1.架构图说明:
web1.wsh.com角色:dns服务器、http服务器、CA
web2.wsh.com角色:http服务器
mysql.wsh.com角色:mysql服务器
2.安装bind,配置web1为dns服务器,负责解析web1和web2
#安装bind,会自动创建named系统用户和named系统组
[root@web1 ~]# yum -y install bind
[root@web1 ~]# id named
uid=25(named) gid=25(named) groups=25(named)
#修改bind主配置文件,注销下面3行
[root@web1 ~]# vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
// allow-query { localhost; };
#编辑区域配置文件/etc/named.rfc1912.zones,在最后新建区域
[root@web1 ~]# vim /etc/named.rfc1912.zones
zone "wsh.com" IN {
type master;
file "wsh.com.zone";
};
#创建区域文件/var/named/wsh.com.zone
[root@web1 ~]#vim /var/named/wsh.com.zone
$TTL 600
@ IN SOA dns.wsh.com. admin.wsh.com. (
20141230
2H
10M
7D
6H )
IN NS dns
dns A 192.168.10.24
www A 192.168.10.24
www A 192.168.10.27
#修改/var/named/wsh.com.zone的权限为640,属组为named
[root@web1 ~]# chmod 640 /var/named/wsh.com.zone
[root@web1 ~]# chown :named /var/named/wsh.com.zone
[root@web1 ~]# ls -l /var/named/wsh.com.zone
-rw-r-----. 1 root named 148 Jul 1 20:52 /var/named/wsh.com.zone
#检查主配置文件、区域配置文件
[root@web1 ~]# named-checkconf
[root@web1 ~]# named-checkzone "wsh.com" /var/named/wsh.com.zone
zone wsh.com/IN: loaded serial 20141230
OK
#启动named
[root@web1 ~]# service named start
#查看是否监听53端口
[root@web1 ~]# ss -tanl
#使用dig命令测试
[root@web1 ~]# dig -t A www.wsh.com @192.168.10.24
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> -t A www.wsh.com @192.168.10.24
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45680
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.wsh.com. IN A
;; ANSWER SECTION:
www.wsh.com. 600 IN A 192.168.10.24
www.wsh.com. 600 IN A 192.168.10.27
;; AUTHORITY SECTION:
wsh.com. 600 IN NS dns.wsh.com.
;; ADDITIONAL SECTION:
dns.wsh.com. 600 IN A 192.168.10.24
;; Query time: 0 msec
;; SERVER: 192.168.10.24#53(192.168.10.24)
;; WHEN: Tue Jul 1 21:02:06 2014
;; MSG SIZE rcvd: 95
可以看到通过192.168.10.24可以正确解析,并得到了2个权威答案
在此,dns服务器配置完成3.安装httpd,配置web1,web2为http服务器
下面在web1上安装配置httpd,web2同web1操作即可;
#安装httpd,自动创建apache系统用户和apache系统组
[root@web1 ~]# yum -y install httpd
[root@web1 ~]# id apache
uid=48(apache) gid=48(apache) groups=48(apache)
#################################
httpd的主配置文件
/etc/httpd/conf/httpd.conf
httpd的补充配置文件
/etc/httpd/conf.d/*.conf
启动脚本
/etc/rc.d/init.d/httpd
网页文件目录
/var/www/html
socket
tcp/80 , tcp/443
#################################
#在/var/www/html下提供index.html
[root@web1 ~]# vim /var/www/html/index.html
<title> Testing ! </title>
<body>
<h1> Hello World ! </h1>
Hi,BJ !
</body>
#启动httpd
[root@web1 ~]# service httpd start
Starting httpd: [ OK ]
#测试:
#curl -I 响应报文200 OK;
[root@web1 ~]# curl -I http://192.168.10.24
HTTP/1.1 200 OK
Date: Tue, 01 Jul 2014 13:21:16 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 01 Jul 2014 13:20:49 GMT
ETag: "1c0581-4d-4fd21a4ea81d9"
Accept-Ranges: bytes
Content-Length: 77
Connection: close
Content-Type: text/html; charset=UTF-8 
以上,完成配置web1为http服务器,经测试可以正常提供服务!4.安装php
下面在web1上安装php作为httpd的模块,使其支持php语言编写的动态网站,web2同web1操作即可;
#yum安装php
[root@web1 ~]# yum -y install php
########################################
安装完成后会生成/etc/httpd/conf.d/php.conf
########################################
#删除/var/www/html/index.html,并创建index.php
[root@web1 ~]# rm -f /var/www/html/index.html
[root@web1 ~]# vim /var/www/html/index.php
[root@web1 ~]# cat /var/www/html/index.php
<?php
phpinfo();
?>
#由于安装php生成了新的配置文件,需要使httpd重新读入配置文件
[root@web1 ~]#service httpd restart
#curl测试OK
[root@web1 ~]# curl -I http://192.168.10.24
HTTP/1.1 200 OK
Date: Tue, 01 Jul 2014 13:39:04 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Connection: close
Content-Type: text/html; charset=UTF-8
#使用浏览器测试亦正常
#以上就成功安装了php并且使其作为httpd的模块运行5.配置web1为CA,为web1 , web2签署证书
[root@web1 ~]# cd /etc/pki/CA/
#生成cakey
[root@web1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.........+++
...................................................................+++
e is 65537 (0x10001)
[root@web1 CA]# ls private/
cakey.pem
#生成cacert
[root@web1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BeiJing
Locality Name (eg, city) [Default City]:HaiDian
Organization Name (eg, company) [Default Company Ltd]:WSH
Organizational Unit Name (eg, section) []:www.wsh.com
Common Name (eg, your name or your server's hostname) []:^C
[root@web1 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.........+++
...................................................................+++
e is 65537 (0x10001)
[root@web1 CA]# ls private/
cakey.pem
[root@web1 CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Haidian
Organization Name (eg, company) [Default Company Ltd]:WSH
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:ca.wsh.com
Email Address []:caadmin@wsh.com
[root@web1 CA]# ls
cacert.pem certs crl newcerts private
[root@web1 CA]# touch index.txt
[root@web1 CA]# echo 01 > serial
[root@web1 CA]# cat serial
01
#web1生成key和证书请求
[root@web1 CA]# cd /etc/httpd/
[root@web1 httpd]# mkdir cert
[root@web1 httpd]# cd cert
[root@web1 cert]# (umask 077;openssl genrsa -out web1.key 1024)
Generating RSA private key, 1024 bit long modulus
.....................++++++
...................++++++
e is 65537 (0x10001)
[root@web1 cert]# ls
web1.key
[root@web1 cert]# openssl req -new -key web1.key -out web1.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Haidian
Organization Name (eg, company) [Default Company Ltd]:WSH
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:www.wsh.com
Email Address []:web1@wsh.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@web1 cert]# ls
web1.csr web1.key
#CA为web1签署证书
[root@web1 cert]# openssl ca -in web1.csr -out web1.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jul 1 13:58:14 2014 GMT
Not After : Jul 1 13:58:14 2015 GMT
Subject:
countryName = CN
stateOrProvinceName = Beijing
organizationName = WSH
organizationalUnitName = IT
commonName = www.wsh.com
emailAddress = web1@wsh.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
5D:DE:07:3E:16:4D:05:C1:7F:54:1A:C6:86:E5:B0:4D:32:9E:7C:DB
X509v3 Authority Key Identifier:
keyid:7C:50:1F:AF:04:43:0D:1B:AF:02:AB:0B:74:E7:E6:2A:7F:15:78:53
Certificate is to be certified until Jul 1 13:58:14 2015 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@web1 cert]# ls
web1.crt web1.csr web1.key
#之后可以删除web1.csr了
[root@web1 cert]#rm -f web1.csr
6.安装mod_ssl,使httpd可以提供https
下面在web1上安装mod_ssl,使其可以支持https,web2同web1操作即可;
[root@web1 cert]# yum -y install mod_ssl
#########################################
安装完成后会生成
/etc/httpd/conf.d/ssl.conf
由于SSL/TLS会话的建立,仅能基于ip地址,所以
如果一台http服务器仅有一个ip地址,它也仅能提供
一个基于ssl/tls的虚拟主机
#########################################
#注销/etc/httpd/conf/httpd.conf中的DocumentRoot
#DocumentRoot "/var/www/html"
#编辑/etc/httpd/conf.d/ssl.conf
[root@web1 ~]#vim /etc/httpd/conf.d/ssl.conf
.......
<VirtualHost 192.168.10.24:443>
DocumentRoot "/var/www/html"
ServerName www.wsh.com:443
SSLCertificateFile /etc/httpd/cert/web1.crt
SSLCertificateKeyFile /etc/httpd/cert/web1.key
.......
</VirtualHost>
#重启httpd服务,使其重读ssl.conf配置文件
[root@web1 cert]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
#查看端口,是否监听tcp/443
[root@web1 cert]# ss -tanl
#使用openssl测试
[root@web1 cert]# vim /var/www/html/index.php
[root@web1 cert]# cat /var/www/html/index.php
Hi, HTTPS !
[root@web1 cert]# openssl s_client -connect www.wsh.com:443 -CAfile /etc/pki/CA/cacert.pem
CONNECTED(00000003)
depth=1 C = CN, ST = Beijing, L = Haidian, O = WSH, OU = IT, CN = ca.wsh.com, emailAddress = caadmin@wsh.com
verify return:1
depth=0 C = CN, ST = Beijing, O = WSH, OU = IT, CN = www.wsh.com, emailAddress = web1@wsh.com
verify return:1
---
Certificate chain
0 s:/C=CN/ST=Beijing/O=WSH/OU=IT/CN=www.wsh.com/emailAddress=web1@wsh.com
i:/C=CN/ST=Beijing/L=Haidian/O=WSH/OU=IT/CN=ca.wsh.com/emailAddress=caadmin@wsh.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDYTCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCQ04x
EDAOBgNVBAgMB0JlaWppbmcxEDAOBgNVBAcMB0hhaWRpYW4xDDAKBgNVBAoMA1dT
SDELMAkGA1UECwwCSVQxEzARBgNVBAMMCmNhLndzaC5jb20xHjAcBgkqhkiG9w0B
CQEWD2NhYWRtaW5Ad3NoLmNvbTAeFw0xNDA3MDExMzU4MTRaFw0xNTA3MDExMzU4
MTRaMG0xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlqaW5nMQwwCgYDVQQKDANX
U0gxCzAJBgNVBAsMAklUMRQwEgYDVQQDDAt3d3cud3NoLmNvbTEbMBkGCSqGSIb3
DQEJARYMd2ViMUB3c2guY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
vCYQ2f5t2N5uowjUGP0bpt6LmmcQtC45w4dINnWxfMa6F2AYKzA23d6JEDMqeXk7
EGhO7WlRqd9HxXQwbRV8x+PAQLkNN7R3lgfU+5iRffc0T7LKIHLqeDHWPoMrJGO0
SDLLc4nFxsPfAFUPRpSwRtoQNcoRyDZd5R0/uRAl4QIDAQABo3sweTAJBgNVHRME
AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
ZTAdBgNVHQ4EFgQUXd4HPhZNBcF/VBrGhuWwTTKefNswHwYDVR0jBBgwFoAUfFAf
rwRDDRuvAqsLdOfmKn8VeFMwDQYJKoZIhvcNAQEFBQADggEBAFQcU+EnLMNUSAGb
xqZtwQLxAwolSW9YkSaoLWZGQtf7hGFQwfouu5IqGcJZM9PQjdiJizGQg+Xo96Ck
i508a4ukGq5aQ4Ke9oJAcDx+C653Ifs/YG2ur1+Hly+EOka6+Jr4qXlxGquQOIw2
5PNy828iFfLCWvTT9X78ZzHADtyQ/ko+7cs/yIHYRkeePLNsCt96ag6SpMpG7k6Q
W33LNJqgKxogmSCWt3rmrRzUt/a0XeMGT2KKUrJrryImCwcyC8F8kYVelEDmHlhN
xupNViKo754f54SvJad6eNpZo2XoAJWabEj2rM7m2dNOh7uYYShxxbcoMwZHaRzR
mStpycU=
-----END CERTIFICATE-----
subject=/C=CN/ST=Beijing/O=WSH/OU=IT/CN=www.wsh.com/emailAddress=web1@wsh.com
issuer=/C=CN/ST=Beijing/L=Haidian/O=WSH/OU=IT/CN=ca.wsh.com/emailAddress=caadmin@wsh.com
---
No client certificate CA names sent
---
SSL handshake has read 1618 bytes and written 453 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: D3B7DB425C0C178A1AF858D3BCB228B1B313AC7082D623FF296422612ABFA68C
Session-ID-ctx:
Master-Key: 7F5882E48EFEC90DEDCF39D9AF857A4DB69BDFD0E30AF87AE93497970F249597549E1585B2F757A07F577DBA46AB0E86
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - f5 cd f2 80 d2 32 d2 04-92 37 32 2d c9 8e e0 9a .....2...72-....
0010 - 91 3d eb 52 4b 37 cf 9c-65 2f 8e 16 4c 30 62 f6 .=.RK7..e/..L0b.
0020 - 4b c5 9e 76 18 c7 7c 80-72 00 c8 ed ce af f7 64 K..v..|.r......d
0030 - 57 17 34 7d e0 e8 61 25-8a a7 db 5e c4 18 7c eb W.4}..a%...^..|.
0040 - 76 89 d1 33 e7 4b 93 0c-ed d4 6b 58 86 57 18 da v..3.K....kX.W..
0050 - ba 2d 45 ac 50 3a 4f d4-61 68 01 69 9e 65 5d d2 .-E.P:O.ah.i.e].
0060 - 12 a4 69 b0 a3 87 c9 30-79 ed 13 a9 00 8e ba 63 ..i....0y......c
0070 - 3d 54 55 eb 48 f8 e8 44-ec c8 36 7b 44 e5 4b 02 =TU.H..D..6{D.K.
0080 - 2d 84 29 4e c2 05 ce 45-be 2d 13 68 1a ba 93 c7 -.)N...E.-.h....
0090 - 1c 88 1d 50 24 f3 c8 45-c2 33 59 89 6d f2 30 9d ...P$..E.3Y.m.0.
00a0 - c6 2b dd ab 11 4a f4 7f-2e 68 de 67 0f 8a 1c ec .+...J...h.g....
00b0 - ca 36 0f f2 26 33 26 a4-b4 45 9d 34 69 c0 8a 3e .6..&3&..E.4i..>
Start Time: 1404224757
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Tue, 01 Jul 2014 14:26:03 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 12
Connection: close
Content-Type: text/html; charset=UTF-8
Hi, HTTPS !
closed
#至此,完成了web1的配置,它集成dns、http、https和CA的角色;7.按照上述步骤配置web2的http、https即可;
6、7操作完成后,将web1中/etc/pki/CA/cacert.pem导出到windows7系统上,并修改为cacert.crt,导入cacert.crt为受信任的根证书颁发机构,使用浏览器进行测试
8.安装配置mysql
#规划将mysql的datadir放在lv上,将/mydata作为lv的挂载点
[root@mysql ~]#mkdir /mydata
[root@mysql ~]# fdisk -l | grep "/dev/sd[a-z]:"
Disk /dev/sda: 128.8 GB, 128849018880 bytes
Disk /dev/sdb: 85.9 GB, 85899345920 bytes
#对/dev/sdb进行分区,并更改systemID为8e,即LVM
[root@mysql ~]# fdisk /dev/sdb
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-10443, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-10443, default 10443): +40G
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (5224-10443, default 5224):
Using default value 5224
Last cylinder, +cylinders or +size{K,M,G} (5224-10443, default 10443):
Using default value 10443
Command (m for help): p
Disk /dev/sdb: 85.9 GB, 85899345920 bytes
255 heads, 63 sectors/track, 10443 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xf39f94ea
Device Boot Start End Blocks Id System
/dev/sdb1 1 5223 41953716 83 Linux
/dev/sdb2 5224 10443 41929650 83 Linux
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): L
......
8 AIX 4f QNX4.x 3rd part 8e Linux LVM df BootIt
......
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 8e
Changed system type of partition 2 to 8e (Linux LVM)
Command (m for help): p
Disk /dev/sdb: 85.9 GB, 85899345920 bytes
255 heads, 63 sectors/track, 10443 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xf39f94ea
Device Boot Start End Blocks Id System
/dev/sdb1 1 5223 41953716 8e Linux LVM
/dev/sdb2 5224 10443 41929650 8e Linux LVM
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
#创建pv
[root@mysql ~]# pvcreate /dev/sdb{1,2}
Writing physical volume data to disk "/dev/sdb1"
Physical volume "/dev/sdb1" successfully created
Writing physical volume data to disk "/dev/sdb2"
Physical volume "/dev/sdb2" successfully created
[root@mysql ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/sda2 VolGroup lvm2 a-- 119.51g 0
/dev/sdb1 lvm2 a-- 40.01g 40.01g
/dev/sdb2 lvm2 a-- 39.99g 39.99g
#创建vg
[root@mysql ~]# vgcreate MyVG /dev/sdb{1,2}
Volume group "MyVG" successfully created
[root@mysql ~]# vgs
VG #PV #LV #SN Attr VSize VFree
MyVG 2 0 0 wz--n- 79.99g 79.99g
VolGroup 1 4 0 wz--n- 119.51g 0
#创建lv
[root@mysql ~]# lvcreate -L 20G -n MyLV MyVG
Logical volume "MyLV" created
[root@mysql ~]# lvs
LV VG Attr LSize Pool Origin Data% Move Log Copy% Convert
MyLV MyVG -wi-a--- 20.00g
LogVol03 VolGroup -wi-ao-- 48.04g
lv_home VolGroup -wi-ao-- 19.53g
lv_root VolGroup -wi-ao-- 50.00g
lv_swap VolGroup -wi-ao-- 1.94g
#格式化MyLV
[root@mysql ~]# mke2fs -t ext4 -L MYDATA -b 4096 /dev/MyVG/MyLV
#修改/etc/fstab,使MyLV开机自动挂载至/mydata
LABEL=MYDATA /mydata ext4 defaults 0 0
#挂载所有在/etc/fstab中定义的文件系统
[root@mysql ~]# mount -a
#查看挂载的文件系统
[root@mysql ~]# mount
......
/dev/mapper/MyVG-MyLV on /mydata type ext4 (rw)
#创建/mydata/data目录
[root@mysql ~]# mkdir -v /mydata/data
mkdir: created directory `/mydata/data'
#创建系统用户mysql和系统组mysql
[root@mysql ~]# useradd -r mysql
[root@mysql ~]# id mysql
uid=498(mysql) gid=498(mysql) groups=498(mysql)
#修改/mydata/data属主属组为mysql
[root@mysql ~]# chown mysql:mysql /mydata/data/
[root@mysql ~]# ls -ld /mydata/data/
drwxr-xr-x. 2 mysql mysql 4096 Jul 2 00:29 /mydata/data/#准备好mysql通用二进制包
[root@mysql ~]# ls
anaconda-ks.cfg install.log install.log.syslog mysql-5.6.13-linux-glibc2.5-x86_64.tar.gz
#解压并展开归档至/usr/local下
[root@mysql ~]# tar xf mysql-5.6.13-linux-glibc2.5-x86_64.tar.gz -C /usr/local
[root@mysql ~]# cd /usr/local/
[root@mysql local]# ls
bin etc games include lib lib64 libexec mysql-5.6.13-linux-glibc2.5-x86_64 sbin share src
#将mysql-5.6.13-linux-glibc2.5-x86_64符号链接至/usr/localmysql
[root@mysql local]# ln -sv mysql-5.6.13-linux-glibc2.5-x86_64 mysql
`mysql' -> `mysql-5.6.13-linux-glibc2.5-x86_64'
[root@mysql local]# ls -l
total 44
......
lrwxrwxrwx. 1 root root 34 Jul 1 23:44 mysql -> mysql-5.6.13-linux-glibc2.5-x86_64
drwxr-xr-x. 13 root root 4096 Jul 1 23:44 mysql-5.6.13-linux-glibc2.5-x86_64
......
[root@mysql local]# cd mysql
[root@mysql mysql]# chown root.mysql *
[root@mysql mysql]# ls -l
total 156
drwxr-xr-x. 2 root mysql 4096 Jul 1 23:44 bin
-rw-r--r--. 1 root mysql 17987 Jul 11 2013 COPYING
drwxr-xr-x. 3 root mysql 4096 Jul 1 23:43 data
drwxr-xr-x. 2 root mysql 4096 Jul 1 23:44 docs
drwxr-xr-x. 3 root mysql 4096 Jul 1 23:44 include
-rw-r--r--. 1 root mysql 88178 Jul 11 2013 INSTALL-BINARY
drwxr-xr-x. 3 root mysql 4096 Jul 1 23:47 lib
drwxr-xr-x. 4 root mysql 4096 Jul 1 23:44 man
drwxr-xr-x. 10 root mysql 4096 Jul 1 23:44 mysql-test
-rw-r--r--. 1 root mysql 2496 Jul 11 2013 README
drwxr-xr-x. 2 root mysql 4096 Jul 1 23:43 scripts
drwxr-xr-x. 28 root mysql 4096 Jul 1 23:43 share
drwxr-xr-x. 4 root mysql 4096 Jul 1 23:44 sql-bench
drwxr-xr-x. 3 root mysql 4096 Jul 1 23:43 support-files
#将mysql的头文件软连接至/usr/include/mysql
[root@mysql mysql]# ln -sv /usr/local/mysql/include /usr/include/mysql
`/usr/include/mysql' -> `/usr/local/mysql/include'
#导出mysql的库文件
[root@mysql mysql]# echo "/usr/local/mysql/lib" > /etc/ld.so.conf.d/mysql.conf
[root@mysql mysql]# cat /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib
[root@mysql mysql]# ldconfig -v | grep mysql
/usr/local/mysql/lib:
libmysqlclient.so.18 -> libmysqlclient_r.so.18.1.0
/usr/lib64/mysql:
libmysqlclient_r.so.16 -> libmysqlclient_r.so.16.0.0
libmysqlclient.so.16 -> libmysqlclient.so.16.0.0
#导出/bin目录
[root@mysql mysql]# echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh
[root@mysql mysql]# cat /etc/profile.d/mysql.sh
export PATH=/usr/local/mysql/bin:/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root@mysql mysql]# . /etc/profile.d/mysql.sh
#导出man路径
[root@mysql mysql]# vim /etc/man.config
MANPATH /usr/local/mysql/man#准备mysql配置文件、服务脚本、初始化mysql、启动mysql
#备份/etc/my.cnf,并将support-files下的my-default.cnf复制到/etc/下并重命名为my.cnf
[root@mysql mysql]# mv /etc/my.cnf /etc/my.cnf.bak
[root@mysql mysql]# cp support-files/
binary-configure my-default.cnf mysql-log-rotate solaris/
magic mysqld_multi.server mysql.server
[root@mysql mysql]# cp support-files/my-default.cnf /etc/my.cnf
#复制服务脚本至/etc/rc.d/init.d/mysqld,并做修改有关datadir的值为/mydata/data,添加执行权限
[root@mysql mysql]# cp support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@mysql mysql]# chmod +x /etc/rc.d/init.d/mysqld
#初始化mysql
[root@mysql mysql]# scripts/mysql_install_db --user=mysql --datadir=/mydata/data/
#启动mysql
[root@mysql mysql]# service mysqld start
Starting MySQL...... [ OK ]
[root@mysql mysql]# ss -tanl | grep 3306
0 80 :::3306 :::*
#使用mysql连接mysql服务器,并未安装phpwind做如下准备:
***************************************
1.为了安全修改mysql用户root的密码:rootroot
2.为phpwind创建mysql用户:winduser,密码:password
3.允许web1,web2使用winduser连接mysql
4.授权winduser对phpwind创建的数据库有所有权限,数据库名为:phpwindb
***************************************
#默认密码为空,使用mysql命令即可连接
[root@mysql mysql]# mysql
#修改root密码
mysql> SET PASSWORD FOR 'root'@'localhost'=PASSWORD('rootroot');
#重读授权表
mysql> FLUSH PRIVILEGES;
#退出mysql连接
mysql>\q
#重新连接mysql server,输入正确的密码即可正常连接
[root@mysql mysql]# mysql -uroot -hlocalhost -p
#新建用户winduser并允许192.168.10.24和192.168.10.27连接,即web1,web2
mysql> CREATE USER 'winduser'@'192.168.10.24' IDENTIFIED BY 'password';
mysql> CREATE USER 'winduser'@'192.168.10.27' IDENTIFIED BY 'password';
#授权winduser对phpwindb库具有所有权限
mysql> GRANT ALL ON phpwindb.* TO 'winduser'@'192.168.10.24';
mysql> GRANT ALL ON phpwindb.* TO 'winduser'@'192.168.10.27';
#测试web1,web2是否可以连接到mysql服务器
在web1,web2上安装php连接mysql的驱动php-mysql
yum -y install php-mysql
#在两台http服务器中提供/var/www/html/index.php
<?php
$link=mysql_connect('192.168.10.33',winduser,password);
if ($link)
echo "web[1,2].wsh.com,Connect Success...";
else
echo "web[1,2].wsh.com,Connect Failure...";
?>
#重启两台服务器的httpd服务
service httpd restart
9.安装phpwind
将phpwind文档放置到2台web服务器的/var/www/html/下:
我们想使用https协议访问phpwind站点,则需要修改install.php文件,如下(使用http协议则不需要修改):
$bbsurl = 'https://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, $selfrpos); 修改以下文件权限为777:
[root@web2 html]# chmod -R 777 attachment/ data/ html/修改windows的dns服务器为192.168.10.24,打开浏览器输入https://www.wsh.com,使用chrome浏览器按下F12-->Network可以看到访问的是哪台web服务器,2台web服务器都需要安装phpwind;
安装完成后,删除/重命名install.php即可;
#还有一个问题就是上传的附件是保存在web服务器本地的,而不是mysql中,所以在192.168.10.24上使用NFS将/var/www/html/attachment导出,并在192.168.10.27上将其挂在至本地的/var/www/html/attachment即可;
[root@web1 html]# vim /etc/exports
[root@web1 html]# cat /etc/exports
/var/www/html/attachment 192.168.10.27/24(rw)
[root@web1 html]# service nfs restart
[root@web2 html]# showmount -e 192.168.10.24
Export list for 192.168.10.24:
/var/www/html/attachment 192.168.10.27/24
[root@web2 html]#vim /etc/fstab
192.168.10.24:/var/www/html/attachment /var/www/html/attachment nfs defaults 0 0
[root@web2 html]#mount -a
[root@web2 html]# mount
......
192.168.10.24:/var/www/html/attachment on /var/www/html/attachment type nfs (rw,vers=4,addr=192.168.10.24,clientaddr=192.168.10.27)下面是mysql服务器中存储的附件的相关信息,可以看到确实存储在了服务器本地;
*************************** 1. row ***************************
aid: 1
fid: 2
uid: 1
tid: 1
pid: 0
did: 0
name: adress_list.txt
type: txt
size: 1
attachurl: Mon_1407/2_1_9d719282eecc478.txt
hits: 3
needrvrc: 0
special: 0
ctype:
uploadtime: 1404239854
descrip:
ifthumb: 0
mid: 0
*************************** 2. row ***************************
aid: 2
fid: 2
uid: 1
tid: 1
pid: 0
did: 0
name: QQ截图20141230154432.png
type: img
size: 15
attachurl: Mon_1407/2_1_252cdaf29869e70.png
hits: 0
needrvrc: 0
special: 0
ctype:
uploadtime: 1404239862
descrip: test
ifthumb: 0
mid: 0
2 rows in set (0.00 sec) 上面各服务需要开机时自动启动,则需要执行命令:chkconfig 服务名 on
155
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
