1. Experimental Requirements:
1) CentOS 7, AMP + xcache, rpm package, php-fpm;
A) httpd, PHP, MARIADB are deployed separately on a separate host;
b) One virtual host provides WordPress, another virtual host provides; phpMyAdmin
c) Providing HTTPS services to Phpmyadmim;
2. Experimental environment:
1) Server Environment
Linux Server OS version: CentOS release 6.7 (Final)
HTTP) ip:172.16.66.60
PHP-FPM) ip:172.16.66.70
MARIADB) ip:172.16.66.70
2) test environment
WIN7 system client): ip:172.16.66.100
3, the experimental premise:
1) Turn off firewall and SELinux
~]# Service Iptables Stop
~]# sed-i s/selinux=enforcing/selinux=disabled/g/etc/selinux/config
4, the experimental process:
The first part:
Deploying Hosts ip:172.16.66.60
1 Basic settings
1.1 Set HTTPD host name HOSTNAME
echo "HOSTNAME=WWW1" >>/etc/sysconfig/network
1.2 Updating the HOSTS configuration file/etc/hosts
Vim/etc/hosts
172.16.66.60 WWW1
1.3 Modifying DNS resolution settings
Vim/etc/resolv.conf
2 Installing LAMP
2.2 Installing and configuring the Apache network server
Yum Install httpd
2.3 Backup configuration file (recommended for all profiles, make a backup copy before making any changes to address unknown errors)
mkdir ~/confbak
Cp-r/etc/httpd ~/confbak
where ~ represents the user folder of the currently logged-on user, and the-R parameter indicates recursion to all subdirectories.
2.4 Configuring the Virtual host (/etc/httpd/conf.d/www1.conf)
Vim/etc/httpd/conf.d/www1.conf
Host WWW1
[email protected] conf.d]# cat www1.conf
<virtualhost *:80>
ServerName WWW1
# Serveralias www
DOCUMENTROOT/DATA/VHOSTS/WWW1 #注意这行末尾不要带/
Proxyrequests OFF
DirectoryIndex index.php
Proxypassmatch ^/(. *\.php) $ fcgi://172.16.66.70:9000/data/vhosts/www1/$1
<directory "/DATA/VHOSTS/WWW1" >
Options None
AllowOverride None
Require all granted
</Directory>
Errorlog Logs/www1-error_log
Customlog Logs/www1-access_log Combien
#ServerSignature OFF
</VirtualHost>
2.5 Configuring the Virtual host (/etc/httpd/conf.d/www2.conf)
Vim/etc/httpd/conf.d/www2.conf
Host WWW2
[email protected] conf.d]# cat www2.conf
<virtualhost *:80>
ServerName WWW2
Documentroot/data/vhosts/www2
Proxyrequests OFF
DirectoryIndex index.php
Proxypassmatch ^/(. *\.php) $ fcgi://172.16.66.70:9000/data/vhosts/www2/$1
<directory "/DATA/VHOSTS/WWW2" >
Options None
AllowOverride None
Require all granted
</Directory>
Errorlog Logs/www2-error_log
Customlog Logs/www2-access_log Combien
#ServerSignature OFF
</VirtualHost>
2.6 Creating a virtual host (Site directory)
Host 1 's
MKDIR/DATA/VHOSTS/WWW1/-P
Host 2 's
MKDIR/DATA/VHOSTS/WWW2/-P
2.7 To be able to run the Apache server automatically at system startup, you need to run the following command:
Systemctl Enable httpd
Output is similar to
Ln-s '/usr/lib/systemd/system/httpd.service '/etc/systemd/system/multi-user.target.wants/httpd.service '
2.8 Launching the Apache service
Systemctl Start httpd
2.9 hints that Apache has started a restart load
Systemctl Reload httpd
Now you need to join the HTTP service to the firewall to allow external access (that is, add the HTTP default port 80 to the firewall Allow list),
Firewall-cmd--add-service=http--permanent
The –permanent parameter indicates that this is a permanent firewall rule, and if you do not add this parameter, you will not have this rule after rebooting the system.
Restart FIREWALLD make the rule effective
Systemctl Restart Firewalld
If the firewall does not start by default, the above instructions will indicate an error, "FirewallD is not running". Then enable the Firewall service first.
Systemctl Enable Firewalld && systemctl start Firewalld
If you want to view the firewall rules after joining, use the following command.
Firewall-cmd--list-all
To summarize the key points, httpd service default configuration file:
Default configuration file:/etc/httpd/conf/httpd.conf
Load module configuration file:/etc/httpd/conf.modules.d/directory (e.g. PHP)
Select MPMs (processing mode) [Worker, Prefork (default is this)] and event:/etc/httpd/conf.modules.d/00-mpm.conf
Default port: 80 and 443 (SSL)
Default log:/var/log/httpd/{access_log,error_log}
You can also use Apachectl to control the Apache service to perform some operations, such as gracefully reloading the configuration,
Apachectl Graceful
"gracefully" means to gradually update all httpd processes to new processes that use the new configuration without interrupting customer access.
Details need to see their simple help file,
Apachectl-h
Other important firewall Firewalld options are,
# Firewall-cmd--state
# Firewall-cmd--list-all
# Firewall-cmd--list-interfaces
# Firewall-cmd--get-service
# Firewall-cmd--query-service service_name
# Firewall-cmd--add-port=8080/tcp
Part II:
Deploying the PHP-FPM host ip:172.16.66.70
1 Installation and Configuration php-fpm
1.1 Installing PHP-FPM
Yum Install php-fpm mysql-server-y
1.2 Backup configuration file/etc/php.ini, php.conf and 00-php.conf,
Cp/etc/php.ini ~/confbak/php.ini.bak
Cp/etc/httpd/conf.d/php.conf ~/confbak/httpd/conf.d/php.conf.bak
Cp/etc/httpd/conf.modules.d/00-php.conf ~/confbak/httpd/conf.modules.d/00-php.conf.bak
1.3 and make sure that the following statement in the/etc/php.ini (different on the modification, no added, some values can be adjusted later, which is for a simple run WordPress server configuration):
error_reporting = e_compile_error| e_recoverable_error| e_error| E_core_error
Display_errors = Off
Log_errors = On
Max_execution_time = 300
Memory_limit = 32M
2 Install and configure Php-mysql (to use MySQL in PHP, you will also need to install this PHP-MYSQL package):
2.1 Installing Php-mysql
Yum Install Php-mysql-y
Part III:
Deploying the MARIADB host ip:172.16.66.80
1 Installing and configuring the MARIADB database service
MariaDB is a database software rebuilt on the basis of MySQL, and the Linux distributions are continuously switched from MySQL to MariaDB. CentOS starts with MariaDB by default from 7.
1.1 Installation
Yum Install Mariadb-server mariadb
1.2 Join with System boot
Systemctl Enable MARIADB
1.3 Start mariadb Daemon (mysqld) its default user name or MySQL
Systemctl Start mariadb
1.4 To view memory usage.
Top-u MySQL
1.5 Some instructions for stopping/restarting or deactivating the MARIADB service:
Stop it
sudo systemctl stop Mariad
Restart
sudo systemctl restart mariadb
Disable
sudo systemctl disable mariadb
Check
sudo systemctl is-active mariadb
2 Security Configuration MariaDB
Configuring using the MariaDB built-in Security configuration script
Mysql_secure_installation
Here you need to configure the MySQL root user and password, clear other users, clear unnecessary databases, and so on. The output is similar to the following execution procedure, where the content we enter from the keyboard is commented out in blue:
/usr/bin/mysql_secure_installation
/usr/bin/mysql_secure_installation:line 379:find_mysql_client:command not found
Note:running all PARTS of this SCRIPT are RECOMMENDED for all MariaDB
SERVERS in PRODUCTION use! Please READ each STEP carefully!
In order to log into MariaDB to secure it, we'll need the current
Password for the root user. If you ' ve just installed MariaDB, and
You haven ' t set the root password yet, the password would be blank,
So, should just press ENTER here.
Enter current password to root (enter for none): Enter here directly, this is not the Linux root user, but the root user of the MariaDB database
OK, successfully used password, moving on ...
Setting The root password ensures that nobody can log into the MariaDB
Root user without the proper authorisation.
Set root Password? [y/n] Y
New Password: Enter your database root user password
Re-enter new password: Re-enter it again
Password Updated successfully!
Reloading privilege tables.
... success!
By default, a MariaDB installation have an anonymous user, allowing anyone
To log into MariaDB without has to has a user account created for
them. This was intended only for testing, and the installation
Go a bit smoother. You should remove them before moving into a
Production environment.
Remove anonymous users? [y/n] Y--Delete anonymous users?
... success!
Normally, Root should only is allowed to connect from ' localhost '. This
Ensures that someone cannot guess at the root of password from the network.
Disallow Root login remotely? [y/n] Y--do not allow remote root login?
... success!
By default, MariaDB comes with a database named ' test ' that anyone can
Access. This was also intended only for testing, and should be removed
Before moving into a production environment.
Remove test database and access to it? [y/n] Y--Delete the test database and access?
-Dropping test database ...
... success!
-Removing privileges on test database ...
... success!
Reloading the privilege tables would ensure that all changes made so far
would take effect immediately.
Reload privilege tables now? [y/n] Y--Now reload the permission table?
... success!
Cleaning up ...
All done! If you ' ve completed all of the above steps, your MariaDB
Installation should now is secure.
Thanks for using mariadb!
2.1 Enter the password and return, here is the sample output, you can see the command prompt changes to MariaDB [(none)]>
Mysql-u root-p
Enter Password:
Welcome to the MariaDB Monitor. Commands End With; or \g.
Your MariaDB Connection ID is 10
Server VERSION:5.5.37-MARIADB MariaDB Server
Copyright (c) Monty, Oracle, program Ab and others.
Type ' help ', ' or ' \h ' for help. Type ' \c ' to clear the current input statement.
MariaDB [(None)]>
2.1 Create a new database for WordPress (this name is WordPress, you can also use other names)
MariaDB [(None)]> CREATE database WordPress;
2.3 Create a new user and assign the database permissions to him (here is just an example, the user named Ly, the password is Lyuserpassword)
MariaDB [(None)]> grant all on wordpress.* to ' ly ' @ ' 172.16.%.% ' identified by ' Lyuserpassword ';
2.4 Update Permissions
MariaDB [(None)]> flush privileges;
2.5 Exiting the database
MariaDB [(none)]> quit
2.6 Backing Up configuration files
CP/ETC/MY.CNF ~/confbak/my.cnf.bak
Part IV: Installation and Configuration Wordpress,phpmyadmin
ip:172.16.66.70 in the PHP-FPM host environment
1. Install and configure WordPress
1.1 Unpacking the WordPress package
tools]# Unzip Wordpress-4.3.1-zh_cn.zip
1.2 Copy to Site Directory WWW1
CP WORDPRESS/DATA/VHOSTS/WWW1
1.3 Renaming the WordPress config file for wp-config.php
]# CP wp-config-sample.php wp-config.php
1.4 Modifying the wp-config.php File connection database
~]# sed-n ' 22,38p '/data/vhosts/www1/wordpress/wp-config.php
/** Name of WordPress database */
Define (' db_name ', ' WordPress ');
/** MySQL Database user name */
Define (' Db_user ', ' ly ');
/** MySQL Database password */
Define (' Db_password ', ' Liyang ');
/** MySQL Host */
Define (' Db_host ', ' 172.16.66.80 ');
/** The default text encoding when creating data tables */
Define (' Db_charset ', ' UTF8 ');
/** the database collation type. If you are unsure do not change */
Define (' db_collate ', ');
2. Installing and configuring phpMyAdmin
2.1 Unpacking the phpMyAdmin package
tools]# Unzip Phpmyadmin-4.4.14.1-all-languages.zip
2.2 Copy to Site Directory WWW2
~]# Cp-r PHPMYADMIN-4.4.14.1-ALL-LANGUAGES/DATA/VHOSTS/WWW2
2.3 Configuring phpMyAdmin Software
# LN-SV Phpmyadmin-4.4.14.1-all-languages/phpmyadmin
2.4 Renaming the profile name
~]# CP config.sample.inc.php config.inc.php
2.5 Generating Random numbers
~]# OpenSSL Rand-hex 8 #--> (640b56f72820ace8)
2.6 Modifying the configuration file config.inc.php
~]# Vim config.inc.php
$cfg [' blowfish_secret '] = ' 640b56f72820ace8 '
3. Test PHP and Mariad connectivity
3.1 httpd-->php Whether you can access
www1]# Cat admin.php
<?php
Phpinfo ();
?>
3.2 httpd-->php--mariadb Whether you can access
WWW1] #cat index.php
<?php
$conn = mysql_connect (' 172.16.100.71 ', ' testuser ', ' testpass ');
if ($conn)
Cho "OK";
Else
echo "Failure";
?>
4. Test WordPress and phpMyAdmin
4.1 Test in PC Browser, whether WordPress can be normal way
Http://www1/wordpress Access via 80 ports
4.2 Access hint: no extension, installation php-mbstring can be resolved
~]# Yum Install php-mbstring
5.3 Test in PC browser, according to the prompt to enter the database name and password (Host account and password is authorized WordPress users)
http://www2/phpMyAdmin/index.php
5. Install XCache Accelerator for PHP-FPM and configure
5.1yum Mounting Php-xcache
~]# Yum Install Php-xcache
Part V: providing HTTPS services for Phpmyadmim
ip:172.16.66.60 in the HTTPD host environment
Working directory:/etc/pki/ca/
1. Establish a private CA
1.1 Generating the private key
ca]# (umask 077; OpenSSL genrsa-out Private/cakey.pem 2048)
1.2 Generating self-signed certificates
ca]# OpenSSL Req-new-x509-key private/cakey.pem-out Cacert.pem
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:beijing
Common name (eg, your name or your server ' s hostname) []:www2
1.3 Providing auxiliary files
ca]# Touch Index.txt
ca]# echo > Serial serial number
ca]# Tree
.
├──cacert.pem
├──certs
├──crl
├──index.txt
├──newcerts
├──private
│└──cakey.pem
└──serial
2. Node Request certificate
2.1 Generating the private key
~]# Mkdir-pv/etc/httpd/ssl
ssl]# (umask 077; OpenSSL genrsa-out httpd.key 1024)
2.2 Generate certificate Signing request:
ssl]# OpenSSL Req-new-key httpd.key-out HTTPD.CSR
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:beijing
Common name (eg, your name or your server ' s hostname) []:www2
2.3 Send request to CA
ssl]# CP httpd.csr/tmp/
3.CA issuing certificate
3.1 Signing certificate
~]# OpenSSL CA-IN/TMP/HTTPD.CSR-OUT/ETC/PKI/CA/CERTS/HTTPD.CRT
3.2 Send the signed certificate back to the requestor.
~]# cp/etc/pki/ca/certs/httpd.crt/etc/httpd/ssl/
Note: This private build CA and node request certificates are completed on the same machine.
4. Configure HTTPD to support the use of SSL, and the use of certificates
4.1yum Mounting Mod_ssl Module
~]# Httpd-m | grep SSL
~]# Yum Install mod_ssl-y
~]# RPM-QL Mod_ssl
4.2 Modifying a configuration file
~]# cat/etc/httpd/conf.d/ssl.conf
<VirtualHost>
DocumentRoot "/DATA/VHOSTS/WWW2"
ServerName www2:443
Proxyrequests OFF
DirectoryIndex index.php
Proxypassmatch ^/(. *\.php) $ fcgi://172.16.66.70:9000/data/vhosts/www2/$1
Sslcertificatefile/etc/httpd/ssl/httpd.crt
Sslcertificatekeyfile/etc/httpd/ssl/httpd.key
<directory "/DATA/VHOSTS/WWW2" >
Ssloptions +stdenvvars
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
Part VI: Stress test Report
This article is from the "8752057" blog, please be sure to keep this source http://yang90.blog.51cto.com/8752057/1827371
CentOS 7.2 amp + xcache, rpm package, PHP-FPM