Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2

$
0
0
概述:

承接上篇,本篇为介绍下利用rpm包,实现LAMP组合,其中httpd和php的结合方式为fastcgi,也就是php运行为独立的服务,监听的某个套接字上,接受请求,提供服务

环境

可以将httpd、php、mysql都装在一个主机上,也可以单独安装,本例中使用将三者分开,具体环境为:

准备安装httpd服务的系统为CentOS7系统,IP为10.1.32.72

准备安装php的系统为CentOS7系统,IP为10.1.32.73

准备安装mysql的系统为CentOS6系统,IP为10.1.32.68

第一部分在10.1.32.72上安装httpd 1、安装httpd
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
2、对httpd进行简单配置,启动服务,看服务是否正常
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
第二部分在10.1.32.73上安装php-fpm、php-mysql

php与httpd结合方式为fastcgi方式时,要安装的软件包不是php而是php-fpm

安装php连接mysql的php的扩展模块php-mysql

1、安装php-fpm、php-mysql
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
2、对php-fpm进行简单配置,让其能与前端httpd连接
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2

3、确保httpd的proxy模块被装载,修改httpd的配置文件,让httpd接收到的php请求,都代理至php-fpm的主机上进行处理

本处,我们将原有的httpd原有的中心主机注销,利用新建虚拟主机来实现


LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
4、在php-fpm服务器上,提供php测试页面,进行访问测试

因为前端httpd服务接收到用户对php页面的请求时,是直接将请求转交给php来处理,所以,php的页面资源应该存放在php自身的服务器上


LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2

测试访问


LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
5、查看php-fpm的状态页面和ping测试页面

编译httpd的配置文件,让httpd将对php的status页面的请求和ping测试页面的请求都反代到php-fpm的服务器上


LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2

在php-fpm主机上编辑php-fpm的配置文件,启用php-fpm的status页面和ping页面,修改完配置文件,重启php-fpm服务


LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2

测试访问


LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
第三部分在10.1.32.68上安装mysql-server 1、安装mysql服务
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
2、配置mysql,启动服务,授权一个账号,供php连接使用
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
3、在php-fpm上提供页面,查看数据库连接是否正常
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
LAMP基于RPM包实现(httpd与php以fastcgi方式结合) 2
第四部分https的实现 1、在任意一个服务上建立私有CA(本例在mysql所在的节点上构建私有CA) ##################生成私钥文件##################
[root@mysql ~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
...............+++
...........................+++
e is 65537 (0x10001)
[root@mysql ~]# ##################确保CA工作的目录存在certs、newcerts、crl##################
[root@mysql ~]# ls /etc/pki/CA/
certs crl newcerts private
[root@mysql ~]# ##################创建CA工作需要的证书序列号文件和证书数据库索引文件##################
[root@mysql ~]# touch /etc/pki/CA/{serial,index.txt}
[root@mysql ~]# ##################提供证书初始编号##################
[root@mysql ~]# echo 01 > /etc/pki/CA/serial
[root@mysql ~]# ##################生成CA自签证书##################
[root@mysql ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----- ##################填入相关信息##################
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:BeiJing
Organization Name (eg, company) [Default Company Ltd]:nwccompany
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:ca.nwc.com
Email Address []:caadmin@nwc.com
[root@mysql ~]# 2、在httpd服务器上生成证书签署请求,发送给私有CA所在服务器 [root@httpd ~]# mkdir /etc/httpd/ssl ######生成证书相关文件存放目录#######
[root@httpd ~]# ######生成私钥文件#######
[root@httpd ~]# (umask 077;openssl genrsa -out /etc/httpd/ssl/httpd.key 1024)
Generating RSA private key, 1024 bit long modulus
......................++++++
.............++++++
e is 65537 (0x10001)
[root@httpd ~]#
[root@httpd ~]#
[root@httpd ~]# ######生成证书签署请求#######
[root@httpd ~]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----- ######填入相关信息,注意hostname要与用户访问时的域名一致#######
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:BeiJing
Organization Name (eg, company) [Default Company Ltd]:nwccompany
Organizational Unit Name (eg, section) []:ops
Common Name (eg, your name or your server's hostname) []:www.a.com
Email Address []:wwwadmin@a.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@httpd ~]# ######拷贝证书签署请求到私有CA服务器#######
[root@httpd ~]# scp /etc/httpd/ssl/httpd.csr 10.1.32.68:/tmp
root@10.1.32.68's password:
httpd.csr 100% 696 0.7KB/s 00:00
[root@httpd ~]# 3、在私有CA服务器上进行证书的签署,并将签署后的证书发送给httpd服务器 [root@mysql ~]# ls /tmp
httpd.csr yum.log
[root@mysql ~]# ####### 签署证书 ########
[root@mysql ~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 13 09:46:29 2016 GMT
Not After : Jul 13 09:46:29 2017 GMT
Subject:
countryName = CN
stateOrProvinceName = BeiJing
organizationName = nwccompany
organizationalUnitName = ops
commonName = www.a.com
emailAddress = wwwadmin@a.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FA

Viewing all articles
Browse latest Browse all 12749

Trending Articles