系統環境:centos7,httpd-2.4,php-5.5,mariadb5.5
192.168.1.20 httpd
192.168.1.30 PHP
192.168.1.40 mariadb
修改客戶機hosts文件
[root@bogon Desktop]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.20 www.pma.com www.wp.com
在192.168.1.20上安裝httpd服務
[root@localhost yum.repos.d]# yum -yinstall httpd
修改mpm編輯模塊爲event
[root@localhost yum.repos.d]# cd/etc/httpd/conf.modules.d/ [root@localhost conf.modules.d]# vim00-mpm.conf
# Select the MPM module which should beused by uncommenting exactly # one of the following LoadModule lines: # prefork MPM: Implements a non-threaded, pre-forkingweb server # See:http://httpd.apache.org/docs/2.4/mod/prefork.html #LoadModulempm_prefork_module modules/mod_mpm_prefork.so # worker MPM: Multi-Processing Moduleimplementing a hybrid # multi-threaded multi-process web server # See: http://httpd.apache.org/docs/2.4/mod/worker.html # #LoadModule mpm_worker_modulemodules/mod_mpm_worker.so # event MPM: A variant of the worker MPMwith the goal of consuming # threads only for connections with activeprocessing # See: http://httpd.apache.org/docs/2.4/mod/event.html # LoadModulempm_event_module modules/mod_mpm_event.so
編輯wordpress虛擬主機配置文件
[root@localhost conf.d]# cd/etc/httpd/conf.d [root@localhost conf.d]# vim wp.conf <VirtualHost *:80> ServerName www.wp.com DocumentRoot /wordpress/wordpress ProxyRequests off DirectoryIndex index.php ProxyPassMatch ^/(.*.php)$fcgi://192.168.1.30:9000/wordpress/wordpress/$1 <Directory "/wordpress/wordpress"> Options None AllowOverride None Require all granted </Directory> </VirtualHost>
編輯phpmyadmin虛擬主機配置文件
[root@localhost conf.d]# vim pma.conf <VirtualHost *:80> ServerName www.pma.com DocumentRoot /usr/share/phpMyAdmin ProxyRequests off DirectoryIndex index.php ProxyPassMatch ^/(.*.php)$fcgi://192.168.1.30:9000/usr/share/phpMyAdmin/$1 <Directory "/usr/share/phpMyAdmin"> Options None AllowOverride None Require all granted </Directory> </VirtualHost>
創建相應文件夾
[root@localhost conf.d]# mkdir -p/usr/share/phpMyAdmin
重新加載httpd服務
[root@localhost conf.d]# systemctl reloadhttpd
在192.168.1.30上安裝php-fpmphp-mysql
[root@bogon ~]# yum install -y php-fpmphp-mysql
修改php-fpm配置文件,將監聽IP地址改爲本機地址
[root@bogon ~]# cd /etc/php-fpm.d/ [root@bogon php-fpm.d]# vim www.conf listen = 192.168.1.30:9000 ###通過網絡連接可用的IP及端口 listen.allowed_clients = 192.168.1.20 ###允許那臺主機連接至本機
啓動php-rpm
[root@bogon php-fpm.d]# systemctl statusphp-fpm
在192.168.1.40上安裝mariadb
[root@localhost yum.repos.d]# yum -yinstall mariadb-service mariadb
創建數據庫wpdb
MariaDB [(none)]> grant all on wpdb.* towpuser@'192.168.%.%' identified by 'pass'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> create database wpdb; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec)ry OK,0 rows affected (0.00 sec)
創建phpmyadmin用賬號
MariaDB [(none)]> create userpma@'192.168.%.%' identified by 'mppass'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on *.* topma@'192.168.%.%' identified by 'mppass'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flash privileges; Query OK, 0 rows affected (0.00 sec)
安裝WordPress(這裏是直接將WordPress在windows中直接拷貝入linux中)
[root@localhost conf.d]# cd /wordpress/ [root@localhost wordpress]# unzipwordpress-4.5.3-zh_CN.zip [root@localhost wordpress]# cd/wordpress/wordpress/
修改配置文件
[root@localhost wordpress]# mvwp-config-sample.php wp-config.php [root@localhost wordpress]# vimwp-config.php
// ** MySQL 設置 - 具體信息來自您正在使用的主機 ** // /** WordPress數據庫的名稱*/ define('DB_NAME', 'wpdb'); /** MySQL數據庫用戶名 */ define('DB_USER', 'wpuser'); /** MySQL數據庫密碼 */ define('DB_PASSWORD', 'wppass'); /** MySQL主機 */ define('DB_HOST', '192.168.1.40');
配置好數據庫後進行www.wp.com的驗證
PS:若顯示亂碼,在httpd服務器對應虛擬主機DocumentRoot安裝wordpress,即可。
安裝phpmyadmin
[root@localhost conf.d]# yum -y installphpmyadmin
添加mysql的服務器地址
$cfg['Servers'][$i]['host'] = '192.168.1.40'; // MySQL hostnameor IP address
修改phpMyAdmin的配置信息
[root@localhost phpMyAdmin]# cd/etc/phpMyAdmin/ [root@localhost phpMyAdmin]# vimconfig.inc.php
登錄驗證
PS:若顯示亂碼,在httpd服務器對應虛擬主機DocumentRoot安裝phpMyAdmin,即可。
爲phpMyAdmin提供https
https以來於mod_ssl模塊,在httpd服務器中安裝
[root@localhost~]# yum -y install mod_ssl
192.168.1.12生成字簽證書
[root@localhost~]# cd /etc/pki/CA/ [root@localhostCA]# (umask 077;openssl genrsa -out private/cakey.pem 1024) GeneratingRSA private key, 1024 bit long modulus ...................................................++++++ ..++++++ e is65537 (0x10001)
[root@localhostCA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem Youare about to be asked to enter information that will be incorporated intoyour certificate request. Whatyou are about to enter is what is called a Distinguished Name or a DN. Thereare quite a few fields but you can leave some blank Forsome fields there will be a default value, Ifyou enter '.', the field will be left blank. ----- CountryName (2 letter code) [XX]:CN Stateor Province Name (full name) []:beijing LocalityName (eg, city) [Default City]:beijing OrganizationName (eg, company) [Default Company Ltd]:pma OrganizationalUnit Name (eg, section) []:pma CommonName (eg, your name or your server's hostname) []:pma.admin.com EmailAddress []:[email protected]
創建結構文件
[root@localhost CA]# touch index.txt [root@localhost CA]# echo 01 > serial
切換至ssl目錄
[root@localhost httpd]# cd ssl/
生成證書申請請求
[root@localhostssl]# openssl req -new -key httpd.key -out httpd.csr Youare about to be asked to enter information that will be incorporated intoyour certificate request. Whatyou are about to enter is what is called a Distinguished Name or a DN. Thereare quite a few fields but you can leave some blank Forsome fields there will be a default value, Ifyou enter '.', the field will be left blank. ----- CountryName (2 letter code) [XX]:CN Stateor Province Name (full name) []:beijing LocalityName (eg, city) [Default City]:beijing OrganizationName (eg, company) [Default Company Ltd]:pma OrganizationalUnit Name (eg, section) []:pma CommonName (eg, your name or your server's hostname) []:www.pma.com EmailAddress []:[email protected] Pleaseenter the following 'extra' attributes to besent with your certificate request Achallenge password []: Anoptional company name []:
將所需簽名證書複製至CA服務器的tmp目錄
[root@localhostssl]# scp httpd.csr 192.168.1.12:/tmp Theauthenticity of host '192.168.1.12 (192.168.1.12)' can't be established. ECDSAkey fingerprint is 4b:8b:6d:c8:53:c4:7e:ff:dd:26:a2:b9:67:1d:ab:cd. Areyou sure you want to continue connecting (yes/no)? yes Warning:Permanently added '192.168.1.12' (ECDSA) to the list of known hosts.
切換至tmp目錄
[root@localhosttmp]# cd /tmp
給服務器簽發證書
[root@localhosttmp]# openssl ca -in httpd.csr -out httpd.crt Usingconfiguration from /etc/pki/tls/openssl.cnf Checkthat the request matches the signature Signatureok CertificateDetails: Serial Number: 1 (0x1) Validity Not Before: Jul 21 02:38:25 2016GMT Not After : Jul 21 02:38:25 2017GMT Subject: countryName = CN stateOrProvinceName = beijing organizationName = pma organizationalUnitName = pma commonName = www.pma.com emailAddress = [email protected] X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 24:A6:69:18:F6:C5:DC:24:84:F1:B9:DE:EB:7D:E3:CA:F7:8A:C0:8F X509v3 Authority Key Identifier: keyid:AB:49:C7:C7:F5:16:B8:6F:31:56:D2:9B:56:A6:81:0C:F9:C1:53:56 Certificateis to be certified until Jul 21 02:38:25 2017 GMT (365 days) Signthe certificate? [y/n]:y 1 outof 1 certificate requests certified, commit? [y/n]y Writeout database with 1 new entries DataBase Updated 將簽發好的證書發送至httpd服務器 [root@localhosttmp]# scp httpd.crt 172.16.252.173:/etc/httpd/ssl Theauthenticity of host '172.16.252.173 (172.16.252.173)' can't be established. ECDSAkey fingerprint is d3:71:51:da:74:25:b2:af:b6:d2:d4:98:9a:cd:f4:ee. Areyou sure you want to continue connecting (yes/no)? yes Warning:Permanently added '172.16.252.173' (ECDSA) to the list of known hosts. [email protected]'spassword: httpd.crt 在httpd服務器配置ssl.conf文件 修改頁面默認路徑 # General setup for the virtual host,inherited from global configuration #DocumentRoot "/var/www/html" #ServerName www.example.com:443 DocumentRoot"/usr/share/phpMyAdmin"
配置證書所在路徑
# Server Certificate: #Point SSLCertificateFile at a PEM encoded certificate. If # thecertificate is encrypted, then you will be prompted for a #pass phrase. Note that a kill -HUP willprompt again. A new #certificate can be generated using the genkey(1) command. SSLCertificateFile/etc/httpd/ssl/httpd.crt # Server Private Key: # If the key is not combined with thecertificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key youcan configure # both in parallel (to also allow the use ofDSA ciphers, etc.) SSLCertificateKeyFile/etc/httpd/ssl/httpd.key
進行訪問驗證: