实验需求:
1、CentOS 7,npm rpm包,php-fpm;
a) 一个虚拟主机提供wordpress,另一个虚拟主机提供phpmysamin;
b) 为phpMyAdmim提供https服务;实验环境:
Linux服务器操作系统版本:CentOS Linux release 7.2.1511 (Core) IP:172.16.252.113
WIN7系统客户机:IP:172.16.250.100实验前提:
1)关闭防火墙和SELinux
~]# service iptables stop
~]# setenforce 0
实验过程:
一、安装amp环境 1.yum包安装nmp # yum install nginx php-fpm php-mysql mariadb-server -y 1)检查是否成功安装包# rpm -qa nginx php-fpm php-mysql mariadb-server 2)启动服务# nginx# systemctl start mariadb 3)查看服务是否正常启动 # ss -nlt # ps aux | grep nginx # ps aux | grep myslq# ps aux | grep php-fpm 4)设置开机自动启动# systemctl enable httpd # systemctl enable mariadb 5)检查是否设置成开机自启动# systemctl is-enabled httpd# systemctl is-enabled mariadb2. 配置虚拟主机 1)创建虚拟主机目录和配置文件/conf.d/vhosts.conf# mkdir -pv /etc/nginx/conf.d/vhosts.conf 2)在nginx.conf中的http段添加如下内容include conf.d/*.conf; //包含自定义虚拟主机路径fastcgi_cache_path /var/cache/nginx/fastcgi levels=1:1 keys_zone=fcgicache:10m max_size=1g; //定义缓存路径,级别,缓存空间名称,磁盘缓存最大缓存数 3)创建缓存目录# mkdir -pv /var/cache/nginx/fastcgi 4)配置虚拟主机/conf.d/vhosts.confserver { listen 80; server_name www.yang.com; gzip on; gzip_disable chrome; gzip_types text/plain text/css text/xml application/xml application/json application/x-javascript;location / { root /web/host1/wordpress; index index.php index.html index.htm; } location ~ \.php$ { root /web/host1/wordpress; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /web/host1/wordpress/$fastcgi_script_name; fastcgi_cache fcgicache; fastcgi_cache_key $request_uri; fastcgi_cache_valid 200 10m; fastcgi_cache_valid 301 302 2m; fastcgi_cache_valid 404m; include fastcgi.conf; }}server { listen 80; server_name web.yang.com; root /web/host2/phpmyadmin; location / { index index.php index.html index.html;}location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /web/host2/phpmyadmin/$fastcgi_script_name; fastcgi_cache fcgicache; fastcgi_cache_key $request_uri; fastcgi_cache_valid 200 10m; fastcgi_cache_valid 301 302 2m; fastcgi_cache_valid 404 2m; include fastcgi.conf; }}server { ssl on; listen 443 ssl; server_name web.yang.com; root /web/host2/phpmyadmin; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_session_cache shared:SSL:5m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { index index.php index.html index.htm; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /web/host2/phpmyadmin/$fastcgi_script_name; fastcgi_cache fcgicache; fastcgi_cache_key $request_uri; fastcgi_cache_valid 200 10m; fastcgi_cache_valid 301 302 2m; fastcgi_cache_valid 404 3m; include fastcgi.conf; }}二、部署wordpress环境: 1)创建站点目录# mkdir /web/host1/ -pv 2)解压wordpress包# unzip wordpress-4.3.1-zh_CN.zip 3)拷贝到站点目录www1中# cp -R wordpress /web/host1/ 4)修改网站属主和属组# chown -R nginx.nginx /web/host1/wordpress 5)修改php-fpm.conf下的www.confuser = nginx group = nginx 6)登录数据库# mysql -uroot -p 7)为bolg创建数据库名为:wordpressMariaDB [(none)]> CREATE DATABASE wordpress; 8)查数据库是否创建成功MariaDB [(none)]> SHOW DATABASES;+--------------------+| Database |+--------------------+| information_schema || mysql || performance_schema || wordpress |+--------------------+4 rows in set (0.00 sec) 9)授权用户MariaDB [(none)]> GRANT ALL ON wordpress.* TO liyang@'localhost' IDENTIFIED BY 'liyang';Query OK,0 rows affected (0.03 sec)MariaDB [(none)]> GRANT ALL ON wordpress.* TO liyang@'172.16.%.%' IDENTIFIED BY 'liyang';Query OK,0 rows affected (0.00 sec) 10)改名wordpress配置文件为wp-config.php# cp wp-config-sample.php wp-config.php 11)修改wp-config.php文件连接数据库# sed -n '22,38p' /web/host1/wordpress/wp-config.php/** WordPress数据库的名称 */define('DB_NAME','wordpress');/** MySQL数据库用户名 */define('DB_USER','liyang');/** MySQL数据库密码 */define('DB_PASSWORD','liyang');/** MySQL主机 */define('DB_HOST','localhost');/** 创建数据表时默认的文字编码 */define('DB_CHARSET','utf8');/** 数据库整理类型。如不确定请勿更改 */define('DB_COLLATE',''); 三、测试 1)在服务器端添加域名解析# echo "172.16.66.60 www.yang.com" >> /etc/hosts 2)在PC中的hosts文件中添加172.16.66.60 www.yang.com 3)httpd-->php是否可以访问# cat admin.php <?php phpinfo();?> 4)httpd-->php--mariadb是否可以访问 5)在浏览器中,根据提示安装http://www.yang.com/index.php 6)查看数据库是否生成数据~]# mysql -uliyang -pMariaDB [(none)]> show databases;MariaDB [(none)]> use wordpress;MariaDB [wordpress]> show tables;+-----------------------+| Tables_in_wordpress |+-----------------------+| wp_commentmeta || wp_comments || wp_links || wp_options || wp_postmeta || wp_posts || wp_term_relationships || wp_term_taxonomy || wp_terms || wp_usermeta || wp_users |+-----------------------+11 rows in set (0.00 sec) 四、部署phpMyAdmin环境: 1)创建站点目录# mkdir /web/host2 2)解压phpMyAdmin包# unzip phpMyAdmin-4.4.14.1-all-languages.zip 3)拷贝到站点目录www2中# cp -r phpMyAdmin-4.4.14.1-all-languages /web/host2/ 4)创建软连接phpMyAdmin# ln -sv phpMyAdmin-4.4.14.1-all-languages/ phpmyadmin 5)修改网站属主和属组# chown -R nginx.nginx /web/host2/phpmyadmin 6)修改配置文件# cp config.sample.inc.php config.inc.php 7)生成随机数~]# openssl rand -hex 8 640b56f72820ace8 8)修改配置文件config.inc.php# vim config.inc.php $cfg['blowfish_secret'] = '640b56f72820ace8' 7)在浏览器中测试,根据提示输入数据库名和密码(主机账号和密码是授权wordpress中用户)在PC机浏览器中测试:http://web.yang.com/index.php 通过80端口访问 8)phpmyadmin错误:The mbstring extension is missing. Please check your PHP configuration.解决方法:# yum install php-mbstring -y 9)phpmyadmin错误:Error during session start; please check your PHP and/or webserver log file and configure your PHP i解决方法:# mkdir -pv /var/lib/php/session# chown -R nginx.nginx /var/lib/php/session/3.为phpMyAdmim提供https服务工作目录:/etc/pki/CA/一、建立私有CA 1)生成私钥[root@www CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)Generating RSA private key,2048 bit long modulus..............................................................................+++............+++e is 65537 (0x10001) 2)生成自签证书[root@www CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pemYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.',the field will be left blank.-----Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BeijingLocality Name (eg,city) [Default City]:BeijingOrganization Name (eg,company) [Default Company Ltd]:liyangOrganizational Unit Name (eg,section) []:Ops Common Name (eg,your name or your server's hostname) []:web.yang.comEmail Address []:admin@yang.com 3)提供辅助文件[root@localhost CA]# touch index.txt[root@localhost CA]# echo 01 > serial[root@localhost CA]# tree.├── cacert.pem├── certs├── crl├── index.txt├── index.txt.attr├── index.txt.old├── newcerts├── private│ └── cakey.pem├── serial└── serial.old二、节点申请证书 1)生成私钥# mkdir -pv /etc/httpd/sslssl]# (umask 077; openssl genrsa -out nginx.key 1024) 2)生成证书签署请求:[root@www ssl]# openssl req -new -key nginx.key -out nginx.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:BeijingLocality Name (eg,section) []:OpsCommon Name (eg,your name or your server's hostname) []:web.yang.comEmail Address []:admin@yang.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:ssl]# cp nginx.csr /tmp/三、CA签发证书 1)签署证书[root@www ~]# openssl ca -in /tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crtUsing configuration from /etc/pki/tls/openssl.cnfCheck that the request matches the signatureSignature okCertificate Details: Serial Number: 1 (0x1) Validity Not Before: Jul 29 11:11:37 2016 GMT Not After : Jul 29 11:11:37 2017 GMT Subject: countryName = CN stateOrProvinceName = Beijing organizationName = liyang organizationalUnitName = Ops commonName = web.yang.com emailAddress = admin@yang.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: F5:73:F0:F1:7F:B6:B6:5D:41:F1:ED:7A:69:FE:6F:8E:A6:59:41:42 X509v3 Authority Key Identifier: keyid:91:41:DA:D3:44:05:36:98:14:A7:81:D6:64:AC:D5:8E:EB:6E:D3:97Certificate is to be certified until Jul 29 11:11:37 2017 GMT (365 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified,commit? [y/n]yWrite out database with 1 new entriesData Base Updated 2)把签署好的证书发还给请求者。# cp /etc/pki/CA/certs/nginx.crt /etc/nginx/ssl/注意:本次私建CA和节点申请证书在同一台机器完成。 四、测试结果: 1)在PC机浏览器中测试:https://web.yang.com/index.php 通过443端口访问4.压力测试: 一、正常测试 1)测试wordpress并发# # ab -c 100 -n 200 http://www.yang.com/index.phpRequests per second: 389.38 [#/sec] (mean)Requests per second: 6949.27 [#/sec] (mean) 2)测试phpmyadmin http 并发# ab -c 100 -n 200 http://web.yang.com/index.php Requests per second: 5641.91 [#/sec] (mean)Requests per second: 54.74 [#/sec] (mean) 3)测试phpmyadmin https 并发# ab -c 100 -n 100 https://web.yang.com/index.php Requests per second: 44.32 [#/sec] (mean)Requests per second: 45.28 [#/sec] (mean)二、为php安装xcache加速器测试数据: 1)yum 安装php-xcache~]# yum install php-xcache 2)测试并发# ab -c 100 -n 200 http://web.yang.com/index.phpRequests per second: 44.77 [#/sec] (mean)# ab -c 100 -n 200 https://web.yang.com/index.phpRequests per second: 44.12 [#/sec] (mean)# ab -c 100 -n 200 http://www.yang.com/index.phpRequests per second: 109.11 [#/sec] (mean)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。