CentOS 7 下LAMP实现及基于https的虚拟化主机
<p><span><strong>系统环境:</strong></span></p>
<p>
centos 7<br>
apache 2.4<br>
php 5.4<br>
mariadb 5.5</p>
<p>
<span><strong>项目需求:</strong></span></p>
<p>
创建3个虚拟主机,分别架设phpmyadmin,wordpress,discuz</p>
<p>
其中phpmyadmin提供https服务.</p>
<p>
<span><strong>一、使用yum安装环境所需组件</strong></span></p>
<p>
httpd,php,php-mysql,mariadb-server</p>
<p>
# yum install httpd php php-mysql mariadb-server</p>
<p>
<span><strong>二、关闭selinux并配置防火墙</strong></span></p>
<p>
1.为了测试方便,先关闭selinux</p>
<p>
临时关闭:</p>
<p>
setenforce 0</p>
<p>
永久关闭:</p>
<p>
vim /etc/sysconfig/selinux<br>
selinux=disabled</p>
<p>
2.在centos 7自带防火墙中添加80,443,3306端口</p>
<p>
查看firewall运行状态</p>
<p>
# firewall-cmd --state</p>
<p>
添加端口</p>
<p>
# firewall-cmd --add-port=80/tcp --permanent<br>
# firewall-cmd --add-port=443/tcp --permanent<br>
# firewall-cmd --add-port=3306/tcp --permanent</p>
<p>
重载firewall配置</p>
<p>
# firewall-cmd --reload</p>
<p>
查看已有规则</p>
<p>
# iptables -l -n</p>
<p>
<span><strong>三、测试一下各软件是否正常</strong></span></p>
<p>
1.启动httpd并测试访问:</p>
<p>
# systemctl start httpd</p>
<p>
没什么意外的话,此时浏览器访问测试页应该是成功的.</p>
<p>
2.测试数据库</p>
<p>
启动mariadb</p>
<p>
# systemctl start mariadb</p>
<p>
能进入mariadb命令行即可</p>
<p>
# mysql</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/4d2f6afb7b67f67663acf4c35780c07f.jpg"></p>
<p>
3.查看php版本,我的版本是5.4.16</p>
<p>
# php -v</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/ef74d8752353fd3a97165e18cb778420.jpg"></p>
<p>
<span><strong>四、配置apache</strong></span></p>
<p>
1.新建所需文件夹</p>
<p>
在/web/vhosts下创建三个虚拟主机分别需要的文件夹 ,pma,wp,dz</p>
<p>
# mkdir -p /web/vhosts/{pma,wp,dz}</p>
<p>
2.赋予apache用户对整个/web目录的访问权:</p>
<p>
# chown -r apache:apache /web</p>
<p>
3.创建测试页面</p>
<p>
# vim /web/vhosts/pma/index.php</p>
<p>
内容为: </p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterphp" id="highlighter_351797">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="php plain"><?php</code>
</div>
<div class="line number2 index1 alt1">
<code class="php plain"> </code><code class="php functions">echo</code> <code class="php string">"this is pma"</code>
</div>
<div class="line number3 index2 alt2">
<code class="php plain"> ?></code>
</div>
<div class="line number4 index3 alt1">
<code class="php plain"> # vim /web/vhosts/wp/index.php</code>
</div>
<div class="line number5 index4 alt2">
<code class="php plain"> 内容为:</code>
</div>
<div class="line number6 index5 alt1">
<code class="php plain"> <?php</code>
</div>
<div class="line number7 index6 alt2">
<code class="php plain"> </code><code class="php functions">echo</code> <code class="php string">"this is wp"</code>
</div>
<div class="line number8 index7 alt1">
<code class="php plain"> ?></code>
</div>
<div class="line number9 index8 alt2">
<code class="php plain"> # vim /web/vhosts/dz/index.php</code>
</div>
<div class="line number10 index9 alt1">
<code class="php plain"> 内容为:</code>
</div>
<div class="line number11 index10 alt2">
<code class="php plain"> <?php</code>
</div>
<div class="line number12 index11 alt1">
<code class="php plain"> </code><code class="php functions">echo</code> <code class="php string">"this is dz"</code>
</div>
<div class="line number13 index12 alt2">
<code class="php plain"> ?></code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
4.取消欢迎页,否则会有干扰</p>
<p>
# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bak</p>
<p>
5.添加三个虚拟主机</p>
<p>
创建一个叫vhosts.conf配置文件</p>
<p>
# vim /etc/httpd/conf.d/vhosts.conf</p>
<p>
内容:</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_3494">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
<div class="line number17 index16 alt2">
17</div>
<div class="line number18 index17 alt1">
18</div>
<div class="line number19 index18 alt2">
19</div>
<div class="line number20 index19 alt1">
20</div>
<div class="line number21 index20 alt2">
21</div>
<div class="line number22 index21 alt1">
22</div>
<div class="line number23 index22 alt2">
23</div>
<div class="line number24 index23 alt1">
24</div>
<div class="line number25 index24 alt2">
25</div>
<div class="line number26 index25 alt1">
26</div>
<div class="line number27 index26 alt2">
27</div>
<div class="line number28 index27 alt1">
28</div>
<div class="line number29 index28 alt2">
29</div>
<div class="line number30 index29 alt1">
30</div>
<div class="line number31 index30 alt2">
31</div>
<div class="line number32 index31 alt1">
32</div>
<div class="line number33 index32 alt2">
33</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain"><virtualhost *:80></code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain"> documentroot </code><code class="bash plain">/web/vhosts/pma</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain"> servername pma.buybybuy.com</code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain"> errorlog logs</code><code class="bash plain">/pma</code><code class="bash plain">.err</code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain"> customlog logs</code><code class="bash plain">/pma</code><code class="bash plain">.access combined</code>
</div>
<div class="line number6 index5 alt1">
<code class="bash plain"> <</code><code class="bash plain">/virtualhost</code><code class="bash plain">></code>
</div>
<div class="line number7 index6 alt2">
<code class="bash plain"> <directory </code><code class="bash string">"/web/vhosts/pma"</code><code class="bash plain">></code>
</div>
<div class="line number8 index7 alt1">
<code class="bash plain"> options indexes followsymlinks</code>
</div>
<div class="line number9 index8 alt2">
<code class="bash plain"> allowoverride none</code>
</div>
<div class="line number10 index9 alt1">
<code class="bash plain"> require all granted</code>
</div>
<div class="line number11 index10 alt2">
<code class="bash plain"> <</code><code class="bash plain">/directory</code><code class="bash plain">></code>
</div>
<div class="line number12 index11 alt1">
<code class="bash plain"> <virtualhost *:80></code>
</div>
<div class="line number13 index12 alt2">
<code class="bash plain"> documentroot </code><code class="bash plain">/web/vhosts/wp</code>
</div>
<div class="line number14 index13 alt1">
<code class="bash plain"> servername wp.buybybuy.com</code>
</div>
<div class="line number15 index14 alt2">
<code class="bash plain"> errorlog logs</code><code class="bash plain">/wp</code><code class="bash plain">.err</code>
</div>
<div class="line number16 index15 alt1">
<code class="bash plain"> customlog logs</code><code class="bash plain">/wp</code><code class="bash plain">.access combined</code>
</div>
<div class="line number17 index16 alt2">
<code class="bash plain"> <</code><code class="bash plain">/virtualhost</code><code class="bash plain">></code>
</div>
<div class="line number18 index17 alt1">
<code class="bash plain"> <directory </code><code class="bash string">"/web/vhosts/wp"</code><code class="bash plain">></code>
</div>
<div class="line number19 index18 alt2">
<code class="bash plain"> options indexes followsymlinks</code>
</div>
<div class="line number20 index19 alt1">
<code class="bash plain"> allowoverride none</code>
</div>
<div class="line number21 index20 alt2">
<code class="bash plain"> require all granted</code>
</div>
<div class="line number22 index21 alt1">
<code class="bash plain"> <</code><code class="bash plain">/directory</code><code class="bash plain">></code>
</div>
<div class="line number23 index22 alt2">
<code class="bash plain"> <virtualhost *:80></code>
</div>
<div class="line number24 index23 alt1">
<code class="bash plain"> documentroot </code><code class="bash plain">/web/vhosts/dz</code>
</div>
<div class="line number25 index24 alt2">
<code class="bash plain"> servername dz.buybybuy.com</code>
</div>
<div class="line number26 index25 alt1">
<code class="bash plain"> errorlog logs</code><code class="bash plain">/dz</code><code class="bash plain">.err</code>
</div>
<div class="line number27 index26 alt2">
<code class="bash plain"> customlog logs</code><code class="bash plain">/dz</code><code class="bash plain">.access combined</code>
</div>
<div class="line number28 index27 alt1">
<code class="bash plain"> <</code><code class="bash plain">/virtualhost</code><code class="bash plain">></code>
</div>
<div class="line number29 index28 alt2">
<code class="bash plain"> <directory </code><code class="bash string">"/web/vhosts/dz"</code><code class="bash plain">></code>
</div>
<div class="line number30 index29 alt1">
<code class="bash plain"> options indexes followsymlinks</code>
</div>
<div class="line number31 index30 alt2">
<code class="bash plain"> allowoverride none</code>
</div>
<div class="line number32 index31 alt1">
<code class="bash plain"> require all granted</code>
</div>
<div class="line number33 index32 alt2">
<code class="bash plain"> <</code><code class="bash plain">/directory</code><code class="bash plain">></code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
6.重新载入httpd配置:</p>
<p>
# systemctl reload httpd</p>
<p>
7.测试一下三个虚拟主机:</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/c7471746a10ce4650e340b25cb744b47.jpg"></p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/3c2371c908827a7154ba3016f668d612.jpg"></p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/7c98c959b225a05b722e2076c1ffe862.jpg"></p>
<p>
测试成功!</p>
<p>
<span><strong>五、配置mariadb</strong></span></p>
<p>
1.刚安装完mariadb后先初始化安全设置</p>
<p>
运行安全初始化脚本</p>
<p>
# /usr/bin/mysql_secure_installation</p>
<p>
以下给出我自己的选项作为参考</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/01f91fadc9d814896c574357b94e4d16.jpg"></p>
<p>
1)是否设置root用户密码? (是)</p>
<p>
2)是否删除匿名用户? (是)</p>
<p>
3)禁止root用户远程登录吗? (否,但如果生产环境推荐禁止)</p>
<p>
4)要删除测试数据库吗? (否,如果将来有测试需求就保留)</p>
<p>
5)重载授权表吗? (是,刚刚的设置立即生效)</p>
<p>
2.附上root用户改密码命令</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_957886">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># mysql</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain"> </code><code class="bash functions">set</code> <code class="bash plain">password </code><code class="bash keyword">for</code> <code class="bash string">'root'</code><code class="bash plain">@</code><code class="bash string">'localhost'</code><code class="bash plain">=password(</code><code class="bash string">'123456'</code><code class="bash plain">);</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain"> </code><code class="bash functions">set</code> <code class="bash plain">password </code><code class="bash keyword">for</code> <code class="bash string">'root'</code><code class="bash plain">@</code><code class="bash string">'127.0.0.1'</code><code class="bash plain">=password(</code><code class="bash string">'123456'</code><code class="bash plain">);</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
<span><strong>六.安装程序包</strong></span></p>
<p>
1.安装phpmyadmin,discuz,wordpress</p>
<p>
下载安装包到家目录</p>
<p>
可以用wget或者使用ftp工具,我这里因为用了xshell连接服务器,所以直接使用了配套的xftp将控制机中的安装包直接扔进家目录.</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/d5f4d119b1360b25ee21ea80e9dbd2bb.jpg"></p>
<p>
2.确保已安装必要的压缩/解压缩工具</p>
<p>
我这里缺少bzip2,zip和unzip,所以</p>
<p>
# yum -y install bzip2 zip unzip</p>
<p>
分别解压缩 </p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_870212">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># unzip discuz_x3.2_sc_utf8.zip -d discuz_x3.2_sc_utf8</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain"> </code><code class="bash comments"># tar -xf wordpress-4.5.3-zh_cn.tar.gz</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain"> </code><code class="bash comments"># tar -xf phpmyadmin-4.4.15.8-all-languages.tar.bz2</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
3.分别复制到定义好的虚拟主机目录下,注意只复制需要的文档 </p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_970916">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># cp -a phpmyadmin-4.4.15.8-all-languages/* /web/vhosts/pma/</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain"> </code><code class="bash comments"># cp -a wordpress/* /web/vhosts/wp/</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain"> </code><code class="bash comments"># cp -a discuz_x3.2_sc_utf8/upload/* /web/vhosts/dz/</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
</div>
<p>
<span><strong>七、调试网站</strong></span></p>
<p>
1.配置phpmyadmin</p>
<p>
#cd /web/vhosts/pma</p>
<p>
找到默认配置文件并重命名为标准名称</p>
<p>
# cp config.sample.inc.php config.inc.php</p>
<p>
编辑配置文件<br>
大概17行找到</p>
<p>
$cfg['blowfish_secret'] = '';</p>
<p>
这里需要加入一个随机字串,可以在bash下用以下命令生成:<br>
# tr -d 'a-za-z0-9' < /dev/urandom | head -30 | md5sum</p>
<p>
比如生成的字串为</p>
<p>
e2d8e1132dc737b3dc1f05cd44c0cc9e</p>
<p>
将生成的字串加入到上面的参数的引号中.如图:</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/3b957810df0479301b35a0b2397588ea.jpg"></p>
<p>
保存退出.</p>
<p>
访问pma.buybybuy.com的时候发现程序报错:</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/2ef7369d2fe77b0b8398c65b63b76abf.jpg"></p>
<p>
意思是需要mbstring模块支持,mbstring是一个多语言包.</p>
<p>
所以要安装这个包</p>
<p>
# yum install php-mbstring</p>
<p>
重载httpd以便配置生效</p>
<p>
# systemctl reload httpd</p>
<p>
重新访问pma.buybybuy.com,页面成功打开</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/4e48a31b4f8a5df99e5cacc8e625d3c3.jpg"></p>
<p>
此时可以使用之前配置的mysql的root用户登陆.</p>
<p>
2.创建所需数据库</p>
<p>
为了安装wordpress和discuz,可以先使用phpmyadmin来为他们创建数据库.</p>
<p>
新增->填写数据库名称->选择排序编码->建立</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/a667b5a3c6e6143cba6dbaeab1028e14.jpg"></p>
<p>
另外我们希望每个网站可以使用单独的数据库用户进行访问,所以这里为每个数据库创建自己的用户并绑定到对应的数据库.</p>
<p>
回到首页->用户->添加用户</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/5b01ba1e26384afa15ec179090d37556.jpg"></p>
<p>
为了方便,我将数据库名与对应的用户名保持一致,可以按下图来创建</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/4c05fa2a51eb232b6288b36dd23d6b95.jpg"></p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/51a61e24734c7171a7227e33366a0801.jpg"></p>
<p>
因为已经提前创建数据库,所以红色下划线的命令会跳过创建数据库的步骤,后面蓝色下划线的命令会把用户绑定给这个数据库.</p>
<p>
3.配置wordpress</p>
<p>
进入wp目录<br>
# cd /web/vhosts/wp<br>
复制一个配置文件并重命名为配置文件的标准名称<br>
# cp wp-config-sample.php wp-config.php<br>
编辑配置文件<br>
# vim /web/vhosts/wp/wp-config.php</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/6393f45acfd6e0f24dac20fa8c6f3547.jpg"></p>
<p>
修改对应的值.</p>
<p>
访问wp.buybybuy.com和dz.buybybuy.com,会显示安装界面.分别使用之前设定的参数安装即可.</p>
<p>
<span><strong>八、给pma.buybybuy.com配置https</strong></span></p>
<p>
1.确保openssl已安装,因为要使用openssl生成自签名证书</p>
<p>
# httpd -m | grep ssl</p>
<p>
如果没有则安装</p>
<p>
# yum install mod_ssl openssl</p>
<p>
2.配置ca服务器</p>
<p>
我的方法是先配置一台ca服务器 (centos a),之后再让当前这台服务器(centos b)向centos a申请认证.</p>
<p>
3.配置ca服务器(centos a)</p>
<p>
3.1 初始化ca服务,创建所需要的文件</p>
<p>
# cd /etc/pki/ca/<br>
# touch index.txt //创建索引文件<br>
# echo 01 > serial //创建序列号文件</p>
<p>
<br>
3.2 ca自签证书</p>
<p>
生成私钥</p>
<p>
# (umask 077; openssl genrsa -out /etc/pki/ca/private/cakey.pem 2048)</p>
<p>
使用私钥生成签名证书</p>
<p>
# openssl req -new -x509 -key /etc/pki/ca/private/cakey.pem -days 7300 -out /etc/pki/ca/cacert.pem</p>
<p>
4.申请证书(centos b):</p>
<p>
4.1 创建一个存放证书的目录<br>
# mkdir /etc/httpd/ssl<br>
# cd /etc/httpd/ssl</p>
<p>
4.2 生成秘钥</p>
<p>
# (umask 007;openssl genrsa -out httpd.key 1024)</p>
<p>
4.3 生成请求文件</p>
<p>
# openssl req -new -key httpd.key -out httpd.csr</p>
<p>
4.4 填表,按照自己情况写</p>
<p>
country name (2 letter code) :cn<br>
state or province name (full name) []:beijing<br>
locality name (eg, city) :beijing<br>
organization name (eg, company) :quintin ltd<br>
organizational unit name (eg, section) []:ops<br>
common name (eg, your name or your server's hostname) []:pma.buybybuy.com<br>
email address []:admin@buybybuy.com</p>
<p>
4.5 把生成的文件发送到ca服务器 centos a,这里我使用scp命令:</p>
<p>
# scp httpd.csr root@192.168.3.67:/tmp/</p>
<p>
4.6 按照提示操作成功之后,httpd.csr 应该已经在centos a的/tmp/目录中.</p>
<p>
5.签署证书(centos a):</p>
<p>
5.1 签署,有效期十年<br>
# openssl ca -in /tmp/httpd.csr -out /etc/pki/ca/certs/pma.buybybuy.com.crt -days 3650<br>
5.2 将生成的crt传回centos b<br>
# scp /etc/pki/ca/certs/pma.buybybuy.com.crt root@192.168.3.77:/etc/httpd/ssl/<br>
5.3 按照提示操作成功之后,pma.buybybuy.com.crt 应该已经在centos b的/etc/httpd/ssl/目录中.</p>
<p>
6.配置ssl(centos b):</p>
<p>
6.1 事先备份</p>
<p>
# cd /etc/httpd/conf.d/<br>
# cp ssl.conf{,.bak}</p>
<p>
6.2 编辑ssl.conf</p>
<p>
# vim ssl.conf</p>
<p>
以下为修改项</p>
<p>
<virtualhost _default_:443><br>
=><br>
<virtualhost *:443></p>
<p>
基本设置</p>
<p>
documentroot "/web/vhosts/pma"<br>
servername pma.buybybuy.com:443</p>
<p>
证书位置</p>
<p>
sslcertificatefile /etc/pki/tls/certs/localhost.crt<br>
=><br>
sslcertificatefile /etc/httpd/ssl/pma.buybybuy.com.crt</p>
<p>
私钥位置</p>
<p>
sslcertificatekeyfile /etc/pki/tls/private/localhost.key<br>
=><br>
sslcertificatekeyfile /etc/httpd/ssl/httpd.key</p>
<p>
保存退出.</p>
<p>
6.3 检查配置文件语法错误:</p>
<p>
# httpd -t</p>
<p>
6.4 重启httpd:</p>
<p>
# systemctl restart httpd</p>
<p>
6.5 查看443端口是否已开启:</p>
<p>
# ss -tnl</p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/f7e173079e8ea00083c212a1de245562.jpg"></p>
<p>
6.6 去浏览器访问格式:</p>
<p>
https://pma.buybybuy.com</p>
<p>
看见https字样就对了.但会提示无效,添加信任即可. </p>
<p>
<img style="max-width:100%!important;height:auto!important;"title="CentOS 7 下LAMP实现及基于https的虚拟化主机" alt="CentOS 7 下LAMP实现及基于https的虚拟化主机" src="https://zhuji.jb51.net/uploads/img/202305/39753c99726d3c78019ef839b225d26d.jpg"></p>
<p>
以上所述是小编给大家介绍的CentOS 7 下LAMP实现及基于https的虚拟化主机,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对服务器之家网站的支持!</p>
頁:
[1]