; N24_jerry 第十二周作业 | Linux运维部落

N24_jerry 第十二周作业

1、请描述一次完整的http请求处理过程;

简介 一次完整的HTTP请求过程从TCP三次握手建立连接成功后开始,客户端按照指定的格式开始向服务端发送HTTP请求,服务端接收请求后,解析HTTP请求,处理完业务逻辑,最后返回一个HTTP的响应给客户端,HTTP的响应内容同样有标准的格式。无论是什么客户端或者是什么服务端,大家只要按照HTTP的协议标准来实现的话,那么它一定是通用的。

1、客户端发起http请求阶段

客户端在与服务端TCP三次握手建立连接成功后

开始按照指定的格式开始向服务端发送HTTP请求

HTTP请求格式主要有四部分组成,分别是:请求行、请求头、空行、消息体,每部分内容占一行,如下图: 

下面我们来详解一下这个来自客户端的http请求

请求行:请求行是请求消息的第一行,由三部分组成:分别是请求方法(GET/POST/DELETE/PUT/HEAD)、请求资源的URI路径、HTTP的版本号

请求头:请求头中的信息有和缓存相关的头(Cache-Control,If-Modified-Since)、客户端身份信息(User-Agent)等等。

消息体:请求体是客户端发给服务端的请求数据,这部分数据并不是每个请求必须的。

2、服务端接收客户端http请求阶段

服务端接收来自于网络上的主机请求报文中对某特定资源的一次请求的过程

3、服务端处理客户端http请求阶段

对请求报文进行解析,获取客户端请求的资源及请求方法等相关信息;

根据请求报文的头信息,来确定请求合适,编码等

4、服务端根据客户端http请求与访问自己本地资源

获取请求报文中请求的资源,根据请求,从应用-》系统内核-》驱动-》资源存放媒介(硬盘、内存)获取客户端需要的信息

5、服务端构建http响应报文

服务器接收处理完请求后返回一个HTTP相应消息给客户端。HTTP响应消息的格式包括:状态行、响应头、空行、消息体。每部分内容占一行。

状态行:状态行位于相应消息的第一行,有HTTP协议版本号,状态码和状态说明三部分构成。

响应头:响应头是服务器传递给客户端用于说明服务器的一些信息,以及将来继续访问该资源时的策略。

响应体:响应体是服务端返回给客户端的HTML文本内容,或者其他格式的数据,比如:视频流、图片或者音频数据。

6、服务端将http响应报文发送给客户端

就是在已建立的tcp链接之上将相应报文及客户请求的数据从应用层,传输层、传输层、链路层、物理层层层打包头依次传输到客户端的物理层、链路层、传输层、应用层层层解包,最后客户端获得自己http请求的数据。

7、记录日志

服务端记录http请求访问日志

2、httpd所支持的处理模型有哪些,他们的分别使用于哪些环境。

prefork:多进程模型,每个进程响应一个请求

一个主进程:负责生成子进程及回收子进程;负责创建套接字;负责接收请求,并将其派发给某子进程进行处理;

n个子进程:每个子进程处理一个请求;

工作模型:会预先生成几个空闲进程,随时等待用于响应用户请求;最大空闲和最小空闲;

worker:多进程多线程模型,每线程处理一个用户请求

一个主进程:负责生成子进程;负责创建套接字;负责接收请求,并将其派发给某子进程进行处理;

多个子进程:每个子进程负责生成多个线程;

每个线程:负责响应用户请求;

并发响应数量:m*n

m:子进程数量

n:每个子进程所能创建的最大线程数量;

event:事件驱动模型,多进程模型,每个进程响应多个请求

一个主进程 :负责生成子进程;负责创建套接字;负责接收请求,并将其派发给某子进程进行处理;

子进程:基于事件驱动机制直接响应多个请求;

3、源码编译安装LAMP环境(基于wordpress程序),并写出详细的安装、配置、测试过程。

1、安装包的准备

肯定是下载源码包了啊,所谓兵马未动粮草先行,这步过于简单,我就不写了。

我准备的是以下几个包: httpd-2.4.25.tar.gz 
nginx-1.10.3.tar.gz(可选项,如果喜欢用nginx) php-5.6.30.tar.gz mariadb-10.1.21.tar.gz
openssl-1.0.2k.tar.gz wordpress-4.7.3-zh_CN.tar.gz

2、更新系统组件

CentOS:yum update

Ubuntu:apt update && apt upgrade

这一步是个人喜好,不喜勿喷~~~

3、检查原有httpd-2.2,如有请卸载

命令

rpm -qa | grep httpd

yum remove httpd*

4、安装编译以来组件包,保平安

yum groupinstall “Development Tools” “Server Platform Development”

yum install gcc gcc-c++ ncurses-devel perl cmake libaio pcre-devel openssl-devel bison.x8664 bison-devel.x8664 libxml2-devel.x86_64

5、修改主机名

[root@CentOS6 opt]# hostname LAMPW
[root@CentOS6 opt]# vim /etc/sysconfig/network
[root@CentOS6 opt]# vim /etc/hosts
[root@CentOS6 opt]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=LAMPW
NETWORKING_IPV6=no
[root@CentOS6 opt]# cat /etc/hosts
127.0.0.1   LAMPW
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@CentOS6 opt]#

6、这一步完了记得重启机器

reboot

7、编译安装Apache

httpd-2.4.25需要较新版本的apr和apr-util,因此需要事先对其进行升级。我这里用的是源码包编译安装

(1)编译安装apr

[root@LAMPW opt]# tar zxf apr-1.5.2.tar.gz

[root@LAMPW opt]# cd apr-1.5.2

[root@LAMPW apr-1.5.2]# ./configure –prefix=/opt/apr

[root@LAMPW apr-1.5.2]# make && make install

(2)编译安装apr-util

[root@LAMPW opt]# tar zxf apr-util-1.5.4.tar.gz

[root@LAMPW opt]# cd apr-util-1.5.4

[root@LAMPW apr-util-1.5.4]# ./configure –prefix=/opt/apr-util –with-apr=/opt/apr

[root@LAMPW apr-util-1.5.4]# make && make install

(3)编译安装apache2.4.25

编译参数如下:

./configure --prefix=/opt/apache24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/opt/apr \ 
--with-apr-util=/opt/apr-util \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=event \
--enable-cache \
--enable-cache-disk \

(4)安装apache2.4.25服务脚本

编辑一下内容放到/etc/init.d/下面,附上执行权限,chkconfig –add httpd & chkconfig httpd on设置为开机启动即可,相关内容根据实际路径编辑一下即可:

#!/bin/bash
#chkconfig: - 88 66
#description:  this is a httpd scripts  of myself.
prog=/opt/apache24/bin/httpd
configfile=/opt/apache24/conf/httpd.conf
lockfile=/opt/apache24/lock/httpd
namearg=httpd
pidfile=/opt/apache24/httpd.pid
. /etc/init.d/functions

start() {
    if [ -e $lockfile  ];then
    echo "the program $namearg (`cat $pidfile`)is running" && exit 1
    else
        echo -n  "Starting $namearg ..." && sleep 2
        $prog -f $configfile && touch $lockfile && echo -e "\t\t\t[\033[32m ok \033[0m]" ||
        echo -e "\t\t\t[\033[32m fail \033[0m]"
    fi
}

stop (){
    if [  -e $lockfile  ];then
    echo -n  "Stopping $namearg..." && sleep 2
    killproc $namearg   &>/dev/null && rm -rf $lockfile && echo -e "\t\t\t[\033[32m ok \033[0m]"||  echo -e "\t\t\t[\033[32m fail \033[0m]"

    else
         echo  -e "Stopping $namearg ...\t\t\t[\033[31m fail\033[0m]"

    fi
}

status () {

    if [ -e $lockfile  ];then
        echo "the program $namearg (`cat $pidfile`)is running" && exit 1
    else

        echo "the program $namearg is not running"

    fi
}

case $1 in
start)
    start
    ;;
stop)
    stop
    ;;
restart)
    stop
    start
    ;;
status)
    status
    ;;
*)
    echo "Usage: $namearg [start | stop | restart | status  ] "
    ;;
esac

(5)为httpd服务的相关命令添加环境变量

vim /etc/profile,添加以下内容:

#Set the httpd variable environment for $PATH
export httpd_HOME=/opt/apache24
export PATH=$PATH:${httpd_HOME}/bin

最后echo $PATH看看,OK啦

apache2.4到此编译安装完毕,httpd.conf根据实际情况自己修改一下下啦

8.编译安装mysql-5.6.35,mysql-5.7已弃坑

(1)环境监察,看看有没有已安装的mysql相关包,有的话就卸载掉

基础了,我就不写了

(2)安装cmake,我喜欢用最新版,下载的是cmake version 3.8.0-rc2,源码编译安装,稍微麻烦,但是可以享受其过程。

[root@LAMPW opt]# tar zxf cmake-3.8.0.tar.gz
[root@LAMPW opt]#./bootstrap --help  #看看有什么鬼参数
[root@LAMPW opt]#./bootstrap --prefix=/usr   #我比较懒,直接一步到位,指定/usr目录
[root@LAMPW opt]#make && make install
[root@LAMPW cmake-3.7.2]# cmake --version
cmake version 3.8.0-rc2

CMake suite maintained and supported by Kitware (kitware.com/cmake).
[root@LAMPW cmake-3.7.2]#

well done!

(3)建立MySQL程序目录和数据存储目录

[root@LAMPW /]# mkdir -pv /data/MySQL_data
mkdir: created directory `/data'
mkdir: created directory `/data/MySQL_data'
[root@LAMPW /]# mkdir -pv /opt/MySQL
mkdir: created directory `/opt/MySQL'
[root@LAMPW /]#

PS:其实这一步可以省略,在编译参数里面制定,make install是强制执行了,没有目录的话会自动创建,数据存放目录除外,亲测有效。

(4)创建MySQL的系统用户组和系统用户

[root@LAMPW /]# groupadd -r mysql
[root@LAMPW /]# useradd -d /data/MySQL_data/ -g mysql -M -r -s /sbin/nologin mysql
[root@LAMPW /]# id mysql
uid=498(mysql) gid=499(mysql) groups=499(mysql)

(5)开始编译安装mysql-5.6.35

cmake . -DCMAKE_INSTALL_PREFIX=/opt/mysql \
-DMYSQL_DATADIR=/data/mysql_data \
-DSYSCONFDIR=/opt/mysql/etc \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_LIBWRAP=0 \
-DMYSQL_UNIX_ADDR=/opt/mysql/tmp/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DENABLED_LOCAL_INFILE=1 \
-DWITH_MEMORY_STORAGE_ENGINE=1 \



make -j 8 && make install

PS: 编译前要删除/etc/my.cnf,不然编译会报错。

(6)相关目录的授权

cd /data && chown -R mysql:mysql mysql_data/

cd /opt/ && chown -R mysql:mysql mysql/

(7)初始化data存放目录设置

cd /opt/mysql && scripts/mysqlinstalldb –user=mysql –basedir=/opt/mysql –datadir=/data/mysql_data

ls /data/mysql_data # 有数据说明初始化成功

(8)初始化完成后mysql中目录文件的属主应改回成root,以免被别人攻破mysql用户密码而带来数据破坏等

[root@CentOS6 ~]# cd /opt/ && chown -R root:root mysql/
[root@CentOS6 opt]# ll
total 122444
drwx------  8  501    20     4096 Aug 12  2015 boost_1_59_0
-rw-r--r--  1 root root  83709983 Mar 17 13:08 boost_1_59_0.tar.gz
drwxr-xr-x 15 root root      4096 Mar 17 13:16 cmake-3.8.0-rc2
-rw-r--r--  1 root root   7504498 Mar 17 13:08 cmake-3.8.0-rc2.tar.gz
-rw-r--r--  1 root root   1974108 Mar 17 13:08 make-4.2.tar.gz
drwxr-xr-x 13 root root      4096 Mar 17 17:30 mysql
drwxr-xr-x 35 7161 31415     4096 Mar 17 17:00 mysql-5.6.35
-rw-r--r--  1 root root  32167628 Mar 17 14:55 mysql-5.6.35.tar.gz
[root@CentOS6 opt]# ls mysql/
bin  COPYING  data  docs  include  lib  man  my.cnf  mysql-test  README  scripts  share  sql-bench  support-files
[root@CentOS6 opt]# ll mysql/
total 72
drwxr-xr-x  2 root root  4096 Mar 17 17:01 bin
-rw-r--r--  1 root root 17987 Nov 28 21:36 COPYING
drwxr-xr-x  3 root root  4096 Mar 17 17:00 data
drwxr-xr-x  2 root root  4096 Mar 17 17:00 docs
drwxr-xr-x  3 root root  4096 Mar 17 17:00 include
drwxr-xr-x  3 root root  4096 Mar 17 17:00 lib
drwxr-xr-x  4 root root  4096 Mar 17 17:00 man
-rw-r--r--  1 root root   943 Mar 17 17:30 my.cnf
drwxr-xr-x 10 root root  4096 Mar 17 17:01 mysql-test
-rw-r--r--  1 root root  2496 Nov 28 21:36 README
drwxr-xr-x  2 root root  4096 Mar 17 17:18 scripts
drwxr-xr-x 28 root root  4096 Mar 17 17:01 share
drwxr-xr-x  4 root root  4096 Mar 17 17:01 sql-bench
drwxr-xr-x  2 root root  4096 Mar 17 18:36 support-files
[root@CentOS6 opt]#

(9)mysql主配置文件

初始化后会自动在当前目录下创建一个my.cnf配置文件,直接修改就可以(在mysql 5.6 以后配置文件自动生成,不需要我们再进行复制),但是/usr/local/mysql/support-files目录下,有默认配置的配置文件,可以拷贝过去。这里我用默认生成的。

修改配置文件 #必须修改啊,不然下一步会报错哦

[root@CentOS6 /]# vim /opt/mysql/my.cnf

[mysqld]

basedir = /opt/mysql
datadir = /data/mysql_data
port = 3306

(10)为mysql提供sysv服务脚本并启动服务

[root@CentOS6 ~]# cp /opt/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@CentOS6 ~]#chkconfig --add mysqld
[root@CentOS6 ~]#chkconfig mysqld on
[root@CentOS6 ~]# chkconfig mysqld --list
mysqld          0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@CentOS6 ~]#

service mysqld start 记得要测试OK,其中启动可能会报错,例如目录权限啊,sock 、pid 文件目录设置等,主要看看报错日志,跟着解决就好。

一通肆虐(测试)

[root@CentOS6 mysql]# service mysqld 
Usage: mysqld  {start|stop|restart|reload|force-reload|status}  [ MySQL server options ]
[root@CentOS6 mysql]# service mysqld stop
Shutting down MySQL.. SUCCESS! 
[root@CentOS6 mysql]# service mysqld reload
 ERROR! MySQL PID file could not be found!
[root@CentOS6 mysql]# service mysqld start
Starting MySQL. SUCCESS! 
[root@CentOS6 mysql]# service mysqld status
 SUCCESS! MySQL running (2019)
[root@CentOS6 mysql]# service mysqld reload
 SUCCESS! Reloading service MySQL
[root@CentOS6 mysql]# service mysqld restart
Shutting down MySQL.. SUCCESS! 
Starting MySQL. SUCCESS! 
[root@CentOS6 mysql]#

嗦嘎!

(11)输出mysql的头文件至系统头文件路径/usr/include

[root@CentOS6 mysql]# ln -sv /opt/mysql/include/ /usr/include/mysql
`/usr/include/mysql' -> `/opt/mysql/include/'
[root@CentOS6 mysql]#

(12)输出mysql的头文件至系统头文件路径/usr/include

[root@CentOS6 mysql]# ln -sv /opt/mysql/include/ /usr/include/mysql
`/usr/include/mysql' -> `/opt/mysql/include/'
[root@CentOS6 mysql]#

(13)输出mysql的库文件给系统库查找路径

[root@CentOS6 ~]# vim /etc/ld.so.conf.d/mysql.conf 
[root@CentOS6 ~]# ldconfig -v |grep mysql
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-642.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg
/opt/mysql/lib:
    libmysqlclient.so.18 -> libmysqlclient_r.so.18.1.0
/usr/lib64/mysql:
    libmysqlclient.so.16 -> libmysqlclient.so.16.0.0
    libmysqlclient_r.so.16 -> libmysqlclient_r.so.16.0.0
[root@CentOS6 ~]#

(14) 修改PATH环境变量,让系统可以直接使用mysql的相关命令

[root@CentOS6 ~]# echo "export PATH=$PATH:/opt/mysql/bin" > /etc/profile.d/mysql.sh  #一条命令搞定,很叼
[root@CentOS6 ~]# ll /etc/profile.d/mysql.sh
-rw-r--r-- 1 root root 83 Mar 20 11:03 /etc/profile.d/mysql.sh
[root@CentOS6 ~]# cat /etc/profile.d/mysql.sh  #查看一下创建的文件内容
export PATH=/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/root/bin:/opt/mysql/bin
[root@CentOS6 ~]# source /etc/profile.d/mysql.sh  #使其即时生效
[root@CentOS6 ~]# echo $?  #命令是OK的
0
[root@CentOS6 ~]# mysql    #用tab键匹配一下MySQL命令 ,bingo!
mysql                       mysql_embedded
mysqlaccess                 mysql_find_rows
mysqlaccess.conf            mysql_fix_extensions
mysqladmin                  mysqlhotcopy
mysqlbinlog                 mysqlimport
mysqlbug                    mysql_plugin
mysqlcheck                  mysql_secure_installation
mysql_client_test           mysql_setpermission
mysql_client_test_embedded  mysqlshow
mysql_config                mysqlslap
mysql_config_editor         mysqltest
mysql_convert_table_format  mysqltest_embedded
mysqld                      mysql_tzinfo_to_sql
mysqld_multi                mysql_upgrade
mysqld_safe                 mysql_waitpid
mysqldump                   mysql_zap
mysqldumpslow               
[root@CentOS6 ~]#

(15) 最终测试,使用mysql命令登录

[root@CentOS6 lib]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.6.35 Source distribution

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show status;
+-----------------------------------------------+-------------+
| Variable_name                                 | Value       |
+-----------------------------------------------+-------------+
| Aborted_clients                               | 0           |
| Aborted_connects                              | 0           |
| Binlog_cache_disk_use                         | 0           |
| Binlog_cache_use                              | 0           |
| Binlog_stmt_cache_disk_use                    | 0           |
| Binlog_stmt_cache_use                         | 0           |
| Bytes_received                                | 219         |
| Bytes_sent                                    | 179         |
| Com_admin_commands                            | 0           |
| Com_assign_to_keycache                        | 0

9、编译安装php

(1)安装依赖包保平安

yum install gd-devel libmcrypt-devel libcurl-devel openssl-devel libxml2-devel

(2)下载加压,下面是编译参数

./configure --prefix=/opt/php \
--with-openssl \
--with-mysqli=/opt/mysql/bin/mysql_config \
--enable-mbstring \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr \
--enable-xml  \
--enable-sockets \
--with-apxs2=/opt/apache24/bin/apxs \
--with-mcrypt  \
--with-config-file-path=/opt/php/conf \
--with-config-file-scan-dir=/opt/php/php.d \
--with-bz2 \
--enable-maintainer-zts \
--with-mysql=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-mysqli=mysqlnd \
--with-mysql=/opt/mysql \

make -j 8
make test
make install

(3)从源码包复制php配置文件

cp /opt/php-5.6.30/php.ini-production /opt/php/etc/

(4) 编辑apache配置文件httpd.conf,以apache支持php ,此为httpd模块加载方式,非fastcgi模式

# vim /opt/apache24/conf/httpd.conf 1、添加如下二行 AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps

2、定位至DirectoryIndex index.html 修改为: DirectoryIndex index.php index.html

而后重新启动httpd,或让其重新载入配置文件即可测试php是否已经可以正常使用。

vim /opt/apache24/htdocs/index.php 测试页面index.php示例如下:

<?php
      $link = mysql_connect('192.168.0.248','root','123456');
      if ($link)
        echo " hahaha, Success...";
      else
        echo "Failure...";

      mysql_close();
    ?>


    <? 
            phpinfo(); 
    ?>

(5) 测试是否ok

安装部署WordPress

(1)下载WordPress,并解压到网站根目录

[root@lampw tools]# cp wordpress-4.7.3-zh_CN.tar.gz /opt/apache24/htdocswordpress.tar.gz
[root@lampw tools]# cd /opt/apache24/htdocs/
[root@lampw htdocs]# tar zxf wordpress.tar.gz 
[root@lampw htdocs]# cd wordpress/
[root@lampw wordpress]# ll
total 188
-rw-r--r--  1 nobody 65534   418 Sep 25  2013 index.php
-rw-r--r--  1 nobody 65534 19935 Jan  3 02:51 license.txt
-rw-r--r--  1 nobody 65534  6956 Mar  7 13:14 readme.html
-rw-r--r--  1 nobody 65534  5447 Sep 28 05:36 wp-activate.php
drwxr-xr-x  9 nobody 65534  4096 Mar  7 13:14 wp-admin
-rw-r--r--  1 nobody 65534   364 Dec 19  2015 wp-blog-header.php
-rw-r--r--  1 nobody 65534  1627 Aug 29  2016 wp-comments-post.php
-rw-r--r--  1 nobody 65534  2930 Mar  7 13:14 wp-config-sample.php
drwxr-xr-x  5 nobody 65534  4096 Mar  7 13:14 wp-content
-rw-r--r--  1 nobody 65534  3286 May 25  2015 wp-cron.php
drwxr-xr-x 18 nobody 65534 12288 Mar  7 13:14 wp-includes
-rw-r--r--  1 nobody 65534  2422 Nov 21 10:46 wp-links-opml.php
-rw-r--r--  1 nobody 65534  3301 Oct 25 11:15 wp-load.php
-rw-r--r--  1 nobody 65534 33939 Nov 21 10:46 wp-login.php
-rw-r--r--  1 nobody 65534  8048 Jan 11 13:15 wp-mail.php
-rw-r--r--  1 nobody 65534 16250 Nov 29 13:39 wp-settings.php
-rw-r--r--  1 nobody 65534 29896 Oct 19 12:47 wp-signup.php
-rw-r--r--  1 nobody 65534  4513 Oct 15 03:39 wp-trackback.php
-rw-r--r--  1 nobody 65534  3065 Sep  1  2016 xmlrpc.php

(2)创建WordPress要连接mysql的账号

[root@lampw wordpress]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1419
Server version: 5.6.35 Source distribution

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE DATABASE wpdb; 
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON wpdb.* TO wpuser@'192.168.%.%' IDENTIFIED BY 'wppass';;
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql>

3)创建WordPress的配置文件

[root@WebServer wordpress]# pwd

/usr/local/apache/htdocs/wordpress

[root@WebServer wordpress]# cp wp-config-sample.php wp-config.php

4)更改 wp-config.php关于数据库的连接相关配置

[root@WebServer wordpress]# vim wp-config.php

define(‘DB_NAME’, ‘wpdb’); # 填写数据库

/** MySQL数据库用户名 */

define(‘DB_USER’, ‘wpuser’); # 填写数据库账号

/** MySQL数据库密码 */

define(‘DB_PASSWORD’, ‘wppass’); # 填写密码

/** MySQL主机 */

define(‘DB_HOST’, ‘10.10.10.4’); # 数据库所在的主机,本机也可以填写localhost

5)访问测试

有图有真相

4、建立httpd服务器(基于编译的方式进行),要求:

提供两个基于名称的虚拟主机

前期工作

建立相应目录,我一般都是放在/data,

[root@lampw data]# mkdir -pv /data/web/vhost/{www1,www2}
mkdir: created directory `/data/web'
mkdir: created directory `/data/web/vhost'
mkdir: created directory `/data/web/vhost/www1'
mkdir: created directory `/data/web/vhost/www2'

vim /opt/apache24/conf/httpd.conf

AllowOverride none # Require all denied

(a)www1.stuX.com,页面文件目录为/web/vhosts/www1;错误日志为/var/log/httpd/www1.err,访问日志为/var/log/httpd/www1.access;

[root@lampw data]# mkdir -pv /data/web/vhost/{www1,www2}
mkdir: created directory `/data/web'
mkdir: created directory `/data/web/vhost'
mkdir: created directory `/data/web/vhost/www1'
mkdir: created directory `/data/web/vhost/www2'

vim /opt/apache24/conf/httpd.conf

<VirtualHost 192.168.0.248:80>

        ServerName www1.stuX.com
        DocumentRoot "/data/web/vhosts/www1"
        ErrorLog /data/web/log/httpd/www1.err
        CustomLog /data/web/log/httpd/www1.access combined
        <Directory "/data/web/vhosts/www1">
                Options None
                AllowOverride None
                Require all granted
        </Directory>

        <Location "/server-status">

               SetHandler server-status 

               Options None
                AllowOverride None
                AuthType Basic
                AuthName "Adimin Realm,show something"
                AuthUserFile "/opt/apache24/conf/.htpasswd"
                Require user jerry
        </Location>
</VirtualHost>

(b)www2.stuX.com,页面文件目录为/web/vhosts/www2;错误日志为/var/log/httpd/www2.err,访问日志为/var/log/httpd/www2.access;

[root@lampw data]# mkdir -pv /data/web/vhost/{www1,www2}
mkdir: created directory `/data/web'
mkdir: created directory `/data/web/vhost'
mkdir: created directory `/data/web/vhost/www1'
mkdir: created directory `/data/web/vhost/www2'


[root@lampw data]# vim /opt/apache24/conf/httpd.conf

    <VirtualHost 192.168.0.248:80>
            ServerName www2.stuX.com
            DocumentRoot "/data/web/vhosts/www2"
            ErrorLog /data/web/log/httpd/www1.err
            CustomLog /data/web/log/httpd/www1.access combined
            <Directory "/data/web/vhosts/www2">
                    Options None
                    AllowOverride None
                    Require all granted
            </Directory>
    </VirtualHost>

(c)为两个虚拟主机建立各自的主页文件index.html,内容分别为其对应的主机名;

[root@lampw data]# vim /data/web/vhost/www1/index.html
[root@lampw data]# vim /data/web/vhost/www2/index.html
[root@lampw data]# cat /data/web/vhost/www1/index.html
<h1>www1.stuX.com</h1>
[root@lampw data]# cat /data/web/vhost/www2/index.html
<h1>www2.stuX.com</h1>
[root@lampw data]#

(d)通过www1.stuX.com/server-status输出httpd工作状态相关信息,且只允许提供帐号密码才能访问(status:status);

[root@lampw ~]# cd /opt/apache24/bin/

[root@lampw bin]# ./htpasswd -m -c /opt/apache24/conf/.htpasswd jerry

[root@lampw data]# vim /opt/apache24/conf/httpd.conf

<VirtualHost 192.168.0.248:80>

            ServerName www1.stuX.com
            DocumentRoot "/data/web/vhosts/www1"
            ErrorLog /data/web/log/httpd/www1.err
            CustomLog /data/web/log/httpd/www1.access combined
            <Directory "/data/web/vhosts/www1">
                    Options None
                    AllowOverride None
                    Require all granted
            </Directory>

            <Location "/server-status">

                   SetHandler server-status 

                   Options None
                    AllowOverride None
                    AuthType Basic
                    AuthName "Adimin Realm,show something"
                    AuthUserFile "/opt/apache24/conf/.htpasswd"
                    Require user jerry
            </Location>
    </VirtualHost>

5、为第4题中的第2个虚拟主机提供https服务,使得用户可以通过https安全的访问此web站点;

(1)要求使用证书认证,证书中要求使用的国家(CN)、州(HA)、城市(ZZ)和组织(MageEdu);

(2)设置部门为Ops,主机名为www2.stuX.com,邮件为admin@stuX.com;

生成私钥

[root@lampw pki]# (umask 077; openssl genrsa -out /etc/pki/ca-trust/cakey.pem 8192)
Generating RSA private key, 8192 bit long modulus
...................................................................................................................++
........................................................................................................................................................................................................................................................++
e is 65537 (0x10001)

生成自签证书

[root@lampw pki]# openssl req -new -x509 -key /etc/pki/ca-trust/cakey.pem -out /etc/pki/ca-trust/cacert.pem -days 3655
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN  
State or Province Name (full name) [Some-State]:HA
Locality Name (eg, city) []:ZZ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MageEdu
Organizational Unit Name (eg, section) []:MageEdu
Common Name (e.g. server FQDN or YOUR name) []:www2.stuX.com
Email Address []:admin@stuX.com
[root@lampw pki]#

为CA提供所需的目录及文件

[root@lampw pki]# mkdir  -pv  /etc/pki/CA/{certs,crl,newcerts}
mkdir: created directory `/etc/pki/CA'
mkdir: created directory `/etc/pki/CA/certs'
mkdir: created directory `/etc/pki/CA/crl'
mkdir: created directory `/etc/pki/CA/newcerts'
[root@lampw pki]# touch  /etc/pki/CA/{serial,index.txt}
[root@lampw pki]# echo  01 > /etc/pki/CA/serial
[root@lampw pki]#

用到证书的主机生成私钥

[root@lampw pki]# mkdir  -pv  /etc/pki/CA/{certs,crl,newcerts}
mkdir: created directory `/etc/pki/CA'
mkdir: created directory `/etc/pki/CA/certs'
mkdir: created directory `/etc/pki/CA/crl'
mkdir: created directory `/etc/pki/CA/newcerts'
[root@lampw pki]# touch  /etc/pki/CA/{serial,index.txt}
[root@lampw pki]# echo  01 > /etc/pki/CA/serial
[root@lampw pki]#  mkdir -pv /opt/apache24/ssl
mkdir: created directory `/opt/apache24/ssl'
[root@lampw pki]# cd /opt/apache24/ssl
[root@lampw ssl]# (umask  077; openssl  genrsa -out  /opt/apache24/ssl/httpd.key 8192)
Generating RSA private key, 8192 bit long modulus
.............................................................................................................++
....................................................++
e is 65537 (0x10001)
[root@lampw ssl]#

生成证书签署请求

[root@lampw ssl]# openssl  req  -new  -key  /opt/apache24/ssl/httpd.key  -out /opt/apache24/ssl/httpd.csr  -days  365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:HA
Locality Name (eg, city) []:ZZ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MageEdu
Organizational Unit Name (eg, section) []:MageEdu
Common Name (e.g. server FQDN or YOUR name) []:www2.stuX.com
Email Address []:admin@stuX.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

将请求通过可靠方式发送给CA主机,这次是在同一台机器,我就略过,如果是生产环境,估计就是要发给可信的证书签署机构

在CA主机上签署证书

[root@centos ssl]# openssl ca  -in  /etc/httpd/ssl/httpd.csr  -out  /etc/pki/CA/certs/httpd.crt  -days  365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Mar 22 03:49:48 2017 GMT
            Not After : Mar 22 03:49:48 2018 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HA
            organizationName          = MageEdu
            organizationalUnitName    = ops
            commonName                = www2.stuX.com
            emailAddress              = admin@stuX.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                EC:C4:48:10:BE:BD:1D:D2:48:38:17:B7:FD:0D:57:DE:51:B1:8F:64
            X509v3 Authority Key Identifier: 
                keyid:ED:42:A1:59:88:A2:45:0A:F2:64:46:A6:BA:C9:7A:5D:E3:9C:FB:AE

Certificate is to be certified until Mar 22 03:49:48 2018 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@centos ssl]#

ssl]# ls /etc/pki/CA/certs/httpd.crt

/etc/pki/CA/certs/httpd.crt

ssl]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd24/ssl/

ssl]# ls

httpd.crt httpd.csr httpd.key

2、修改配置文件提供ssl服务

开启主配置文件的ssl调用,删除www2在httpd-vhosts中的定义

Include /etc/httpd24/extra/httpd-ssl.conf

~]# vim /etc/httpd24/extra/httpd-ssl.conf

[root@localhost httpd24]# cat extra/httpd-ssl.conf | grep -v “^#”

Listen 443

SSLPassPhraseDialog builtin

<VirtualHost 192.168.150.136:443>

DocumentRoot “/web/vhost/www2”

ServerName www2.stuX.com:443

ServerAdmin you@example.com

ErrorLog “/var/log/httpd/www2.err”

TransferLog “/usr/local/apache24/logs/access_log”

SSLEngine on

SSLCertificateFile “/etc/httpd24/ssl/httpd.crt”

SSLCertificateKeyFile “/etc/httpd24/ssl/httpd.key”

<Directory “/web/vhost/www2”>

AllowOverride None

Options None

Require all granted

主配置文件中启用ssl模块

~]# vim /etc/httpd24/httpd.conf

LoadModule sslmodule modules/modssl.so

重启httpd服务后测试

httpd24]# ss -tnl | grep 443

LISTEN 0 128 :::443 :::*

6、在LAMP架构中,请分别以php编译成httpd模块形式和php以fpm工作为独立守护进程的方式来支持httpd,列出详细的过程。

php编译成httpd模块形式

参阅第三题第九步

php以fpm工作为独立守护进程的方式来支持httpd

./configure –prefix=/opt/php5-fpm \ –with-mysql=mysqlnd \ –with-openssl \ –with-mysqli=mysqlnd \ –enable-mbstring \ –with-freetype-dir \ –with-jpeg-dir \ –with-png-dir \ –with-zlib \ –with-libxml-dir=/usr \ –enable-xml \ –enable-sockets \ –enable-fpm \ –with-mcrypt \ –with-config-file-path=/opt/php5-fpm/conf \ –with-config-file-scan-dir=/opt/php5-fpm/conf.d \ –with-bz2

添加了–enable-fpm选项 ,这是重点啊,各位记住。

make && make install

拷贝配置文件至/opt/php5-fpm/conf目录

php-5.4.26]# cp php.ini-production /etc/php.ini

拷贝php-fpm配置文件,并同时取消pid选项的注释

cp /usr/local/php5/etc/php-fpm.conf.default /usr/local/php5/etc/php-fpm.conf

php-5.4.26]# vim /usr/local/php5/etc/php-fpm.conf

pid = /usr/local/php5/var/run/php-fpm.pid

添加服务脚本

fpm]# pwd

/root/php-5.4.26/sapi/fpm

fpm]# cp init.d.php-fpm /etc/rc.d/init.d/php-fp

~]# chmod +x /etc/rc.d/init.d/php-fpm

~]# chkconfig –add php-fpm

启动php-fpm

~]# service php-fpm start

配置httpd

~]# vim /etc/httpd24/httpd.conf

启用这两个模块

LoadModule proxymodule modules/modproxy.so

LoadModule proxyfcgimodule modules/modproxyfcgi.so

添加文件类型

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

添加php文件的访问通过fpm

ProxyRequests Off

ProxyPassMatch ^/(.*.php)$ fcgi://127.0.0.1:9000/usr/local/apache24/htdocs/$1

找到 DirectoryIndex index.html

改为

DirectoryIndex index.php index.html

编辑php测试页并开启httpd进行测试

php-5.4.26]# cd /usr/local/apache24/htdocs/

htdocs]# vim index.php

<h1>phpfpmtest</h1>

<?php

    phpinfo();

?>

[root@localhost htdocs]# apachectl start

AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using localhost.

localdomain. Set the ‘ServerName’ directive globally to suppress this

[root@localhost htdocs]# ss -tnl httpd 80 php-fpm 9000

State Recv-Q Send-Q Local Address:Port Peer Address:Port

LISTEN 0 128 :::80 :::*

LISTEN 0 128 :::22 :::*

LISTEN 0 128 *:22 :

LISTEN 0 100 ::1:25 :::*

LISTEN 0 100 127.0.0.1:25 :

LISTEN 0 128 127.0.0.1:6010 :

LISTEN 0 128 ::1:6010 :::*

LISTEN 0 128 127.0.0.1:6011 :

LISTEN 0 128 ::1:6011 :::*

LISTEN 0 128 127.0.0.1:9000 :

此时的Server API为FPM/FastCGI

原创文章,作者:N24_Jerry,如若转载,请注明出处:/71551

发表评论

电子邮件地址不会被公开。 必填项已用*标注

评论列表(1条)

  • 马哥教育
    马哥教育 2017-03-29 17:31

    非常详细的文档,继续加油。

联系我们

400-080-6560

在线咨询:点击这里给我发消息

邮件:1660809109@qq.com

工作时间:周一至周五,9:30-18:30,节假日同时也值班

友情链接:万达开户  万达娱乐  万达娱乐主管QQ  万达直属QQ  万达招商QQ  万达娱乐招商QQ  万达招商  万达娱乐招商QQ  万达娱乐