分布式部署lamp,phpmyadmin，wordpress的安装与应用

系统环境：centos7，httpd-2.4,php-5.5,mariadb5.5

192.168.1.20 httpd
192.168.1.30 PHP
192.168.1.40 mariadb

修改客户机hosts文件

[root@bogon Desktop]# vim /etc/hosts
127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4
::1        localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.20 www.pma.com www.wp.com

在192.168.1.20上安装httpd服务

[root@localhost yum.repos.d]# yum -yinstall httpd

修改mpm编辑模块为event

[root@localhost yum.repos.d]# cd/etc/httpd/conf.modules.d/
[root@localhost conf.modules.d]# vim00-mpm.conf

# Select the MPM module which should beused by uncommenting exactly
# one of the following LoadModule lines:

# prefork MPM: Implements a non-threaded, pre-forkingweb server
# See:http://httpd.apache.org/docs/2.4/mod/prefork.html
#LoadModulempm_prefork_module modules/mod_mpm_prefork.so

# worker MPM: Multi-Processing Moduleimplementing a hybrid
# multi-threaded multi-process web server
# See: http://httpd.apache.org/docs/2.4/mod/worker.html #
#LoadModule mpm_worker_modulemodules/mod_mpm_worker.so

# event MPM: A variant of the worker MPMwith the goal of consuming
# threads only for connections with activeprocessing
# See: http://httpd.apache.org/docs/2.4/mod/event.html #
LoadModulempm_event_module modules/mod_mpm_event.so

编辑wordpress虚拟主机配置文件

[root@localhost conf.d]# cd/etc/httpd/conf.d
[root@localhost conf.d]# vim wp.conf

<VirtualHost *:80>
ServerName www.wp.com
DocumentRoot /wordpress/wordpress
ProxyRequests off
DirectoryIndex index.php
ProxyPassMatch ^/(.*.php)$fcgi://192.168.1.30:9000/wordpress/wordpress/$1
<Directory "/wordpress/wordpress">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

编辑phpmyadmin虚拟主机配置文件

[root@localhost conf.d]# vim pma.conf
<VirtualHost *:80>
ServerName www.pma.com
DocumentRoot /usr/share/phpMyAdmin
ProxyRequests off
DirectoryIndex index.php
ProxyPassMatch ^/(.*.php)$fcgi://192.168.1.30:9000/usr/share/phpMyAdmin/$1
<Directory "/usr/share/phpMyAdmin">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

创建相应文件夹

[root@localhost conf.d]# mkdir -p/usr/share/phpMyAdmin

重新加载httpd服务

[root@localhost conf.d]# systemctl reloadhttpd

在192.168.1.30上安装php-fpmphp-mysql

[root@bogon ~]# yum install -y php-fpmphp-mysql

修改php-fpm配置文件，将监听IP地址改为本机地址

[root@bogon ~]# cd /etc/php-fpm.d/
[root@bogon php-fpm.d]# vim www.conf
listen = 192.168.1.30:9000              ###通过网络连接可用的IP及端口
listen.allowed_clients = 192.168.1.20         ###允许那台主机连接至本机

启动php-rpm

[root@bogon php-fpm.d]# systemctl statusphp-fpm

在192.168.1.40上安装mariadb

[root@localhost yum.repos.d]# yum -yinstall mariadb-service mariadb

创建数据库wpdb

MariaDB [(none)]> grant all on wpdb.* towpuser@'192.168.%.%' identified by 'pass';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> create database wpdb;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)ry OK,0 rows affected (0.00 sec)

创建phpmyadmin用账号

MariaDB [(none)]> create userpma@'192.168.%.%' identified by 'mppass';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on *.* topma@'192.168.%.%' identified by 'mppass';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flash privileges;
Query OK, 0 rows affected (0.00 sec)

安装WordPress（这里是直接将WordPress在windows中直接拷贝入linux中）

[root@localhost conf.d]# cd /wordpress/
[root@localhost wordpress]# unzipwordpress-4.5.3-zh_CN.zip
[root@localhost wordpress]# cd/wordpress/wordpress/

修改配置文件

[root@localhost wordpress]# mvwp-config-sample.php wp-config.php
[root@localhost wordpress]# vimwp-config.php

// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称*/
define('DB_NAME', 'wpdb');

/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');

/** MySQL数据库密码 */
define('DB_PASSWORD', 'wppass');

/** MySQL主机 */
define('DB_HOST', '192.168.1.40');

配置好数据库后进行www.wp.com的验证



PS：若显示乱码，在httpd服务器对应虚拟主机DocumentRoot安装wordpress，即可。

安装phpmyadmin

[root@localhost conf.d]# yum -y installphpmyadmin

添加mysql的服务器地址

$cfg['Servers'][$i]['host']          = '192.168.1.40'; // MySQL hostnameor IP address

修改phpMyAdmin的配置信息

[root@localhost phpMyAdmin]# cd/etc/phpMyAdmin/
[root@localhost phpMyAdmin]# vimconfig.inc.php

登录验证



PS：若显示乱码，在httpd服务器对应虚拟主机DocumentRoot安装phpMyAdmin，即可。

为phpMyAdmin提供https
https以来于mod_ssl模块，在httpd服务器中安装

[root@localhost~]# yum -y install mod_ssl

192.168.1.12生成字签证书

[root@localhost~]# cd /etc/pki/CA/
[root@localhostCA]# (umask 077;openssl genrsa -out private/cakey.pem 1024)
GeneratingRSA private key, 1024 bit long modulus
...................................................++++++
..++++++
e is65537 (0x10001)

[root@localhostCA]# openssl  req -new -x509 -keyprivate/cakey.pem -out cacert.pem
Youare about to be asked to enter information that will be incorporated
intoyour certificate request.
Whatyou are about to enter is what is called a Distinguished Name or a DN.
Thereare quite a few fields but you can leave some blank
Forsome fields there will be a default value,
Ifyou enter '.', the field will be left blank.
-----
CountryName (2 letter code) [XX]:CN
Stateor Province Name (full name) []:beijing
LocalityName (eg, city) [Default City]:beijing
OrganizationName (eg, company) [Default Company Ltd]:pma
OrganizationalUnit Name (eg, section) []:pma
CommonName (eg, your name or your server's hostname) []:pma.admin.com
EmailAddress []:pma@phpmyadmin.com

创建结构文件

[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 > serial

切换至ssl目录

[root@localhost httpd]# cd ssl/

生成证书申请请求

[root@localhostssl]# openssl req -new -key httpd.key -out httpd.csr
Youare about to be asked to enter information that will be incorporated
intoyour certificate request.
Whatyou are about to enter is what is called a Distinguished Name or a DN.
Thereare quite a few fields but you can leave some blank
Forsome fields there will be a default value,
Ifyou enter '.', the field will be left blank.
-----
CountryName (2 letter code) [XX]:CN
Stateor Province Name (full name) []:beijing
LocalityName (eg, city) [Default City]:beijing
OrganizationName (eg, company) [Default Company Ltd]:pma
OrganizationalUnit Name (eg, section) []:pma
CommonName (eg, your name or your server's hostname) []:www.pma.com
EmailAddress []:pma@phpmyadmin.com

Pleaseenter the following 'extra' attributes
to besent with your certificate request
Achallenge password []:
Anoptional company name []:

为服务端配置证书

[root@localhostssl]# openssl req -new -key httpd.key -out httpd.csr
Youare about to be asked to enter information that will be incorporated
intoyour certificate request.
Whatyou are about to enter is what is called a Distinguished Name or a DN.
Thereare quite a few fields but you can leave some blank
Forsome fields there will be a default value,
Ifyou enter '.', the field will be left blank.
-----
CountryName (2 letter code) [XX]:CN
Stateor Province Name (full name) []:beijing
LocalityName (eg, city) [Default City]:beijing
OrganizationName (eg, company) [Default Company Ltd]:phpmyadmin
OrganizationalUnit Name (eg, section) []:phpmyadmin
CommonName (eg, your name or your server's hostname) []:www.phpmyadmin.com
EmailAddress []:caadmin@phpmyadmin.com

Pleaseenter the following 'extra' attributes
to besent with your certificate request
Achallenge password []:
Anoptional company name []

将所需签名证书复制至CA服务器的tmp目录

[root@localhostssl]# scp httpd.csr 192.168.1.12:/tmp
Theauthenticity of host '192.168.1.12 (192.168.1.12)' can't be established.
ECDSAkey fingerprint is 4b:8b:6d:c8:53:c4:7e:ff:dd:26:a2:b9:67:1d:ab:cd.
Areyou sure you want to continue connecting (yes/no)? yes
Warning:Permanently added '192.168.1.12' (ECDSA) to the list of known hosts.

切换至tmp目录

[root@localhosttmp]# cd /tmp

给服务器签发证书

[root@localhosttmp]# openssl ca -in httpd.csr -out httpd.crt
Usingconfiguration from /etc/pki/tls/openssl.cnf
Checkthat the request matches the signature
Signatureok
CertificateDetails:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 21 02:38:25 2016GMT
Not After : Jul 21 02:38:25 2017GMT
Subject:
countryName               = CN
stateOrProvinceName       = beijing
organizationName          = pma
organizationalUnitName    = pma
commonName                = www.pma.com
emailAddress              = pma@phpmyadmin.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
24:A6:69:18:F6:C5:DC:24:84:F1:B9:DE:EB:7D:E3:CA:F7:8A:C0:8F
X509v3 Authority Key Identifier:
keyid:AB:49:C7:C7:F5:16:B8:6F:31:56:D2:9B:56:A6:81:0C:F9:C1:53:56

Certificateis to be certified until Jul 21 02:38:25 2017 GMT (365 days)
Signthe certificate? [y/n]:y

1 outof 1 certificate requests certified, commit? [y/n]y
Writeout database with 1 new entries
DataBase Updated

将签发好的证书发送至httpd服务器
[root@localhosttmp]# scp httpd.crt 172.16.252.173:/etc/httpd/ssl
Theauthenticity of host '172.16.252.173 (172.16.252.173)' can't be established.
ECDSAkey fingerprint is d3:71:51:da:74:25:b2:af:b6:d2:d4:98:9a:cd:f4:ee.
Areyou sure you want to continue connecting (yes/no)? yes
Warning:Permanently added '172.16.252.173' (ECDSA) to the list of known hosts.
root@172.16.252.173'spassword:
httpd.crt

在httpd服务器配置ssl.conf文件
修改页面默认路径
# General setup for the virtual host,inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443
DocumentRoot"/usr/share/phpMyAdmin"

配置证书所在路径

#   Server Certificate:
#Point SSLCertificateFile at a PEM encoded certificate.  If
# thecertificate is encrypted, then you will be prompted for a
#pass phrase.  Note that a kill -HUP willprompt again.  A new
#certificate can be generated using the genkey(1) command.
SSLCertificateFile/etc/httpd/ssl/httpd.crt

#   Server Private Key:
#   If the key is not combined with thecertificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key youcan configure
#   both in parallel (to also allow the use ofDSA ciphers, etc.)
SSLCertificateKeyFile/etc/httpd/ssl/httpd.key

进行访问验证：