###############################################################################
环境准备:
一台服务器启用三个虚拟主机实现不同的功能:
vhost1:用于连接后端数据库;
vhost2:提供博客
vhost3:提供论坛
各个主机名规划:
IP:10.76.249.150
vhost1: www.pma.zrd.com, phpMyAdmin, 同时提供https服务;
vhost2: www.wp.zrd.com, wordpress
vhost3: www.dz.zrd.com, Discuz
主目录:
vhost1:/www/pma/phpmyadmin
vhost2:/www/wp/wordpress
vhost3:/www/dz
#########################设置防火墙主机名 IP HOST #########################################
主机状态:
[root@zrd ~]# cat /etc/redhat-release #版本
CentOS Linux release7.1.1503 (Core)
停用禁用防火墙
#停用防火墙#
[root@zrd ~]# systemctl stop fiewalld
#禁用防火墙#
[root@zrd ~]# systemctl disable fiewalld
#查看防火墙状态#
[root@zrd~]# systemctl status firewalld #防火墙状态
firewalld.service -firewalld - dynamic firewall daemon
Loaded: loaded(/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
#设置主机名#
[root@zrd ~]# hostnamectl set-hostname zrd
#查看主机名#
[root@zrd ~]# hostnamectl
Static hostname: zrd #静态主机名
Icon name: computer-vm
Chassis: vm
Machine ID:099c7bc54ae14b75ad480d1c740cea6a
Boot ID:cd2612a4c67d4a04a6907ff0ef926649
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-229.el7.x86_64
Architecture: x86_64 #架构
设置静态IP
[root@zrd ~]# nmtui
重启网络服务
[root@zrd ~]# systemctl restart network
查看IP
[root@zrd~]# ip a #IP
1: lo:
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736:
link/ether 00:0c:29:2e:11:d9 brdff:ff:ff:ff:ff:ff
inet 10.76.249.150/24 brd 10.76.249.255scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2e:11d9/64 scopelink
valid_lft forever preferred_lft forever
修改HOST文件
[root@zrd ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4localhost4.localdomain4
::1 localhost localhost.localdomainlocalhost6 localhost6.localdomain6
#前两行不要删除
10.76.249.150zrd
10.76.249.150 www.pma.zrd.com
10.76.249.150 www.wp.zrd.com
10.76.249.150 www.dz.zrd.com
下载phpMyAdmin-4.4.15-all-languages.tar.xz (注意:phpMyAdmin版本不能高于php所支持的版本)
https://files.phpmyadmin.net/phpMyAdmin/4.4.15/phpMyAdmin-4.4.15-all-languages.tar.xz
################################ 全局配置文件 #######################################
软件安装:
[root@zrd ~]# yum install httpd mariadb mariadb-server php php-mbstring php-mysqlmod_ssl -y
备份配置文件
[root@zrd ~]# mkdir /tmp/httpd_bakup_dir
[root@zrd ~]# cp -a /etc/httpd /tmp/httpd_bakup_dir
[root@zrd~]# ls /tmp/httpd_bakup_dir
httpd
创建虚拟主机配置文件:
[root@www~]# vim/etc/httpd/conf.d/vhostpam.conf
#------------------------------------------------------- # Vhost 1 ### www.pma.zrd.com #Start## # www.pma.zrd.com #提供phpadmin 连接mariadb # ServerName www.pma.zrd.com
# 注意下面这行末尾不要带 / DocumentRoot "/www/pma/phpmyadmin" Options None # 下一行这样设置就可以在网站文件的目录中使用 .htaccess AllowOverride All # 下一行是替代 Allow from all 的新机制 Require all granted ErrorLog /var/log/httpd/pma.zrd.com.error.log CustomLog /var/log/httpd/pma.zrd.com.access.log combined ######### www.pma.zrd.com #End## #------------------------------分割线---------------------------------------# # Vhost 2 ######### www.wp.zrd.com #start## # #提供 wordpress论坛 # ServerName www.wp.zrd.com DocumentRoot "/www/wp/wordpress" Options None AllowOverride All Require all granted ErrorLog /var/log/httpd/wp.zrd.com.error.log CustomLog /var/log/httpd/wp.zrd.com.access.log combined ######### www.wp.zrd.com #END##
#------------------------------分割线---------------------------------------# # Vhost 3 ######### www.dz.zrd.com #start## # #提供 Discuz论坛 # ServerName www.dz.zrd.com DocumentRoot "/www/dz" DirectoryIndex index.html index.htm Options None AllowOverride All Require all granted ErrorLog /var/log/httpd/dz.zrd.com.error.log CustomLog /var/log/httpd/dz.zrd.com.access.log combined ######### www.dz.zrd.com #END## |
创建各个网站目录:
[root@zrd~]# mkdir /www/{pma,wp,dz} -pv
mkdir: createddirectory ‘/www’
mkdir: createddirectory ‘/www/pma’
mkdir: createddirectory ‘/www/wp’
mkdir: createddirectory ‘/www/dz’
[root@zrd ~]# chmod 650 -R /www
####################phpMyAdmin配置####################
#下载好的phpMyAdmin-4.4.15-all-languages.tar.xz 上传到/www/pma目录下
1.解压 [root@www pma]# ls phpMyAdmin-4.4.15-all-languages.tar.xz [root@www pma]# pwd /www/pma [root@www pma]# tar xf phpMyAdmin-4.4.15-all-languages.tar.xz [root@www pma]# ls phpMyAdmin-4.4.15-all-languages phpMyAdmin-4.4.15-all-languages.tar.xz [root@www pma]# mv phpMyAdmin-4.4.15-all-languages phpmyadmin [root@www pma]# cd phpmyadmin [root@www phpmyadmin]#
2.编辑PHP初始配置文件
[root@zrd phpmyadmin]# pwd /www/pma/phpmyadmin [root@zrd phpmyadmin]# cp config.sample.inc.php config.inc.php #拷贝配置文件
[root@zrd phpmyadmin]# vim config.inc.php $cfg['blowfish_secret'] = 'adsfasdfasdfasasdfasdfjoijewrg'; /* 填入随机字符YOU MUST FILL IN THIS FOR COOKIE AUTH! */
################ mysql部分############################# [root@zrd phpmyadmin]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 13 Server version: 5.5.41-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> MariaDB [(none)]> use mysql; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A
Database changed MariaDB [mysql]> UPDATE user set password=PASSWORD('changan') WHERE User='root'; Query OK, 0 rows affected (0.00 sec) Rows matched: 4 Changed: 0 Warnings: 0 MariaDB [mysql]> SELECT User,Host,Password FROM user; +------+-----------+-------------------------------------------+ | User | Host | Password | +------+-----------+-------------------------------------------+ | root | localhost | *14E84A13D0A9FCEDFA436122589D79EDCE3D637F | | root | wordpress | *14E84A13D0A9FCEDFA436122589D79EDCE3D637F | | root | 127.0.0.1 | *14E84A13D0A9FCEDFA436122589D79EDCE3D637F | | root | ::1 | *14E84A13D0A9FCEDFA436122589D79EDCE3D637F | +------+-----------+-------------------------------------------+ 4 rows in set (0.00 sec) MariaDB [mysql]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
############################################## [root@zrd phpmyadmin]# pwd /www/pma/phpmyadmin [root@zrd phpmyadmin]# chmod 650 -R . [root@zrd phpmyadmin]# chown :apache -R .
重启httpd服务 [root@www phpmyadmin]# systemctl restart httpd |
##############测试 ###############################
http://www.pma.zrd.com/phpmyadmin/
windowshost需要修改
浏览器测试输入数据库账号密码
##################################################################################
# 配置https 配置Https时将原来定义的此主机的配置/etc/httpd/conf.d/vhostpam.conf vhost1
# 内容删去(如果不做https功能此步骤可以略过)
##################################################################################
#### 以下步骤 CA服务器和客户端都是同一台服务器,所以客户端不需要 ####单独发送证书签署请求到CA服务 ##CA 自签证书 [root@ca ~]# cd /etc/pki/CA [root@zrd CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) #生成私钥 Generating RSA private key, 2048 bit long modulus ...............................................+++ .......................+++ e is 65537 (0x10001) [root@zrd CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) #提取公钥 Generating RSA private key, 2048 bit long modulus ...............................................+++ .......................+++ e is 65537 (0x10001) [root@zrd CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 #对公钥进行签证 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:China Locality Name (eg, city) [Default City]:bei jing Organization Name (eg, company) [Default Company Ltd]:zrd company Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:www.ca.com Email Address []:[email protected]
[root@zrd CA]# touch index.txt serial crlnumber [root@zrd CA]# echo 01 >serial #创建证书序列号,只有第一次时需要,以后都不需要设置!!
####服务器申请证书 #创建放置证书目录 [root@zrd ~]# cd /etc/httpd/conf [root@zrd conf]# mkdir ssl [root@zrd conf]# cd ssl [root@zrd ssl]# (umask 077; openssl genrsa -out httpd.key 1024) #生成私钥 Generating RSA private key, 1024 bit long modulus .....++++++ ......................................................++++++ e is 65537 (0x10001) [root@zrd ssl]# openssl req -new -key httpd.key -out httpd.csr #从私钥提取公钥,创建CA申请证书请求,将生成httpd.csr证书发往服务器进行签证 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:China Locality Name (eg, city) [Default City]:bei jing Organization Name (eg, company) [Default Company Ltd]:zrd company Organizational Unit Name (eg, section) []:DATA OPS Common Name (eg, your name or your server's hostname) []:www.pma.zrd.com Email Address []:[email protected]
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
########### CA服务器签证 [root@zrd ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365 Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Oct 1 13:36:18 2015 GMT Not After : Sep 30 13:36:18 2016 GMT Subject: countryName = CN stateOrProvinceName = China organizationName = zrd company organizationalUnitName = \E6\95\B0DATA OPS commonName = www.pma.zrd.com emailAddress = [email protected] X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 2A:4B:D4:AF:19:5F:40:54:7E:6B:1F:DE:3A:B2:43:17:DC:67:FB:B3 X509v3 Authority Key Identifier: keyid:23:DB:C3:3F:FB:30:1C:2B:64:EC:88:A7:F4:0E:5D:C6:97:C6:04:43
Certificate is to be certified until Sep 30 13:36:18 2016 GMT (365 days) Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
服务器将httpd.crt 盖章好的证书发给客户端
###### 客户端将httpd.crt放在对应的目录下 [root@zrd ssl]# pwd /etc/httpd/conf/ssl [root@zrd ssl]# ls httpd.crt httpd.csr httpd.key ###### ssl配置 [root@zrd ssl]# vim /etc/httpd/conf.d/ssl.conf ########################### 56 #配置监听端口 57 58 59 # 配置网站主目录 60 # 配置主机名 61 DocumentRoot "/www/pma/phpmyadmin" 62 63 ServerName www.pma.zrd.com 64 65 66 Options None 67 # 下一行这样设置就可以在网站文件的目录中使用 .htaccess 68 AllowOverride All 69 # 下一行是替代 Allow from all 的新机制 70 Require all granted 71 72
####配置私钥证书私钥路径 102 # Server Certificate: 103 # Point SSLCertificateFile at a PEM encoded certificate. If 104 # the certificate is encrypted, then you will be prompted for a 105 # pass phrase. Note that a kill -HUP will prompt again. A new 106 # certificate can be generated using the genkey(1) command. 107 SSLCertificateFile /etc/httpd/conf/ssl/httpd.crt #私钥所在的目录 108 109 # Server Private Key: 110 # If the key is not combined with the certificate, use this 111 # directive to point at the key file. Keep in mind that if 112 # you've both a RSA and a DSA private key you can configure 113 # both in parallel (to also allow the use of DSA ciphers, etc.) 114 SSLCertificateKeyFile /etc/httpd/conf/ssl/httpd.key #证书私钥 。。。。。。。。 。。。。。。。。。。。。 。。。。
#重启服务查看443端口是否已经监听 [root@zrd ssl]# systemctl restart httpd [root@zrd ssl]# ss -tln State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 *:3306 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::80 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 128 :::443 :::* #将CA的证书导入浏览器 [root@zrd CA]# pwd /etc/pki/CA [root@zrd CA]# sz cacert.pem #把CA cacert.pem(需要重命名为cacert.crt)证书导入浏览器 [root@zrd pma]# pwd /www/pma [root@zrd pma]# chmod 650 -R . [root@zrd pma]# systemctl reload httpd
|
浏览器导入CA证书 测试:
######################################wordpress博客配置#####################################
1.下载wordpress
https://cn.wordpress.org/wordpress-4.3.1-zh_CN.zip
[root@zrd wp]# pwd #将wordpress-4.3.1-zh_CN.zip上传到此目录下
/www/wp
[root@zrd wp]# ls
wordpress-4.3.1-zh_CN.zip
[root@zrd wp]# unzipwordpress-4.3.1-zh_CN.zip
[root@zrd wp]# chown:apache -R wordpress
[root@zrd wp]# chmod650 -R wordpress
[root@zrd wp]# cdwordpress
[root@zrdwordpress]#
[root@zrdwordpress]# mv wp-config-sample.php wp-config.php
[root@zrdwordpress]# vim wp-config.php
// ** MySQL 设置 - 具体信息来自您正在使用的主机** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpressdb'); #数据库库名
/** MySQL数据库用户名 */
define('DB_USER', 'wordpressuser'); #数据库用户
/** MySQL数据库密码 */
define('DB_PASSWORD', 'changan'); #密码
/** MySQL主机 */
define('DB_HOST', 'localhost'); ###本地
2.创建wordpress数据库
[root@zrd wp]# mysql-u root -p
Enter password:
Welcome to theMariaDB monitor. Commands end with ; or\g.
Your MariaDBconnection id is 20
Server version:5.5.41-MariaDB MariaDB Server
Copyright (c) 2000,2014, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h'for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
MariaDB [(none)]>CREATE DATABASE wordpressdb;
Query OK, 1 rowaffected (0.00 sec)
MariaDB [(none)]>CREATE USER wordpressuser@localhost IDENTIFIED BY 'changan';
Query OK, 0 rowsaffected (0.00 sec)
MariaDB [(none)]>GRANT ALL PRIVILEGES ON wordpressdb.* TO wordpressuser@localhost;
Query OK, 0 rowsaffected (0.00 sec)
MariaDB [(none)]>show databases;
+--------------------+
| Database |
+--------------------+
| information_schema|
| mysql |
| performance_schema|
| test |
| wordpressdb |
+--------------------+
5 rows in set (0.01sec)
MariaDB [(none)]>FLUSH PRIVILEGES;
Query OK, 0 rowsaffected (0.00 sec)
3.浏览器登入安装
www.wp.zrd.com
######################################Discuz论坛配置#####################################
下载:Discuz
http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_GBK.zip
将下载的Discuz_X3.2_SC_GBK.zip放到对应目录后解压授权
[root@zrd dz]# pwd
/www/dz
[root@zrd dz]# ls
Discuz_X3.2_SC_UTF8.zip
[root@zrd dz]# unzipDiscuz_X3.2_SC_UTF8.zip
[root@zrd dz]# rmDiscuz_X3.2_SC_UTF8.zip -f
[root@zrd dz]# ls
readme upload utility
[root@zrd dz]# cp -aupload/* ./
[root@zrd dz]# rm-rf upload
[root@zrd dz]# ls
admin.php config data home.php misc.php robots.txt template utility
api connect.php favicon.ico index.php plugin.php search.php uc_client
api.php cp.php forum.php install portal.php source uc_server
archiver crossdomain.xml group.php member.php readme static userapp.php
[root@zrd dz]#chmod777 config data data/cache data/avatardata/plugindata data/download data/addonmd5 data/template data/threadcachedata/p_w_upload data/p_w_upload/album data/p_w_upload/forumdata/p_w_upload/group data/log uc_client/data/cache uc_server/data/uc_server/data/cache uc_server/data/avatar uc_server/data/backupuc_server/data/logs uc_server/data/tmp uc_server/data/view
[root@zrd dz]#systemctl reload httpd
浏览器登入:
www.dz.zrd.com
########################################
# 最后
#######################################
开机自动启动服务
[root@zrd ~]# systemctl enable httpd #自启动httpd服务
ln -s'/usr/lib/systemd/system/httpd.service''/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@zrd ~]# systemctl enable mariadb # 自启动数据库服务
ln -s'/usr/lib/systemd/system/mariadb.service''/etc/systemd/system/multi-user.target.wants/mariadb.service'