###############################################################################
环境准备:
一台服务器启用三个虚拟主机实现不同的功能:
vhost1:用于连接后端数据库;
vhost2:提供博客
vhost3:提供论坛
各个主机名规划:
IP:10.76.249.150
vhost1: www.pma.zrd.com, phpMyAdmin, 同时提供https服务;
vhost2: www.wp.zrd.com, wordpress
vhost3: www.dz.zrd.com, Discuz
主目录:
vhost1:/www/pma/phpmyadmin
vhost2:/www/wp/wordpress
vhost3:/www/dz
#########################设置防火墙主机名 IP HOST #########################################
主机状态:
[root@zrd ~]# cat /etc/redhat-release #版本
CentOS Linux release7.1.1503 (Core)
停用禁用防火墙
#停用防火墙#
[root@zrd ~]# systemctl stop fiewalld
#禁用防火墙#
[root@zrd ~]# systemctl disable fiewalld
#查看防火墙状态#
[root@zrd~]# systemctl status firewalld #防火墙状态
firewalld.service -firewalld - dynamic firewall daemon
Loaded: loaded(/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
#设置主机名#
[root@zrd ~]# hostnamectl set-hostname zrd
#查看主机名#
[root@zrd ~]# hostnamectl
Static hostname: zrd #静态主机名
Icon name: computer-vm
Chassis: vm
Machine ID:099c7bc54ae14b75ad480d1c740cea6a
Boot ID:cd2612a4c67d4a04a6907ff0ef926649
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-229.el7.x86_64
Architecture: x86_64 #架构
设置静态IP
[root@zrd ~]# nmtui
重启网络服务
[root@zrd ~]# systemctl restart network
查看IP
[root@zrd~]# ip a #IP
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000
link/ether 00:0c:29:2e:11:d9 brdff:ff:ff:ff:ff:ff
inet 10.76.249.150/24 brd 10.76.249.255scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2e:11d9/64 scopelink
valid_lft forever preferred_lft forever
修改HOST文件
[root@zrd ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4localhost4.localdomain4
::1 localhost localhost.localdomainlocalhost6 localhost6.localdomain6
#前两行不要删除
10.76.249.150zrd
10.76.249.150 www.pma.zrd.com
10.76.249.150 www.wp.zrd.com
10.76.249.150 www.dz.zrd.com
下载phpMyAdmin-4.4.15-all-languages.tar.xz (注意:phpMyAdmin版本不能高于php所支持的版本)
https://files.phpmyadmin.net/phpMyAdmin/4.4.15/phpMyAdmin-4.4.15-all-languages.tar.xz
################################ 全局配置文件 #######################################
软件安装:
[root@zrd ~]# yum install httpd mariadb mariadb-server php php-mbstring php-mysqlmod_ssl -y
备份配置文件
[root@zrd ~]# mkdir /tmp/httpd_bakup_dir
[root@zrd ~]# cp -a /etc/httpd /tmp/httpd_bakup_dir
[root@zrd~]# ls /tmp/httpd_bakup_dir
httpd
创建虚拟主机配置文件:
[root@www~]# vim/etc/httpd/conf.d/vhostpam.conf
#-------------------------------------------------------
# Vhost 1
### www.pma.zrd.com #Start##
# www.pma.zrd.com
#提供phpadmin 连接mariadb
#
<VirtualHost 10.76.249.150:80>
ServerName www.pma.zrd.com
# 注意下面这行末尾不要带 /
DocumentRoot "/www/pma/phpmyadmin"
<Directory "/www/pma/phpmyadmin">
Options None
# 下一行这样设置就可以在网站文件的目录中使用 .htaccess
AllowOverride All
# 下一行是替代 Allow from all 的新机制
Require all granted
</Directory>
ErrorLog /var/log/httpd/pma.zrd.com.error.log
CustomLog /var/log/httpd/pma.zrd.com.access.log combined
</VirtualHost>
######### www.pma.zrd.com #End##
#------------------------------分割线---------------------------------------#
# Vhost 2
######### www.wp.zrd.com #start##
#
#提供 wordpress论坛
#
<VirtualHost 10.76.249.150:80>
ServerName www.wp.zrd.com
DocumentRoot "/www/wp/wordpress"
<Directory "/www/wp/wordpress/">
Options None
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/httpd/wp.zrd.com.error.log
CustomLog /var/log/httpd/wp.zrd.com.access.log combined
</VirtualHost>
######### www.wp.zrd.com #END##
#------------------------------分割线---------------------------------------#
# Vhost 3
######### www.dz.zrd.com #start##
#
#提供 Discuz论坛
#
<VirtualHost 10.76.249.150:80>
ServerName www.dz.zrd.com
DocumentRoot "/www/dz"
DirectoryIndex index.html index.htm
<Directory "/www/dz/">
Options None
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/httpd/dz.zrd.com.error.log
CustomLog /var/log/httpd/dz.zrd.com.access.log combined
</VirtualHost>
######### www.dz.zrd.com #END##
创建各个网站目录:
[root@zrd~]# mkdir /www/{pma,wp,dz} -pv
mkdir: createddirectory ‘/www’
mkdir: createddirectory ‘/www/pma’
mkdir: createddirectory ‘/www/wp’
mkdir: createddirectory ‘/www/dz’
[root@zrd ~]# chmod 650 -R /www
####################phpMyAdmin配置####################
#下载好的phpMyAdmin-4.4.15-all-languages.tar.xz 上传到/www/pma目录下
1.解压
[root@www pma]# ls
phpMyAdmin-4.4.15-all-languages.tar.xz
[root@www pma]# pwd
/www/pma
[root@www pma]# tar xf phpMyAdmin-4.4.15-all-languages.tar.xz
[root@www pma]# ls
phpMyAdmin-4.4.15-all-languages phpMyAdmin-4.4.15-all-languages.tar.xz
[root@www pma]# mv phpMyAdmin-4.4.15-all-languages phpmyadmin
[root@www pma]# cd phpmyadmin
[root@www phpmyadmin]#
2.编辑PHP初始配置文件
[root@zrd phpmyadmin]# pwd
/www/pma/phpmyadmin
[root@zrd phpmyadmin]# cp config.sample.inc.php config.inc.php #拷贝配置文件
[root@zrd phpmyadmin]# vim config.inc.php
$cfg['blowfish_secret'] = 'adsfasdfasdfasasdfasdfjoijewrg'; /* 填入随机字符YOU MUST FILL IN THIS FOR COOKIE AUTH! */
################ mysql部分#############################
[root@zrd phpmyadmin]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.41-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> UPDATE user set password=PASSWORD('changan') WHERE User='root';
Query OK, 0 rows affected (0.00 sec)
Rows matched: 4 Changed: 0 Warnings: 0
MariaDB [mysql]> SELECT User,Host,Password FROM user;
+------+-----------+-------------------------------------------+
| User | Host | Password |
+------+-----------+-------------------------------------------+
| root | localhost | *14E84A13D0A9FCEDFA436122589D79EDCE3D637F |
| root | wordpress | *14E84A13D0A9FCEDFA436122589D79EDCE3D637F |
| root | 127.0.0.1 | *14E84A13D0A9FCEDFA436122589D79EDCE3D637F |
| root | ::1 | *14E84A13D0A9FCEDFA436122589D79EDCE3D637F |
+------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)
MariaDB [mysql]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
##############################################
[root@zrd phpmyadmin]# pwd
/www/pma/phpmyadmin
[root@zrd phpmyadmin]# chmod 650 -R .
[root@zrd phpmyadmin]# chown :apache -R .
重启httpd服务
[root@www phpmyadmin]# systemctl restart httpd
##############测试 ###############################
http://www.pma.zrd.com/phpmyadmin/
windowshost需要修改
浏览器测试输入数据库账号密码
##################################################################################
# 配置https 配置Https时将原来定义的此主机的配置/etc/httpd/conf.d/vhostpam.conf vhost1
# 内容删去(如果不做https功能此步骤可以略过)
##################################################################################
#### 以下步骤 CA服务器和客户端都是同一台服务器,所以客户端不需要
####单独发送证书签署请求到CA服务
##CA 自签证书
[root@ca ~]# cd /etc/pki/CA
[root@zrd CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) #生成私钥
Generating RSA private key, 2048 bit long modulus
...............................................+++
.......................+++
e is 65537 (0x10001)
[root@zrd CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048) #提取公钥
Generating RSA private key, 2048 bit long modulus
...............................................+++
.......................+++
e is 65537 (0x10001)
[root@zrd CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 #对公钥进行签证
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:bei jing
Organization Name (eg, company) [Default Company Ltd]:zrd company
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:www.ca.com
Email Address []:ca@server.com
[root@zrd CA]# touch index.txt serial crlnumber
[root@zrd CA]# echo 01 >serial #创建证书序列号,只有第一次时需要,以后都不需要设置!!
####服务器申请证书
#创建放置证书目录
[root@zrd ~]# cd /etc/httpd/conf
[root@zrd conf]# mkdir ssl
[root@zrd conf]# cd ssl
[root@zrd ssl]# (umask 077; openssl genrsa -out httpd.key 1024) #生成私钥
Generating RSA private key, 1024 bit long modulus
.....++++++
......................................................++++++
e is 65537 (0x10001)
[root@zrd ssl]# openssl req -new -key httpd.key -out httpd.csr #从私钥提取公钥,创建CA申请证书请求,将生成httpd.csr证书发往服务器进行签证
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:China
Locality Name (eg, city) [Default City]:bei jing
Organization Name (eg, company) [Default Company Ltd]:zrd company
Organizational Unit Name (eg, section) []:DATA OPS
Common Name (eg, your name or your server's hostname) []:www.pma.zrd.com
Email Address []:data@server.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
###########
CA服务器签证
[root@zrd ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Oct 1 13:36:18 2015 GMT
Not After : Sep 30 13:36:18 2016 GMT
Subject:
countryName = CN
stateOrProvinceName = China
organizationName = zrd company
organizationalUnitName = \E6\95\B0DATA OPS
commonName = www.pma.zrd.com
emailAddress = data@server.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
2A:4B:D4:AF:19:5F:40:54:7E:6B:1F:DE:3A:B2:43:17:DC:67:FB:B3
X509v3 Authority Key Identifier:
keyid:23:DB:C3:3F:FB:30:1C:2B:64:EC:88:A7:F4:0E:5D:C6:97:C6:04:43
Certificate is to be certified until Sep 30 13:36:18 2016 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
服务器将httpd.crt 盖章好的证书发给客户端
######
客户端将httpd.crt放在对应的目录下
[root@zrd ssl]# pwd
/etc/httpd/conf/ssl
[root@zrd ssl]# ls
httpd.crt httpd.csr httpd.key
######
ssl配置
[root@zrd ssl]# vim /etc/httpd/conf.d/ssl.conf
###########################
56 #配置监听端口
57
58 <VirtualHost www.pma.zrd.com:443>
59 # 配置网站主目录
60 # 配置主机名
61 DocumentRoot "/www/pma/phpmyadmin"
62
63 ServerName www.pma.zrd.com
64 <Directory "/www/pma/phpmyadmin/">
65
66 Options None
67 # 下一行这样设置就可以在网站文件的目录中使用 .htaccess
68 AllowOverride All
69 # 下一行是替代 Allow from all 的新机制
70 Require all granted
71
72 </Directory>
####配置私钥证书私钥路径
102 # Server Certificate:
103 # Point SSLCertificateFile at a PEM encoded certificate. If
104 # the certificate is encrypted, then you will be prompted for a
105 # pass phrase. Note that a kill -HUP will prompt again. A new
106 # certificate can be generated using the genkey(1) command.
107 SSLCertificateFile /etc/httpd/conf/ssl/httpd.crt #私钥所在的目录
108
109 # Server Private Key:
110 # If the key is not combined with the certificate, use this
111 # directive to point at the key file. Keep in mind that if
112 # you've both a RSA and a DSA private key you can configure
113 # both in parallel (to also allow the use of DSA ciphers, etc.)
114 SSLCertificateKeyFile /etc/httpd/conf/ssl/httpd.key #证书私钥
。。。。。。。。 。。。。。。。。。。。。 。。。。
#重启服务查看443端口是否已经监听
[root@zrd ssl]# systemctl restart httpd
[root@zrd ssl]# ss -tln
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::443 :::*
#将CA的证书导入浏览器
[root@zrd CA]# pwd
/etc/pki/CA
[root@zrd CA]# sz cacert.pem #把CA cacert.pem(需要重命名为cacert.crt)证书导入浏览器
[root@zrd pma]# pwd
/www/pma
[root@zrd pma]# chmod 650 -R .
[root@zrd pma]# systemctl reload httpd
浏览器导入CA证书 测试:
######################################wordpress博客配置#####################################
1.下载wordpress
https://cn.wordpress.org/wordpress-4.3.1-zh_CN.zip
[root@zrd wp]# pwd #将wordpress-4.3.1-zh_CN.zip上传到此目录下
/www/wp
[root@zrd wp]# ls
wordpress-4.3.1-zh_CN.zip
[root@zrd wp]# unzipwordpress-4.3.1-zh_CN.zip
[root@zrd wp]# chown:apache -R wordpress
[root@zrd wp]# chmod650 -R wordpress
[root@zrd wp]# cdwordpress
[root@zrdwordpress]#
[root@zrdwordpress]# mv wp-config-sample.php wp-config.php
[root@zrdwordpress]# vim wp-config.php
// ** MySQL 设置 - 具体信息来自您正在使用的主机** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpressdb'); #数据库库名
/** MySQL数据库用户名 */
define('DB_USER', 'wordpressuser'); #数据库用户
/** MySQL数据库密码 */
define('DB_PASSWORD', 'changan'); #密码
/** MySQL主机 */
define('DB_HOST', 'localhost'); ###本地
2.创建wordpress数据库
[root@zrd wp]# mysql-u root -p
Enter password:
Welcome to theMariaDB monitor. Commands end with ; or\g.
Your MariaDBconnection id is 20
Server version:5.5.41-MariaDB MariaDB Server
Copyright (c) 2000,2014, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h'for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
MariaDB [(none)]>CREATE DATABASE wordpressdb;
Query OK, 1 rowaffected (0.00 sec)
MariaDB [(none)]>CREATE USER wordpressuser@localhost IDENTIFIED BY 'changan';
Query OK, 0 rowsaffected (0.00 sec)
MariaDB [(none)]>GRANT ALL PRIVILEGES ON wordpressdb.* TO wordpressuser@localhost;
Query OK, 0 rowsaffected (0.00 sec)
MariaDB [(none)]>show databases;
+--------------------+
| Database |
+--------------------+
| information_schema|
| mysql |
| performance_schema|
| test |
| wordpressdb |
+--------------------+
5 rows in set (0.01sec)
MariaDB [(none)]>FLUSH PRIVILEGES;
Query OK, 0 rowsaffected (0.00 sec)
3.浏览器登入安装
www.wp.zrd.com
######################################Discuz论坛配置#####################################
下载:Discuz
http://download.comsenz.com/DiscuzX/3.2/Discuz_X3.2_SC_GBK.zip
将下载的Discuz_X3.2_SC_GBK.zip放到对应目录后解压授权
[root@zrd dz]# pwd
/www/dz
[root@zrd dz]# ls
Discuz_X3.2_SC_UTF8.zip
[root@zrd dz]# unzipDiscuz_X3.2_SC_UTF8.zip
[root@zrd dz]# rmDiscuz_X3.2_SC_UTF8.zip -f
[root@zrd dz]# ls
readme upload utility
[root@zrd dz]# cp -aupload/* ./
[root@zrd dz]# rm-rf upload
[root@zrd dz]# ls
admin.php config data home.php misc.php robots.txt template utility
api connect.php favicon.ico index.php plugin.php search.php uc_client
api.php cp.php forum.php install portal.php source uc_server
archiver crossdomain.xml group.php member.php readme static userapp.php
[root@zrd dz]#chmod777 config data data/cache data/avatardata/plugindata data/download data/addonmd5 data/template data/threadcachedata/p_w_upload data/p_w_upload/album data/p_w_upload/forumdata/p_w_upload/group data/log uc_client/data/cache uc_server/data/uc_server/data/cache uc_server/data/avatar uc_server/data/backupuc_server/data/logs uc_server/data/tmp uc_server/data/view
[root@zrd dz]#systemctl reload httpd
浏览器登入:
www.dz.zrd.com
########################################
# 最后
#######################################
开机自动启动服务
[root@zrd ~]# systemctl enable httpd #自启动httpd服务
ln -s'/usr/lib/systemd/system/httpd.service''/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@zrd ~]# systemctl enable mariadb # 自启动数据库服务
ln -s'/usr/lib/systemd/system/mariadb.service''/etc/systemd/system/multi-user.target.wants/mariadb.service'
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)