千家信息网

CentOS 7, apm+xcache, rpm包, php module

发表于:2024-11-14 作者:千家信息网编辑
千家信息网最后更新 2024年11月14日,实验需求:1、CentOS 7, apm+xcache, rpm包, php module;a) 一个虚拟主机提供phpMyAdmin,另一个虚拟主机提供wordpress;b) 为phpMyAdmi
千家信息网最后更新 2024年11月14日CentOS 7, apm+xcache, rpm包, php module
  1. 实验需求:

    1、CentOS 7, apm+xcache, rpm包, php module;
    a) 一个虚拟主机提供phpMyAdmin,另一个虚拟主机提供wordpress;
    b) 为phpMyAdmim提供https服务;

  2. 实验环境:

    Linux服务器操作系统版本:CentOS Linux release 7.2.1511 (Core) IP:172.16.252.113
    WIN7系统客户机:IP:172.16.250.100


  3. 实验前提:
    1)关闭防火墙和SELinux
    ~]# service iptables stop
    ~]# setenforce 0

  4. 实验过程:


一、安装amp环境

1.yum包安装amp

~]# yum install httpd php php-mysql mariadb

1)检查是否成功安装包
~]# rpm -qa httpd php php-mysql mysql-server

2)启动服务
~]# systemctl start httpd
~]# systemctl start mariadb

3)查看服务是否正常启动
~]# ss -nlt
~]# ps aux | grep httpd
~]# ps aux |grep myslq

4)设置开机自动启动
~]# systemctl enable httpd
~]# systemctl enable mariadb

5)检查是否设置成开机自启动
~]# systemctl is-enabled httpd
~]# systemctl is-enabled mariadb

2.一个虚拟主机提供phpMyAdmin,另一个虚拟主机提供wordpress;

二、配置虚拟主机

1)vhosts www1


ServerName www1.magedu.com
DocumentRoot /data/vhosts/www1
ErrorLog logs/www1-error_log
CustomLog logs/www1-access_log combiend

Options None
AllowOverride None
Require all granted



2)vhosts www2


ServerName www2.magedu.com
DocumentRoot /data/vhosts/www2
ErrorLog logs/www2-error_log
CustomLog logs/www2-access_log combiend

Options None
AllowOverride None
Require all granted



二、部署wordpress环境:

1)创建站点目录
~]# mkdir /data/vhosts/www1

2)解压wordpress包
tools]# unzip wordpress-4.3.1-zh_CN.zip

3)拷贝到站点目录www1中
# cp wordpress /data/vhosts/www1

4)登录数据库
~]# mysql -uroot -p

5)为bolg创建数据库名为:wordpress
MariaDB [(none)]> CREATE DATABASE wordpress;

6)查数据库是否创建成功
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wordpress |
+--------------------+
4 rows in set (0.00 sec)

7)授权用户
MariaDB [(none)]> GRANT ALL ON wordpress.* TO ly@'localhost' IDENTIFIED BY 'liyang';
Query OK, 0 rows affected (0.03 sec)

MariaDB [(none)]> GRANT ALL ON wordpress.* TO ly@'127.0.0.1' IDENTIFIED BY 'liyang';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL ON wordpress.* TO ly@'172.16.%.%' IDENTIFIED BY 'liyang';
Query OK, 0 rows affected (0.00 sec)

8)改名wordpress配置文件为wp-config.php
]# cp wp-config-sample.php wp-config.php

9)修改wp-config.php文件连接数据库
~]# sed -n '22,38p' /data/vhosts/www1/wordpress/wp-config.php
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');
/** MySQL数据库用户名 */
define('DB_USER', 'ly');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'liyang');
/** MySQL主机 */
define('DB_HOST', '172.16.252.113');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE', '');

三、测试
1)在服务器端添加域名解析
]# echo "172.16.252.113 www1.magedu.com" >> /etc/hosts

2)在PC中的hosts文件中添加
172.16.252.113 www1.magedu.com

3)httpd-->php是否可以访问
www1]# cat admin.php
phpinfo();
?>
4)httpd-->php--mariadb是否可以访问

$conn = mysql_connect('172.16.100.71','testuser','testpass');
if($conn)
echo "OK";
else
echo "Failure";

?>

5)在浏览器中,根据提示安装http://www2.magedu.com/wordpress/index.php

6)查看数据库是否生成数据
~]# mysql -uly -p
MariaDB [(none)]> show databases;

MariaDB [(none)]> use wordpress;

MariaDB [wordpress]> show tables;
+-----------------------+
| Tables_in_wordpress |
+-----------------------+
| wp_commentmeta |
| wp_comments |
| wp_links |
| wp_options |
| wp_postmeta |
| wp_posts |
| wp_term_relationships |
| wp_term_taxonomy |
| wp_terms |
| wp_usermeta |
| wp_users |
+-----------------------+
11 rows in set (0.00 sec)

四、部署phpMyAdmin环境:

1)创建站点目录
~]# mkdir /data/vhosts/www2

2)解压phpMyAdmin包
tools]# unzip phpMyAdmin-4.4.14.1-all-languages.zip

3)拷贝到站点目录www2中
~]# cp -r phpMyAdmin-4.4.14.1-all-languages /data/vhosts/www1


4)配置phpMyAdmin软件
www1]# ln -sv phpMyAdmin-4.4.14.1-all-languages/ phpMyAdmin
~]# cp config.sample.inc.php config.inc.php


5)生成随机数
~]# openssl rand -hex 8
640b56f72820ace8


6修改配置文件config.inc.php
]# vim config.inc.php
$cfg['blowfish_secret'] = '640b56f72820ace8'

7)在浏览器中测试,根据提示输入数据库名和密码(主机账号和密码是授权wordpress中用户)
在PC机浏览器中测试:http://www1.magedu.com/phpMyAdmin-4.4.14.1-all-languages/ 通过80端口访问

8)访问提示:没有扩展,安装 php-mbstring 可以解决
~]# yum install php-mbstring

3.为phpMyAdmim提供https服务

工作目录:/etc/pki/CA/

一、建立私有CA

1)生成私钥

[root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.....+++
...........+++
e is 65537 (0x10001)

2)生成自签证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:0ps
Common Name (eg, your name or your server's hostname) []:www2.magedu.com
Email Address []:admin@magedu.com

3)提供辅助文件

[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 > serial
[root@localhost CA]# tree
.
├── cacert.pem
├── certs
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
├── private
│ └── cakey.pem
├── serial
└── serial.old


二、节点申请证书

1)生成私钥
~]# mkdir -pv /etc/httpd/ssl
ssl]# (umask 077; openssl genrsa -out httpd.key 1024)

2)生成证书签署请求:
ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:0ps
Common Name (eg, your name or your server's hostname) []:www1.magedu.com
Email Address []:admin@magedu.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:


ssl]# cp httpd.csr /tmp/


三、CA签发证书

1)签署证书
~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 16 07:41:43 2016 GMT
Not After : Jul 16 07:41:43 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = Beijing
organizationName = liyang
organizationalUnitName = 0ps
commonName = www2.magedu.com
emailAddress = admin@magedu.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
70:95:31:1F:E3:15:D0:EE:D1:8F:2E:DA:8C:64:95:F6:EA:80:8F:2D
X509v3 Authority Key Identifier:
keyid:79:B8:17:4E:7D:74:2D:CD:16:63:20:1D:D1:9F:AA:D1:5F:49:09:CA

Certificate is to be certified until Jul 16 07:41:43 2017 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

2)把签署好的证书发还给请求者。
~]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/

注意:本次私建CA和节点申请证书在同一台机器完成。

四、配置httpd支持使用ssl,及使用的证书

1)yum安装mod_ssl模块
~]# httpd -M | grep ssl
~]# yum install mod_ssl -y
~]# rpm -ql mod_ssl

2)配置虚拟主机ssh.conf
~]# vim /etc/httpd/conf.d/ss.conf

DocumentRoot "/data/vhosts/www2"
ServerName www1.magedu.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

SSLOptions +StdEnvVars
AllowOverride None
Require all granted




五、测试结果:

1)在PC机浏览器中测试:https://www1.magedu.com/phpMyAdmin-4.4.14.1-all-languages/ 通过443端口访问

4.压力测试:

一、正常测试


1)测试并发
~]# ab -c 10 -n 1000 www2.magedu.com/wordpress/index.php

Server Software: Apache/2.4.6
Server Hostname: www2.magedu.com
Server Port: 80

Document Path: /wordpress/index.php
Document Length: 0 bytes

Concurrency Level: 10
Time taken for tests: 79.144 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Non-2xx responses: 1000
Total transferred: 339000 bytes
HTML transferred: 0 bytes
Requests per second: 12.64 [#/sec] (mean)
Time per request: 791.438 [ms] (mean)
Time per request: 79.144 [ms] (mean, across all concurrent requests)
Transfer rate: 4.18 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 2
Processing: 240 770 736.3 669 6496
Waiting: 240 768 731.3 668 6429
Total: 240 770 736.4 669 6497

Percentage of the requests served within a certain time (ms)
50% 669
66% 718
75% 747
80% 765
90% 805
95% 878
98% 4807
99% 6494
100% 6497 (longest request)

二、为php安装xcache加速器测试数据:


1)yum 安装php-xcache
~]# yum install php-xcache

2)测试并发
~]# ab -c 10 -n 1000 www2.magedu.com/wordpress/index.php
Server Software: Apache/2.4.6
Server Hostname: www2.magedu.com
Server Port: 80

Document Path: /wordpress/index.php
Document Length: 0 bytes

Concurrency Level: 10
Time taken for tests: 69.750 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Non-2xx responses: 1000
Total transferred: 339000 bytes
HTML transferred: 0 bytes
Requests per second: 14.34 [#/sec] (mean)
Time per request: 697.503 [ms] (mean)
Time per request: 69.750 [ms] (mean, across all concurrent requests)
Transfer rate: 4.75 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 2
Processing: 139 683 1093.9 631 25635
Waiting: 139 682 1093.8 629 25635
Total: 139 683 1093.9 631 25635

Percentage of the requests served within a certain time (ms)
50% 631
66% 686
75% 713
80% 734
90% 785
95% 824
98% 907
99% 1450
100% 25635 (longest request

数据 数据库 测试 主机 证书 虚拟主机 服务 生成 配置 文件 目录 浏览器 环境 实验 浏览 密码 用户 提示 成功 拷贝 数据库的安全要保护哪些东西 数据库安全各自的含义是什么 生产安全数据库录入 数据库的安全性及管理 数据库安全策略包含哪些 海淀数据库安全审计系统 建立农村房屋安全信息数据库 易用的数据库客户端支持安全管理 连接数据库失败ssl安全错误 数据库的锁怎样保障安全 政企软件开发有前途吗 地下城有多少个国家的服务器 网络安全手抄报很好看又简单 网络技术加盟哪个牌子好 网络技术应用的弊端 人多服务器 网络安全小知识手抄报一年级 莱姆山谷跟哪个服务器合区 工业园区营销网络技术市场价格 暗黑2重制版服务器在哪 阿里巴巴云服务器中病毒 新的网络安全服务公司的发展方向 钢琴纠错软件开发商 计算机软件开发何时营改增 怎么管理500台服务器 服务器登录系统无法让您登录 如何软件开发项目命名 医疗卫生网络安全 网络安全模式怎么登录qq 黄岛区游戏软件开发解决方案 db2 查看数据库信息 网络安全党委 莱姆山谷跟哪个服务器合区 厦门市网络安全信息办公室 浙江瑞庭网络技术 服务器电源能给电瓶充电吗 服务器2016显卡驱动 华为独立软件开发商合作伙伴 随州软件开发企业 网络安全审计面试着装
0