赛题
2.1.5、配置企业内网交流平台
· 配置企业内部交流平台,采用apache +WordPress + MariaDB ; (WordPress直接部署上传安装到根目录下的www目录,站点文件夹WordPress)部署文件在操作主机的工具目录下,文件夹为Wordpress;
· 创建数据库:数据库名“WordPress”:,数据库管理账户信息:User: root/ Pass“WordPress”word: Skills46;
· WordPress 采用HTTPS方式访问;使用默认模板(安装配置完毕即可使用);添加一个TEST的文章;WordPress后台管理员及密码信息:root/ Password: Skills46。
1.安装服务
上传WordPress
root@lnxserver1:~# apt install -y apache2 php php-mysql mariadb-server lrzsz
root@lnxserver1:~# rz
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring wordpress-5.1.15-zh_CN.tar.gz...
100% 10989 KB 1373 KB/sec 00:00:08 0 Errors
root@lnxserver1:~# tar -zxf wordpress-5.1.15-zh_CN.tar.gz
root@lnxserver1:~# mv wordpress /var/www/html
root@lnxserver1:/var/www/html# chmod 777 -R wordpress
root@lnxserver1:/var/www/html# chown root:root -R wordpress
root@lnxserver1:~# reboot #重启一下
2.配置数据库
root@lnxserver1:~# mysql -uroot -p
MariaDB [(none)]> create database Wordpress;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO root@'%' IDENTIFIED BY 'Skills46';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> Ctrl-C -- exit!
Aborted
3.配置WordPress
root@lnxserver1:~# cd /var/www/html/wordpress/
[root@lnxserver1 wordpress]# cp -a wp-config-sample.php wp-config.php
[root@lnxserver1 wordpress]# vim wp-config.php
23 define( 'DB_NAME', 'Wordpress' );
26 define( 'DB_USER', 'root' );
29 define( 'DB_PASSWORD', 'Skills46' );
32 define( 'DB_HOST', '172.0.10.120' );
root@lnxserver1:~# a2dissite 000-default.conf
Site 000-default disabled.
To activate the new configuration, you need to run:
systemctl reload apache2
root@lnxserver1:~# systemctl restart apache2
4.配置HTTPS
创建根证书
root@lnxserver1:~# vim /lib/ssl/openssl.cnf
48 dir = /csk-rootca # Where everything is kept
56 certificate = $dir/csk-ca.pem # The CA certificate
root@lnxserver1:~# mkdir -p /csk-rootca/{private,newcerts}
root@lnxserver1:~# cd /csk-rootca/
root@lnxserver1:/csk-rootca# touch {index.txt,serial}
root@lnxserver1:/csk-rootca# echo 01 > serial
root@lnxserver1:/csk-rootca# openssl genrsa -out private/cakey.pem
Generating RSA private key, 2048 bit long modulus (2 primes)
..................................................................................................+++++
............................+++++
e is 65537 (0x010001)
创建密钥
root@lnxserver1:~# openssl genrsa -out word.key
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................................................................................................................+++++
.......+++++
e is 65537 (0x010001)
创建csr证书申请
root@lnxserver1:~# openssl req -new -key word.key -out word.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:China
Locality Name (eg, city) []:Beijing^H^C
root@lnxserver1:~# openssl req -new -key word.key -out word.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.*
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@lnxserver1:~#
本地签发证书
root@lnxserver1:/csk-rootca# openssl ca -in word.csr -out word.crt
Using configuration from /usr/lib/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Feb 16 03:08:42 2023 GMT
Not After : Feb 16 03:08:42 2024 GMT
Subject:
countryName = AU
stateOrProvinceName = Some-State
organizationName = Internet Widgits Pty Ltd
commonName = *.*
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
DF:E7:7A:02:6E:4E:FC:6E:2B:8D:C3:E3:A2:52:B6:3E:C7:C1:3D:C4
X509v3 Authority Key Identifier:
keyid:C3:34:72:71:12:C8:13:F6:1D:4F:D0:09:02:E4:15:29:A4:12:2F:25
Certificate is to be certified until Feb 16 03:08:42 2024 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@lnxserver1:/csk-rootca#
创建https站点
root@lnxserver1:~# vim /etc/apache2/apache2.conf
任意地方插入下面2行
SSLCertificateFile /csk-rootca/word.crt
SSLCertificatekeyFile /csk-rootca/word.key
SSLCACertificateFile /csk-rootca/csk-ca.pem
root@lnxserver1:~# a2ensite default-ssl.conf
root@lnxserver1:~# a2enmod ssl
root@lnxserver1:~# systemctl restart apache2