要求
一台DNS虚拟机,作www.blog.com到两台WEB服务器的名字解析
两台WEB服务器,httpd+php-fpm+php-mysql
一台MySQLl数据库服务器
一台NFS服务器,安装workexpress,在/data/blog,此服务器提供NFS服务器,两台WEB服务器用此NFS目录作为
五台服务器IP:
DNS:172.20.42.200
NFS:172.20.42.201
WEB1:172.20.42.203
WEB2:172.20.42.204
MySQL:172.20.42.205
部署过程
NFS服务器安装配置
把wordpress-4.9.4-zh_CN.tar.gz上传NFS服务器,解压至/data目录
tar xvf wordpress-4.9.4-zh_CN.tar.gz -C /data
cp wp-config-sample.php wp-config.php
vim wp-config.php(配置数据库的连接)
vim /etc/exports
/data/wordexpress 172.20.0.0/16(rw)
systemctl start nfs-server
exportfs -v
WEB服务器安装
yum install httpd php-fpm php-mysql -y
mount 172.20.42.201:/data/wordpress /var/www/html/
vim /etc/fstab
172.20.42.201:/data/wordpress /var/www/html/ nfs defaults 0 0
vim /etc/httpd/conf.d/
DirectoryIndex index.php
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1
systemctl start httpd php-fpm
MySQL安装和配置
yum install mariadb-server
systemctl start mariadb
MariaDB [(none)]> create database wpdb;
MariaDB [(none)]> grant all on wpdb.* to wpuser@'172.20.42.203' identified by 'centos';
MariaDB [(none)]> grant all on wpdb.* to wpuser@'172.20.42.204' identified by 'centos'; (创建web1和web2的连接请求)
MariaDB [(none)]> flush privileges;
DNS服务器
yum install bind -y
vim /etc/named.rfc1912.zones
zone "blog.com" IN {
type master;
file "blog.com.zone";
};
vim /var/named/blog.com.zone
$TTL 1D
@ IN SOA master.blog.com admin.blog.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 172.20.42.200
websrv A 172.20.42.203
websrv A 172.20.42.204
www CNAME websrv
systemctl restart named
测试
1. PC客户端
2. www.blog.com (可以访问)
3. 停止172.20.42.203上的httpd,依然可以访问www.blog.com
实现web站点的https访问
配置
在两台WEB服务器上安装yum -y install mod_ssl
生成必要的证书文件
vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem
测试
1. 在FireFox上安装证书()
2. 访问https://www.blog.com,成功
实现web站点http重定向到https:
配置
在web服务器上,
vim /etc/httpd/conf/httpd.conf
Redirect temp /(.*) https://www.blog.com/$1
或者:
使用HSTS配置:
Header always set Strict-Transport-Security "max-age=31536000"
RewriteEngine on
RewriteRule ^(/.*)$ https://%{www.blog.com}$1 [redirect=302]
客户端测试
访问www.blog.com,会自动跳转到https://www.blog.com
