LAMP环境搭建实现网站动静分离[转]
目录:php
一、环境概述html
二、动静分离拓扑图mysql
三、各服务器功能规划linux
四、各服务器基础环境配置web
五、httpd安装配置sql
六、php安装配置及启用opcache加速功能数据库
七、mysql安装配置apache
八、wordpress论坛程序安装测试vim
九、CA证书服务器及ssl配置windows
十、phpmyadmin安装测试
十一、php的opcache加速功能测试
十二、总结
一、环境概述:
前几篇博客已把httpd、mysql及php以模块的方式与http进行了整合,这些服务都在一台Linux主机上部署,这种简单的架构在网站初期还能胜任,但随着网站访问量的增大,业务逻辑愈来愈复杂,这种架构已不能知足现实的需求,现急需优化架构。咱们须要一个可扩展的网站架构,因此此次来一个大手术,httpd、mysql、以及以FastCGI方式工做的php服务各自部署在单独的服务器,三个服务各施其职,独占本身的硬件资源,这种架构随着业务量增长后扩展方便,而这种架构还实现了网站的动静分离。
全部软件包这里获取:LAMP环境所涉及软件包获取地址
二、动静分离拓扑图:
三、各服务器功能规划:
| 主机名 | IP地址 | 安装服务 | 说明 |
|
http |
192.168.0.200 |
httpd、NFS服务端 | 经过nfs把php服务器的网站程序挂载到本地,避免上传网站程序时在http和php服务器都要上传 |
| php | 192.168.0.201 |
php、NFS客户端、phpmyadmin、论坛程序 | php以php-fpm方式工做,经过nfs服务把网站程序共享 |
| mysql | 192.168.0.202 | mysql、配置成CA服务器 | 数据目录存放在LVM卷上,兼任CA证书服务,为实现安全的访问phpmyadmin |
四、各服务器基础环境配置:
4.一、http服务器基础配置:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@http ~]
# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m
[root@http ~]
# hostname
http
[root@http ~]
# ifconfig | grep Bcast:
inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0
[root@http ~]
# echo "192.168.0.200 www" >> /etc/hosts
[root@http ~]
# echo "192.168.0.201 php" >> /etc/hosts
[root@http ~]
# echo "192.168.0.202 mysql" >> /etc/hosts
[root@http ~]
# chkconfig iptables off
[root@http ~]
# service iptables stop
[root@http ~]
# vim /etc/sysconfig/selinux
SELINUX=disabled
[root@http ~]
# shutdown -r now
|
4.二、php服务器基础配置:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@php ~]
# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m
[root@php ~]
# hostname
php
[root@php ~]
# ifconfig | grep Bcast:
inet addr:192.168.0.201 Bcast:192.168.0.255 Mask:255.255.255.0
[root@php ~]
# echo "192.168.0.201 php" >> /etc/hosts
[root@php ~]
# echo "192.168.0.200 http" >> /etc/hosts
[root@php ~]
# echo "192.168.0.202 mysql" >> /etc/hosts
[root@php ~]
# chkconfig iptables off
[root@php ~]
# service iptables stop
[root@php ~]
# vim /etc/sysconfig/selinux
SELINUX=disabled
[root@php ~]
# shutdown -r now
|
4.三、mysql服务器基础配置:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@mysql ~]
# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m
[root@php ~]
# hostname
mysql
[root@mysql ~]
# ifconfig | grep Bcast:
inet addr:192.168.0.202 Bcast:192.168.0.255 Mask:255.255.255.0
[root@mysql ~]
# echo "192.168.0.202 mysql" >> /etc/hosts
[root@mysql ~]
# echo "192.168.0.200 http" >> /etc/hosts
[root@mysql ~]
# echo "192.168.0.201 php" >> /etc/hosts
[root@mysql ~]
# chkconfig iptables off
[root@mysql ~]
# service iptables stop
[root@mysql ~]
# vim /etc/sysconfig/selinux
SELINUX=disabled
[root@mysql ~]
# shutdown -r now
|
4.四、配置各服务器间免密码登录:
4.4.一、配置http无密码访问php和mysql主机:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@http ~]
# ssh-keygen -t rsa #连续回车
[root@http ~]
# ls /root/.ssh/
id_rsa id_rsa.pub
[root@http ~]
# ssh-copy-id root@php #在有提示处输入“yes”,l并输入php主机的密码
[root@http ~]
# ls /root/.ssh/ #生成了know_hosts文件
id_rsa id_rsa.pub known_hosts
[root@http ~]
# ssh-copy-id root@mysql
测试http无密码访问php及mysql主机:
[root@http ~]
# ssh root@php
Last login: Sat Jan 31 16:41:46 2015 from http
[root@http ~]
# ssh root@mysql
Last login: Sat Jan 31 16:38:12 2015 from http
|
说明:在“[root@http ~]# ssh-copy-id root@php”时,若不是指定php主机的主机名,而是指定ip地址,就像这样“[root@http ~]# ssh-copy-id root@192.168.0.201”那http登录php时只能用指定ip的地址进行无密码登录,若是是这样“[root@http ~]# ssh root@php”是不能无密码登录的,经过观察“/root/.ssh/know_hosts”文件就可知道其中的道理。
4.4.二、配置php无密码访问http和mysql主机:
|
1
2
3
|
[root@php ~]
# ssh-keygen -t rsa
[root@php ~]
# ssh-copy-id root@http
[root@php ~]
# ssh-copy-id root@mysql
|
4.4.三、配置mysql无密码访问http和php主机:
|
1
2
3
|
[root@mysql ~]
# ssh-keygen -t rsa
[root@mysql ~]
# ssh-copy-id root@http
[root@mysql ~]
# ssh-copy-id root@php
|
4.五、基于NFS准备网站目录结构:
|
1
2
3
4
5
6
7
|
[root@php ~]
# yum -y install nfs-utils
[root@php ~]
# vim /etc/exports
/web/vhosts
192.168.0.200(rw,
sync
,no_root_squash)
[root@php ~]
# mkdir -pv /web/vhosts/{bbs.linux.com,phpmyadmin.com}
[root@php ~]
# service rpcbind start
[root@php ~]
# service nfs start
[root@php ~]
# chkconfig nfs on
|
|
1
2
3
4
5
6
|
[root@http httpd-2.4.12]
# mkdir -pv /web/vhosts
[root@http httpd-2.4.12]
# vim /etc/fstab
192.168.0.201:
/web/vhosts
/web/vhosts
nfs defaults 0 0
#新增长此行
[root@http httpd-2.4.12]
# mount -a
[root@http httpd-2.4.12]
# ls /web/vhosts/
bbs.linux.com phpmyadmin.com
|
五、httpd安装配置:
5.一、软件包版本信息:
|
1
2
3
4
|
[root@http software]
# pwd
/root/software
[root@http software]
# ls
apr-1.5.1.
tar
.gz apr-util-1.5.2.
tar
.bz2 httpd-2.4.12.
tar
.bz2
|
5.二、处理httpd的依赖关系:
|
1
2
3
4
5
6
|
[root@http software]
# yum -y install pcre-devel
[root@http software]
# tar xf apr-1.5.1.tar.gz
[root@http software]
# cd apr-1.5.1
[root@http apr-1.5.1]
# ./configure --prefix=/usr/local/apr-1.5
[root@http apr-1.5.1]
# make && make install
|
说明:在编译apr-1.5.1前请看这里“安装apr报错rm: cannot remove `libtoolT': No such file or directory”
|
1
2
3
4
|
[root@http software]
# tar xf apr-util-1.5.2.tar.bz2
[root@http software]
# cd apr-util-1.5.2
[root@http apr-util-1.5.2]
# ./configure --prefix=/usr/local/apr-util-1.5 --with-apr=/usr/local/apr-1.5
[root@http apr-util-1.5.2]
# make && make install
|
5.三、httpd编译安装配置及配置:
5.3.一、编译、配置、安装http:
|
1
2
3
4
|
[root@http software]
# tar xf httpd-2.4.12.tar.bz2
[root@http software]
# cd httpd-2.4.12
[root@http httpd-2.4.12]
# ./configure --prefix=/usr/local/apache24 --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --enable-modules=most --enable-mpms-shared=all --with-zlib --with-pcre --with-mpm=event --with-apr=/usr/local/apr-1.5 --with-apr-util=/usr/local/apr-util-1.5
[root@http httpd-2.4.12]
# make && make install
|
5.3.二、源码编译安装后的收尾工做:
导出二进制文件:
|
1
2
3
|
[root@http httpd-2.4.12]
# vim /etc/profile.d/http24.sh
export
PATH=
/usr/local/apache24/bin
:$PATH
[root@http httpd-2.4.12]
# source /etc/profile.d/http24.sh
|
导出头文件:
|
1
|
[root@http httpd-2.4.12]
# ln -sv /usr/local/apache24/include /usr/include/http24
|
导出man文档:
|
1
2
3
4
5
6
7
|
[root@http httpd-2.4.12]
# vim /etc/man.config
MANPATH
/usr/man
MANPATH
/usr/share/man
MANPATH
/usr/local/man
MANPATH
/usr/local/share/man
MANPATH
/usr/X11R6/man
MANPATH
/usr/local/apache24/man
#新增
|
配置http开机自动启动(可参照前边的博客为http提供sysv风格的脚本):
|
1
|
[root@http httpd-2.4.12]
# echo "/usr/local/apache24/bin/apachectl -k start" >> /etc/rc.loacl
|
5.3.三、配置http、增长对php支持、启用虚拟主机:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
[root@http httpd-2.4.12]
# cp /etc/httpd24/httpd.conf /etc/httpd24/httpd.conf.back
[root@http httpd-2.4.12]
# vim /etc/httpd24/httpd.conf
ServerName 192.168.0.200:80
#启用ServerName
#DocumentRoot "/usr/local/apache24/htdocs" #注释中心主机
<IfModule dir_module>
DirectoryIndex index.php index.html
#增长php的主页文件
<
/IfModule
>
AddType application
/x-compress
.Z
AddType application
/x-gzip
.gz .tgz
AddType application
/x-httpd-php
.php
#增长对php的支持
AddType application
/x-httpd-php-source
.phps
#增长对php的支持
Include
/etc/httpd24/extra/httpd-vhosts
.conf
#启用虚拟主机配置文件
|
配置虚拟主机:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
[root@http httpd-2.4.12]
# vim /etc/httpd24/extra/httpd-vhosts.conf
#注释掉最后的VirtualHost容器,并新增如下两个虚拟主机
<VirtualHost *:80>
DocumentRoot
"/web/vhosts/bbs.linux.com"
ServerName bbs.linux.com
ErrorLog
"logs/bbs.linux.com-error_log"
CustomLog
"logs/bbs.linux.com-access_log"
common
<Directory
"/web/vhosts/bbs.linux.com"
>
Options none
AllowOverride none
Require all granted
<
/Directory
>
<
/VirtualHost
>
<VirtualHost *:80>
DocumentRoot
"/web/vhosts/phpmyadmin.com"
ServerName phpmyadmin.com
ErrorLog
"logs/phpmyadmin.com-error_log"
CustomLog
"logs/phpmyadmin.com-access_log"
common
<Directory
"/web/vhosts/phpmyadmin.com"
>
Options none
AllowOverride none
Require all granted
<
/Directory
>
<
/VirtualHost
>
|
测试两个虚拟主机:
|
1
2
3
4
5
|
[root@http httpd-2.4.12]
# vim /web/vhosts/bbs.linux.com/index.html
This is bbs.linux.com
[root@http httpd-2.4.12]
# vim /web/vhosts/phpmyadmin.com/index.html
This is phpmyadmin.com
[root@http httpd-2.4.12]
# /usr/local/apache24/bin/apachectl -k start
|
最后配置windows主机的hosts文件,增长http服务器的两个域名解析,用浏览器进行测试两个域名是否能正常工做。
六、php安装配置及启用opcache加速功能:
6.一、软件版本信息:
|
1
2
3
4
|
[root@php software]
# pwd
/root/software
[root@php software]
# ls
php-5.6.5.
tar
.xz
|
6.二、处理php的依赖关系:
|
1
2
|
[root@php software]
# yum -y install libxml2-devel bzip2-devel libmcrypt-devel mhash-devel
#若默认的yum源中没有这些依赖包请增长epel源后再安装
|
6.三、php编译安装及相应配置:
6.3.一、编译安装php:
|
1
2
3
4
|
[root@php software]
# tar xf php-5.6.5.tar.xz
[root@php software]
# cd php-5.6.5
[root@php php-5.6.5]
# ./configure --prefix=/usr/local/php5.6 --enable-mbstring --enable-xml --enable-fpm --enable-sockets --with-mysql=mysqlnd --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-openssl --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --with-mcrypt --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2
[root@php php-5.6.5]
# make && make install
|
6.3.二、提供php.ini、php-fpm.conf、启动脚本文件及一些收尾工做:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
[root@php php-5.6.5]
# cp php.ini-production /etc/php.ini
[root@php php-5.6.5]
# cp /usr/local/php5.6/etc/php-fpm.conf.default /usr/local/php5.6/etc/php-fpm.conf
[root@php php-5.6.5]
# vim /usr/local/php5.6/etc/php-fpm.conf #合理调整下边的参数
listen = 192.168.0.201:9000
pm.max_children = 5
#容许的并发链接数,线上服务器确定大于5
pm.start_servers = 2
#php-fpm启动时启动的进程个数
pm.min_spare_servers = 1
#最小空闲进程数
pm.max_spare_servers = 3
#最大空闲进程数
[root@php php-5.6.5]
# cp sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm
[root@php php-5.6.5]
# chmod +x /etc/rc.d/init.d/php-fpm
[root@php php-5.6.5]
# chkconfig --add php-fpm
[root@php php-5.6.5]
# chkconfig php-fpm on
#启动php-fpm及测试:
[root@php php-5.6.5]
# service php-fpm start
[root@php php-5.6.5]
# netstat -tnulp | grep 9000
#导出二进制文件:
[root@php php-5.6.5]
# echo 'export PATH=/usr/local/php5.6/bin:$PATH' > /etc/profile.d/php.sh
[root@php php-5.6.5]
# source /etc/profile.d/php.sh
[root@php php-5.6.5]
# php -v
PHP 5.6.5 (cli) (built: Feb 1 2015 09:41:40)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2014 Zend Technologies
#导出头文件:
[root@php php-5.6.5]
# ln -sv /usr/local/php5.6/include /usr/include/php5.6
#导出库文件:
[root@php php-5.6.5]
# echo "/usr/local/php5.6/lib" > /etc/ld.so.conf.d/php56.conf
[root@php php-5.6.5]
# ldconfig
|
6.3.三、启用opcache,加速php代码:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@php ~]
# vim /etc/php.ini #启用[opcache]里的参数
[opcache]
zend_extension =
/usr/local/php5
.6
/lib/php/extensions/no-debug-non-zts-20131226/opcache
.so
opcache.
enable
=1
opcache.enable_cli=1
opcache.memory_consumption=64
opcache.interned_strings_buffer=4
opcache.max_accelerated_files=2000
opcache.revalidate_freq=2
opcache.fast_shutdown=1
[root@php ~]
# service php-fpm restart
[root@php ~]
# php -m #查看opcache模块是否加载
|
6.四、配置http虚拟主机成为fastcgi的客户端,实现用户请求php文件时能转交给php服务器:
6.4.一、启用两个模块,使用http成为fastcgi客户:
|
1
2
3
4
5
6
7
8
9
10
11
|
[root@http ~]
# vim /etc/httpd24/httpd.conf
……
LoadModule proxy_module modules
/mod_proxy
.so
LoadModule proxy_fcgi_module modules
/mod_proxy_fcgi
.so
……
[root@http ~]
# /usr/local/apache24/bin/apachectl -k stop
[root@http ~]
# /usr/local/apache24/bin/apachectl -k start
[root@http ~]
# /usr/local/apache24/bin/apachectl -t -D DUMP_MODULES | grep proxy
proxy_module (shared)
proxy_fcgi_module (shared)
|
6.4.二、修改虚拟主机配置文件:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
[root@http ~]
# vim /etc/httpd24/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot
"/web/vhosts/bbs.linux.com"
ServerName bbs.linux.com
ErrorLog
"logs/bbs.linux.com-error_log"
CustomLog
"logs/bbs.linux.com-access_log"
common
ProxyRequests Off
#新增
ProxyPassMatch ^/(.*\.php)$ fcgi:
//192
.168.0.201:9000
/web/vhosts/bbs
.linux.com/$1
#新增
<Directory
"/web/vhosts/bbs.linux.com"
>
Options none
AllowOverride none
Require all granted
<
/Directory
>
<
/VirtualHost
>
<VirtualHost *:80>
DocumentRoot
"/web/vhosts/phpmyadmin.com"
ServerName phpmyadmin.com
ErrorLog
"logs/phpmyadmin.com-error_log"
CustomLog
"logs/phpmyadmin.com-access_log"
common
ProxyRequests Off
#新增
ProxyPassMatch ^/(.*\.php)$ fcgi:
//192
.168.0.201:9000
/web/vhosts/phpmyadmin
.com/$1
#新增
<Directory
"/web/vhosts/phpmyadmin.com"
>
Options none
AllowOverride none
Require all granted
<
/Directory
>
<
/VirtualHost
>
[root@http ~]
# /usr/local/apache24/bin/apachectl -t
Syntax OK
[root@http ~]
# /usr/local/apache24/bin/apachectl -k stop
[root@http ~]
# /usr/local/apache24/bin/apachectl -k start
|
6.4.三、测试http与fastcgi整合是否工做正常:
|
1
2
3
4
5
6
|
[root@http ~]
# vim /web/vhosts/bbs.linux.com/index.php
<?php
phpinfo();
?>
[root@http ~]
# cp /web/vhosts/bbs.linux.com/index.php /web/vhosts/phpmyadmin.com/
|
七、mysql安装配置:
7.一、基于LVM(逻辑卷管理器)准备分区,mysql的数据目录放在此设备上:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@mysql ~]
# fdisk -l | grep Disk
Disk
/dev/sdb
: 1073 MB, 1073741824 bytes
Disk identifier: 0x00000000
Disk
/dev/sda
: 53.7 GB, 53687091200 bytes
Disk identifier: 0x000bf287
Disk
/dev/sdc
: 1073 MB, 1073741824 bytes
Disk identifier: 0x00000000
#用fdisk分区工具把sdb与sdc两个块设备进行分区,并把分区类型修改为“8e Linux LVM ”类型
[root@mysql ~]
# fdisk -l | grep "Device Boot" -A 1
Device Boot Start End Blocks Id System
/dev/sdb1
1 130 1044193+ 8e Linux LVM
--
Device Boot Start End Blocks Id System
/dev/sda1
* 1 13 102400 83 Linux
--
Device Boot Start End Blocks Id System
/dev/sdc1
1 130 1044193+ 8e Linux LVM
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
[root@mysql ~]
# yum -y install lvm2 #安装lvm管理器
[root@mysql ~]
# pvcreate /dev/sdb1 /dev/sdc1 #把两设备转化成pv设备
[root@mysql ~]
# vgcreate MysqlData /dev/sdb1 /dev/sdc1 #建立vg
[root@mysql ~]
# vgs
VG
#PV #LV #SN Attr VSize VFree
MysqlData 2 0 0 wz--n- 1.98g 1.98g
[root@mysql ~]
# lvcreate -L 500M -n DB_Data MysqlData
Logical volume
"DB_Data"
created
[root@mysql ~]
# lvdisplay
--- Logical volume ---
LV Path
/dev/MysqlData/DB_Data
LV Name DB_Data
VG Name MysqlData
LV UUID SrY3K8-TtB6-KARr-gkNc-IZjb-B21M-UZsmQB
LV Write Access
read
/write
LV Creation host,
time
mysql, 2015-02-01 11:36:35 +0800
LV Status available
# open 0
LV Size 500.00 MiB
Current LE 125
Segments 1
Allocation inherit
Read ahead sectors auto
- currently
set
to 256
Block device 253:0
[root@mysql ~]
# mkfs.ext4 /dev/MysqlData/DB_Data #格式化
[root@mysql ~]
# mkdir /mydata #建立挂载目录
[root@mysql ~]
# vim /etc/fstab
/dev/MysqlData/DB_Data
/mydata
ext4 defaults 0 0
#新增
[root@mysql ~]
# mount -a
[root@mysql ~]
# ls /mydata/
lost+found
|
7.二、mysql二进制包安装及相应库的准备工做:
7.2.一、mysql安装配置:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
[root@mysql software]
# pwd
/root/software
[root@mysql software]
# ls
mysql-advanced-5.6.22-linux-glibc2.5-x86_64.
tar
.gz
[root@mysql software]
# yum -y install libaio-devel #处理依赖关系
[root@mysql software]
# useradd -r -s /sbin/nologin mysql -M #建立mysql运行时的用户
[root@mysql software]
# mkdir /mydata/data
[root@mysql software]
# chown -R mysql.mysql /mydata/data #修改数据目录的属性
[root@mysql software]
# ls -ld /mydata/data
drwxr-xr-x 2 mysql mysql 1024 Feb 1 12:46
/mydata/data
[root@mysql software]
# mv /etc/my.cnf /etc/my.cnf.back #备份原有的配置文件
[root@mysql software]
# tar xf mysql-advanced-5.6.22-linux-glibc2.5-x86_64.tar.gz -C /usr/local/
[root@mysql software]
# ln -sv /usr/local/mysql-advanced-5.6.22-linux-glibc2.5-x86_64 /usr/local/mysql
[root@mysql software]
# chown -R root.mysql /usr/local/mysql/*
[root@mysql software]
# cp /usr/local/mysql/support-files/my-default.cnf /etc/my.cnf
[root@mysql software]
# vim /etc/my.cnf #保留下边的参数mysql就可启动,详细参数请查看其余文档
basedir =
/usr/local/mysql
datadir =
/mydata/data
port = 3306
# server_id = .....
socket =
/tmp/mysql
.sock
user = mysql
innodb_file_per_table = 1
innodb_thread_concurrency = 0
#不限制并发数
[root@mysql software]
# cd /usr/local/mysql
[root@mysql mysql]
# cp /usr/local/mysql/support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@mysql mysql]
# chkconfig --add mysqld
[root@mysql mysql]
# chkconfig mysqld on
[root@mysql mysql]
# scripts/mysql_install_db --user=mysql --datadir=/mydata/data
[root@mysql mysql]
# service mysqld start
Starting MySQL.. SUCCESS!
#导出二进制文件:
[root@mysql mysql]
# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@mysql mysql]
# source /etc/profile.d/mysql.sh
#导出头文件:
[root@mysql mysql]
# ln -sv /usr/local/mysql/include /usr/include/mysql
#导出库文件:
[root@mysql mysql]
# echo "/usr/local/mysql/lib" > /etc/ld.so.conf.d/mysql.conf
[root@mysql mysql]
# ldconfig -v | grep mysql
#测试:
[root@mysql mysql]
# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection
id
is 2
Server version: 5.6.22-enterprise-commercial-advanced MySQL Enterprise Server - Advanced Edition (Commercial)
Copyright (c) 2000, 2014, Oracle and
/or
its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and
/or
its
affiliates. Other names may be trademarks of their respective
owners.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
mysql>
[root@mysql mysql]
# mysqladmin -u root password #为root用户设置密码
New password:
Confirm new password:
|
7.2.二、建立论坛程序wordpress所使用数据库:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
[root@mysql mysql]
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection
id
is 3
Server version: 5.6.22-enterprise-commercial-advanced MySQL Enterprise Server - Advanced Edition (Commercial)
Copyright (c) 2000, 2014, Oracle and
/or
its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and
/or
its
affiliates. Other names may be trademarks of their respective
owners.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
mysql> create database wpdb;
Query OK, 1 row affected (0.01 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
|
test
|
| wpdb |
+--------------------+
5 rows
in
set
(0.00 sec)
mysql> grant all on wpdb.* to
'wpadmin'
@
'192.168.%.%'
identified by
'111111'
;
Query OK, 0 rows affected (0.03 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.03 sec)
mysql> \q
Bye
|
八、wordpress论坛程序安装测试
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@php software]
# pwd
/root/software
[root@php software]
# ls
php-5.6.5 php-5.6.5.
tar
.xz wordpress-4.1-zh_CN.
tar
.gz
[root@php software]
# tar xf wordpress-4.1-zh_CN.tar.gz
[root@php software]
# mv wordpress/* /web/vhosts/bbs.linux.com/
[root@php software]
# cd /web/vhosts/bbs.linux.com/
[root@php bbs.linux.com]
# cp wp-config-sample.php wp-config.php
[root@php bbs.linux.com]
# vim wp-config.php
/** WordPress数据库的名称 */
define(
'DB_NAME'
,
'wpdb'
);
/** MySQL数据库用户名 */
define(
'DB_USER'
,
'wpadmin'
);
/** MySQL数据库密码 */
define(
'DB_PASSWORD'
,
'111111'
);
/** MySQL主机 */
define(
'DB_HOST'
,
'192.168.0.202'
);
|
在windows主机上用IE浏览器直接访问“http://bbs.linux.com”就可打开wordpress的安装界面,
经测试,workpress运行正常。
九、CA证书服务器及ssl配置
9.一、在mysql服务器中生成密钥文件:
|
1
2
3
4
5
6
7
8
|
[root@mysql ~]
# cd /etc/pki/CA
[root@mysql CA]
# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
..+++
....................+++
e is 65537 (0x10001)
[root@mysql CA]
# ls private/
cakey.pem
|
9.二、生成自签证书:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@mysql CA]
# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
'.'
, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:ChongQing
Locality Name (eg, city) [Default City]:YuBei
Organization Name (eg, company) [Default Company Ltd]:Learing
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's
hostname
) []:ca.mysql.com
Email Address []:admin@mysql.com
[root@mysql CA]
# ls
cacert.pem certs crl newcerts private
[root@mysql CA]
# touch index.txt
[root@mysql CA]
# echo 01 > serial
|
CA创建完成,接下来要为phpmyadmin.com这个虚拟主机提交证书申请,并为其配置成https。
9.三、回到http服务器为phpmyadmin.com虚拟主机生成私钥,生成证书签署请求,并把证书请求发给CA,:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
[root@http httpd24]
# pwd
/etc/httpd24
[root@http httpd24]
# mkdir ssl
[root@http httpd24]
# cd ssl
[root@http ssl]
# (umask 077;openssl genrsa -out httpd.key 1024) #生成私钥
Generating RSA private key, 1024 bit long modulus
.................++++++
..................++++++
e is 65537 (0x10001)
[root@http ssl]
# openssl req -new -key httpd.key -out httpd.csr #生成证书签署请求
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
'.'
, the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:ChongQing
Locality Name (eg, city) [Default City]:YuBei
Organization Name (eg, company) [Default Company Ltd]:Learing
Organizational Unit Name (eg, section) []:Tech
Common Name (eg, your name or your server's
hostname
) []:phpmyadmin.com
Email Address []:admin@phpmyadmin.com
Please enter the following
'extra'
attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@http ssl]
# scp httpd.csr mysql:/tmp #把证书签署请求发送到CA
httpd.csr 100% 708 0.7KB
/s
00:00
|
9.四、回到CA服务器签署http发送过来的证书签署请求,处理后获得一证书文件,把它回传给http服务器:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
[root@mysql ~]
# openssl ca -in /tmp/httpd.csr -out httpd.crt -days 365 #处理http的证书签署请求
Using configuration from
/etc/pki/tls/openssl
.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Feb 1 07:05:52 2015 GMT
Not After : Feb 1 07:05:52 2016 GMT
Subject:
countryName = CN
stateOrProvinceName = ChongQing
organizationName = Learing
organizationalUnitName = Tech
commonName = phpmyadmin.com
emailAddress = admin@phpmyadmin.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
B3:3B:7C:FC:A2:4B:35:C1:20:23:3E:FD:47:DA:13:61:38:45:8C:E6
X509v3 Authority Key Identifier:
keyid:45:B3:8D:A7:16:89:C6:50:D4:87:02:82:7B:80:4B:C8:25:23:2C:50
Certificate is to be certified
until
Feb 1 07:05:52 2016 GMT (365 days)
Sign the certificate? [y
/n
]:y
1 out of 1 certificate requests certified, commit? [y
/n
]y
Write out database with 1 new entries
Data Base Updated
[root@mysql ~]
# ls
anaconda-ks.cfg httpd.crt
install
.log
install
.log.syslog software
[root@mysql ~]
# scp httpd.crt http:/etc/httpd24/ssl #把证书回传给http服务器
httpd.crt 100% 3861 3.8KB
/s
00:00
|
9.五、回到http服务器,配置虚拟主机对ssl的支持:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
[root@http httpd24]
# pwd
/etc/httpd24
[root@http httpd24]
# vim httpd.conf
LoadModule socache_shmcb_module modules
/mod_socache_shmcb
.so
#此模块在httpd-ssl.conf所须要
LoadModule ssl_module modules
/mod_ssl
.so
#启用ssl模块
Include
/etc/httpd24/extra/httpd-ssl
.conf
#启用ssl配置文件包含
[root@http httpd24]
# vim extra/httpd-ssl.conf
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot
"/web/vhosts/phpmyadmin.com"
ServerName phpmyadmin.com:443
ServerAdmin admin@phpmyadmin.com
ErrorLog
"/web/vhosts/phpmyadmin.com/logs/error_log"
TransferLog
"/web/vhosts/phpmyadmin.com/logs/access_log"
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi:
//192
.168.0.201:9000
/web/vhosts/phpmyadmin
.com/$1
<Directory
"/web/vhosts/phpmyadmin.com"
>
Options none
AllowOverride none
Require all granted
<
/Directory
>
SSLCertificateFile
"/etc/httpd24/ssl/httpd.crt"
SSLCertificateKeyFile
"/etc/httpd24/ssl/httpd.key"
[root@http httpd24]
# mkdir /web/vhosts/phpmyadmin.com/logs #建立日志目录
[root@http httpd24]
# /usr/local/apache24/bin/apachectl -t
Syntax OK
[root@http httpd24]
# /usr/local/apache24/bin/apachectl -k graceful
|
9.六、下载CA服务器须要对外公开的证书文件(cacert.pem),导入系统后进行测试。在windows系统下须要把cacert.pem证书文件从新命令为以“crt”为后缀的文件,即更名后为“cacert.crt”,导入证书后就能够访问“https://phpmyadmin.com”进行测试。
上图是以前建的测试文件,如今用https来访问也是正常的。
十、phpmyadmin安装测试
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@php software]
# pwd
/root/software
[root@php software]
# ls | grep phpMyAdmin
phpMyAdmin-4.3.8-all-languages.zip
[root@php software]
# unzip phpMyAdmin-4.3.8-all-languages.zip
[root@php software]
# rm -rf /web/vhosts/phpmyadmin.com/index* #删除以前创建的测试文件
[root@php software]
# mv phpMyAdmin-4.3.8-all-languages/* /web/vhosts/phpmyadmin.com/
[root@php phpmyadmin.com]
# cd /web/vhosts/phpmyadmin.com/
[root@php phpmyadmin.com]
# cp config.sample.inc.php config.inc.php
[root@php phpmyadmin.com]
# openssl rand -hex 8 #生成随机数
949b17bdabd31977
[root@php phpmyadmin.com]
# vim config.inc.php
$cfg[
'blowfish_secret'
] =
'949b17bdabd31977'
; /*把上边的随机数填入*/
$cfg[
'Servers'
][$i][
'host'
] =
'192.168.0.202'
; /*填入mysql的IP地址*/
|
如今只能用wpammin用户测试,由于root用户默认拒绝远程登录:
回到mysql服务去设置让root用户也能够远程登录:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
[root@mysql ~]
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection
id
is 63
Server version: 5.6.22-enterprise-commercial-advanced MySQL Enterprise Server - Advanced Edition (Commercial)
Copyright (c) 2000, 2014, Oracle and
/or
its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and
/or
its
affiliates. Other names may be trademarks of their respective
owners.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
mysql> use mysql
Reading table information
for
completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql>
select
host,user,password from user;
#只有wpadmin能够在192.168.0.0网络中远程登录
+-------------+---------+-------------------------------------------+
| host | user | password |
+-------------+---------+-------------------------------------------+
| localhost | root | *FD571203974BA9AFE270FE62151AE967ECA5E0AA |
| mysql | root | |
| 127.0.0.1 | root | |
| ::1 | root | |
| localhost | | |
| mysql | | |
| 192.168.%.% | wpadmin | *FD571203974BA9AFE270FE62151AE967ECA5E0AA |
+-------------+---------+-------------------------------------------+
7 rows
in
set
(0.00 sec)
mysql> grant all privileges on *.* to
'root'
@
'192.168.0.201'
identified by
'111111'
with grant option;
Query OK, 0 rows affected (0.03 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql>
select
host,user,password from user;
+---------------+---------+-------------------------------------------+
| host | user | password |
+---------------+---------+-------------------------------------------+
| localhost | root | *FD571203974BA9AFE270FE62151AE967ECA5E0AA |
| mysql | root | |
| 127.0.0.1 | root | |
| ::1 | root | |
| localhost | | |
| mysql | | |
| 192.168.%.% | wpadmin | *FD571203974BA9AFE270FE62151AE967ECA5E0AA |
| 192.168.0.201 | root | *FD571203974BA9AFE270FE62151AE967ECA5E0AA |
+---------------+---------+-------------------------------------------+
8 rows
in
set
(0.00 sec)
|
用root用户来登录phpmyadmin测试:
十一、php的opcache加速功能测试:
先关闭php的opcache功能:
|
1
2
3
4
5
6
|
[root@php ~]
# vim /etc/php.ini
;zend_extension =
/usr/local/php5
.6
/lib/php/extensions/no-debug-non-zts-20131226/opcache
.so
;注释掉上边一行
[root@php ~]
# service php-fpm restart
[root@php ~]
# php -m
|
在mysql服务器上用ab命令进行测试:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@mysql ~]
# yum -y install httpd-tools #安装ab测试工具,是在httpd-tools这个包里的
[root@mysql ~]
# vim /etc/hosts #增长bbs.linux.com的本地解析
192.168.0.202 mysql
192.168.0.200 http bbs.linux.com
192.168.0.201 php
[root@mysql ~]
# ab -c 100 -n 1000 http://bbs.linux.com/index.php
……省略
Non-2xx responses: 1000
Total transferred: 301205 bytes
HTML transferred: 299 bytes
Requests per second: 8.40 [
#/sec] (mean) #每秒请求个数
Time per request: 11902.085 [ms] (mean)
Time per request: 119.021 [ms] (mean, across all concurrent requests)
Transfer rate: 2.47 [Kbytes
/sec
] received
……省略
启用opcache功能后再作测试:
[root@php ~]
# vim /etc/php.ini
zend_extension =
/usr/local/php5
.6
/lib/php/extensions/no-debug-non-zts-20131226/opcache
.so
[root@php ~]
# service php-fpm restart
[root@php ~]
# php -m
[root@mysql ~]
# ab -c 100 -n 1000 http://bbs.linux.com/index.php
……省略
Write errors: 0
Non-2xx responses: 1000
Total transferred: 301000 bytes
HTML transferred: 0 bytes
Requests per second: 31.26 [
#/sec] (mean) #每秒请求个数
Time per request: 3199.462 [ms] (mean)
Time per request: 31.995 [ms] (mean, across all concurrent requests)
Transfer rate: 9.19 [Kbytes
/sec
] received
……省略
经过两次对比,能够看出启用opcache功能后网站的访问速度有明显提高。
|
十二、总结:
此次环境搭建比较顺利,当出现错误时都能经过程序所给出的错误提示和日志文件快速的定位到故障处在,但仍是有一些地址值得注意或优化:
一、在类linux环境下对编译安装的软件包约定俗成是安装在“/usr/local/”下,这里的usr是“uinx software resource”这个目录在系统安装好后自己就会有许多文件存在,若是把咱们自定义编译安装的软件都放在这个目录中,对软件的管理上仍是有一些不便,这个目录有点像windows下的“Program Files”这个目录。因此建议在安装系统之初,在进行分区时可单独划出一个分区专门成为编译软件的安装目录;
二、httpd的虚拟主机的日志文件应该集中在一个地方进行集中存储管理,此次环境搭建是分散的放在各个虚拟主机主目录下,这样也不便于日志的管理;
三、因http主机上的“/web/vhosts”目录是从php主机经过nfs发布后挂载过来的,因此简化了两次上传网站程序的动做,但也在管理上带了必定的影响,当要从新启动http、php主机时要注意开关机的顺序,开机时先开php主机,再开http主机,关机时先关http主机,后关php主机。
四、这样一个LAMP环境中涉及到了“http.conf、http-ssl.conf、http-vhost.conf、my.cnf、php.ini、my-fpm.conf”等配置文件,这些配置中各个参数的具体意义得好好总结;
五、最后就是mysql这个软件,已被oracle收购,在下载mysql5.6版本包时粗略看了一下许可协议,好像不像原生的mysql了,若是是公司线上产品,用其余数据库来替代吧,mariadb是一个不错的选择(没看过它的许可)。
本文出自 “专一Linx,与Linux共舞” 博客,请务必保留此出处http://zhaochj.blog.51cto.com/368705/1609777
相关文章
- 1. 网站的动静分离实践(动静分离)
- 2. CenOS下搭建LAMP建站环境
- 3. LAMP环境搭建
- 4. 搭建LAMP环境
- 5. LAMP 环境搭建
- 6. 搭建 LAMP 环境
- 7. Lamp环境搭建
- 更多相关文章...
- • Swift 环境搭建 - Swift 教程
- • Rust 环境搭建 - RUST 教程
- • ☆基于Java Instrument的Agent实现
- • Docker容器实战(六) - 容器的隔离与限制
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. CVPR 2020 论文大盘点-光流篇
- 2. Photoshop教程_ps中怎么载入图案?PS图案如何导入?
- 3. org.pentaho.di.core.exception.KettleDatabaseException:Error occurred while trying to connect to the
- 4. SonarQube Scanner execution execution Error --- Failed to upload report - 500: An error has occurred
- 5. idea 导入源码包
- 6. python学习 day2——基础学习
- 7. 3D将是页游市场新赛道?
- 8. osg--交互
- 9. OSG-交互
- 10. Idea、spring boot 图片(pgn显示、jpg不显示)解决方案
欢迎关注本站公众号,获取更多信息
相关文章
- 1. 网站的动静分离实践(动静分离)
- 2. CenOS下搭建LAMP建站环境
- 3. LAMP环境搭建
- 4. 搭建LAMP环境
- 5. LAMP 环境搭建
- 6. 搭建 LAMP 环境
- 7. Lamp环境搭建