DNS——DNS解析LNMP并部署WordPress
本文详细记录了在CentOS 7环境下搭建DNS和LNMP服务器的完整过程。首先配置DNS服务器(192.168.2.20),安装bind软件并设置myweb.test域名解析。然后搭建LNMP服务器(192.168.2.25),安装Nginx、MariaDB和PHP7.4,配置PHP支持并测试环境。最后部署WordPress,包括创建数据库、配置Nginx虚拟主机和完成安装向导。整个过程涵盖了从
实验环境如下
角色和 IP 地址规划如下
DNS 服务器: 192.168.2.20
LNMP 服务器: 192.168.2.25
yum源
yum repolist已加载插件:fastestmirror, priorities
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
10072 packages excluded due to repository priority protections
源标识 源名称 状态
!base/7/x86_64 CentOS-7 - Base - mirrors.aliyun.com 10,072
!extras/7/x86_64 CentOS-7 - Extras - mirrors.aliyun.com 526
!updates/7/x86_64 CentOS-7 - Updates - mirrors.aliyun.com 6,169+4
repolist: 16,767关闭防火墙和SElinux
systemctl stop firewalld
systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)关闭SElinux
直接在/root目录输入以下命令
setenforce 0
在/etc/selinux/config中设置selinux为disabled
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled #改为disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
一、配置 DNS 服务器(192.168.2.20)
1.安装必要的软件包及依赖
yum -y install gcc gcc-c++ pcre-devel zlib-devel make autoconf bind bind-utils2.配置主配置文件
编辑 /etc/named.conf,确保配置允许外部查询并启用递归解析:
vim /etc/named.conf修改options中的配置:
听53端口设置为any,
设置allow-query为any
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
};
3.定义正向解析区域
在 /etc/named.conf 中添加域名 myweb.test 的解析声明:
zone "myweb.test" IN {
type master;
file "myweb.test.zone";
allow-update { none; };
allow-transfer { 192.168.2.25; };
};
/etc/named.conf整体配置如下:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "myweb.test" IN {
type master;
file "myweb.test.zone";
allow-update { none; };
allow-transfer { 192.168.2.25; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";4.创建区域数据文件
复制模板并编辑 /var/named/myweb.test.zone,配置域名解析记录:
$TTL 1D
@ IN SOA ns1.myweb.test. admin.myweb.test. (
2026050801 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS ns1.myweb.test.
@ IN A 192.168.2.25
ns1 IN A 192.168.2.20
www IN A 192.168.2.25
5.启动并设置开机自启
启动 DNS 服务并配置防火墙规则:
systemctl start named
systemctl enable named
systemctl stop firewalld
systemctl disable firewalld
二、配置 LNMP 服务器(192.168.2.25)
1.安装 EPEL 和 Remi 源
执行以下命令安装 EPEL 和 Remi 软件源,以获取更新版本的软件包:
yum install -y epel-release
yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
2.安装 Nginx、MariaDB 和 PHP
通过 yum 安装 Nginx、MariaDB 和 PHP(以 PHP 7.4 为例):
yum --enablerepo=remi,remi-php74 install -y nginx mariadb-server mariadb php-fpm php-mysql php-gd php-xml php-mbstring
3.启动服务并设置开机自启
启动 Nginx、MariaDB 和 PHP-FPM 服务,并配置开机自动启动:
systemctl start nginx mariadb php-fpm
systemctl enable nginx mariadb php-fpm
4.配置数据库安全
运行 mysql_secure_installation 脚本,设置数据库 root 密码并进行安全加固:
mysql_secure_installation
5.配置 Nginx 支持 PHP
编辑 Nginx 默认配置文件 /etc/nginx/conf.d/default.conf,添加 PHP 支持:
vim /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
重启 Nginx 使配置生效:
systemctl restart nginx
6.关闭防火墙(测试环境)
临时关闭防火墙并禁用开机启动(仅限测试环境):
systemctl stop firewalld
systemctl disable firewalld
7.创建 PHP 测试页面
生成 info.php 文件测试 PHP 是否正常运行:
echo "<?php phpinfo(); ?>" > /usr/share/nginx/html/info.php
三、验证配置
1.配置客户端 DNS
将客户端设备的 DNS 服务器地址手动设置为 192.168.2.20。具体操作路径因操作系统而异:
- Windows:网络设置 → 更改适配器选项 → 右键属性 → IPv4 → 手动输入 DNS 地址。
- macOS/Linux:通过系统设置或修改
/etc/resolv.conf文件指定 DNS。
测试 DNS 解析
在终端或命令提示符中执行以下命令验证域名解析:
dig www.myweb.test
# 或
nslookup www.myweb.test
预期输出应包含 192.168.2.20 返回的解析结果,无超时或错误。
2.测试 LNMP 环境
通过浏览器访问以下 URL 进行验证:
http://www.myweb.test/:显示 Nginx 默认欢迎页面表示服务正常运行。http://www.myweb.test/info.php:显示 PHP 配置信息页面表示 PHP 与 Nginx 集成成功。
若访问失败,检查以下项:
- 确保域名已正确解析到服务器 IP。
- 确认 Nginx 配置文件中包含
server_name www.myweb.test且未监听冲突端口。 - 验证 PHP-FPM 服务是否运行并与 Nginx 通信正常。
四、部署 WordPress 的步骤
1.下载并配置 WordPress
在 192.168.2.25 上执行以下操作:
(1)安装必要的 PHP 扩展
WordPress 需要特定的 PHP 扩展来处理图片、连接数据库等功能:
yum install php74-php-mysqlnd php74-php-gd php74-php-xml php74-php-mbstring -y
安装完成后重启 PHP-FPM 和 Nginx:
systemctl restart php-fpm
systemctl restart nginx
(2)下载并解压 WordPress
将 WordPress 部署到默认的网站根目录 /usr/share/nginx/html:
cd /usr/share/nginx/html
yum -y install wget # 下载最新版 WordPress
wget https://cn.wordpress.org/latest-zh_CN.tar.gz
tar -zxvf latest-zh_CN.tar.gz # 解压
chown -R nginx:nginx /usr/share/nginx/html/wordpress # 赋予权限(让 Web 服务器能读写文件)
2.配置 Nginx 虚拟主机
修改 Nginx 配置,使 myweb.test 指向 WordPress 目录并优化伪静态规则:
(1)编辑配置文件 /etc/nginx/conf.d/default.conf
之前的 default.conf,直接修改它:
vim /etc/nginx/conf.d/default.conf(2)修改内容(修改你的 server 块(注意看注释的变化))
server {
listen 80;
server_name myweb.test;
root /usr/share/nginx/html/wordpress;
index index.php index.html index.htm;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
(3)重启 Nginx:
nginx -t
systemctl restart nginx
准备数据库(MariaDB/MySQL)
确保已安装 MariaDB,若未安装则执行:
yum install mariadb-server mariadb -y
systemctl start mariadb
3.登录数据库并执行 SQL 命令
WordPress 需要数据库来存储文章和设置。假设你已经安装了 MariaDB(如果没有,请执行 yum install mariadb-server mariadb -y 并 systemctl start mariadb)。
mysql -u root -p在 MariaDB [(none)]> 提示符下,依次输入以下命令(注意分号):
-- 1. 创建一个数据库叫 wordpress
CREATE DATABASE wordpress;
-- 2. 创建一个用户叫 wpuser,密码设为 123456
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY '123456';
-- 3. 把数据库权限给这个用户
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';
-- 4. 刷新权限
FLUSH PRIVILEGES;
-- 5. 退出
EXIT;
4.开始安装
在 Windows 浏览器中访问 http://myweb.test,按照 WordPress 安装向导操作:
填写数据库信息:
- 数据库名:
wordpress - 用户名:
wpuser - 密码:
123456 - 数据库主机:
localhost - 表前缀:
wp_
完成安装后设置网站标题、管理员账号和密码。
注意事项
若安装过程中以下问题
则根据提示进入 /usr/share/nginx/html/wordpress 并复制wp-config.php的配置规则,编辑到你的LNMP服务器的 wp-config.php 文件中:
cd /usr/share/nginx/html/wordpress
vim wp-config.php
openEuler 是由开放原子开源基金会孵化的全场景开源操作系统项目,面向数字基础设施四大核心场景(服务器、云计算、边缘计算、嵌入式),全面支持 ARM、x86、RISC-V、loongArch、PowerPC、SW-64 等多样性计算架构
更多推荐
23
0- 0
已为社区贡献4条内容
所有评论(0)