nginx實驗---lnmp實現多個虛擬主機,部署wordpress和phpmyadmin,並為後一個主機提供https
lnmp實現多個虛擬主機,部署wordpress和phpmyadmin,並為後一個主機提供https。
一、安裝nginx
方法一:編譯安裝
1.下載nginx程序包,傳導至CentOS主機中,並解壓。
2.進入解壓目錄
3.~]# ./configure --prefix=/usr/local/nginx--sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/error.log--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid--lock-path=/var/lock/subsys/nginx.lock --user=nginx --group=nginx--with-http_ssl_module --with-http_v2_module --with-http_dav_module--with-threads --with-file-aio --with-http_stub_status_module
4. make -j 4 && make install
註意:1.啟動服務需要事先創建nginx用戶和nginx組;
2.若編譯錯誤提示缺少編譯軟件可以 yum -y install gcc gcc-c++autoconf automake make
方法二:EPEL源的安裝包
[[email protected] ~]# cd /etc/yum.repos.d/
[[email protected]]# vim nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[[email protected] yum.repos.d]# yum install -y nginx
二、創建虛擬機
[[email protected] ~]# mkdir -pv/var/www/vhost{1,2}
[[email protected] ~]# echo"www1.zrs.com" >> /var/www/vhost1/index.html
[[email protected] ~]# echo"www2.zrs.com" >> /var/www/vhost2/index.html
[[email protected] ~]# vim /etc/nginx/nginx.conf
server {
listen 80;
server_name www1.zrs.com;
location / {
root /var/www/vhost1;
index index.php index.html index.htm;
}
}
server {
listen 80;
server_name www2.zrs.com;
location / {
root /var/www/vhost2;
index index.php index.html index.htm;
}
}
[[email protected] ~]#nginx -t ///檢查語法沒問題
[[email protected]~]# nginx -s reload ///重啟服務
客戶端測試
三、安裝php和mariadb,測試連接
[[email protected] ~]# yum install -y php-fpm mariadb-server mariadb
配置nginx支持php解析
[[email protected] ~]# vim /etc/nginx/nginx.conf
server {
listen 80;
server_name www1.zrs.com;
location / {
root /var/www/vhost1;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /var/www/vhost1;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/vhost1/$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_name www2.zrs.com;
location / {
root /var/www/vhost2;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /var/www/vhost2;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/vhost2/$fastcgi_script_name;
include fastcgi_params;
}
}
[[email protected] ~]# nginx -t ///檢查語法沒問題
[[email protected] ~]# nginx -s reload ///重啟服務
修改兩個主頁index.html為index.php
並添加測試段內容:
<?php
Phpinfo();
?>
客戶端測試
創建數據庫,授權用戶,並刷新
MariaDB [(none)]> create database wpsdb;
MariaDB [(none)]> grant all on wpsdb.*TO ‘wpuser‘@‘172.16.%.%‘IDENTIFIED BY‘123456‘;
MariaDB [(none)]> create database pma;
MariaDB [(none)]> grant all on pma.* TO‘pmauser‘@‘172.16.%.%‘IDENTIFIED BY‘123456‘;
MariaDB [(none)]> FLUSH PRIVILEGES;
測試php和數據庫能否正常連接
[[email protected] ~]# vim/var/www/vhost1/index.php
vhost2也同樣設置成這樣,相關數據庫內容要改為pma的。
客戶端測試
四、部署wordpress和phpmyadmin
下載這兩個應用並導入虛擬機中,分別解壓
[[email protected] ~]# unzipwordpress-3.9-zh_CN.zip
[[email protected] ~]# tar -zxvfphpMyAdmin-4.0.10.20.tar.gz
1.部署wordpress
[[email protected] ~]# mv wordpress/var/www/vhost1/
[[email protected] ~]# cd /var/www/vhost1/wordpress/
[[email protected] wordpress]# mvwp-config-sample.php wp-config.php
[[email protected] wordpress]# vim wp-config.php ///修改配置文件
/** WordPress數據庫的名稱*/
define(‘DB_NAME‘, ‘wpsdb‘);
/** MySQL數據庫用戶名 */
define(‘DB_USER‘, ‘wpuser‘);
/** MySQL數據庫密碼 */
define(‘DB_PASSWORD‘, ‘123456‘);
/** MySQL主機 */
define(‘DB_HOST‘, ‘172.16.1.6‘);
客戶端測試 
2. 部署phpmyadmin
[[email protected] ~]# mkdir/var/www/vhost2/phpmyadmin
[[email protected] ~]# mv phpMyAdmin-4.0.10.20-all-languages/*/var/www/vhost2/phpmyadmin/
[[email protected] ~]# cd /var/www/vhost2/phpmyadmin/
[[email protected] phpmyadmin]# mvconfig.sample.inc.php config.inc.php
[[email protected] phpmyadmin]# vim config.inc.php ///修改這個文件中的下面一行配置為主機地址
$cfg[‘Servers‘][$i][‘host‘] = ‘172.16.1.6‘;
客戶端測試
五、為phpmyadmin提供https
在主機上安裝mod_ssl模塊
[[email protected] ~]# yum -y install mod_ssl
切換到CA目錄下,生成密鑰和自簽證書
[[email protected] ~]# cd /etc/pki/CA
[[email protected] CA]# (umask 077; openssl genrsa-out private/cakey.pem 2048)
Generating RSA private key, 2048 bit longmodulus
.......+++
...................................+++
e is 65537 (0x10001)
[[email protected] CA]# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter ‘.‘, the field will be leftblank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Hebei
Locality Name (eg, city) [DefaultCity]:QinHuangdao
Organization Name (eg, company) [DefaultCompany Ltd]:Link
Organizational Unit Name (eg, section)[]:ops
Common Name (eg, your name or your server‘shostname) []:ca.link.com
Email Address []:[email protected]
提供輔助文件
[[email protected] CA]# touch index.txt
[[email protected] CA]# echo 01 > serial
生成私鑰並且生成證書簽署請求
[[email protected]~]# mkdir -pv /etc/nginx/ssl
[[email protected]~]# cd /etc/nginx/ssl
[[email protected] ssl]# (umask 077; openssl genrsa-out nginx.key 1024) ///生成私鑰
Generating RSA private key, 1024 bit longmodulus
....++++++
...............................++++++
e is 65537 (0x10001)
[[email protected] ssl]# openssl req -new -keynginx.key -out nginx.csr ///生成證書請求
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter ‘.‘, the field will be leftblank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name)[]:Hebei
Locality Name (eg, city) [DefaultCity]:QinHuangdao
Organization Name (eg, company) [DefaultCompany Ltd]:Link
Organizational Unit Name (eg, section)[]:ops
Common Name (eg, your name or your server‘shostname) []:ca.link.com
Email Address []:[email protected]
Please enter the following ‘extra‘attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
簽發證書
[[email protected] ssl]# cp nginx.csr /tmp/
[[email protected] ssl]# openssl ca -in/tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt ///根據提示連續按兩個“y”
[[email protected] ssl]# cp/etc/pki/CA/certs/nginx.crt /etc/nginx/ssl/ ///把簽署好的證書發給請求者
修改nginx配置文件,添加支持ssl
[[email protected] ssl]# vim /etc/nginx/nginx.conf
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.php index.html index.htm;
}
}
客戶端測試
本文出自 “12657170” 博客,請務必保留此出處http://12667170.blog.51cto.com/12657170/1972297
nginx實驗---lnmp實現多個虛擬主機,部署wordpress和phpmyadmin,並為後一個主機提供https