
<?php
$conn = mysql_connect('172.16.72.1','phpuser','phppass');
if ($conn)
echo "YES";
else
echo "NO";
phpinfo();
?>mysql
7.配置數據庫:
建立所需的兩個數據庫,受權用戶並測試數據庫的鏈接正常與否:nginx
建立WordPress數據庫:
MariaDB [(none)]> create database wpdb;
Query OK, 1 row affected (0.03 sec)
受權:
MariaDB [(none)]> grant all on wpdb. to 'wpuser'@'172.16.%.%' identified by '123456';
Query OK, 0 rows affected (0.10 sec)
建立PHPadmain數據庫:
MariaDB [(none)]> create database phpmyadmain;
Query OK, 1 row affected (0.00 sec)
受權:
MariaDB [(none)]> grant all on phpmyadmain. to 'phpuser'@'172.16.%.%' identified by 'phppass';
Query OK, 0 rows affected (0.00 sec)web
測試用來搭建WordPress數據庫host1主機:
測試用來搭建PHPadmain數據庫host2主機:正則表達式
2、搭建虛擬主機,分別部署wordpress和phpmyadmin應用
部署wordpress:
將wordpress應用程序上傳到訪問目錄下:
[root@chenliang host1]# ls
index.html index.php wordpress-4.2-zh_CN.tar.gz
解壓:
[root@chenliang host1]# tar xf wordpress-4.2-zh_CN.tar.gz
[root@chenliang host1]# ls
index.html index.php wordpress wordpress-4.2-zh_CN.tar.gz
改名,爲了方便鍵入網址:
[root@chenliang host1]# mv wordpress wp
[root@chenliang host1]# ls
index.html index.php wordpress-4.2-zh_CN.tar.gz wp
進入目錄,修改配置文件:
[root@chenliang host1]# cd wp
[root@chenliang wp]# cp wp-config-sample.php wp-config.php
[root@chenliang wp]# vim wp-config.php
測試結果:
至此,WordPress博客搭建成功。sql
部署phpmyadmin:
[root@chenliang host1]# cd /myweb/host2
[root@chenliang host2]# ls
index.html index.php phpMyAdmin-3.5.4-all-languages.tar.gz
[root@chenliang host2]# tar xf phpMyAdmin-3.5.4-all-languages.tar.gz
[root@chenliang host2]# ls
index.html index.php phpMyAdmin-3.5.4-all-languages phpMyAdmin-3.5.4-all-languages.tar.gz
[root@chenliang host2]# mv phpMyAdmin-3.5.4-all-languages phpmyadmain
[root@chenliang host2]# ls
index.html index.php phpmyadmain phpMyAdmin-3.5.4-all-languages.tar.gz
[root@chenliang host2]# cd phpmyadmain/數據庫
phpmyadmin訪問有時候會出現了session沒有緩存的狀況,要在/etc/php.ini中修改緩存路徑,而後修改/var/lib/php/session的權限爲nginx操做:
session.save_path = "/var/lib/php/session"
[root@chenliang phpmyadmain]# ll -d /var/lib/php/session/
drwxr-xr-x. 2 nginx nginx 6 6月 1 11:10 /var/lib/php/session/vim
測試phpmyadmin界面顯示以下:
輸入用戶名和密碼登陸數據庫管理成功:
至此,phpmyadmain應用程序搭建成功。centos
設置phpmyadmin僅能經過https協議訪問
建立私有CA:
建立私鑰:
[root@chenliang ~]# cd /etc/pki/CA/
[root@chenliang CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
................................................................................+++
..+++
e is 65537 (0x10001)
生成自簽證書:
[root@chenliang CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3653
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:cl Locality Name (eg, city) [Default City]:cl Organization Name (eg, company) [Default Company Ltd]:cl Organizational Unit Name (eg, section) []:cl Common Name (eg, your name or your server's hostname) []:cl Email Address []:cl@cl
完善證書目錄要求和序列號:
[root@chenliang CA]# touch index.txt
[root@chenliang CA]# echo 01 > index.txt
搭建https服務器站點:
爲服務器配置私鑰:
[root@chenliang ~]# mkdir /etc/nginx/ssl -pv
[root@chenliang ~]# cd /etc/nginx/ssl
[root@chenliang ssl]# (umask 077;openssl genrsa -out nginx.key 2048)
Generating RSA private key, 2048 bit long modulus ..................................................................................................+++ .................................................................................+++ e is 65537 (0x10001)生成證書請求:
[root@chenliang ssl]# openssl req -new -key nginx.key -out nginx.csr -days 3653
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:cl Locality Name (eg, city) [Default City]:cl Organization Name (eg, company) [Default Company Ltd]:cl Organizational Unit Name (eg, section) []:cl Common Name (eg, your name or your server's hostname) []:cl Email Address []:cl Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []:cl
將證書請求發送到CA(這裏是在本身的服務器上建立私有CA,因此直接將證書複製到服務器端的/tmp目錄下):
[root@chenliang ssl]# cp nginx.csr /tmp/
在CA上爲nginx服務器請求籤發證書:
[root@chenliang ssl]# openssl ca -in /tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 3653
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jun 1 06:38:10 2018 GMT
Not After : Jun 1 06:38:10 2028 GMT
Subject:
countryName = CN
stateOrProvinceName = cl
organizationName = cl
organizationalUnitName = cl
commonName = cl
emailAddress = cl
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
F7:03:98:4F:94:82:35:92:61:F3:E5:9E:8D:67:D4:DA:DD:CF:7A:EF
X509v3 Authority Key Identifier:
keyid:BC:65:B9:DF:AB:07:40:38:89:A5:45:ED:AD:A8:68:FF:FD:C4:80:BF
Certificate is to be certified until Jun 1 06:38:10 2028 GMT (3653 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
在CA上將CA簽發的證書傳送到Nginx服務器:
[root@chenliang ssl]# cp /etc/pki/CA/certs/nginx.crt /etc/nginx/ssl
[root@chenliang ssl]# ls
nginx.crt nginx.csr nginx.key
在Nginx服務器上,刪除證書請求文件:
[root@chenliang ssl]# ls
nginx.crt nginx.csr nginx.key
[root@chenliang ssl]# rm -f nginx.csr
[root@chenliang ssl]# ls
nginx.crt nginx.key
在Nginx服務器上配置ssl支持:
1.安裝mod_ssl模塊:
[root@chenliang ~]# yum install -y mod_ssl
2.編輯Nginx服務器的主配置文件:
[root@chenliang ~]# vim /etc/nginx/nginx.conf
> server {
> listen 80 443 ssl;
> server_name www.clhost2.com;
> ssl_certificate /etc/nginx/ssl/nginx.crt;
> ssl_certificate_key /etc/nginx/ssl/nginx.key;
> location / {
> root /myweb/host2;
> index index.php index.html index.htm;
> }
>
> location ~* \.php$ {
> root /myweb/host2;
> fastcgi_pass 127.0.0.1:9000;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME /myweb/host2/$fastcgi_script_name;
> include /etc/nginx/fastcgi_params;
> }
> }
檢查語法錯誤:
[root@chenliang ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
重載Nginx服務:
[root@chenliang ~]# nginx -s reload
測試界面爲:
使用https訪問站點結果:
配置即便客戶端經過http協議訪問phpmyadmin站點,最終也可讓用戶使用https從新請求訪問
在nginx的主配置文件中,配置phpmyadmin應用程序所在的虛擬主機:
[root@chenliang ~]# vim /etc/nginx/nginx.conf
添加一個虛擬機,監聽80端口:
> server {
> listen 80;
> server_name www.clhost2.com;
> location ~ \.php$ {
> root /myweb/host2;
> index index.php;
> rewrite ^/(.*\.php)$ https://www.clhost2.com/$1 break;
> }
> }
檢查語法並重載服務:
[root@chenliang ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@chenliang ~]# nginx -s reload
鍵入網址: http://www.clhost2.com/phpmyadmin 測試結果以下,使用http訪問會自動跳轉到https訪問:
- 1. nginx實驗---lnmp實現多虛擬主機部署wordpress和phpmyadmin,併爲後者提供https,及rewrite功能...
- 2. IIS URL重寫實現重定向
- 3. Express URL跳轉(重定向)的實現
- 4. Springboot-WebFlux實現http重定向到https
- 5. docker部署LNMP&phpMyAdmin
- 6. 部署traefik並實現http和https訪問
- 7. response實現請求重定向和response…
- 8. SSL 部署,實現 https 化
- 9. Apache mod_rewrite實現HTTP和HTTPS重定向跳轉
- 10. iis7下實現內網OWA重定向以及http重定向到https
- 更多相關文章...
- • 現實生活中的 XML - XML 教程
- • Hibernate實現增刪改查 - Hibernate教程
- • ☆基於Java Instrument的Agent實現
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. nginx實驗---lnmp實現多虛擬主機部署wordpress和phpmyadmin,併爲後者提供https,及rewrite功能...
- 2. IIS URL重寫實現重定向
- 3. Express URL跳轉(重定向)的實現
- 4. Springboot-WebFlux實現http重定向到https
- 5. docker部署LNMP&phpMyAdmin
- 6. 部署traefik並實現http和https訪問
- 7. response實現請求重定向和response…
- 8. SSL 部署,實現 https 化
- 9. Apache mod_rewrite實現HTTP和HTTPS重定向跳轉
- 10. iis7下實現內網OWA重定向以及http重定向到https