LNMP的简单实现
1.lnmp实现多个虚拟主机,分别部署wordpress和phpmyadmin应用,并设置phpmyadmin仅能通过https协议访问;:
安装所需要的组件:
yum install nginx php-fpm php-mysql
编辑文件:
~]# vim /etc/nginx/nginx.conf
server {
listen 80;
server_name www.ytc.com;
location ~* \.php$ {
root /myweb/vhost1;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME /myweb/vhost2/$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
启动nginx服务和php-fpm服务
]# systemctl restart nginx
]# systemctl restart php-fpm
在物理机的host文件中添加:
172.16.1.20 www.ytc.com
创建目录/myweb/vhost1
将wordpress传送到该目录下并解压
]# tar xf wordpress-4.2-zh_CN.tar.gz
]# mv wordpress wp
启动MySQL服务:
]# systemctl start mariadb
为wordpress创建数据库,并授权
MariaDB [(none)]> create database wpdb;
MariaDB [(none)]> grant all on *.* to 'wpuser'@'172.16.%.%' identified by '123456';
重启数据库服务:
]# systemctl restart mariadb
在web端访问:
输入用户名和密码后:
接下来就可以发帖子了;
(二)部署phpmyadmin应用,仅能通过htps协议访问;
https实现:
创建私有CA:
创建私钥:
~]# cd /etc/pki/CA
]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
生成自签证书:
]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3653
完善证书目录要求和序列号:
]# touch index.txt
]# echo 01 > /etc/pki/serial
创建https站点:
为nginx服务器创建私钥:
~]# mkdir /etc/nginx/ssl
~]# cd /etc/nginx/ssl/
]# (umask 077; openssl genrsa -out nginx.key 2048)
生成证书请求:
]# openssl req -new -key nginx.key -out nginx.csr -days 3653
在CA上为nginx证书请求签发证书:
]# openssl ca -in /etc/nginx/ssl/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 3653
证书如下:
Validity
Not Before: May 31 05:07:32 2018 GMT
Not After : May 31 05:07:32 2028 GMT
Subject:
countryName = CN
stateOrProvinceName = Jiangsu
organizationName = edu
organizationalUnitName = ytc
commonName = www.ytc.org
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
96:FA:28:6E:CB:A2:1C:30:F6:94:D9:BE:8E:E0:1E:2A:A6:57:AA:51
X509v3 Authority Key Identifier:
keyid:D0:97:1B:0F:A3:C1:B8:63:3C:B8:60:C7:E9:EB:EF:3C:A5:7E:3
将CA颁发的证书传送到nginx服务器:
]# cp /etc/pki/CA/certs/nginx.crt /etc/nginx/ssl
删除nginx服务器上的证书请求:
]# rm -rf nginx.csr
在nginx服务器上配置ssl支持:
安装mod_ssl模块:
]# yum install mod_ssl
接下来编辑nginx的主配置文件:
~]# vim /etc/nginx/nginx.conf
检测无误后,重启nginx服务:
~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
~]# systemctl restart nginxh
部署phpmyadmin应用:
创建目录:
~]# mkdir /myweb/vhost2/
将phpmyadmin包传送到该目录并解压:
]# tar xf phpMyAdmin-3.5.4-all-languages.tar.gz
]# mv phpMyAdmin-3.5.4-all-languages pma
接下来在web端测试:
输入https://www.ytc.org/pma/index.php
输入用户名(root)和密码:
接下来可根据需要创建相应的数据库。
2.配置即使客户端通过http协议访问phpmyadmin站点,
最终也可以让用户使用https重新请求访问;
首先编辑nginx的主配置文件:
接下来在web端发表访问:www.ytc.com/pma/index.php
结果直接跳转到了https://www.ytc.org/pma/index.php(F12键查看过程)如下: