lnmp下实现部署wordpress和phpmyadmin,并实现https和URL重定向
本文共 16960 字,大约阅读时间需要 56 分钟。
项目要求:
1.lnmp实现多个虚拟主机,分别部署wordpress和phpmyadmin应用,并设置phpmyadmin仅能通过https协议访问;2.配置即使客户端通过http协议访问phpmyadmin站点,最终也可以让用户使用https重新请求访问;一、环境:lnmp=Linux+Nginx+MariaDB+PHP
在Linux中配置所需必要的环境:1.在CentOS系和RHEL系列的发行版操作系统中,本地光盘并没有提供Nginx应用程序,所以我们一般有两种方法安装:1).编译安装Nginx;(此项目使用安装方式)2).rpm安装Nginx;1).编译安装: 编译源代码(测试环境安装,例如安装淘宝的TNginx): 1.安装好编译环境:yum -y groupinstall Development tools Server Platform Development 2.可能需要提供额外的开发包: openssl-devel(支持ssl,从而实现网站的https访问), pcre-devel(基于正则表达式去匹配), libevent-devel(基于事件完成数据的IO调度) 3. nginx-1.12.1]# ./configure --prefix=/usr/local/nginx112 --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --http-log-path=/var/log/nginx/access_log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx.lock --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-pcre --with-stream 4. ~]# make -j # && make install 注意:在启动nginx服务进程之前,需要创建出nginx用户和nginx组;
这里是在联网环境下编译安装Nginx: 配置安装环境: [root@chenliang ~]# yum -y groupinstall Development tools Server Platform Development [root@chenliang ~]# yum -y install openssl-devel pcre-devel libevent-devel 在指定站点下载Nginx程序的源代码包: [root@chenliang ~]# wget -c http://nginx.org/download/nginx-1.12.0.tar.gz 解压下载的源代码包: [root@chenliang ~]# tar xvf nginx-1.12.0.tar.gz 进入解压后的目录: [root@chenliang ~]# cd nginx-1.12.0/ 编译: [root@chenliang nginx-1.12.0]# ./configure --prefix=/usr/local/nginx112 --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --http-log-path=/var/log/nginx/access_log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx.lock --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_dav_module --with-http_stub_status_module --with-pcre --with-stream 安装: [root@chenliang nginx-1.12.0]# make -j 4 && make install 创建Nginx用户和组: [root@chenliang ~]# id nginx uid=990(nginx) gid=985(nginx) 组=985(nginx) 启动Nginx服务: 语法检查: [root@chenliang nginx-1.12.0]# nginx -t 启动: [root@chenliang nginx-1.12.0]# nginx 查看服务启动状态: [root@chenliang ~]# ss -tnlp LISTEN 0 128 *:80 *:* users:(("nginx",pid=3184,fd=6),("nginx",pid=3183,fd=6),("nginx",pid=3182,fd=6),("nginx",pid=3181,fd=6)) 至此,编译安装Nginx程序完成。 2)rpm安装: 设置对应的yum安装源,实现rpm包安装Nginx(标准化安装,大规模服务器或集群上安装,方便日后进行自动化管理): nginx官方预制的安装包: http://nginx.org/packages/centos/$releasever/$basearch Fedora-EPEL源中提供的安装包: http://mirrors.sohu.com/fedora-epel/7/x86_64/Packages/n/ 在yum源中设置添加Nginx的下载地址(需要在联网状态下进行): [root@chenliang ~]# vim /etc/yum.repos.d/CentOS-Base.repo > [nginx] > name=nginx repo > baseurl=http://nginx.org/packages/centos/7/$basearch/ > gpgcheck=0 > enabled=1 [root@chenliang ~]#yum clean all [root@chenliang ~]#yum makecache 安装Nginx: [root@chenliang ~]#yum install nginx -y 启动Nginx服务: [root@chenliang ~]#nginx 查看启动Nginx的状态(可以看到现在服务器的80端口是nginx在监听): [root@chenliang ~]# ss -tnlp LISTEN 0 128 *:80 *:* users:(("nginx",pid=4481,fd=6),("nginx",pid=4477,fd=6)) 2.安装数据库环境,PHP应用程序环境: [root@chenliang ~]# yum install -y php-fpm php-mysql mariadb-server 并启动相应的服务: [root@chenliang ~]# systemctl start mariadb.service //启动数据库 [root@chenliang nginx-1.12.2]# systemctl start php-fpm.service 3.防火墙和SELinux配置: [root@chenliang ~]# getenforce Permissive [root@chenliang ~]# iptables -vnL Chain INPUT (policy ACCEPT 2493 packets, 238K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1837 packets, 279K bytes) pkts bytes target prot opt in out source destination 4.在 /etc/nginx/nginx.conf 中配置Nginx基于域名的虚拟主机: 第一台虚拟主机用来部署搭建WordPress: server { listen 80; server_name www.clhost1.com; location / { root /myweb/host1; index index.php index.html index.htm; } location ~* \.php$ { root /myweb/host1; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /myweb/host1/$fastcgi_script_name; include /etc/nginx/fastcgi_params; } } 第二台虚拟主机用来搭建phpmyadmin: server { listen 80; server_name www.clhost2.com; location / { root /myweb/host2; index index.php index.html index.htm; } location ~ \.php$ { root /myweb/host2; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /myweb/host2/$fastcgi_script_name; include /etc/nginx/fastcgi_params; } } 在本地主机系统C盘下\Windows\System32\drivers\etc\hosts文件添加:172.16.72.1 www.clhost1.com www.clhost2.com 5.创建站点首页访问路径: [root@chenliang ~]# mkdir /myweb/host{1,2} -pv mkdir: 已创建目录 "/myweb" mkdir: 已创建目录 "/myweb/host1" mkdir: 已创建目录 "/myweb/host2" 创建首页文件: [root@chenliang ~]# echo "nginx's page1" >> /myweb/host1/index.html [root@chenliang ~]# echo "nginx's page2" >> /myweb/host2/index.html 而后检查语法错误后启动Nginx服务: [root@chenliang ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@chenliang ~]# nginx -s reload启动各项服务后查看:[root@chenliang ~]# ss -tnlState Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:9000 *:* LISTEN 0 50 *:3306 *:* LISTEN 0 128 *:80 *:* 6.配置php-fpm:
1)配置php-fpm服务:更改进程所有者:[root@chenliang ~]# vim /etc/php-fpm.d/www.conflisten = 127.0.0.1:9000 user = nginxgroup = nginx2)创建访问路径:[root@chenliang ~]# mkdir /myweb/host{1,2} -pvmkdir: 已创建目录 "/myweb"mkdir: 已创建目录 "/myweb/host1"mkdir: 已创建目录 "/myweb/host2"创建首页文件:[root@chenliang ~]# vim /myweb/host1/index.phpnginx host1's page.</br><?phpphpinfo();$conn = mysql_connect('172.16.72.1','wpuser','wppass');if ($conn)echo "YES";elseecho "NO";?>[root@chenliang ~]# vim /myweb/host2/index.phpnginx host2's page.</br><?php$conn = mysql_connect('172.16.72.1','phpuser','phppass');if ($conn)echo "YES";elseecho "NO";phpinfo();?>7.配置数据库:
创建所需的两个数据库,授权用户并测试数据库的连接正常与否:创建WordPress数据库:
MariaDB [(none)]> create database wpdb;Query OK, 1 row affected (0.03 sec)授权:MariaDB [(none)]> grant all on wpdb. to 'wpuser'@'172.16.%.%' identified by '123456';Query OK, 0 rows affected (0.10 sec)创建PHPadmain数据库:MariaDB [(none)]> create database phpmyadmain;Query OK, 1 row affected (0.00 sec)授权:MariaDB [(none)]> grant all on phpmyadmain. to 'phpuser'@'172.16.%.%' identified by 'phppass';Query OK, 0 rows affected (0.00 sec)测试用来搭建WordPress数据库host1主机:
测试用来搭建PHPadmain数据库host2主机:
二、搭建虚拟主机,分别部署wordpress和phpmyadmin应用
部署wordpress:将wordpress应用程序上传到访问目录下:[root@chenliang host1]# lsindex.html index.php wordpress-4.2-zh_CN.tar.gz解压:[root@chenliang host1]# tar xf wordpress-4.2-zh_CN.tar.gz [root@chenliang host1]# lsindex.html index.php wordpress wordpress-4.2-zh_CN.tar.gz更名,为了方便键入网址:[root@chenliang host1]# mv wordpress wp[root@chenliang host1]# lsindex.html index.php wordpress-4.2-zh_CN.tar.gz wp进入目录,修改配置文件:[root@chenliang host1]# cd wp[root@chenliang wp]# cp wp-config-sample.php wp-config.php[root@chenliang wp]# vim wp-config.php
测试结果:
至此,WordPress博客搭建成功。 部署phpmyadmin:
[root@chenliang host1]# cd /myweb/host2[root@chenliang host2]# lsindex.html index.php phpMyAdmin-3.5.4-all-languages.tar.gz[root@chenliang host2]# tar xf phpMyAdmin-3.5.4-all-languages.tar.gz [root@chenliang host2]# lsindex.html index.php phpMyAdmin-3.5.4-all-languages phpMyAdmin-3.5.4-all-languages.tar.gz[root@chenliang host2]# mv phpMyAdmin-3.5.4-all-languages phpmyadmain[root@chenliang host2]# lsindex.html index.php phpmyadmain phpMyAdmin-3.5.4-all-languages.tar.gz[root@chenliang host2]# cd phpmyadmain/phpmyadmin访问有时候会出现了session没有缓存的情况,要在/etc/php.ini中修改缓存路径,然后修改/var/lib/php/session的权限为nginx操作:
session.save_path = "/var/lib/php/session"[root@chenliang phpmyadmain]# ll -d /var/lib/php/session/drwxr-xr-x. 2 nginx nginx 6 6月 1 11:10 /var/lib/php/session/测试phpmyadmin界面显示如下:
输入用户名和密码登录数据库管理成功:
至此,phpmyadmain应用程序搭建成功。 设置phpmyadmin仅能通过https协议访问
创建私有CA:创建私钥:[root@chenliang ~]# cd /etc/pki/CA/[root@chenliang CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)Generating RSA private key, 2048 bit long modulus................................................................................+++..+++e is 65537 (0x10001)生成自签证书:[root@chenliang CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3653You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:cl Locality Name (eg, city) [Default City]:cl Organization Name (eg, company) [Default Company Ltd]:cl Organizational Unit Name (eg, section) []:cl Common Name (eg, your name or your server's hostname) []:cl Email Address []:cl@cl
完善证书目录要求和序列号: [root@chenliang CA]# touch index.txt [root@chenliang CA]# echo 01 > index.txt 搭建https服务器站点: 为服务器配置私钥: [root@chenliang ~]# mkdir /etc/nginx/ssl -pv [root@chenliang ~]# cd /etc/nginx/ssl [root@chenliang ssl]# (umask 077;openssl genrsa -out nginx.key 2048)
Generating RSA private key, 2048 bit long modulus ..................................................................................................+++ .................................................................................+++ e is 65537 (0x10001)生成证书请求:[root@chenliang ssl]# openssl req -new -key nginx.key -out nginx.csr -days 3653You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:cl Locality Name (eg, city) [Default City]:cl Organization Name (eg, company) [Default Company Ltd]:cl Organizational Unit Name (eg, section) []:cl Common Name (eg, your name or your server's hostname) []:cl Email Address []:cl Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []:cl
将证书请求发送到CA(这里是在自己的服务器上创建私有CA,所以直接将证书复制到服务器端的/tmp目录下): [root@chenliang ssl]# cp nginx.csr /tmp/ 在CA上为nginx服务器请求签发证书: [root@chenliang ssl]# openssl ca -in /tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 3653
Using configuration from /etc/pki/tls/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Jun 1 06:38:10 2018 GMT Not After : Jun 1 06:38:10 2028 GMT Subject: countryName = CN stateOrProvinceName = cl organizationName = cl organizationalUnitName = cl commonName = cl emailAddress = cl X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: F7:03:98:4F:94:82:35:92:61:F3:E5:9E:8D:67:D4:DA:DD:CF:7A:EF X509v3 Authority Key Identifier: keyid:BC:65:B9:DF:AB:07:40:38:89:A5:45:ED:AD:A8:68:FF:FD:C4:80:BF Certificate is to be certified until Jun 1 06:38:10 2028 GMT (3653 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
在CA上将CA签发的证书传送到Nginx服务器: [root@chenliang ssl]# cp /etc/pki/CA/certs/nginx.crt /etc/nginx/ssl [root@chenliang ssl]# ls nginx.crt nginx.csr nginx.key 在Nginx服务器上,删除证书请求文件: [root@chenliang ssl]# ls nginx.crt nginx.csr nginx.key [root@chenliang ssl]# rm -f nginx.csr [root@chenliang ssl]# ls nginx.crt nginx.key 在Nginx服务器上配置ssl支持: 1.安装mod_ssl模块: [root@chenliang ~]# yum install -y mod_ssl 2.编辑Nginx服务器的主配置文件: [root@chenliang ~]# vim /etc/nginx/nginx.conf > server { > listen 80 443 ssl; > server_name www.clhost2.com; > ssl_certificate /etc/nginx/ssl/nginx.crt; > ssl_certificate_key /etc/nginx/ssl/nginx.key; > location / { > root /myweb/host2; > index index.php index.html index.htm; > } > > location ~* \.php$ { > root /myweb/host2; > fastcgi_pass 127.0.0.1:9000; > fastcgi_index index.php; > fastcgi_param SCRIPT_FILENAME /myweb/host2/$fastcgi_script_name; > include /etc/nginx/fastcgi_params; > } > } 检查语法错误: [root@chenliang ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful 重载Nginx服务: [root@chenliang ~]# nginx -s reload
测试界面为:
使用https访问站点结果:
配置即使客户端通过http协议访问phpmyadmin站点,最终也可以让用户使用https重新请求访问
在nginx的主配置文件中,配置phpmyadmin应用程序所在的虚拟主机: [root@chenliang ~]# vim /etc/nginx/nginx.conf 添加一个虚拟机,监听80端口: > server { > listen 80; > server_name www.clhost2.com; > location ~ \.php$ { > root /myweb/host2; > index index.php; > rewrite ^/(.*\.php)$ https://www.clhost2.com/$1 break; > } > } 检查语法并重载服务: [root@chenliang ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@chenliang ~]# nginx -s reload 键入网址: http://www.clhost2.com/phpmyadmin 测试结果如下,使用http访问会自动跳转到https访问: 
转载于:https://blog.51cto.com/chenliangdeeper/2122709
你可能感兴趣的文章
湖南省第八届大学生计算机程序设计竞赛试题 题目A 三家人 (未测试)
查看>>
MongoDB 下载 安装 启动
查看>>
我的友情链接
查看>>
【小松教你手游开发】【unity实用技能】unity ios快捷打包
查看>>
golang 使用时间通过md5生成token
查看>>
caffe编译的问题解决:“cublas_v2.h: No such file or directory”
查看>>
40岁后才明白的道理:人一生奋斗余地很有限
查看>>
正则符号整理
查看>>
Asp.net core 二级域名的设置
查看>>
es 字段 replace
查看>>
Oracle Study之案例--延迟块清除(deferred block cleanout)
查看>>
【LAMP】03、构建分离式的LAMP
查看>>
大快DKhadoop大数据处理平台详解
查看>>
Android卡顿优化:卡顿分析方法
查看>>
人生若只如初见
查看>>
Ext4.1中文API文档已经全部翻译完成!
查看>>
linux下tomcat 管理端无法进入
查看>>
接口在ADO.NET中使用方法
查看>>
会做人比会写程序更重要
查看>>
Python生成简单分形
查看>>