目的:
(1)部署lnmp實現多個虛擬主機
(2)基於LNMP平臺部署wordpress和phpmyadmin
(3)爲其中一個主機提供https
環境:
192.168.1.104-------->nginx
192.168.1.110-------->php-fpm
192.168.1.113-------->mariadb
一、部署LNMP環境
nginx安裝配置(192.168.1.104)
1、安裝開發包組及依賴包
[root@bogon nginx-1.10.0]# yum -y groupinstall Server Platform Development Development Tools [root@bogon nginx-1.10.0]# yum -y install pcre-devel openssl-devel zlib-devel
2、編譯安裝Nginx
[root@bogon ~]# tar xf nginx-1.10.0.tar.gz [root@bogon ~]# cd nginx-1.10.0/ [root@bogon nginx-1.10.0]# ./configure --prefix=/usr/local/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-stream_ssl_module --with-threads --with-file-aio --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_auth_request_module --with-stream --with-http_slice_module --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp [root@bogon nginx-1.10.0]# make -j 4 && make install
3、啓動服務查看是否正常,此處需要注意用戶是Nginx如果沒人需要創建,否則服務無法啓動。
[root@bogon nginx-1.10.0]# useradd -r nginx ##創建nginx服務用戶 [root@bogon nginx-1.10.0]# mkdir -p /var/cache/nginx/client_temp##啓動提示無此路徑,創建即可 [root@bogon nginx-1.10.0]# nginx ##啓動服務
4、配置Nginx基於域名的虛擬主機
server { listen 80; server_name www.magedu.com; location / { root /web/host1; index index.php index.html index.htm; } location ~ \.php$ { root /web/host1; fastcgi_pass 192.168.1.110:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /web/host1/$fastcgi_script_name; include fastcgi_params; } } server { listen 80; server_name www.maweijun.com; location / { root /web/host2; index index.php index.html index.htm; } location ~ \.php$ { root /web/host2; fastcgi_pass 192.168.1.110:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /web/host2/$fastcgi_script_name; include fastcgi_params; } }
5、建立首頁及其路徑
[root@bogon ~]# mkdir -p /web/host1 [root@bogon ~]# mkdir -p /web/host2 [root@bogon ~]# echo "host1" >/web/host1/index.html [root@bogon ~]# echo "host2" >/web/host2/index.html
6、檢查配置文件是否正確,然後重新加載文件,測試即可
[root@bogon ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@bogon ~]# nginx -s reload
部署php-fpm服務(192.168.1.110)
1、安裝php-fpm程序
[root@pxe130 ~]# yum -y install php-fpm [root@pxe130 ~]# yum -y install php-mysql [root@pxe130 host2]# yum -y install php-mbstring
2、編輯主機配置文件,修改相關配置選項
[root@pxe130 ~]# vim /etc/php-fpm.d/ listen = 192.168.1.110:9000 ###監聽php-fpm能夠與外部通信的地址 listen.allowed_clients = 192.168.1.104 ####允許的客戶端主機,此處指httpd主機
3、啓動服務
[root@pxe130 ~]# systemctl start php-fpm.service
4、建立與httpd服務主機上相同的網頁路徑,測試php和httpd連接是否正常。
[root@bogon ~]# mkdir -p /web/host1 [root@bogon ~]# mkdir -p /web/host2 [root@pxe130 ~]# vim /web/host1/index.php host1 <?php $conn = mysql_connect('192.168.1.113','test','test'); if ($conn) echo "mysql is ok"; else echo "mysql is bad"; phpinfo(); ?> [root@pxe130 ~]# vim /web/host1/index.php host 2 <?php $conn = mysql_connect('192.168.1.113','test','test'); if ($conn) echo "mysql is ok"; else echo "mysql is bad"; phpinfo(); ?>
部署mariadb服務(192.168.1.113)
1、安裝程序
[root@pxe132 ~]# yum -y install mariadb-server [root@pxe132 ~]# systemctl start mariadb
2、授權用戶,測試mariadb和php是否連接正常。
MariaDB [(none)]> grant all on test.* to 'test'@'192.168.%.%' identified by 'test';
MariaDB [(none)]> create database wpdb;####用於WordPress使用 Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on wpdb.* to 'wpuser'@'192.168.%.%' identified by 'wppass'; Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> create database phpmyadmin; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on phpmyadmin.* to 'phpuser'@'192.168.%.%' identified by 'phppass'; Query OK, 0 rows affected (0.00 sec)
3、測試
ok此時我們的LNMP環境就部署完成了。
二、基於LNMP平臺部署WordPress和phpmyadmin應用
1、部署WordPress
[root@pxe130 ~]# unzip wordpress-4.3.1-zh_CN.zip [root@pxe130 ~]# mv wordpress /web/host1/ [root@pxe130 ~]# cd /web/host1/WordPress [root@pxe130 wordpress]# cp wp-config-sample.php wp-config.php [root@pxe130 wordpress]# vim wp-config.php /** WordPress數據庫的名稱 */ define('DB_NAME', 'wpdb'); /** MySQL數據庫用戶名 */ define('DB_USER', 'wpuser'); /** MySQL數據庫密碼 */ define('DB_PASSWORD', 'wppass'); /** MySQL主機 */ define('DB_HOST', '192.168.1.113'); /** 創建數據表時默認的文字編碼 */ define('DB_CHARSET', 'utf8');
[root@pxe130 host1]# scp -r wordpress/ [email protected]:/web/host1/ ###複製一份給httpd
2、部署phpmyadmin
[root@pxe130 ~]# unzip phpMyAdmin-4.4.14.1-all-languages [root@pxe130 ~]# mv phpMyAdmin-4.4.14.1-all-languages /web/host2/phpmyadmin [root@pxe130 libraries]# cd phpmyadmin/libraries/ [root@pxe130 libraries]# vim config.default.php $cfg['blowfish_secret'] = 'Tfg6ORIzhZu/uA'; $cfg['Servers'][$i]['host'] = '192.168.1.113'; $cfg['Servers'][$i]['user'] = 'phpuser'; $cfg['Servers'][$i]['password'] = 'phppass';
[root@pxe130 host2]# scp -r phpmyadmin/ [email protected]:/web/host2/
部署過程中phpmyadmin訪問出現了session沒有緩存,,此時只需要在/etc/php.ini中修改緩存路徑,然後修改下權限就可了
session.save_path = "/var/lib/php/session" [root@pxe130 ~]# ll -d /var/lib/php/session/ drwxrwxrwx 2 root nginx 50 Jul 18 22:40 /var/lib/php/session/
三、爲其中一個站點設置爲https方式訪問
(1)建立CA
[root@pxe130 CA]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) [root@pxe130 CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3655 [root@pxe130 CA]# touch {serial,index.txt} [root@pxe130 CA]# echo 01> serial
(2)httpd服務生成密鑰及生成請求證書
[root@bogon ~]# mkdir /etc/nginx/ssl [root@bogon ~]# cd /etc/nginx/ssl/ [root@bogon ssl]# (umask 077;openssl genrsa -out /etc/nginx/ssl/nginx.key 2048) [root@bogon ssl]# openssl req -new -key /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.csr -days 365 scp nginx.csr [email protected]:/
(3)CA上籤署http證書申請:
[root@pxe130 CA]# openssl ca -in /nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 365 [root@pxe130 certs]# scp nginx.crt [email protected]:/etc/nginx/ssl
(4)編輯httpd配置文件:
server { listen 80; listen 443 ssl; ###指定使用ssl,且監聽443端口 ssl_certificate /etc/nginx/ssl/nginx.crt; ###指定公鑰路徑 ssl_certificate_key /etc/nginx/ssl/nginx.key; ###指定私鑰路徑 server_name www.maweijun.com; location / { root /web/host2; index index.php index.html index.htm; } location ~ \.php$ { root /web/host2; fastcgi_pass 192.168.1.110:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /web/host2/$fastcgi_script_name; include fastcgi_params; } }
(5)測試