CentOS 7 under Lamp implementation and HTTPS based virtualization host _linux

System environment:

CentOS 7

Apache 2.4
PHP 5.4
MARIADB 5.5

Project requirements:

Create 3 virtual hosts, set up Phpmyadmin,wordpress,discuz separately

Where phpMyAdmin provides HTTPS services.

Components required to install the environment using Yum

Httpd,php,php-mysql,mariadb-server

# yum Install httpd php php-mysql mariadb-server

Second, close the SELinux and configure the firewall

1. For testing convenience, first close SELinux

Temporary shutdown:

Setenforce 0

Permanent shutdown:

Vim/etc/sysconfig/selinux

Selinux=disabled

2. Add 80,443,3306 port in CentOS 7 self-contained firewall

View Firewall Run Status

# Firewall-cmd--state

Add Port

# Firewall-cmd--add-port=80/tcp--permanent

# Firewall-cmd--add-port=443/tcp--permanent
# Firewall-cmd--add-port=3306/tcp--permanent

Overloaded firewall configuration

# Firewall-cmd--reload

View existing rules

# IPTABLES-L-N

Third, test the software is normal

1. Start httpd and test access:

# Systemctl Start httpd

Not surprisingly, this time the browser Access test page should be successful.

2. Test Database

Start MARIADB

# Systemctl Start mariadb

Can enter the MARIADB command line

# MySQL

3. View PHP version, my version is 5.4.16

# php-v

Four, configure Apache

1. New Folder required

Under/web/vhosts, create three folders that are required for each virtual host, Pma,wp,dz

# Mkdir-p/web/vhosts/{pma,wp,dz}

2. Give Apache users access to the entire/web directory:

# Chown-r Apache:apache/web

3. Create a test page

# vim/web/vhosts/pma/index.php

Content is:

<?php
echo "This is PMA"
?>
# vim/web/vhosts/wp/index.php
content is:
<?phpecho "This is WP"
?>
# vim/web/vhosts/dz/index.php
content is:
<?php
echo " This is DZ "
?>

4. Cancel the Welcome page, otherwise there will be interference

# Mv/etc/httpd/conf.d/welcome.conf/etc/httpd/conf.d/welcome.conf.bak

5. Add three virtual hosts

Create a call vhosts.conf configuration file

# vim/etc/httpd/conf.d/vhosts.conf

Content:

<virtualhost *:80> documentroot/web/vhosts/pma 
ServerName pma.buybybuy.com ErrorLog Customlog logs/pma.access combined 
</VirtualHost> <directory "/WEB/VHOSTS/PMA" > Options Indexes F Ollowsymlinks allowoverride None Require all granted 
</Directory> 
<virtualhost *:80> 
docum entroot/web/vhosts/wp ServerName wp.buybybuy.com 
ErrorLog logs/wp.err customlog logs/wp.access & lt;/virtualhost> <directory "/web/vhosts/wp" > 
Options Indexes followsymlinks None R Equire all granted 
</Directory> 
<virtualhost *:80> documentroot/web/vhosts/dz ServerName dz.b uybybuy.com ErrorLog logs/dz.err customlog logs/dz.access combined </VirtualHost> 
<directory "/we B/vhosts/dz "> 
Options Indexes followsymlinks allowoverride None Require all granted </Directory>

6. Reload the httpd configuration:

# Systemctl Reload httpd

7. Test three virtual hosts:

Test success!

V. Configuration of MARIADB

1. First initialize security after installation of MARIADB

Running Security Initialization Scripts

#/usr/bin/mysql_secure_installation

Here's my own options as a reference

1 Do you want to set the root user password? Is

2 Do you want to delete anonymous users? Is

3 Do you want to prevent remote logins for root users? (No, but if the production environment is recommended to prohibit)

4 Do you want to delete the test database? (No, if there are test requirements in the future, keep it)

5 Overload authorization table? (yes, the settings just took effect immediately)

2. Attach the root user Password change command

# mysql
SET PASSWORD for ' root ' @ ' localhost ' =password (' 123456 ');
SET PASSWORD for ' root ' @ ' 127.0.0.1 ' =password (' 123456 ');

Six. Install package

1. Install phpmyadmin,discuz,wordpress

Download installation package home Directory

can use the wget or use FTP tool, I here because uses the Xshell to connect the server, therefore directly uses the matching xftp to throw in the control machine the installment package directly into the home directory.

2. Ensure that the necessary compression/decompression tools are installed

I'm missing bzip2,zip and unzip here, so

# yum-y Install bzip2 zip unzip

Decompress separately

# unzip discuz_x3.2_sc_utf8.zip-d Discuz_x3.2_sc_utf8
# tar-xf wordpress-4.5.3-zh_cn.tar.gz
# TAR-XF PH pmyadmin-4.4.15.8-all-languages.tar.bz2

3. Copy to the defined virtual host directory, note Copy only the required documents

# cp-a phpmyadmin-4.4.15.8-all-languages/*/web/vhosts/pma/
# cp-a wordpress/*/web/vhosts/wp/
# cp-a D iscuz_x3.2_sc_utf8/upload/*/web/vhosts/dz/

Seven, debugging website

1. Configure phpMyAdmin

#cd/WEB/VHOSTS/PMA

Locate the default profile and rename it to the standard name

# CP config.sample.inc.php config.inc.php

Edit configuration file

I got about 17 lines.

$cfg [' blowfish_secret '] = ';

Here you need to add a random string that can be generated under bash with the following command:

# tr-d ' a-za-z0-9 ' </dev/urandom | head-30 | Md5sum

For example, the generated string is

e2d8e1132dc737b3dc1f05cd44c0cc9e

Adds the generated string to the quotation marks of the argument above. Figure:

Save exit.

When accessing the pma.buybybuy.com, the Discovery program complains:

It means that Mbstring module support is required, mbstring is a multilanguage pack.

So to install this package

# yum Install php-mbstring

Overload httpd for configuration to take effect

# Systemctl Reload httpd

Re-access pma.buybybuy.com, page successfully opened

At this point, you can use the previously configured MySQL root user login.

2. Create the required database

To install WordPress and Discuz, you can first use phpMyAdmin to create a database for them.

Add-> fill in database name-> Select Sort Encoding-> Build

In addition, we want each site to be accessible using a separate database user, so create your own users for each database and bind to the corresponding database.

Back to Home-> users-> Add users

For convenience, I keep the database name consistent with the corresponding user name, and you can follow the diagram to create

Because the database has been created in advance, the Red Underline command skips the steps to create the database, and the following blue underline command binds the user to the database.

3. Configure WordPress

Access to WP directory

# cd/web/vhosts/wp
Copy a profile and rename it to the standard name of the configuration file
# CP wp-config-sample.php wp-config.php
Edit configuration file
# vim/web/vhosts/wp/wp-config.php

Modify the corresponding value.

Access to wp.buybybuy.com and dz.buybybuy.com displays the installation interface. Use the previously set parameters for installation.

Eight, configure HTTPS for pma.buybybuy.com

1. Make sure OpenSSL is installed because you want to use OpenSSL to generate a self-signed certificate

# Httpd-m | grep SSL

If it is not installed

# yum Install mod_ssl OpenSSL

2. Configuring the CA Server

My approach is to configure a CA server (CentOS a) before having the current server (CentOS B) apply to CentOS a for authentication.

3. Configuring the CA Server (CentOS A)

3.1 Initializing the CA service to create the required files

# cd/etc/pki/ca/

# Touch Index.txt//CREATE INDEX file
# echo > Serial//Create serial Number file

3.2 CA self-signing certificate

Generate private key

# (Umask 077; OpenSSL Genrsa-out/etc/pki/ca/private/cakey.pem 2048)

Generate a signing certificate with the private key

# OpenSSL Req-new-x509-key/etc/pki/ca/private/cakey.pem-days 7300-out/etc/pki/ca/cacert.pem

4. Certificate of Application (CentOS B):

4.1 Create a directory where certificates are stored

# Mkdir/etc/httpd/ssl
# Cd/etc/httpd/ssl

4.2 Generate secret Key

# (Umask 007;openssl genrsa-out httpd.key 1024)

4.3 Generating request files

# OpenSSL Req-new-key httpd.key-out HTTPD.CSR

4.4 Fill in the form and write according to your own situation

Country Name (2 letter code) [XX]:CN

State or province Name (full name) []:beijing
Locality Name (eg, city) [Default city]:beijing
Organization Name (eg, company) [Default company Ltd]:quintin LTD
Organizational unit Name (eg, section) []:ops
Common name (eg, your name or your server ' s hostname) []:p ma.buybybuy.com
Email Address []:admin@buybybuy.com

4.5 Send the generated file to the CA server CentOS A, here I use the SCP command:

# SCP HTTPD.CSR root@192.168.3.67:/tmp/

4.6 After the prompt operation is successful, HTTPD.CSR should already be in the/tmp/directory of CentOS A.

5. Signing of the certificate (CentOS A):

5.1 Signed, valid for 10 years

# OpenSSL Ca-in/tmp/httpd.csr-out/etc/pki/ca/certs/pma.buybybuy.com.crt-days 3650
5.2 Returns the resulting CRT back to CentOS B
# SCP/ETC/PKI/CA/CERTS/PMA.BUYBYBUY.COM.CRT root@192.168.3.77:/etc/httpd/ssl/
5.3 After the prompt operation is successful, PMA.BUYBYBUY.COM.CRT should already be in the/etc/httpd/ssl/directory of CentOS B.

6. Configure SSL (CentOS B):

6.1 Backup in advance

# cd/etc/httpd/conf.d/

# CP Ssl.conf{,.bak}

6.2 Editor Ssl.conf

# Vim Ssl.conf

The following is a modified item

<virtualhost _default_:443>

=>
<virtualhost *:443>

Basic settings

DocumentRoot "/WEB/VHOSTS/PMA"

ServerName pma.buybybuy.com:443

Certificate Location

Sslcertificatefile/etc/pki/tls/certs/localhost.crt

=>
Sslcertificatefile/etc/httpd/ssl/pma.buybybuy.com.crt

Private key Location

Sslcertificatekeyfile/etc/pki/tls/private/localhost.key

=>
Sslcertificatekeyfile/etc/httpd/ssl/httpd.key

Save exit.

6.3 Check configuration file syntax error:

# httpd-t

6.4 Restart httpd:

# systemctl Restart httpd

6.5 See if the 443 port is turned on:

# SS-TNL

6.6 Go to the browser access format:

Https://pma.buybybuy.com

It's right to see the word HTTPS. However, the prompt is not valid, add trust can be.

The above is a small set to introduce the CentOS 7 under the lamp implementation and based on HTTPS virtualization host, I hope to help you, if you have any questions please give me a message, small series will promptly reply to everyone. Here also thank you very much for the cloud Habitat Community website support!