CentOS 7, apm+xcache, rpm包, php module
实验需求:
1、CentOS 7, apm+xcache, rpm包, php module;
a) 一个虚拟主机提供phpMyAdmin,另一个虚拟主机提供wordpress;
b) 为phpMyAdmim提供https服务;实验环境:
Linux服务器操作系统版本:CentOS Linux release 7.2.1511 (Core) IP:172.16.252.113
WIN7系统客户机:IP:172.16.250.100实验前提:
1)关闭防火墙和SELinux
~]# service iptables stop
~]# setenforce 0实验过程:
一、安装amp环境
1.yum包安装amp
~]# yum install httpd php php-mysql mariadb
1)检查是否成功安装包
~]# rpm -qa httpd php php-mysql mysql-server
2)启动服务
~]# systemctl start httpd
~]# systemctl start mariadb
3)查看服务是否正常启动
~]# ss -nlt
~]# ps aux | grep httpd
~]# ps aux |grep myslq
4)设置开机自动启动
~]# systemctl enable httpd
~]# systemctl enable mariadb
5)检查是否设置成开机自启动
~]# systemctl is-enabled httpd
~]# systemctl is-enabled mariadb
2.一个虚拟主机提供phpMyAdmin,另一个虚拟主机提供wordpress;
二、配置虚拟主机
1)vhosts www1
ServerName www1.magedu.com
DocumentRoot /data/vhosts/www1
ErrorLog logs/www1-error_log
CustomLog logs/www1-access_log combiend
Options None
AllowOverride None
Require all granted
2)vhosts www2
ServerName www2.magedu.com
DocumentRoot /data/vhosts/www2
ErrorLog logs/www2-error_log
CustomLog logs/www2-access_log combiend
Options None
AllowOverride None
Require all granted
二、部署wordpress环境:
1)创建站点目录
~]# mkdir /data/vhosts/www1
2)解压wordpress包
tools]# unzip wordpress-4.3.1-zh_CN.zip
3)拷贝到站点目录www1中
# cp wordpress /data/vhosts/www1
4)登录数据库
~]# mysql -uroot -p
5)为bolg创建数据库名为:wordpress
MariaDB [(none)]> CREATE DATABASE wordpress;
6)查数据库是否创建成功
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wordpress |
+--------------------+
4 rows in set (0.00 sec)
7)授权用户
MariaDB [(none)]> GRANT ALL ON wordpress.* TO ly@'localhost' IDENTIFIED BY 'liyang';
Query OK, 0 rows affected (0.03 sec)
MariaDB [(none)]> GRANT ALL ON wordpress.* TO ly@'127.0.0.1' IDENTIFIED BY 'liyang';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL ON wordpress.* TO ly@'172.16.%.%' IDENTIFIED BY 'liyang';
Query OK, 0 rows affected (0.00 sec)
8)改名wordpress配置文件为wp-config.php
]# cp wp-config-sample.php wp-config.php
9)修改wp-config.php文件连接数据库
~]# sed -n '22,38p' /data/vhosts/www1/wordpress/wp-config.php
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');
/** MySQL数据库用户名 */
define('DB_USER', 'ly');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'liyang');
/** MySQL主机 */
define('DB_HOST', '172.16.252.113');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE', '');
三、测试
1)在服务器端添加域名解析
]# echo "172.16.252.113 www1.magedu.com" >> /etc/hosts
2)在PC中的hosts文件中添加
172.16.252.113 www1.magedu.com
3)httpd-->php是否可以访问
www1]# cat admin.php
phpinfo();
?>
4)httpd-->php--mariadb是否可以访问
$conn = mysql_connect('172.16.100.71','testuser','testpass');
if($conn)
echo "OK";
else
echo "Failure";
?>
5)在浏览器中,根据提示安装http://www2.magedu.com/wordpress/index.php
6)查看数据库是否生成数据
~]# mysql -uly -p
MariaDB [(none)]> show databases;
MariaDB [(none)]> use wordpress;
MariaDB [wordpress]> show tables;
+-----------------------+
| Tables_in_wordpress |
+-----------------------+
| wp_commentmeta |
| wp_comments |
| wp_links |
| wp_options |
| wp_postmeta |
| wp_posts |
| wp_term_relationships |
| wp_term_taxonomy |
| wp_terms |
| wp_usermeta |
| wp_users |
+-----------------------+
11 rows in set (0.00 sec)
四、部署phpMyAdmin环境:
1)创建站点目录
~]# mkdir /data/vhosts/www2
2)解压phpMyAdmin包
tools]# unzip phpMyAdmin-4.4.14.1-all-languages.zip
3)拷贝到站点目录www2中
~]# cp -r phpMyAdmin-4.4.14.1-all-languages /data/vhosts/www1
4)配置phpMyAdmin软件
www1]# ln -sv phpMyAdmin-4.4.14.1-all-languages/ phpMyAdmin
~]# cp config.sample.inc.php config.inc.php
5)生成随机数
~]# openssl rand -hex 8
640b56f72820ace8
6修改配置文件config.inc.php
]# vim config.inc.php
$cfg['blowfish_secret'] = '640b56f72820ace8'
7)在浏览器中测试,根据提示输入数据库名和密码(主机账号和密码是授权wordpress中用户)
在PC机浏览器中测试:http://www1.magedu.com/phpMyAdmin-4.4.14.1-all-languages/ 通过80端口访问
8)访问提示:没有扩展,安装 php-mbstring 可以解决
~]# yum install php-mbstring
3.为phpMyAdmim提供https服务
工作目录:/etc/pki/CA/
一、建立私有CA
1)生成私钥
[root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.....+++
...........+++
e is 65537 (0x10001)
2)生成自签证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:0ps
Common Name (eg, your name or your server's hostname) []:www2.magedu.com
Email Address []:admin@magedu.com
3)提供辅助文件
[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 > serial
[root@localhost CA]# tree
.
├── cacert.pem
├── certs
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
├── private
│ └── cakey.pem
├── serial
└── serial.old
二、节点申请证书
1)生成私钥
~]# mkdir -pv /etc/httpd/ssl
ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
2)生成证书签署请求:
ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:liyang
Organizational Unit Name (eg, section) []:0ps
Common Name (eg, your name or your server's hostname) []:www1.magedu.com
Email Address []:admin@magedu.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
ssl]# cp httpd.csr /tmp/
三、CA签发证书
1)签署证书
~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 16 07:41:43 2016 GMT
Not After : Jul 16 07:41:43 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = Beijing
organizationName = liyang
organizationalUnitName = 0ps
commonName = www2.magedu.com
emailAddress = admin@magedu.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
70:95:31:1F:E3:15:D0:EE:D1:8F:2E:DA:8C:64:95:F6:EA:80:8F:2D
X509v3 Authority Key Identifier:
keyid:79:B8:17:4E:7D:74:2D:CD:16:63:20:1D:D1:9F:AA:D1:5F:49:09:CA
Certificate is to be certified until Jul 16 07:41:43 2017 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
2)把签署好的证书发还给请求者。
~]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/
注意:本次私建CA和节点申请证书在同一台机器完成。
四、配置httpd支持使用ssl,及使用的证书
1)yum安装mod_ssl模块
~]# httpd -M | grep ssl
~]# yum install mod_ssl -y
~]# rpm -ql mod_ssl
2)配置虚拟主机ssh.conf
~]# vim /etc/httpd/conf.d/ss.conf
DocumentRoot "/data/vhosts/www2"
ServerName www1.magedu.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
SSLOptions +StdEnvVars
AllowOverride None
Require all granted
五、测试结果:
1)在PC机浏览器中测试:https://www1.magedu.com/phpMyAdmin-4.4.14.1-all-languages/ 通过443端口访问
4.压力测试:
一、正常测试
1)测试并发
~]# ab -c 10 -n 1000 www2.magedu.com/wordpress/index.php
Server Software: Apache/2.4.6
Server Hostname: www2.magedu.com
Server Port: 80
Document Path: /wordpress/index.php
Document Length: 0 bytes
Concurrency Level: 10
Time taken for tests: 79.144 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Non-2xx responses: 1000
Total transferred: 339000 bytes
HTML transferred: 0 bytes
Requests per second: 12.64 [#/sec] (mean)
Time per request: 791.438 [ms] (mean)
Time per request: 79.144 [ms] (mean, across all concurrent requests)
Transfer rate: 4.18 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 2
Processing: 240 770 736.3 669 6496
Waiting: 240 768 731.3 668 6429
Total: 240 770 736.4 669 6497
Percentage of the requests served within a certain time (ms)
50% 669
66% 718
75% 747
80% 765
90% 805
95% 878
98% 4807
99% 6494
100% 6497 (longest request)
二、为php安装xcache加速器测试数据:
1)yum 安装php-xcache
~]# yum install php-xcache
2)测试并发
~]# ab -c 10 -n 1000 www2.magedu.com/wordpress/index.php
Server Software: Apache/2.4.6
Server Hostname: www2.magedu.com
Server Port: 80
Document Path: /wordpress/index.php
Document Length: 0 bytes
Concurrency Level: 10
Time taken for tests: 69.750 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Non-2xx responses: 1000
Total transferred: 339000 bytes
HTML transferred: 0 bytes
Requests per second: 14.34 [#/sec] (mean)
Time per request: 697.503 [ms] (mean)
Time per request: 69.750 [ms] (mean, across all concurrent requests)
Transfer rate: 4.75 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 2
Processing: 139 683 1093.9 631 25635
Waiting: 139 682 1093.8 629 25635
Total: 139 683 1093.9 631 25635
Percentage of the requests served within a certain time (ms)
50% 631
66% 686
75% 713
80% 734
90% 785
95% 824
98% 907
99% 1450
100% 25635 (longest request