一、環境介紹
系統:CentOS 6.7
軟件:httpd-2.2, mysql-5.3, wordpress-4.3, pma4.0
網絡:
pma.anyisalin.com部署MySQL, Bind, PMA, IP地址爲192.168.2.6
wp.anyisalin.com部署WordPress並且爲私有CA, IP地址爲192.168.2.7
dz.anyisalin.com部署Discuz, IP地址爲192.168.2.8
SELinux和iptables均爲關閉
wp和dz主機的DNS地址指向pma主機
涉及知識點:httpd配置, httpd中https配置, openssl, bind, mysql基礎知識, php安裝...
聲明:本文只介紹配置, 理論知識不進行說明
二、部署Bind和MySQL
我們在pma主機上配置bind, 如果不會bind的查看我的文章DNS and BIND配置指南
[root@pma ~]# yum install bind bind-utils httpd mysql-server php-mysql php-mbstring mod_ssl #使用yum安裝相關軟件 Loaded plugins: fastestmirror Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies # 中間內容過長省略 Installed: bind.x86_64 32:9.8.2-0.37.rc1.el6 bind-utils.x86_64 32:9.8.2-0.37.rc1.el6 httpd.x86_64 0:2.2.15-45.el6.centos mysql-server.x86_64 0:5.1.73-5.el6_6 Dependency Installed: apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 bind-libs.x86_64 32:9.8.2-0.37.rc1.el6 httpd-tools.x86_64 0:2.2.15-45.el6.centos mailcap.noarch 0:2.1.31-2.el6 mysql.x86_64 0:5.1.73-5.el6_6 perl-DBD-MySQL.x86_64 0:4.013-3.el6 perl-DBI.x86_64 0:1.609-4.el6 portreserve.x86_64 0:0.0.4-9.el6 Complete!
使用Bind配置DNS服務器達到效果如下
[root@pma named]# host -t A pma.anyisalin.com 192.168.2.6 Using domain server: Name: 192.168.2.6 Address: 192.168.2.6#53 Aliases: pma.anyisalin.com has address 192.168.192.6 [root@pma named]# host -t A wp.anyisalin.com 192.168.2.6 Using domain server: Name: 192.168.2.6 Address: 192.168.2.6#53 Aliases: wp.anyisalin.com has address 192.168.192.7 [root@pma named]# host -t A dz.anyisalin.com 192.168.2.6 Using domain server: Name: 192.168.2.6 Address: 192.168.2.6#53 Aliases: dz.anyisalin.com has address 192.168.192.8
創建數據庫和相應用戶並賦予權限
[root@pma named]# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 Server version: 5.1.73 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> GRANT ALL ON wpdb.* TO 'wpuser'@'%' IDENTIFIED BY 'passwd'; #賦予wpuser用戶對wpdb數據庫的所有權限, 並設置密碼爲passwd Query OK, 0 rows affected (0.00 sec) mysql> GRANT ALL ON dzdb.* TO 'dzuser'@'%' IDENTIFIED BY 'passwd'; #賦予dzuser用戶對dzdb數據庫的所有權限, 並設置密碼爲passwd Query OK, 0 rows affected (0.00 sec) mysql> CREATE DATABASE wpdb; #創建wpdb數據庫 Query OK, 1 row affected (0.00 sec) mysql> CREATE DATABASE dzdb; #創建dzdb數據庫 Query OK, 1 row affected (0.00 sec)
三、部署WordPress
[root@wp ~]# yum install httpd php php-mysql -y #安裝相應軟件 Loaded plugins: fastestmirror Setting up Install Process Determining fastest mirrors anyisalin | 4.0 kB 00:00 ... anyisalin/primary_db | 4.6 MB 00:00 ... Resolving Dependencies --> Running transaction check #過程太長, 中間省略 12/12 Installed: httpd.x86_64 0:2.2.15-45.el6.centos php.x86_64 0:5.3.3-40.el6_6 php-mysql.x86_64 0:5.3.3-40.el6_6 Dependency Installed: apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 httpd-tools.x86_64 0:2.2.15-45.el6.centos libedit.x86_64 0:2.11-4.20080712cvs.1.el6 mailcap.noarch 0:2.1.31-2.el6 php-cli.x86_64 0:5.3.3-40.el6_6 php-common.x86_64 0:5.3.3-40.el6_6 php-pdo.x86_64 0:5.3.3-40.el6_6 Complete!
配置虛擬主機
[root@wp ~]# vim /etc/httpd/conf.d/wp.conf #配置如下 NameVirtualHost 192.168.2.7:80 <VirtualHost *:80> ServerName wp.anyisalin.com DocumentRoot /var/www/wp/ </VirtualHost>
下載WordPress
[root@wp ~]# wget -O /var/www/wp/wordpress.zip https://cn.wordpress.org/wordpress-4.4.2-zh_CN.zip # 下載wordpress到指定目錄 --2016-03-23 17:26:22-- https://cn.wordpress.org/wordpress-4.4.2-zh_CN.zip Resolving cn.wordpress.org... 66.155.40.249, 66.155.40.250 Connecting to cn.wordpress.org|66.155.40.249|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 8168125 (7.8M) [application/zip] Saving to: “/var/www/wp/wordpress.zip” 100%[===================================================================================================================================================>] 8,168,125 277K/s in 43s 2016-03-23 17:27:06 (187 KB/s) - “/var/www/wp/wordpress.zip” saved [8168125/8168125] [root@wp ~]#
配置WordPress
[root@wp wp]# unzip wordpress.zip #解壓縮wordpress安裝包
inflating: wordpress/wp-content/themes/twentysixteen/search.php
inflating: wordpress/wp-content/themes/twentysixteen/searchform.php
inflating: wordpress/wp-content/themes/twentysixteen/page.php
creating: wordpress/wp-content/themes/twentysixteen/template-parts/
#過程省略
inflating: wordpress/wp-signup.php
inflating: wordpress/readme.html
inflating: wordpress/wp-config-sample.php
inflating: wordpress/wp-blog-header.php
inflating: wordpress/wp-links-opml.php
[root@wp wp]# cd wordpress #進入安裝目錄
[root@wp wordpress]# cp wp-config-sample.php wp-config.php #複製其配置模板然後配置
[root@wp wordpress]# vim wp-config.php #按自己的參數進行配置
/** WordPress數據庫的名稱 */
define('DB_NAME', 'wpdb');
/** MySQL數據庫用戶名 */
define('DB_USER', 'wpuser');
/** MySQL數據庫密碼 */
define('DB_PASSWORD', 'passwd');
/** MySQL主機 */
define('DB_HOST', '192.168.2.6');
[root@wp wordpress]# service httpd restart #重啓httpd 服務
Stopping httpd: [FAILED]
Starting httpd:
httpd: Could not reliably determine the server's fully qualified domain name, using wp.anyisalin.com for ServerName
[Wed Mar 23 17:32:51 2016] [warn] NameVirtualHost 192.168.2.7:80 has no VirtualHosts
[ OK ]
[root@wp wordpress]# ln -sv wp wordpress.zip測試WordPress
如果想查看詳細安裝過程, 請看我以前寫的博客 CentOS/RHEL6.5中使用WordPress快速建站
四、部署Discuz
[root@dz ~]# yum install httpd php php-mysql -y #安裝相應軟件 Loaded plugins: fastestmirror Setting up Install Process Determining fastest mirrors anyisalin | 4.0 kB 00:00 ... anyisalin/primary_db | 4.6 MB 00:00 ... Resolving Dependencies --> Running transaction check #過程太長, 中間省略 12/12 Installed: httpd.x86_64 0:2.2.15-45.el6.centos php.x86_64 0:5.3.3-40.el6_6 php-mysql.x86_64 0:5.3.3-40.el6_6 Dependency Installed: apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 httpd-tools.x86_64 0:2.2.15-45.el6.centos libedit.x86_64 0:2.11-4.20080712cvs.1.el6 mailcap.noarch 0:2.1.31-2.el6 php-cli.x86_64 0:5.3.3-40.el6_6 php-common.x86_64 0:5.3.3-40.el6_6 php-pdo.x86_64 0:5.3.3-40.el6_6 Complete!
配置虛擬主機
[root@dz ~]# vim /etc/httpd/conf.d/wp.conf #配置如下 NameVirtualHost 192.168.2.7:80 <VirtualHost *:80> ServerName dz.anyisalin.com DocumentRoot /var/www/dz </VirtualHost>
下載Discuz
[root@dz ~]# wget -O /var/www/dz/dz.zip http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip #下載discuz到相應目錄 --2016-03-24 04:54:19-- http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_UTF8.zip Resolving download.comsenz.com... 101.227.130.115 Connecting to download.comsenz.com|101.227.130.115|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 12486177 (12M) [application/zip] Saving to: “/var/www/dz/dz.zip” 100%[===================================================================================================================================================>] 12,486,177 7.65M/s in 1.6s 2016-03-24 04:54:21 (7.65 MB/s) - “/var/www/dz/dz.zip” saved [12486177/12486177] [root@dz ~]# cd /var/www/dz/ [root@dz ~]# unzip dz.zip inflating: utility/convert/source/uch2.0_x2.0/table/home_blogfield.php inflating: utility/convert/source/uch2.0_x2.0/table/home_class.php inflating: utility/convert/source/uch2.0_x2.0/table/home_click.php inflating: utility/convert/source/uch2.0_x2.0/table/home_clickuser.php inflating: utility/convert/source/uch2.0_x2.0/table/home_comment.php #過程過長省略 inflating: utility/oldprg/uchome/space.php inflating: utility/restore.php inflating: utility/update.php [root@dz upload]# service httpd restart #重啓httpd服務 Stopping httpd: [ OK ] Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using dz.anyisalin.com for ServerName [Thu Mar 24 04:59:26 2016] [warn] NameVirtualHost 192.168.2.8:80 has no VirtualHosts [ OK ] [root@dz ]# cd upload [root@dz upload]# chmod 777 * -R #待會要用
配置Discuz(通過網頁配置)
輸入此URL進入安裝界面
五、部署PMA
現在我們的Application 都已經搭建好了,由於我們的數據都在pma主機的數據庫上,是非常便於管理的,我們可以通過安裝phpMyAdmin去管理
配置虛擬主機(軟件我們一開始已經安裝過了)
[root@pma ~]# vim /etc/httpd/conf.d/virt.conf NameVirtualHost 192.168.2.6:80 <VirtualHost *:80> ServerName pma.anyisalin.com DocumentRoot /var/www/pma </VirtualHost>
下載PhpMyAdmin(由於我的MySQL版本太低, 所以用phpMyAdmin-4.0的
[root@pma www]# wget https://files.phpmyadmin.net/phpMyAdmin/4.0.10.15/phpMyAdmin-4.0.10.15-english.zip --2016-03-23 18:23:48-- https://files.phpmyadmin.net/phpMyAdmin/4.0.10.15/phpMyAdmin-4.0.10.15-english.zip Resolving files.phpmyadmin.net... 61.191.206.4 Connecting to files.phpmyadmin.net|61.191.206.4|:443... failed: Connection refused. [root@pma www]# [root@pma www]# wget https://files.phpmyadmin.net/phpMyAdmin/4.0.10.15/phpMyAdmin-4.0.10.15-english.zip --2016-03-23 18:24:12-- https://files.phpmyadmin.net/phpMyAdmin/4.0.10.15/phpMyAdmin-4.0.10.15-english.zip Resolving files.phpmyadmin.net... 37.235.108.9 Connecting to files.phpmyadmin.net|37.235.108.9|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 4923535 (4.7M) [application/zip] Saving to: “phpMyAdmin-4.0.10.15-english.zip” 100%[===================================================================================================================================================>] 4,923,535 45.4K/s in 3m 59s 2016-03-23 18:28:13 (20.1 KB/s) - “phpMyAdmin-4.0.10.15-english.zip” saved [4923535/4923535] [root@pma www]# unzip phpMyAdmin-4.0.10.15-english #解壓 inflating: phpMyAdmin-4.0.10.15-english/js/sql.js inflating: phpMyAdmin-4.0.10.15-english/js/tbl_change.js inflating: phpMyAdmin-4.0.10.15-english/js/tbl_chart.js inflating: phpMyAdmin-4.0.10.15-english/js/tbl_gis_visualization.js inflating: phpMyAdmin-4.0.10.15-english/js/tbl_relation.js #過程太長,省略 inflating: phpMyAdmin-4.0.10.15-english/js/tbl_select.js inflating: phpMyAdmin-4.0.10.15-english/js/tbl_structure.js inflating: phpMyAdmin-4.0.10.15-english/js/tbl_zoom_plot_jqplot.js inflating: phpMyAdmin-4.0.10.15-english/js/whitelist.php creating: phpMyAdmin-4.0.10.15-english/libraries/ inflating: phpMyAdmin-4.0.10.15-english/libraries/Advisor.class.php inflating: phpMyAdmin-4.0.10.15-english/libraries/Config.class.php inflating: phpMyAdmin-4.0.10.15-english/libraries/DBQbe.class.php inflating: phpMyAdmin-4.0.10.15-english/libraries/DbSearch.class.php inflating: phpMyAdmin-4.0.10.15-english/libraries/DisplayResults.class.php inflating: phpMyAdmin-4.0.10.15-english/libraries/Error.class.php inflating: phpMyAdmin-4.0.10.15-english/libraries/Error_Handler.class.php [root@pma www]# ln -sv phpMyAdmin-4.0.10.15-english pma #建立軟鏈接 `pma' -> `phpMyAdmin-4.0.10.15-english' [root@pma www]# service httpd restart #重啓httpd服務 Stopping httpd: [FAILED] Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using pma.anyisalin.com for ServerName [Wed Mar 23 18:32:02 2016] [warn] NameVirtualHost 192.168.2.6:80 has no VirtualHosts [ OK ] [root@pma www]#
測試(一定要安裝php-mbstring)
六、部署PMA爲https
由於我們的數據庫安全至關重要,所以要對pma.anyisalin.com進行加密
將wp主機建立成私有CA
[root@wp CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) Generating RSA private key, 2048 bit long modulus ...............................................................................................+++ ......+++ e is 65537 (0x10001) [root@wp CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 7300 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HeFei Locality Name (eg, city) [Default City]:HeFei Organization Name (eg, company) [Default Company Ltd]:AnyISalIn Organizational Unit Name (eg, section) []:OPS Common Name (eg, your name or your server's hostname) []:wp.anyisalin.com Email Address []:mail.anyisalin.com [root@wp CA]# touch index.txt [root@wp CA]# echo 01 > serial
PMA主機生成私鑰和證書
[root@pma certs]# cd /etc/httpd/ [root@pma httpd]# mkdir certs/ [root@pma httpd]# cd certs/ [root@pma certs]# (umask 077; openssl genrsa -out httpd.key 1024) Generating RSA private key, 1024 bit long modulus .......................................++++++ .......................................................................................++++++ e is 65537 (0x10001) [root@pma certs]# openssl req -new -key httpd.key -out http.csr -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:HeFei Locality Name (eg, city) [Default City]:HeFei Organization Name (eg, company) [Default Company Ltd]:AnyISalIn Organizational Unit Name (eg, section) []:OPS Common Name (eg, your name or your server's hostname) []:pma.anyisalin.com Email Address []:mail.anyisalin.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@pma certs]# scp http.csr 192.168.2.7:/etc/pki/CA The authenticity of host '192.168.2.7 (192.168.2.7)' can't be established. RSA key fingerprint is af:4e:d8:d7:41:04:f4:3a:66:ba:ca:b4:b0:c0:86:e8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.2.7' (RSA) to the list of known hosts. [email protected]'s password: http.csr 100% 704 0.7KB/s 00:00 [root@pma certs]#
wp主機簽署證書
[root@wp CA]# openssl ca -in http.csr -out certs/httpd.crt Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Mar 23 22:54:29 2016 GMT Not After : Mar 23 22:54:29 2017 GMT Subject: countryName = CN stateOrProvinceName = HeFei organizationName = AnyISalIn organizationalUnitName = OPS commonName = pma.anyisalin.com emailAddress = mail.anyisalin.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: F0:B1:A8:2E:36:72:E5:D9:F7:20:22:61:67:49:29:63:7E:3E:37:24 X509v3 Authority Key Identifier: keyid:BE:1B:E0:D0:B5:54:12:22:99:68:03:9D:BA:7A:01:E9:A4:AD:ED:5B Certificate is to be certified until Mar 23 22:54:29 2017 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated [root@wp CA]# scp certs/httpd.crt 192.168.2.6:/etc/httpd/certs The authenticity of host '192.168.2.6 (192.168.2.6)' can't be established. RSA key fingerprint is af:4e:d8:d7:41:04:f4:3a:66:ba:ca:b4:b0:c0:86:e8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.2.6' (RSA) to the list of known hosts. [email protected]'s password: httpd.crt 100% 3879 3.8KB/s 00:00 [root@wp CA]#
配置PMA主機支持SSL
mod_ssl軟件開始已經安裝過,我們直接修改虛擬主機配置文件
[root@pma certs]# vim /etc/httpd/conf.d/virt.conf #必須註釋/etc/httpd/conf/httpd.conf中DocumentRoot Listen 443 <VirtualHost 192.168.2.6:443> ServerName pma.anyisalin.com DocumentRoot /var/www/pma SSLengine ON SSLprotocol ALL -sslv2 -sslv3 SSLcertificatefile /etc/httpd/certs/httpd.crt SSLcertificatekeyfile /etc/httpd/certs/httpd.key </VirtualHost> [root@pma conf.d]# service httpd start #啓動httpd Starting httpd: [Wed Mar 23 19:21:39 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [Wed Mar 23 19:21:39 2016] [warn] NameVirtualHost 192.168.2.6:443 has no VirtualHosts [ OK ]
測試
導入CA證書
刷新頁面
七、總結
總結了近兩天所學的知識,能夠熟悉的在LAMP環境下部署Web Application,並且簡單的使用MySQL,還是很有收穫的,但是在https配置上還有點不熟,還有待提高。
作者:AnyISalIn
QQ:1449472454; 歡迎大家加QQ交流