LNAMP 实现nginx代理（Apache·+php+MySQL）

前言：

LNAMP(Linux+Nginx+Apache+Mysql+PHP)架构 受到很多IT企业的青睐,取代了原来认为很好的LNMP(Linux+Nginx+Mysql+PHP)架构。

LNAMP具有很高的处理能力，它的有点源于nginx和Apache

1）Nginx处理静态文件能力很强

2）Apache处理动态文件很强而且很稳定,把二者综合在一块,性能提升很多倍。

本章我们用LNAMP实现

http 提供wordpress：

环境：centos7.3

这里我就用了两台机器:一台 （A）nginx实现代理，一台（B）Apache+php+mysql

A.ip :192.168.23.148 B.ip :192.168.23.149

第一步：

1.下载所需的软件，这里我们用的是yum安装的，当然你也可以编译安装：

A yum install nginx -y

B yum install httpd mariadb php php-mysql mariadb-server

首先在Apache上部署html和php测试页：/var/www/html

html：



php



2.下载所需的wordpress版本，并解压在/var/www/html下

[root@cento7 /]# tar xvf wordpress-4.8-zh_CN.tar.gz -C /var/www/html/
[root@cento7 html]# ls
index.html  index.php  wordpress

3.配置文件 cd /wordpress

[root@cento7 html]# cd wordpress/
[root@cento7 wordpress]# ls
index.php    wp-activate.php     wp-comments-post.php  wp-content   wp-links-opml.php  wp-mail.php      wp-trackback.php
license.txt  wp-admin            wp-config.php         wp-cron.php  wp-load.php        wp-settings.php  xmlrpc.php
readme.html  wp-blog-header.php  wp-config-sample.php  wp-includes  wp-login.php       wp-signup.php

我们只需要一个简单的例子因次

[root@cento7 wordpress]# cp wp-config-sample.php wp-config.php
[root@cento7 wordpress]# vim wp-config.php

<?php
/**
* WordPress基础配置文件。
*
* 这个文件被安装程序用于自动生成wp-config.php配置文件，
* 您可以不使用网站，您需要手动复制这个文件，
* 并重命名为“wp-config.php”，然后填入相关信息。
*
* 本文件包含以下配置选项：
*
* * MySQL设置
* * 密钥
* * 数据库表名前缀
* * ABSPATH
*
* @link https://codex.wordpress.org/zh-cn:%E7%BC%96%E8%BE%91_wp-config.php *
* @package WordPress
*/

// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'blog');

/** MySQL数据库用户名 */
define('DB_USER', 'gdcom');

/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');

/** MySQL主机 */
define('DB_HOST', 'localhost');

/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');

<?php
/**
* WordPress基础配置文件。
*
* 这个文件被安装程序用于自动生成wp-config.php配置文件，
* 您可以不使用网站，您需要手动复制这个文件，
* 并重命名为“wp-config.php”，然后填入相关信息。
*
* 本文件包含以下配置选项：
*
* * MySQL设置
* * 密钥
* * 数据库表名前缀
* * ABSPATH
*
* @link https://codex.wordpress.org/zh-cn:%E7%BC%96%E8%BE%91_wp-config.php *
* @package WordPress
*/

4.授权所配置的用户：这里简单实验没有加密：如果需要加密则

[root@cento7 ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):

[root@cento7 html]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database blog;
MariaDB [(none)]> use blog
Database changed
MariaDB [blog]>
MariaDB [(none)]> grant all on blog.* to gdcom@localhost identified by '123456';
Query OK, 0 rows affected (0.00 sec)

启动所有服务：

5.测试wordpress能否正常打开

第二步

实现nginx反向代理：

1.配置nginx的虚拟主机文件，我们可以在nginx.conf中定义也可以在conf.d中定义：

这里我们在conf.d中定义我们的虚拟主机：

[root@centos7 conf.d]# vim vhost1.conf

#}

#}

upstream bbs {
ip_hash;
server 192.168.23.149 weight=1 max_fails=3;
}

server {
listen 80;
server_name 192.168.23.148;
index index.html index.php index.jsp;
server_tokens   off;
access_log  /var/log/nginx/www.access.log main;
location / {
proxy_pass http://bbs; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_500 http_502 http_503 error timeout invalid_header;
proxy_buffering on;
proxy_redirect off;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 1024m;

启动服务：

2.测试192.168.23.148（nginx是否能代理） 打开wordpress

用LNAMP实现：https 提供pma：wordpress

上面都已经实现http下面用https来实现，现在只需要配置nginx代理服务器即可：

实现https加密

1.创建私有CA
[root@centos7 CA]# (umask 077;openssl genrsa -out private/cakey.pem 4096) //创建私鈅
Generating RSA private key, 4096 bit long modulus
......................................................................................................................................++
....................++
e is 65537 (0x10001)
[root@centos7 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365 //生成公鈅自己填写相关信息
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:zz
Organization Name (eg, company) [Default Company Ltd]:magedu
Organizational Unit Name (eg, section) []:gd
Common Name (eg, your name or your server's hostname) []:zsh
Email Address []:gd.com
[root@centos7 CA]#touch index.txt //生成索引文件
[root@centos7 CA]#echo 01 > serial  //生成证书序列文件
[root@centos7 nginx]# mkdir ssl // 创建ssl文件夹存放nginx的公私鈅
[root@centos7 ssl]# (umask 077;openssl genrsa -out nginx.key 2048) //nginx 的私鈅
Generating RSA private key, 2048 bit long modulus
......+++
.+++
e is 65537 (0x10001)
[root@centos7 ssl]# openssl req -new -key nginx.key -out nginx.csr // nginx 的公鈅 注意：默认国家，省，公司名称三项必须和CA一致
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:henan
Locality Name (eg, city) [Default City]:zz
Organization Name (eg, company) [Default Company Ltd]:magedu
Organizational Unit Name (eg, section) []:gd
Common Name (eg, your name or your server's hostname) []:zsh
Email Address []:gd.com
[root@centos7 ssl]#  openssl ca -in nginx.csr -out nginx.crt -days 365  向CA申请证书
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Sep  9 14:38:23 2017 GMT
Not After : Sep  9 14:38:23 2018 GMT
Subject:
countryName               = CN
stateOrProvinceName       = henan
organizationName          = magedu
organizationalUnitName    = gd
commonName                = zsh
emailAddress              = gd.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
C7:75:30:14:44:9E:24:BA:31:01:E3:86:67:6A:39:DE:94:8C:7C:F4
X509v3 Authority Key Identifier:
keyid:CE:DF:7B:77:8E:AA:F3:D6:20:E3:30:A3:15:AA:9C:6F:19:4D:7B:44

Certificate is to be certified until Sep  9 14:38:23 2018 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

配置nginx的虚拟主机

[root@centos7 conf.d]# vim vhost1.conf

upstream bbs {
ip_hash;
server 192.168.23.149 weight=1 max_fails=3;
}

server {
listen 80;
listen 443 ssl;   监听443端口
server_name 192.168.23.148;
index index.html index.php index.jsp;
ssl on;
server_tokens   off;
ssl_certificate /etc/nginx/ssl/nginx.crt; 证书存放的路径
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:sslcache:20m;

测试是否能进行加密访问：

看到这个情况证明已经可以了只需要安装证书就可以了