LNMP平台环境部署及应用

目的：
(1)部署lnmp实现多个虚拟主机
(2)基于LNMP平台部署wordpress和phpmyadmin
(3)为其中一个主机提供https

环境：
192.168.1.104-------->nginx

192.168.1.110-------->php-fpm
192.168.1.113-------->mariadb

一、部署LNMP环境
nginx安装配置（192.168.1.104）
1、安装开发包组及依赖包

[root@bogon nginx-1.10.0]# yum -y groupinstall Server Platform Development Development Tools
[root@bogon nginx-1.10.0]# yum -y install pcre-devel openssl-devel zlib-devel

2、编译安装Nginx

[root@bogon ~]# tar xf nginx-1.10.0.tar.gz
[root@bogon ~]# cd nginx-1.10.0/
[root@bogon nginx-1.10.0]# ./configure
--prefix=/usr/local/nginx
--sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--user=nginx
--group=nginx
--with-http_ssl_module
--with-http_v2_module
--with-http_dav_module
--with-http_stub_status_module
--with-stream_ssl_module
--with-threads
--with-file-aio
--with-http_realip_module
--with-http_addition_module
--with-http_sub_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_auth_request_module
--with-stream --with-http_slice_module
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp

[root@bogon nginx-1.10.0]# make -j 4 && make install

3、启动服务查看是否正常，此处需要注意用户是Nginx如果没人需要创建，否则服务无法启动。

[root@bogon nginx-1.10.0]# useradd -r nginx ##创建nginx服务用户
[root@bogon nginx-1.10.0]# mkdir -p /var/cache/nginx/client_temp##启动提示无此路径，创建即可
[root@bogon nginx-1.10.0]# nginx ##启动服务

4、配置Nginx基于域名的虚拟主机

server {
listen       80;
server_name  www.magedu.com;

location / {
root   /web/host1;
index  index.php index.html index.htm;
}

location ~ \.php$ {
root           /web/host1;
fastcgi_pass   192.168.1.110:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  /web/host1/$fastcgi_script_name;
include        fastcgi_params;
}
}

server {
listen       80;
server_name  www.maweijun.com;

location / {
root   /web/host2;
index  index.php index.html index.htm;
}

location ~ \.php$ {
root           /web/host2;
fastcgi_pass   192.168.1.110:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  /web/host2/$fastcgi_script_name;
include        fastcgi_params;
}
}

5、建立首页及其路径

[root@bogon ~]# mkdir -p /web/host1
[root@bogon ~]# mkdir -p /web/host2

[root@bogon ~]# echo "host1" >/web/host1/index.html
[root@bogon ~]# echo "host2" >/web/host2/index.html

6、检查配置文件是否正确，然后重新加载文件，测试即可

[root@bogon ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@bogon ~]# nginx -s reload

部署php-fpm服务（192.168.1.110）
1、安装php-fpm程序

[root@pxe130 ~]# yum -y install php-fpm
[root@pxe130 ~]# yum -y install php-mysql
[root@pxe130 host2]# yum -y install php-mbstring

2、编辑主机配置文件，修改相关配置选项

[root@pxe130 ~]# vim /etc/php-fpm.d/
listen = 192.168.1.110:9000   ###监听php-fpm能够与外部通信的地址
listen.allowed_clients = 192.168.1.104  ####允许的客户端主机，此处指httpd主机

3、启动服务

[root@pxe130 ~]# systemctl start php-fpm.service

4、建立与httpd服务主机上相同的网页路径，测试php和httpd连接是否正常。

[root@bogon ~]# mkdir -p /web/host1
[root@bogon ~]# mkdir -p /web/host2
[root@pxe130 ~]# vim /web/host1/index.php

host1
<?php
$conn = mysql_connect('192.168.1.113','test','test');
if ($conn)
echo "mysql is ok";
else
echo "mysql is bad";
phpinfo();
?>

[root@pxe130 ~]# vim /web/host1/index.php

host 2
<?php
$conn = mysql_connect('192.168.1.113','test','test');
if ($conn)
echo "mysql is ok";
else
echo "mysql is bad";
phpinfo();
?>

部署mariadb服务(192.168.1.113)
1、安装程序

[root@pxe132 ~]# yum -y install mariadb-server
[root@pxe132 ~]# systemctl start mariadb

2、授权用户，测试mariadb和php是否连接正常。

MariaDB [(none)]> grant all on test.* to 'test'@'192.168.%.%' identified by 'test'；

MariaDB [(none)]> create database wpdb;####用于WordPress使用
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on wpdb.* to 'wpuser'@'192.168.%.%' identified by 'wppass';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> create database phpmyadmin;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on phpmyadmin.* to 'phpuser'@'192.168.%.%' identified by 'phppass';
Query OK, 0 rows affected (0.00 sec)

3、测试







ok此时我们的LNMP环境就部署完成了。

二、基于LNMP平台部署WordPress和phpmyadmin应用

1、部署WordPress

[root@pxe130 ~]# unzip wordpress-4.3.1-zh_CN.zip
[root@pxe130 ~]# mv wordpress /web/host1/
[root@pxe130 ~]# cd /web/host1/WordPress
[root@pxe130 wordpress]# cp wp-config-sample.php wp-config.php
[root@pxe130 wordpress]# vim wp-config.php

/** WordPress数据库的名称 */
define('DB_NAME', 'wpdb');

/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');

/** MySQL数据库密码 */
define('DB_PASSWORD', 'wppass');

/** MySQL主机 */
define('DB_HOST', '192.168.1.113');

/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');

[root@pxe130 host1]# scp -r wordpress/ root@192.168.1.104:/web/host1/   ###复制一份给httpd

2、部署phpmyadmin

[root@pxe130 ~]# unzip phpMyAdmin-4.4.14.1-all-languages
[root@pxe130 ~]# mv phpMyAdmin-4.4.14.1-all-languages /web/host2/phpmyadmin
[root@pxe130 libraries]# cd phpmyadmin/libraries/
[root@pxe130 libraries]# vim config.default.php

$cfg['blowfish_secret'] = 'Tfg6ORIzhZu/uA';
$cfg['Servers'][$i]['host'] = '192.168.1.113';
$cfg['Servers'][$i]['user'] = 'phpuser';
$cfg['Servers'][$i]['password'] = 'phppass';

[root@pxe130 host2]# scp -r phpmyadmin/ root@192.168.1.104:/web/host2/

部署过程中phpmyadmin访问出现了session没有缓存，，此时只需要在/etc/php.ini中修改缓存路径，然后修改下权限就可了

session.save_path = "/var/lib/php/session"

[root@pxe130 ~]# ll -d /var/lib/php/session/
drwxrwxrwx 2 root nginx 50 Jul 18 22:40 /var/lib/php/session/

三、为其中一个站点设置为https方式访问
(1)建立CA

[root@pxe130 CA]# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)

[root@pxe130 CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out
/etc/pki/CA/cacert.pem -days 3655

[root@pxe130 CA]# touch {serial,index.txt}
[root@pxe130 CA]# echo 01> serial

(2)httpd服务生成密钥及生成请求证书

[root@bogon ~]# mkdir /etc/nginx/ssl
[root@bogon ~]# cd /etc/nginx/ssl/
[root@bogon ssl]# (umask 077;openssl genrsa -out /etc/nginx/ssl/nginx.key 2048)

[root@bogon ssl]# openssl req -new -key /etc/nginx/ssl/nginx.key -out
/etc/nginx/ssl/nginx.csr -days 365

scp nginx.csr root@192.168.1.110:/

(3)CA上签署http证书申请：

[root@pxe130 CA]# openssl ca -in /nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 365

[root@pxe130 certs]# scp nginx.crt root@192.168.1.104:/etc/nginx/ssl

(4)编辑httpd配置文件：

server {
listen       80;
listen       443 ssl;   ###指定使用ssl，且监听443端口
ssl_certificate  /etc/nginx/ssl/nginx.crt; ###指定公钥路径
ssl_certificate_key  /etc/nginx/ssl/nginx.key; ###指定私钥路径
server_name  www.maweijun.com;

location / {
root   /web/host2;
index  index.php index.html index.htm;
}

location ~ \.php$ {
root           /web/host2;
fastcgi_pass   192.168.1.110:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  /web/host2/$fastcgi_script_name;
include        fastcgi_params;
}
}

(5)测试