Centos7.2 lnmp rpm包，php-fpm 搭建wordpress部落格

標籤：lnmp + php-fpm+wordpress

1. 實驗需求：
         1、CentOS 7, npm rpm包, php-fpm;
           a) 一個虛擬機器主機提供wordpress，另一個虛擬機器主機提供phpmysamin；
           b) 為phpMyAdmim提供https服務；

2. 實驗環境：
   
   Linux伺服器作業系統版本：CentOS Linux release 7.2.1511 (Core) IP：172.16.252.113
   WIN7系統客戶機：IP：172.16.250.100
   

3. 實驗前提：
       1）關閉防火牆和SELinux    
       ~]# service iptables stop
       ~]# setenforce 0
       
   

4. 實驗過程：

   
   

一、安裝amp環境    

1.yum包安裝nmp
    
# yum install nginx php-fpm php-mysql  mariadb-server -y
    
    1)檢查是否成功安裝包
# rpm -qa nginx php-fpm php-mysql  mariadb-server

    2)啟動服務
# nginx

# systemctl start mariadb    

    3)查看服務是否正常啟動
    
# ss -nlt
# ps aux | grep nginx    
# ps aux | grep myslq
# ps aux | grep php-fpm
                
    4)設定開機自動啟動
# systemctl enable httpd                
# systemctl enable mariadb

    5)檢查是否設定成開機自啟動
# systemctl is-enabled httpd
# systemctl is-enabled mariadb

2. 配置虛擬機器主機
        
    1）建立虛擬機器主機目錄和設定檔/conf.d/vhosts.conf
# mkdir -pv /etc/nginx/conf.d/vhosts.conf
    
    2）在nginx.conf中的http段添加如下內容
include conf.d/*.conf;   //包含自訂虛擬機器主機路徑
fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:1 keys_zone=fcgicache:10m max_size=1g;
//定義緩衝路徑,層級,緩衝空間名稱,磁碟緩衝最大緩衝數


    3）建立緩衝目錄
# mkdir -pv /var/cache/nginx/fastcgi
    
    4）配置虛擬機器主機/conf.d/vhosts.conf
server {
    listen       80;
    server_name  www.yang.com;
    gzip on;
    gzip_disable chrome;
    gzip_types text/plain text/css text/xml application/xml application/json application/x-javascript;
location / {
        root /web/host1/wordpress;
        index index.php index.html index.htm;
    }    
location ~ \.php$ {
    root /web/host1/wordpress;
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_index    index.php;
    fastcgi_param    SCRIPT_FILENAME /web/host1/wordpress/$fastcgi_script_name;
    fastcgi_cache    fcgicache;
    fastcgi_cache_key $request_uri;
    fastcgi_cache_valid 200 10m;
    fastcgi_cache_valid 301 302 2m;
    fastcgi_cache_valid 404m;
    include        fastcgi.conf;
    }
}

server {
    listen    80;
    server_name    web.yang.com;
    root /web/host2/phpmyadmin;
    location / {
    index index.php index.html index.html;
}
location ~ \.php$ {
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_index    index.php;
    fastcgi_param    SCRIPT_FILENAME /web/host2/phpmyadmin/$fastcgi_script_name;
    fastcgi_cache    fcgicache;
    fastcgi_cache_key $request_uri;
    fastcgi_cache_valid 200 10m;
    fastcgi_cache_valid 301 302 2m;
    fastcgi_cache_valid 404 2m;
    include        fastcgi.conf;
    }
}

server {
    ssl on;
    listen  443 ssl;
    server_name  web.yang.com;
    root /web/host2/phpmyadmin;
    
    ssl_certificate   /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key  /etc/nginx/ssl/nginx.key;

    ssl_session_cache  shared:SSL:5m;
    ssl_session_timeout 10m;
    
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        index index.php index.html index.htm;
    }
    location ~ \.php$ {
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_index    index.php;
        fastcgi_param    SCRIPT_FILENAME /web/host2/phpmyadmin/$fastcgi_script_name;
        fastcgi_cache    fcgicache;
        fastcgi_cache_key $request_uri;
        fastcgi_cache_valid 200 10m;
        fastcgi_cache_valid 301 302 2m;
        fastcgi_cache_valid 404 3m;
        include        fastcgi.conf;
    }
}

二、部署wordpress環境：

    1)建立網站目錄
# mkdir /web/host1/ -pv

    2)解壓wordpress包
# unzip wordpress-4.3.1-zh_CN.zip

    3)拷貝到網站目錄www1中
# cp -R wordpress /web/host1/
    
    4)修改網站屬主和屬組
# chown -R nginx.nginx /web/host1/wordpress

    5)修改php-fpm.conf下的www.conf
user = nginx    
group = nginx

    6)登入資料庫
# mysql -uroot -p

    7)為bolg建立資料庫名為：wordpress
MariaDB [(none)]> CREATE DATABASE wordpress;

    8)查資料庫是否建立成功
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| wordpress          |
+--------------------+
4 rows in set (0.00 sec)

    9)授權使用者
MariaDB [(none)]> GRANT ALL ON wordpress.* TO [email protected]‘localhost‘ IDENTIFIED BY ‘liyang‘;
Query OK, 0 rows affected (0.03 sec)

MariaDB [(none)]> GRANT ALL ON wordpress.* TO [email protected]‘172.16.%.%‘ IDENTIFIED BY ‘liyang‘;
Query OK, 0 rows affected (0.00 sec)

    10)改名wordpress設定檔為wp-config.php
# cp wp-config-sample.php wp-config.php
    
    11)修改wp-config.php檔案串連資料庫
# sed -n ‘22,38p‘ /web/host1/wordpress/wp-config.php
 
/** WordPress資料庫的名稱 */
define(‘DB_NAME‘, ‘wordpress‘);

/** MySQL資料庫使用者名稱 */
define(‘DB_USER‘, ‘liyang‘);

/** MySQL資料庫密碼 */
define(‘DB_PASSWORD‘, ‘liyang‘);

/** MySQL主機 */
define(‘DB_HOST‘, ‘localhost‘);

/** 建立資料表時預設的文字編碼 */
define(‘DB_CHARSET‘, ‘utf8‘);

/** 資料庫清理類型。如不確定請勿更改 */
define(‘DB_COLLATE‘, ‘‘);
    
三、測試
    1)在伺服器端添加網域名稱解析
# echo "172.16.66.60 www.yang.com" >> /etc/hosts

    2)在PC中的hosts檔案中添加
172.16.66.60 www.yang.com

    3)httpd-->php是否可以訪問
# cat admin.php
<?php
    phpinfo();
?>
    4)httpd-->php--mariadb是否可以訪問
    
    5)在瀏覽器中，根據提示安裝http://www.yang.com/index.php

    6）查看資料庫是否產生資料
~]# mysql -uliyang -p
MariaDB [(none)]> show databases;

MariaDB [(none)]> use wordpress;

MariaDB [wordpress]> show tables;
+-----------------------+
| Tables_in_wordpress   |
+-----------------------+
| wp_commentmeta        |
| wp_comments           |
| wp_links              |
| wp_options            |
| wp_postmeta           |
| wp_posts              |
| wp_term_relationships |
| wp_term_taxonomy      |
| wp_terms              |
| wp_usermeta           |
| wp_users              |
+-----------------------+
11 rows in set (0.00 sec)
    
                        
四、部署phpMyAdmin環境：

    1)建立網站目錄
# mkdir /web/host2
    
    2)解壓phpMyAdmin包
# unzip phpMyAdmin-4.4.14.1-all-languages.zip

    3)拷貝到網站目錄www2中
# cp -r phpMyAdmin-4.4.14.1-all-languages /web/host2/

    4)建立軟串連phpMyAdmin
# ln -sv phpMyAdmin-4.4.14.1-all-languages/ phpmyadmin

    5)修改網站屬主和屬組
# chown -R nginx.nginx /web/host2/phpmyadmin

    6)修改設定檔
# cp config.sample.inc.php config.inc.php

    7)產生隨機數
~]# openssl rand -hex 8  
640b56f72820ace8

    8)修改設定檔config.inc.php
# vim config.inc.php
$cfg[‘blowfish_secret‘] = ‘640b56f72820ace8‘

    7)在瀏覽器中測試，根據提示輸入資料庫名和密碼（主機帳號和密碼是授權wordpress中使用者）
在PC機瀏覽器中測試：http://web.yang.com/index.php 通過80連接埠訪問

    8）phpmyadmin錯誤：The mbstring extension is missing. Please check your PHP configuration.
解決方案：
# yum install php-mbstring -y

    9)phpmyadmin錯誤:Error during session start; please check your PHP and/or webserver log file and configure your PHP i
解決方案:
# mkdir -pv /var/lib/php/session
# chown -R nginx.nginx /var/lib/php/session/

3.為phpMyAdmim提供https服務

工作目錄:/etc/pki/CA/

一、建立私人CA

    1)產生私密金鑰

[[email protected] CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
..............................................................................+++
............+++
e is 65537 (0x10001)

    2)產生自簽認證
[[email protected] CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN      
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:Ops   
Common Name (eg, your name or your server‘s hostname) []:web.yang.com
Email Address []:[email protected]

    3)提供輔助檔案

[[email protected] CA]# touch index.txt
[[email protected] CA]# echo 01 > serial
[[email protected] CA]# tree
.
├── cacert.pem
├── certs
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
├── private
│   └── cakey.pem
├── serial
└── serial.old


二、節點申請認證
    
    1)產生私密金鑰
# mkdir -pv /etc/httpd/ssl
ssl]# (umask 077; openssl genrsa -out nginx.key 1024)

    2）產生認證簽署請求：
[[email protected] ssl]# openssl req -new -key nginx.key -out nginx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server‘s hostname) []:web.yang.com
Email Address []:[email protected]

Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

ssl]# cp nginx.csr /tmp/


三、CA簽發認證

    1)簽署認證
[[email protected] ~]# openssl ca -in /tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Jul 29 11:11:37 2016 GMT
            Not After : Jul 29 11:11:37 2017 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = Beijing
            organizationName          = liyang
            organizationalUnitName    = Ops
            commonName                = web.yang.com
            emailAddress              = [email protected]
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                F5:73:F0:F1:7F:B6:B6:5D:41:F1:ED:7A:69:FE:6F:8E:A6:59:41:42
            X509v3 Authority Key Identifier:
                keyid:91:41:DA:D3:44:05:36:98:14:A7:81:D6:64:AC:D5:8E:EB:6E:D3:97

Certificate is to be certified until Jul 29 11:11:37 2017 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

    2)把簽署好的認證發還給要求者。
# cp /etc/pki/CA/certs/nginx.crt /etc/nginx/ssl/

注意：本次私建CA和節點申請認證在同一台機器完成。
    
四、測試結果：

    1)在PC機瀏覽器中測試：https://web.yang.com/index.php 通過443連接埠訪問

4.壓力測試：
    
一、正常測試

    1)測試wordpress並發
# # ab -c 100 -n 200 http://www.yang.com/index.php
Requests per second:    389.38 [#/sec] (mean)
Requests per second:    6949.27 [#/sec] (mean)
    
    2)測試phpmyadmin http 並發
# ab -c 100 -n 200 http://web.yang.com/index.php    
Requests per second:    5641.91 [#/sec] (mean)
Requests per second:    54.74 [#/sec] (mean)
    
    3)測試phpmyadmin https 並發
# ab -c 100 -n 100 https://web.yang.com/index.php    
Requests per second:    44.32 [#/sec] (mean)
Requests per second:    45.28 [#/sec] (mean)

二、為php安裝xcache加速器測試資料：
    1)yum 安裝php-xcache
~]# yum install php-xcache
 
    2)測試並發
# ab -c 100 -n 200 http://web.yang.com/index.php
Requests per second:    44.77 [#/sec] (mean)
# ab -c 100 -n 200 https://web.yang.com/index.php
Requests per second:    44.12 [#/sec] (mean)
# ab -c 100 -n 200 http://www.yang.com/index.php
Requests per second:    109.11 [#/sec] (mean)
   

本文出自 “8752057” 部落格，請務必保留此出處http://yang90.blog.51cto.com/8752057/1833487

Centos7.2 lnmp rpm包，php-fpm 搭建wordpress部落格