CentOS 7, apm+xcache, rpm包, php module

实验需求：

1、CentOS 7,apm+xcache,rpm包,PHP module;
a) 一个虚拟主机提供PHPMyAdmin，另一个虚拟主机提供wordpress；
b) 为PHPMyAdmim提供https服务；
实验环境：

Linux服务器操作系统版本：CentOS Linux release 7.2.1511 (Core) IP：172.16.252.113
WIN7系统客户机：IP：172.16.250.100
实验前提：
1）关闭防火墙和SELinux
~]# service iptables stop
~]# setenforce 0
实验过程：

一、安装amp环境

1.yum包安装amp

~]# yum install httpd PHP PHP-MysqL mariadb

1)检查是否成功安装包
~]# rpm -qa httpd PHP PHP-MysqL MysqL-server

2)启动服务
~]# systemctl start httpd
~]# systemctl start mariadb

3)查看服务是否正常启动
~]# ss -nlt
~]# ps aux | grep httpd
~]# ps aux |grep myslq

4)设置开机自动启动
~]# systemctl enable httpd
~]# systemctl enable mariadb

5)检查是否设置成开机自启动
~]# systemctl is-enabled httpd
~]# systemctl is-enabled mariadb

2.一个虚拟主机提供PHPMyAdmin，另一个虚拟主机提供wordpress；

二、配置虚拟主机

1）vhosts www1

<VirtualHost *:80>
ServerName www1.magedu.com
DocumentRoot /data/vhosts/www1
ErrorLog logs/www1-error_log
CustomLog logs/www1-access_log combiend
<Directory "/data/vhosts/www1">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

2）vhosts www2

<VirtualHost *:80>
ServerName www2.magedu.com
DocumentRoot /data/vhosts/www2
ErrorLog logs/www2-error_log
CustomLog logs/www2-access_log combiend
<Directory "/data/vhosts/www2">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

二、部署wordpress环境：

1)创建站点目录
~]# mkdir /data/vhosts/www1

2)解压wordpress包
tools]# unzip wordpress-4.3.1-zh_CN.zip

3)拷贝到站点目录www1中
# cp wordpress /data/vhosts/www1

4)登录数据库
~]# MysqL -uroot -p

5)为bolg创建数据库名为：wordpress
MariaDB [(none)]> CREATE DATABASE wordpress;

6)查数据库是否创建成功
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| MysqL |
| performance_schema |
| wordpress |
+--------------------+
4 rows in set (0.00 sec)

7)授权用户
MariaDB [(none)]> GRANT ALL ON wordpress.* TO ly@'localhost' IDENTIFIED BY 'liyang';
Query OK,0 rows affected (0.03 sec)

MariaDB [(none)]> GRANT ALL ON wordpress.* TO ly@'127.0.0.1' IDENTIFIED BY 'liyang';
Query OK,0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL ON wordpress.* TO ly@'172.16.%.%' IDENTIFIED BY 'liyang';
Query OK,0 rows affected (0.00 sec)

8)改名wordpress 配置文件为wp-config.php
]# cp wp-config-sample.PHP wp-config.php

9)修改 wp-config.php 文件连接数据库
~]# sed -n '22,38p' /data/vhosts/www1/wordpress/wp-config.php
/** wordpress 数据库的名称 */
define('DB_NAME','wordpress');
/** MysqL 数据库用户名 */
define('DB_USER','ly');
/** MysqL 数据库密码 */
define('DB_PASSWORD','liyang');
/** MysqL主机 */
define('DB_HOST','172.16.252.113');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET','utf8');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE','');

三、测试
1)在服务器端添加域名解析
]# echo "172.16.252.113 www1.magedu.com" >> /etc/hosts

2)在PC中的hosts文件中添加
172.16.252.113 www1.magedu.com

3)httpd-->PHP是否可以访问
www1]# cat admin.PHP
<?PHP
PHPinfo();
?>
4)httpd-->PHP--mariadb是否可以访问

<?PHP
$conn = MysqL_connect('172.16.100.71','testuser','testpass');
if($conn)
echo "OK";
else
echo "Failure";

四、部署PHPMyAdmin环境：

1)创建站点目录
~]# mkdir /data/vhosts/www2

2)解压PHPMyAdmin包
tools]# unzip PHPMyAdmin-4.4.14.1-all-languages.zip

3)拷贝到站点目录www2中
~]# cp -r PHPMyAdmin-4.4.14.1-all-languages /data/vhosts/www1

4)配置PHPMyAdmin软件
www1]# ln -sv PHPMyAdmin-4.4.14.1-all-languages/ PHPMyAdmin
~]# cp config.sample.inc.PHP config.inc.PHP

5)生成随机数
~]# openssl rand -hex 8
640b56f72820ace8

6修改配置文件config.inc.PHP
]# vim config.inc.PHP
$cfg['blowfish_secret'] = '640b56f72820ace8'

7)在浏览器中测试，根据提示输入数据库名和密码（主机账号和密码是授权wordpress中用户）
在PC机浏览器中测试：http://www1.magedu.com/PHPMyAdmin-4.4.14.1-all-languages/ 通过80端口访问

8）访问提示：没有扩展，安装 PHP-mbstring 可以解决
~]# yum install PHP-mbstring

3.为PHPMyAdmim提供https服务

工作目录:/etc/pki/CA/

一、建立私有CA

1)生成私钥

[root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key,2048 bit long modulus
.....+++
...........+++
e is 65537 (0x10001)

2)生成自签证书
[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.',the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg,city) [Default City]:Beijing
Organization Name (eg,company) [Default Company Ltd]:liyang
Organizational Unit Name (eg,section) []:0ps
Common Name (eg,your name or your server's hostname) []:www2.magedu.com
Email Address []:admin@magedu.com

3)提供辅助文件

[root@localhost CA]# touch index.txt
[root@localhost CA]# echo 01 > serial
[root@localhost CA]# tree
.
├── cacert.pem
├── certs
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
├── private
│ └── cakey.pem
├── serial
└── serial.old

二、节点申请证书

1)生成私钥
~]# mkdir -pv /etc/httpd/ssl
ssl]# (umask 077; openssl genrsa -out httpd.key 1024)

2）生成证书签署请求：
ssl]# openssl req -new -key httpd.key -out httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg,your name or your server's hostname) []:www1.magedu.com
Email Address []:admin@magedu.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

ssl]# cp httpd.csr /tmp/

三、CA签发证书

1)签署证书
~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 16 07:41:43 2016 GMT
Not After : Jul 16 07:41:43 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = Beijing
organizationName = liyang
organizationalUnitName = 0ps
commonName = www2.magedu.com
emailAddress = admin@magedu.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
70:95:31:1F:E3:15:D0:EE:D1:8F:2E:DA:8C:64:95:F6:EA:80:8F:2D
X509v3 Authority Key Identifier:
keyid:79:B8:17:4E:7D:74:2D:CD:16:63:20:1D:D1:9F:AA:D1:5F:49:09:CA

Certificate is to be certified until Jul 16 07:41:43 2017 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified,commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

2)把签署好的证书发还给请求者。
~]# cp /etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/

注意：本次私建CA和节点申请证书在同一台机器完成。

四、配置httpd支持使用ssl，及使用的证书

1)yum安装mod_ssl模块
~]# httpd -M | grep ssl
~]# yum install mod_ssl -y
~]# rpm -ql mod_ssl

2)配置虚拟主机ssh.conf
~]# vim /etc/httpd/conf.d/ss.conf
<VirtualHost _default_:443>
DocumentRoot "/data/vhosts/www2"
ServerName www1.magedu.com:443
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
<Directory "/data/vhosts/www1">
SSLOptions +StdEnvVars
AllowOverride None
Require all granted
</Directory>

</VirtualHost>

五、测试结果：

1)在PC机浏览器中测试：https://www1.magedu.com/PHPMyAdmin-4.4.14.1-all-languages/ 通过443端口访问

4.压力测试：

一、正常测试

1)测试并发
~]# ab -c 10 -n 1000 www2.magedu.com/wordpress/index.PHP

Server Software: Apache/2.4.6
Server Hostname: www2.magedu.com
Server Port: 80

Document Path: /wordpress/index.PHP
Document Length: 0 bytes

Concurrency Level: 10
Time taken for tests: 79.144 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Non-2xx responses: 1000
Total transferred: 339000 bytes
HTML transferred: 0 bytes
Requests per second: 12.64 [#/sec] (mean)
Time per request: 791.438 [ms] (mean)
Time per request: 79.144 [ms] (mean,across all concurrent requests)
Transfer rate: 4.18 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 2
Processing: 240 770 736.3 669 6496
Waiting: 240 768 731.3 668 6429
Total: 240 770 736.4 669 6497

Percentage of the requests served within a certain time (ms)
50% 669
66% 718
75% 747
80% 765
90% 805
95% 878
98% 4807
99% 6494
100% 6497 (longest request)

二、为PHP安装xcache加速器测试数据：

1)yum 安装PHP-xcache~]# yum install PHP-xcache 2)测试并发~]# ab -c 10 -n 1000 www2.magedu.com/wordpress/index.PHPServer Software: Apache/2.4.6Server Hostname: www2.magedu.comServer Port: 80Document Path: /wordpress/index.PHPDocument Length: 0 bytesConcurrency Level: 10Time taken for tests: 69.750 secondsComplete requests: 1000Failed requests: 0Write errors: 0Non-2xx responses: 1000Total transferred: 339000 bytesHTML transferred: 0 bytesRequests per second: 14.34 [#/sec] (mean)Time per request: 697.503 [ms] (mean)Time per request: 69.750 [ms] (mean,across all concurrent requests)Transfer rate: 4.75 [Kbytes/sec] receivedConnection Times (ms) min mean[+/-sd] median maxConnect: 0 0 0.1 0 2Processing: 139 683 1093.9 631 25635Waiting: 139 682 1093.8 629 25635Total: 139 683 1093.9 631 25635Percentage of the requests served within a certain time (ms) 50% 631 66% 686 75% 713 80% 734 90% 785 95% 824 98% 907 99% 1450100% 25635 (longest request

CentOS 7, apm+xcache, rpm包, php module

相关文章