LAMP implementation in CentOS 7 and https-based virtual host, centoslamp

LAMP implementation in CentOS 7 and https-based virtual host, centoslamp

System Environment:
CentOS 7
In Apache 2.4
Python 5.4
MariaDB 5.5

Project requirements:
Create three virtual hosts and set up phpMyadmin, wordpress, and Discuz
PhpMyadmin provides the https service.

I. Use yum to install components required by the Environment
Httpd, php, php-mysql, mariadb-server

# Yum install httpd php-mysql mariadb-server

2. Disable SELINUX and configure the firewall

1. Disable selinux for test convenience.
Temporarily close:
Setenforce 0

Permanently close:
Vim/etc/sysconfig/selinux
SELINUX = disabled

2. Add port 80,443,330 6 to the built-in firewall of CentOS 7

View firewall running status
# Firewall-cmd -- state

Add Port
# Firewall-cmd -- add-port = 80/tcp -- permanent
# Firewall-cmd -- add-port = 443/tcp -- permanent
# Firewall-cmd -- add-port = 3306/tcp -- permanent

Reload firewall Configuration
# Firewall-cmd -- reload

View existing rules
# Iptables-L-n

Iii. test whether the software is normal

1. Start httpd and test access:

# Systemctl start httpd

In this case, the browser should successfully access the test page.

2. Test the database
Start MariaDB
# Systemctl start mariadb

Enter the MariaDB command line.
# Mysql

　　　　

3. Check the php version. My version is 5.4.16.
# Php-v

4. Configure Apache

1. Create a folder
Create folders, pma, wp, and dz required by the three virtual hosts under/web/vhosts.
# Mkdir-p/web/vhosts/{pma, wp, dz}

2. Grant Apache users access to the entire/web directory:
# Chown-R apache: apache/web

3. Create a test page
# Vim/web/vhosts/pma/index. php
Content:
<? Php
Echo "this is pma"
?>

# Vim/web/vhosts/wp/index. php
Content:
<? Php
Echo "this is wp"
?>

# Vim/web/vhosts/dz/index. php
Content:
<? Php
Echo "this is dz"
?>

 

4. Cancel the welcome page. Otherwise, interference may occur.
# Mv/etc/httpd/conf. d/welcome. conf/etc/httpd/conf. d/welcome. conf. bak

5. Add three virtual hosts

Create a configuration file named vhosts. conf
# Vim/etc/httpd/conf. d/vhosts. conf

Content:

<VirtualHost *: 80>
DocumentRoot/web/vhosts/pma
ServerName pma.buybybuy.com
ErrorLog logs/pma. err
CustomLog logs/pma. access combined
</VirtualHost>

<Directory "/web/vhosts/pma">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

<VirtualHost *: 80>
DocumentRoot/web/vhosts/wp
ServerName wp.buybybuy.com
ErrorLog logs/wp. err
CustomLog logs/wp. access combined
</VirtualHost>

<Directory "/web/vhosts/wp">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

<VirtualHost *: 80>
DocumentRoot/web/vhosts/dz
ServerName dz.buybybuy.com
ErrorLog logs/dz. err
CustomLog logs/dz. access combined
</VirtualHost>

<Directory "/web/vhosts/dz">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

6. Reload the httpd Configuration:
# Systemctl reload httpd

7. Test the three virtual hosts:

　　　　

　　　　

Test successful!

5. Configure mariaDB

1. initialize the security settings after installing mariaDB.

Run the Security Initialization Script
#/Usr/bin/mysql_secure_installation

The following are my options for reference:

1) Are you sure you want to set the root user password? (Yes)

2) are anonymous users deleted? (Yes)
3) are root users prohibited from logging on remotely? (No, but not recommended in the production environment)
4) Do you want to delete the test database? (No, It will be retained if there are future test requirements)
5) is the authorization table reloaded? (Yes, the setting takes effect immediately)

2. Attach the root user password change command
# Mysql
Set password for 'root' @ 'localhost' = PASSWORD ('123 ');
Set password for 'root' @ '2014. 0.0.1 '= PASSWORD ('20140901 ');

6. Install the package
1. Install phpmyadmin, Discuz, and wordpress
Download the installation package to the Home Directory
You can use wget or ftp tools. Because Xshell is used to connect to the server, Xftp is used to directly import the installation package in the control machine to the home directory.

　　　　

2. Make sure necessary compression/Decompression tools are installed

I lack bzip2, zip, and unzip here, so
# Yum-y install bzip2 zip unzip

Extract
# Unzip Discuz_X3.2_ SC _UTF8.zip-d Discuz_X3.2_ SC _UTF8
# Tar-xf wordpress-4.5.3-zh_CN.tar.gz
# Tar-xf phpMyAdmin-4.4.15.8-all-languages.tar.bz2

3. copy to the defined virtual host directory respectively. Note that you only need to copy the required documents.

# Cp-a phpMyAdmin-4.4.15.8-all-languages/*/web/vhosts/pma/
# Cp-a wordpress/*/web/vhosts/wp/
# Cp-a Discuz_X3.2_ SC _UTF8/upload/*/web/vhosts/dz/

VII. Website debugging
1. Configure phpmyadmin
# Cd/web/vhosts/pma

Find the default configuration file and rename it as the standard name
# Cp config. sample. inc. php config. inc. php

Edit configuration file
About 17 lines found
$ Cfg ['blowfish _ secret'] = '';

Here we need to add a random string, which can be generated using the following command in bash:
# Tr-d 'a-zA-Z0-9 '</dev/urandom | head-30 | md5sum

For example, the generated string is
E2d8e1132dc737b3dc1f05c80c0cc9e
Add the generated string to the quotation marks of the preceding parameter .:

　　　　

Save and exit.

When accessing pma.buybybuy.com, the program reports an error:

　　　　

Mbstring is a multi-language package.

So install this package
# Yum install php-mbstring

Load httpd for configuration to take effect
# Systemctl reload httpd

Access pma.buybybuy.com again. The page is successfully opened.

　　　　

In this case, you can use the configured mysql root user to log on.

2. Create the required database
To install wordpress and Discuz, you can use phpMyadmin to create a database for them.
Add-> enter the database name-> select sort encoding-> Create

　　　　

 

In addition, we hope that each website can be accessed by a separate database user, so here we create our own users for each database and bind them to the corresponding database.

Go back to homepage-> User-> Add User

 

For convenience, I keep the database name consistent with the corresponding user name, you can create

　　　　

Because the database has been created in advance, the red underline command will skip the database creation step, and the blue underline command will bind the user to the database.

3. Configure wordpress

Go to the wp directory
# Cd/web/vhosts/wp
Copy a configuration file and rename it the standard name of the configuration file.
# Cp wp-config-sample.php wp-config.php
Edit configuration file
# Vim/web/vhosts/wp/wp-config.php

 

Modify the value.

Access wp.buybybuy.com and dz.buybybuy.com, and the installation interface is displayed. you can install them using the previously set parameters.

8. Configure https for pma.buybybuy.com

1. Make sure OpenSSL is installed because you need to use OpenSSL to generate a self-signed certificate.
# Httpd-M | grep ssl
If not, install
# Yum install mod_ssl openssl

2. Configure the CA Server
My method is to configure a ca Server (CentOS A) first, and then apply for authentication from CentOS A to the current server (CentOS B.

3. Configure the CA Server (CentOS)

3.1 initialize the CA Service and create the required files
# Cd/etc/pki/CA/
# Touch index.txt // create an index file
# Echo 01> serial // create a serial number File

3.2 CA self-signed certificate
Generate Private Key
# (Umask 077; openssl genrsa-out/etc/pki/CA/private/cakey. pem2048)
Use the private key to generate a signature certificate
# Openssl req-new-x509-key/etc/pki/CA/private/cakey. pem-days 7300-out/etc/pki/CA/cacert. pem

4. Certificate Application (CentOS B ):

4.1 create a directory for storing certificates
# Mkdir/etc/httpd/ssl
# Cd/etc/httpd/ssl

4.2 generate a key
# (Umask 007; openssl genrsa-out httpd. key 1024)
4.3 generate a request file
# Openssl req-new-key httpd. key-out httpd. csr

4.4 fill in the table and write it as needed
Country Name (2 letter code) [XX]: CN
State or Province Name (full name) []: Beijing
Locality Name (eg, city) [Default City]: Beijing
Organization Name (eg, company) [Default Company Ltd]: Quintin Ltd
Organizational Unit Name (eg, section) []: Ops
Common Name (eg, your name or your server's hostname) []: pma.buybybuy.com
Email Address []: admin@buybybuy.com


4.5 send the generated file to the CA Server CentOS A. Here I use the scp command:
# Scp httpd. csr root@192.168.3.67:/tmp/

4.6 After successful follow the prompts, httpd. csr should already be in the/tmp/directory of CentOS.

5. Sign the certificate (CentOS ):

5.1 signing, valid for 10 years
# Openssl ca-in/tmp/httpd. csr-out/etc/pki/CA/certs/pma.buybybuy.com. crt-days 3650
5.2 send the generated crt back to CentOS B
# Scp/etc/pki/CA/certs/pma.buybybuy.com. crt root@192.168.3.77:/etc/httpd/ssl/
5.3 after the operation is successful, pma.buybybuy.com. crt should already be in the/etc/httpd/ssl/directory of CentOS B.

6. Configure ssl (CentOS B ):

6.1 advance backup
# Cd/etc/httpd/conf. d/
# Cp ssl. conf {,. bak}

6.2 edit ssl. conf
# Vim ssl. conf

The following items are modified:
<VirtualHost _ default _: 443>
=>
<VirtualHost *: 443>

Basic settings
DocumentRoot "/web/vhosts/pma"
ServerName pma.buybybuy.com: 443

Certificate location
SSLCertificateFile/etc/pki/tls/certs/localhost. crt
=>
SSLCertificateFile/etc/httpd/ssl/pma.buybybuy.com. crt

Private Key location
SSLCertificateKeyFile/etc/pki/tls/private/localhost. key
=>
SSLCertificateKeyFile/etc/httpd/ssl/httpd. key

Save and exit.

6.3 check the Configuration File Syntax Error:
# Httpd-t

6.4 restart httpd:
# Systemctl restart httpd

6.5 check whether port 443 is Enabled:
# Ss-tnl

 

6.6 format of browser access:
Https://pma.buybybuy.com

Https is correct. However, an invalid message is displayed. Just add the trust.