Introduction to LAMP

LAMP

learning target

• Configure the LAMP environment based on the php5_module module
• Configure the LAMP environment based on php-fpm and proxy_fcgi_module modules
• Install PHP 7.0 from the SCL repository
• Install and configure LAMP applications
• Configure AWStats to realize virtual host access log analysis statistics

Task 1: Install and configure the LAMP environment (1)

Require

Configure LAMP environment based on CentOS7 official warehouse and EPEL warehouse

• Aache2.4 + mpm_prefork_module + php5.4 + php5_module
• MariaDB5.5

step

1. Install and configure MariaDB/MySQL service

• Install mariadb and mariadb-server
• Configure MariaDB
  • Edit the main configuration file /etc/my.cnf, [mysqld]set in the section
    • character-set-server=utf8
    • collation-server=utf8_general_ci
    • max_connections = 50 (the default maximum number of concurrent connections is 100)
  • Edit the main configuration file /etc/my.cnf.d/client.cnf, [client]set in the section
    • character-set-server=utf8
• Start the MariaDB service and set it to start at boot
• Configure the root user password for the MariaDB service
  • mysqladmin -u root password 'Med7ahBuu7ru2Wooyohg'
  • ormysql_secure_installation
• Install from the EPEL repository and get more configuration suggestions

2. Install and configure PHP

• Install PHP and related modules
  yum install php
  php-{pdo,mcrypt,mbstring,intl,gd,pecl-{imagick,memcached,redis}
• Detect installed PHP (cli) version
  php -v
• Configure PHP
  • Edit the main configuration file /etc/php.ini, [PHP]set in the section
    • Use the zlib library to compress the output and set the compression level to 1
    • Limit the maximum amount of memory a PHP script may consume to 256M
    • Specify a maximum acceptable size of 256M for the POST method
    • Set the maximum file size that can be uploaded to 20M
  • Edit the main configuration file /etc/php.ini, [Date]set in the section
    • Define the default timezone for date functions asAsia/Shanghai

3. Execute PHP scripts through Aapche's PHP module

• See Apache's PHP module loading/configuration file
  grep -v “^#” /etc/httpd/conf.modules.d/10-php.conf
  grep -v “^#” /etc/httpd/conf.d/php. conf
• Check Apache configuration correctness and reload Apache configuration

4. test

• Write PHP test script
  echo '<?php phpinfo()?>' > /var/www/html/info.php
  echo '<?php phpinfo()?>' > /srv/www/olabs.net/www/htdocs /info.php
• Test elinks on client
  http://www.olabs.lan/info.php
  elinks http://www.olabs.net/info.php
• Stress test
  ab -n 2000 -c 100 http://www.olabs.net/info.php

5. Use lynis -cto scan the entire system and harden the system according to the report prompts

Task 2: Install and configure LAMP applications (1)

Require

installation configuration

• phpMyAdmin
• dokuwiki ( .htaccess)
• h5ai

step

1. Install and configure phpMyAdmin

• Install phpMyAdmin
• Configure phpMyAdmin
  • Modify the configuration file of phpMyAdmin/etc/phpMyAdmin/config.inc.php
    • Reset encrypted password for Cookies authentication
  • Modify the Apache configuration file/etc/httpd/conf.d/phpMyAdmin.conf
    • Configure to allow 192.168.56.0/24 access
• Check Apache configuration correctness and reload configuration of Apache service
• test phpMyAdmin
  • https://www.olabs.lan/phpmyadmin/
  • https://www.olabs.net/phpmyadmin/

2. Install and configure dokuwiki

• Download and deploy dokuwiki site content

mkdir /srv/www/olabs.net/wiki/src
cd /srv/www/olabs.net/wiki/src
wget https://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz
tar xzf dokuwiki-stable.tgz
cd ..
rm -rf htdocs
mv src/dokuwiki-2017-02-19e htdocs

• Execute the installation script in the browser to install
  • http://wiki.olabs.net/install.php
  • Set the file system permissions reasonably according to the prompt information
  • Delete the install.php file after installation
• Edit wiki page
• Configure pseudo-static access
  • Edit /etc/httpd/vhosts.d/olabs.net.conf, modify the virtual host of wiki.olabs.net:443
    • Configuration allows reading /srv/www/olabs.net/wiki/htdocs/configuration files in the directory.htaccess
  • EDIT /srv/www/olabs.net/wiki/htdocs/conf/local.phpEnable pseudo-static access
    • echo "\$conf['userewrite'] = 1;" >> /srv/www/olabs.net/wiki/htdocs/conf/local.php
  • Revise
    • Copy the default published .htaccess.dist to .htaccess
      • cp /srv/www/olabs.net/wiki/htdocs/.htaccess{.dist,}
    • Edit /srv/www/olabs.net/wiki/htdocs/.htaccessto adapt to this site
  • Test pseudo-static access
    • http://wiki.olabs.net/wiki/syntax

3. Install and configure h5ai

• /srv/www/olabs.org/www/htdocs/downloadInstall configuration for directoryh5ai
• Make it look like https://release.larsjung.de/ when visiting http://www.olabs.org/download

Task 3: Install and configure the LAMP environment (2)

Require

Configure LAMP environment based on CentOS7 official warehouse and EPEL warehouse

• Aache2.4 + mpm_envent_module + php5.4 + php-fpm + proxy_fcgi_module
• MariaDB5.5

step

1. install and startphp-fpm

• phpRemove package for Apache modules
• Installphp-fpm
• boot/immediately start php-fpmthe daemon

2. view and configurephp-fpm

• View php-fpmversion
  php-fpm -v
• View php-fpmprocess
  ps -HO user -p pidof php-fpm
  lsof -i :9000
• View php-fpmthe main configuration file for/etc/php-fpm.conf
• View php-fpmthe process pool configuration file/etc/php-fpm.d/www.conf

3. Configure Apache

• Configure Apache to access through proxy_fcgi_modulephp-fpm

  • Create or edit /etc/httpd/conf.d/php.conf:
    # Allow php to handle Multiviews
    AddType text/html .php

     # Add index.php to the list of files 
     # that will be served as directory indexes.
     DirectoryIndex index.php
     
     # Enable the http authorization headers.
     SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
     
     # Redirect the PHP scripts execution to the FPM backend.
     <FilesMatch \.php$>
         SetHandler "proxy:fcgi://127.0.0.1:9000"
     </FilesMatch>
     
     # Prevent .user.ini files from being viewed by Web clients.
     <Files ".user.ini">
         Require all denied
     </Files>
    

• Configure Apache to enable mpm_envent_module
  • 编辑 /etc/httpd/conf.modules.d/10-php.conf
    # LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
    # LoadModule mpm_worker_module modules/mod_mpm_worker.so
    LoadModule mpm_event_module modules/mod_mpm_event.so
• Check Apache configuration correctness and reload configuration of Apache service

4. Test whether Apache is enabled with FPM/FastCGI
   elinks --dump http://localhost/info.php |grep 'Server API'
   elinks --dump http://www.olabs.lan/info.php |grep 'Server API'
   elinks -- dump http://www.olabs.net/info.php |grep 'Server API'
5. Stress test
   ab -n 2000 -c 100 http://www.olabs.net/info.php

Task 4: Install and configure the LAMP environment (3)

Require

Configure the LAMP environment based on the SCL warehouse

• Aache2.4 + mpm_envent_module + php70 + php-fpm + proxy_fcgi_module
• MariaDB5.5

step

1. Install and configure SCL repository
   yum -y install centos-release-scl scl-utils
   rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo yum
   repolist |grep sclo
   yum makecache
2. Install php70 and related modules
   yum -y install rh-php70
   rh-php70-php-{pdo,mcrypt,mbstring,intl,gd,pecl-{imagick,memcached,redis},fpm}
   scl -l
3. Switch php-fpm to the new version
   systemctl stop php-fpm
   systemctl disable php-fpm
   systemctl start rh-php70-php-fpm
   systemctl enable rh-php70-php-fpm
4. 测试
   elinks --dump http://localhost/info.php |egrep ‘Server API|PHP Version’

Toggle PHP using the SCL repository on the command line

• Detect the originally installed PHP version
  which php ; php -v
  which php-fpm ; php-fpm -v
• Switch the new shell to use PHP from the SCL repository:
  scl -l
  scl enable rh-php70 bash
• Detect newly installed PHP version
  which php ; php -v
  which php-fpm ; php-fpm -v
• Exit the new shell and check the PHP version again
  exit
  which php ; php -v
  which php-fpm ; php-fpm -v

PHP using the SCL repository by default on the command line

cat >/etc/profile.d/rh-php70.sh <<_END
#!/bin/bash

source /opt/rh/rh-php70/enable
export X_SCLS="\$(scl enable rh-php70 'echo \$X_SCLS')"
_END

Configuring PHP/PHP-FPM for the SCL repository

• Configuration files are based on /etc/opt/rh/rh-php70/the directory
• php configuration file: php.ini,php.d/*.ini
• php-fpm configuration file: php-fpm.conf,php-fpm.d/*.conf

practise

• Install and enable Mariadb v10.2 from the SCL repository
  yum search rh-mariadb102

Task 5: Use AWStats to implement access log analysis statistics

Require

Configure AWStats for www.olabs.{net,org} virtual host to achieve access log analysis and statistics

step

1. install awstats
2. Configure awstats to create individual configuration files for each virtual host

• /etc/awstats/awstats.www.olabs.net.conf
• /etc/awstats/awstats.www.olabs.org.conf

3. Immediately update the AWStats statistics database for the specified profile

• /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=www.olabs.net
• /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=www.olabs.org

4. Configure Apache for CGI access to view AWStats WUI

• Edit the main Apache configuration file to include the/etc/httpd/conf.d/awstats.conf
• Add the HTTP digest authentication configuration in the appropriate place, you can use the digest authentication password file created in task 4 of Chapter 14/etc/httpd/.dpasswd

5. Check Apache configuration correctness and reload Apache configuration
6. Access AWStats through a browser and test digest authentication
   • http://www.olabs.net/awstats/awstats.pl
   • http://www.olabs.net/awstats/awstats.pl?config=www.olabs.net
   • http://www.olabs.net/awstats/awstats.pl?config=www.olabs.org

Task 6*: Install and configure LAMP application (2)

Require

• Configure a Laravel framework-based application for http://blog.olabs.org installation

step

1. Install and configure composer

• install composer

   # curl -sS https://getcomposer.org/installer | php
  
   # mv composer.phar /usr/local/bin/composer
  

• Configure the mirror site used globally by composer

   # composer config -g repo.packagist composer \
  
        https://packagist.phpcomposer.com
   # tree -F -L 2 ~olabsorg
  

2. Install laravel
   # su - olabsorg

   $ scl enable rh-php70 bash
   $ composer create-project  laravel/laravel blog --prefer-dist "5.5.*"
   

3. Configure and test the blog.olabs.org virtual host

• Revise/etc/httpd/vhosts.d/olabs.org.conf

<VirtualHost *:80>
    ServerAdmin root@localhost
    ServerName blog.olabs.org:80
    DocumentRoot /srv/www/olabs.org/blog/public/
    ErrorLog  /srv/www/olabs.org/blog/logs/error_log
    CustomLog /srv/www/olabs.org/blog/logs/access_log combined
    <Directory /srv/www/olabs.org/blog/public/>
        Options +FollowSymLinks
        Require all granted

        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^ index.php [L]
    </Directory>
</VirtualHost>

• Check Apache configuration correctness and reload configuration of Apache service
• Configure domain name resolution of blog.olabs.org (bind or /etc/hosts)
• Test http://blog.olabs.org

4. Install and configure Voyager, a background generation tool based on laravel

• Use composer to install the PHP packages required by Voyager
• Create the mysql database required for BLOG
• Environment file under configuration project.env
• Use artisan to perform voyager installation and populate test data
• Reset the password and Email of the administrator admin
• Visit the background management interface of BLOG in the browser http://blog.olabs.org/admin

5. Write code based on Voyager background, create BLOG frontend http://blog.olabs.org

** practise**

• Install Grav or BookStack

Task 7*: Memcached and Redis

Require

• Install, configure and start Memcached
• Install, configure and start Redis

Task 8*: Use mylvmbackup to implement a physical backup of the MySQL database

Require

• Install mylvmbackup from the EPEL repository
• configure mylvmbackup
  • /etc/mylvmbackup.conf
• Schedule cron tasks to be executed at 1 o'clock every day
  • /etc/cron.d/mylvmbackup

Task 9*: LAMP environment configuration for CentOS 6 and Debian 9

Require

• Configure Apache2.4+php7.0+php-fpm+mpm_envent_module on the c6-v1 container
• Configure Apache2.4+php7.0+php-fpm+mpm_envent_module on the d9-v1 container

Tomcat & Apache

learning target

• Install and configure OpenJDK or Java SE Development Kit (Oracle)
• Install and configure Tomcat running independently
• Configure the second instance of Tomcat
• Configure Apache reverse proxy Tomcat
• Configure Apache reverse proxy usermin

Task 1: Install OpenJDK and Tomcat

Require

• Install java-1.8.0-openjdk and tomcat
• Configure Tomcat to run independently
• Test Tomcat running independently
• Install Tomcat's default web application, management application, and documentation
• Configure Tomcat's management application
  • User fanny can only access the manager interface
  • User tonny can access both manager and admin interface
• Use different users to test the management interface access

Task 2: Configure the second instance of Tomcat

Require

• Configure a second Tomcat instance that can be managed by systemd

Task 3: Apache reverse proxy

Require

• Configure Apache reverse proxy Tomcat default instance
  • Do not reverse proxy for URI access to /docs
  • Use AJP protocol to reverse proxy the default instance of Tomcat
• Configure the second instance of Apache reverse proxy Tomcat
• Configure Apache reverse proxy usermin (https://localhost:20000)