2023-2-OpenEuler：通过Wordpress实现网站服务任务目标：实现LAMP：Apache + PHP

任务目标：

实现LAMP：Apache + PHP + MySQL + HTTPS
部署WordPress
使用HTTPS发布网站服务（本例使用私有证书）

任务平台：

VM-Project-1-Task-2-10.10.10.102

部署指南：

系统基本配置

hostnamectl set-hostname VM-Project-1-Task-2

网络配置

#查看网卡信息
nmcli device
#配置IPv4地址（请根据实际情况调整网络链接的名称ens33）
nmcli connection modify ens33 ipv4.addresses "10.10.10.102/24" ipv4.gateway 10.10.10.254
#重新载入网络链接的配置信息
nmcli connection reload
nmcli connection up ens33

系统升级、关闭防火墙和SELinux等配置

#配置防火墙，允许443/tcp端口访问
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
#重新启动服务器
reboot

安装Apache

#安装Apache HTTP Server
yum install -y httpd
#启动httpd服务，并设置为自动启动
systemctl start httpd
systemctl enable httpd
#使用浏览器即可访问10.10.10.101，出现欢迎界面，说明apache http server安装成功
#查看httpd服务状态
systemctl status httpd

安装与配置MySQL

#安装MySQL Community
yum install -y mysql-server
#启动MySQL服务，并设置位自动启动
systemctl start mysqld
systemctl enable mysqld
#查看MySQL服务状态
systemctl status mysqld

#为MySQL的root账户配置密码
mysql -uroot -p
#首次登录使用空密码
#在mysql工具内进行数据库操作
use mysql;
alter user 'root'@'localhost' identified with mysql_native_password by '#labs313mysql';
flush privileges;
exit;

#再次使用mysql工具管理数据库，为Wordpress创建数据库和权限
mysql -uroot -p
#首次登录使用空密码
#输入root设置的密码，本例的root密码为：#labs313mysql
#在mysql工具内进行数据库操作
#创建Wordpress的数据库为wordpressDB
create database wordpressDB;
#为wordpressDB创建数据库管理账户wordpressUser，并授权
create user 'wordpressUser'@'localhost' identified by "wordpressUser#PWD2023";
grant all privileges on wordpressDB.* to  'wordpressUser'@'localhost' with grant option;
flush privileges;
exit;

#备注
#如果MySQL root密码丢失，可按照下述方式进行恢复
#第1步：修改/etc/my.cnf文件，在[mysqld]下增加一行
skip-grant-tables
systemctl restart mysqld
#第2步：使用mysql工具管理数据库，root为空密码
mysql -uroot -p
#在mysql工具内操作
use mysql;
update user set authentication_string='' where user='root';
exit;
#第3步：修改/etc/my.cnf文件，在[mysqld]下删除一行
skip-grant-tables
systemctl restart mysqld
#第4步：使用mysql工具管理数据库，root为空密码
mysql -uroot -p
#在mysql工具内操作
use mysql;
alter user 'root'@'localhost' identified with mysql_native_password by '#labs313mysql'
flush privileges;
exit;

安装PHP

#安装php及相关模块
yum install -y php php-mysqlnd
#安装Wordpress所需要的PHP扩展模块
yum install -y php-dom php-mbstring php-zip php-gd php-intl
#重启PHP
systemctl restart php-fpm

安装wget、zip等工具以开展WordPress的部署

#安装wget和zip工具
yum install wget zip

下载WordPress程序

#下载WordPress程序
wget https://wordpress.org/latest.zip
#解压缩到指定目录
unzip -d /var/www/html/ latest.zip
#配置WordPress程序权限
chown -R apache:apache /var/www/html/wordpress
chmod -R 755 /var/www/html/wordpress

配置Apache Httpd Server以实现HTTPS服务

#安装openssl工具
yum install openssl openssl-devel httpd-devel
#创建网站CA证书
openssl genrsa -out wordpress.local.key 2048
openssl req -new -key wordpress.local.key -out wordpress.local.csr
openssl x509 -req -days 3650 -in wordpress.local.csr -signkey wordpress.local.key -out wordpress.local.crt
#将证书文件放到指定目录
mv wordpress.local.crt /etc/pki/tls/certs/
mv wordpress.local.key /etc/pki/tls/private/
mv wordpress.local.csr /etc/pki/tls/private/
#安装mod_ssl模块，实现HTTPS服务
yum install -y mod_ssl
systemctl restart httpd

在创建证书的过程中，会需要填写许多信息，如国家，省市，公司等

[root@VM-Project-1-Task-2 ~]# openssl genrsa -out wordpress.local.key 2048  
Generating RSA private key, 2048 bit long modulus (2 primes)  
...............................................+++++  
...............+++++  
e is 65537 (0x010001)  
[root@VM-Project-1-Task-2 ~]# openssl req -new -key wordpress.local.key -out wordpress.local.csr  
You are about to be asked to enter information that will be incorporated  
into your certificate request.  
What you are about to enter is what is called a Distinguished Name or a DN.  
There are quite a few fields but you can leave some blank  
For some fields there will be a default value,  
If you enter '.', the field will be left blank.  
-----  
Country Name (2 letter code) [AU]:CN  
State or Province Name (full name) [Some-State]:HeNan  
Locality Name (eg, city) []:ZhengZhou  
Organization Name (eg, company) [Internet Widgits Pty Ltd]:[51xueweb.cn](https://51xueweb.cn/)  
Organizational Unit Name (eg, section) []:openEuler  
#注意域名要和网站域名保持一致，如果不适用域名，请填写IP地址  
Common Name (e.g. server FQDN or YOUR name) []:wordpress.local  
Email Address []:<***.cnEmail> Address []:r
r***g@h***n   
   
Please enter the following 'extra' attributes  
to be sent with your certificate request  
A challenge password []:.  
An optional company name []:.  
[root@VM-Project-1-Task-2 ~]# openssl x509 -req -days 3650 -in wordpress.local.csr -signkey wordpress.local.key -out wordpress.local.crt  
Signature ok  
subject=C = CN, ST = HeNan, L = ZhengZhou, O = [51xueweb.cn](https://51xueweb.cn/), OU = openEuler, CN = wordpress.local, emailAddress = <***.cn>  
Getting Private key  
[root@VM-Project-1-Task-2 ~]# mv wordpress.local.crt /etc/pki/tls/certs/  
[root@VM-Project-1-Task-2 ~]# mv wordpress.local.key /etc/pki/tls/private/  
[root@VM-Project-1-Task-2 ~]# mv wordpress.local.csr /etc/pki/tls/private/

配置Apache Httpd Server以发布网站

#复制SSL配置文件
cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak

#使用HTTPS发布网站
#修改/etc/httpd/conf.d/ssl.conf
vi /etc/httpd/conf.d/ssl.conf
#修改后的内容
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
#_default_不要修改
<VirtualHost _default_:443>
#配置为网站程序目录
DocumentRoot "/var/www/html/wordpress"
#网站域名要和证书创建时候的配置信息一致
ServerName www.wordpress.local
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLHonorCipherOrder on
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SHA1:!RC4 
SSLProxyCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SHA1:!RC4
#证书存放的路径要和实际相同
SSLCertificateFile /etc/pki/tls/certs/wordpress.local.crt
SSLCertificateKeyFile /etc/pki/tls/private/wordpress.local.key
<FilesMatch ".(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
</VirtualHost>


#修改HTTPD配置文件，内容默认配置基本一致
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
    Require all denied
</Directory>
#修改网站目录
DocumentRoot "/var/www/html/wordpress"
<Directory "/var/www/html/wordpress">
    Options Indexes FollowSymLinks
    #开始WordPress固定链接需要设置为All，否则为None
    AllowOverride All
    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
    LogFormat "%h %l %u %t "%r" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf

在WordPress程序中继续初始化安装

在本地主机上配置hosts文件，增加www.wordpress.local的域名解析
配置文件为 C:\Windows\System32\drivers\etc\hosts
10.10.10.102 www.wordpress.local

使用浏览器访问：www.wordpress.local，继续安装。