nginx实验
1.lnmp实现多个虚拟主机,部署wordpress和phpmyadmin,并为后一个主机提供https。2.配置rewrite,即使用户使用http协议访问phpmyadmin的站点,最终也会使用https重新请求资源。
-------------------------------------------------------------------------------------------
一、安装nginx
方法一:编译安装
1.下载nginx程序包,传导至CentOS主机中,并解压。
2.进入解压目录
3.~]# ./configure --prefix=/usr/local/nginx--sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/error.log--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid--lock-path=/var/lock/subsys/nginx.lock --user=nginx --group=nginx--with-http_ssl_module --with-http_v2_module --with-http_dav_module--with-threads --with-file-aio --with-http_stub_status_module
4. make -j 4 && make install
注意:1.启动服务需要事先创建nginx用户和nginx组;
2.若编译错误提示缺少编译软件可以 yum -y install gcc gcc-c++autoconf automake make
方法二:EPEL源的安装包
# cd /etc/yum.repos.d/
# vim nginx.repo
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
# yum install -y nginx
二、创建虚拟机
# mkdir -pv/var/www/vhost{1,2}
# echo"www1.zrs.com" >> /var/www/vhost1/index.html
# echo"www2.zrs.com" >> /var/www/vhost2/index.html
# vim /etc/nginx/nginx.conf
server {
listen 80;
server_namewww1.zrs.com;
location / {
root /var/www/vhost1;
index index.php index.html index.htm;
}
}
server {
listen 80;
server_namewww2.zrs.com;
location / {
root /var/www/vhost2;
index index.php index.html index.htm;
}
}
#nginx -t ///检查语法没问题
# nginx -s> 客户端测试
三、安装php和mariadb,测试连接
# yum install -y php-fpm mariadb-server mariadb
配置nginx支持php解析
# vim /etc/nginx/nginx.conf
server {
listen 80;
server_namewww1.zrs.com;
location / {
root /var/www/vhost1;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /var/www/vhost1;
fastcgi_pass 127.0.0.1:9000;
fastcgi_indexindex.php;
fastcgi_param SCRIPT_FILENAME /var/www/vhost1/$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
server_namewww2.zrs.com;
location / {
root /var/www/vhost2;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /var/www/vhost2;
fastcgi_pass 127.0.0.1:9000;
fastcgi_indexindex.php;
fastcgi_param SCRIPT_FILENAME /var/www/vhost2/$fastcgi_script_name;
include fastcgi_params;
}
}
# nginx -t ///检查语法没问题
# nginx -s> 修改两个主页index.html为index.php
并添加测试段内容:
客户端测试
创建数据库,授权用户,并刷新
MariaDB [(none)]> create database wpsdb;
MariaDB [(none)]> grant all on wpsdb.*TO 'wpuser'@'172.16.%.%'IDENTIFIED BY'123456';
MariaDB [(none)]> create database pma;
MariaDB [(none)]> grant all on pma.* TO'pmauser'@'172.16.%.%'IDENTIFIED BY'123456';
MariaDB [(none)]> FLUSH PRIVILEGES;
测试php和数据库能否正常连接
# vim/var/www/vhost1/index.php
vhost2也同样设置成这样,相关数据库内容要改为pma的。
客户端测试
四、部署wordpress和phpmyadmin
下载这两个应用并导入虚拟机中,分别解压
# unzipwordpress-3.9-zh_CN.zip
# tar -zxvfphpMyAdmin-4.0.10.20.tar.gz
1.部署wordpress
# mv wordpress/var/www/vhost1/
# cd /var/www/vhost1/wordpress/
# mvwp-config-sample.php wp-config.php
# vim wp-config.php ///修改配置文件
/** WordPress数据库的名称*/
define('DB_NAME', 'wpsdb');
/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');
/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');
/** MySQL主机 */
define('DB_HOST', '172.16.1.6');
客户端测试
2. 部署phpmyadmin
# mkdir/var/www/vhost2/phpmyadmin
# mv phpMyAdmin-4.0.10.20-all-languages/*/var/www/vhost2/phpmyadmin/
# cd /var/www/vhost2/phpmyadmin/
# mvconfig.sample.inc.php config.inc.php
# vim config.inc.php ///修改这个文件中的下面一行配置为主机地址
$cfg['Servers'][$i]['host'] = '172.16.1.6';
客户端测试
五、为phpmyadmin提供https
在主机上安装mod_ssl模块
# yum -y install mod_ssl
切换到CA目录下,生成密钥和自签证书
# cd /etc/pki/CA
# (umask 077; openssl genrsa-out private/cakey.pem 2048)
Generating RSA private key, 2048 bit longmodulus
.......+++
...................................+++
e is 65537 (0x10001)
# openssl req -new -x509 -keyprivate/cakey.pem -out cacert.pem
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will be leftblank.
-----
Country Name (2 letter code) :CN
State or Province Name (full name) []:Hebei
Locality Name (eg, city) :QinHuangdao
Organization Name (eg, company) :Link
Organizational Unit Name (eg, section)[]:ops
Common Name (eg, your name or your server'shostname) []:ca.link.com
Email Address []:admin@link.com
提供辅助文件
# touch index.txt
# echo 01 > serial
生成私钥并且生成证书签署请求
# mkdir -pv /etc/nginx/ssl
# cd /etc/nginx/ssl
# (umask 077; openssl genrsa-out nginx.key 1024) ///生成私钥
Generating RSA private key, 1024 bit longmodulus
....++++++
...............................++++++
e is 65537 (0x10001)
# openssl req -new -keynginx.key -out nginx.csr ///生成证书请求
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will be leftblank.
-----
Country Name (2 letter code) :CN
State or Province Name (full name)[]:Hebei
Locality Name (eg, city) :QinHuangdao
Organization Name (eg, company) :Link
Organizational Unit Name (eg, section)[]:ops
Common Name (eg, your name or your server'shostname) []:ca.link.com
Email Address []:admin@link.com
Please enter the following 'extra'attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
签发证书
# cp nginx.csr /tmp/
# openssl ca -in/tmp/nginx.csr -out /etc/pki/CA/certs/nginx.crt ///根据提示连续按两个“y”
# cp/etc/pki/CA/certs/nginx.crt /etc/nginx/ssl////把签署好的证书发给请求者
修改nginx配置文件,添加支持ssl
# vim /etc/nginx/nginx.conf
server {
listen 443 ssl;
server_namewww2.zrs.com;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout5m;
ssl_ciphersHIGH:!aNULL:!MD5;
ssl_prefer_server_cipherson;
location / {
root html;
index index.php index.html index.htm;
}
}
客户端测试
六、配置rewrite,即使用户使用http协议访问phpmyadmin的站点,最终也会使用https重新请求资源
当用户访问www2.zrs.com的时候自动跳转到https://www2.zrs.com,直接用rewrite功能即可
在www2.zrs.com主机的配置文件中添加rewrite即可
客户端测试
页:
[1]