需求:
CentOS 7 lamp (module)
(1) 三者分離於兩臺主機
(2) 一個虛擬主機用於提供phpMyAdmin;另一個虛擬機用於提供wordpress;
(3) xcache
(4) 爲phpMyAdmin提供https虛擬主機
環境準備:
一:關閉selinux和iptables
setenforce 0 systemctl stop iptables
二:爲了方便測試,修改本機hosts,也可自行搭建DNS Server
修改文件:
Linux:/etc/hosts windows: \Windows\System32\drivers\etc\host
添加內容:
172.18.64.61 phpadmin.com 172.18.64.61 wordpress.com
實驗環境:
host1: apache + php 172.18.64.61 host2: mariadb 172.18.64.62 host3: 私有CA 172.18.64.63
Host 1
# yum install httpd php php-mysql -y
Host 2
# yum install mariadb-server # systemctl start mariadb mysql> create user 'root'@'172.18.64.%'; mysql> grant all on *.* to 'root'@'172.18.64.%' identified by '123456'; //phpadmin mysql> create database wordpress; mysql> create user 'wordpress'@'172.18.64.%'; mysql> grant all on wordpress.* to 'wordpress'@'172.18.64.%' identified by 'wordpress'; //wordpress
創建虛擬主機
一個虛擬機用於提供phpMyAdmin;另一個虛擬主機用於提供wordpress
Host1
一:註釋/etc/httpd/conf/httpd.conf 第119行
# DocumentRoot "/var/www/html"
二:配置虛擬主機
mkdir -pv /www/host1/phpadmin wordpress
三:獲取源碼
phpadmin
# cd /www/host1/phpadmin # wget # unzip phpMyAdmin-4.6.0-all-languages.zip # mv phpMyAdmin-4.6.0-all-languages phpmyadmin # cd phpmyadmin # cp config.sample.inc.php config.inc.php 生成隨機數 # openssl rand -base64 20 6rR4Nxjl7YEdSBXNQlxIMZ8TeVw 將生成的隨機數添加到config.inc.php: $cfg['blowfish_secret'] = 'Js/yatgOt2UBJMkKqkeJfFX9RKA'; 指定數據庫的IP地址 $cfg['Servers'][$i]['host'] = '10.0.0.62';
wordpress
官網:https://cn.wordpress.org
# cd /www/host1/wordpress # wget # unzip wordpress-4.5-zh_CN.tar.gz
壓力測試
ab
-n:總請求數
-c:模擬並行數
# ab -n 100 -c 100 http://www.phpadmin.com/index.php Requests per second: 6664.53 [#/sec] (mean) // 每秒處理請求數 6664
編譯安裝xcache
官網:http://xcache.lighttpd.net/
# yum install php-devel -y //xcache依賴php-devel # wget http://xcache.lighttpd.net/pub/Releases/3.2.0/xcache-3.2.0.tar.bz2 # tar xf xcache-3.2.0.tar.bz2 # cd xcache-3.2.0 # phpize # ./configure --enable-xcache --with-php-config=`which php-config` # make && make install # cp xcache.ini /etc/php.d # systemctl reload httpd Requests per second: 7642.92 [#/sec] (mean) // 性能提升1000
注意epel源中xcache的rpm包可能有問題,性能不升反降
提供https虛擬主機
爲phpMyAdmin提供https虛擬主機
申請數字證書:
host3 //創建私有CA # yum install openssl -y # (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) # openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem # touch /etc/pki/CA/{serial,index.txt} # echo 01 > /etc/pki/CA/serial host1: //在apache服務器創建證書籤署請求 # mkdir /etc/httpd/ssl; cd /etc/httpd/ssl # (umask 077;openssl genrsa -out httpd.key 1024) # openssl req -new -key httpd.key -out httpd.csr # scp httpd.csr [email protected]:/tmp //現實中用安全的辦法把 httpd.csr 交給 CA; 因爲這裏是測試,就用scp命令傳; host3: //CA簽證 # openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt # scp /etc/pki/CA/certs/httpd.crt [email protected]:/etc/httpd/ssl
配置httpd支持使用ssl
# yum install mod_ssl -y 查看模塊:httpd -M | grep ssl_mod 修改配置文件:/etc/httpd/conf.d/ssl.conf //這個配置文件會自動加載mod_ssl模塊 DocmentRoot "/www/host1/phpadmin/" ServerName www.phpadmin.com SSLCertificateFile /etc/httpd/ssl/httpd.crt SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
配置httpd的配置文件
此時的配置文件應該是這樣的:爲什麼呢,因爲我們之前只是定義了phpadmin允許80端口,但是並沒有允許443端口