====== CentOS8 安裝 WordPress 5 程序 ======
* centOS 8.2.2004 (Core)
* Nginx
* MariaDB 10
* PHP 8
===== 安裝 Nginx / MariaDB 10 / PHP 7.4 =====
* EPEL
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
* REMI 啟用 PHP 7.4
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf module list php
dnf module enable php:remi-7.4
* Nginx
vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/8/$basearch/
gpgcheck=0
enabled=1
dnf install nginx
* php-fpm
dnf install php php-fpm
* mariadb-server
dnf install mariadb-server
===== 設定與驗證 nginx+php-fpm / mariadb =====
* Firewall 開啟 http / https
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
* 設定 nginx 開機啟動
systemctl restart nginx
systemctl enable nginx
* 產生自簽 SSL 測試憑證
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
* 設定主網站頁目錄
* /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
# 將 HTTP 資源永久導向至 HTTPS
return 301 https://$server_name$request_uri;
}
server {
# 使用 https 和 http/2 協定
listen 443 ssl http2;
# 上述的 IPv6 方式
listen [::]:443 ssl http2;
gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# text/html is always compressed by gzip module
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
expires 7d;
}
charset utf-8;
access_log /var/log/nginx/access.log main;
index index.php;
# 調用 PHP FastCGI 設定檔 (NGINX 預設提供)
include /etc/nginx/default.d/php.conf;
# 調用共用設定檔 - 限制檔案
include /etc/nginx/global/restrictions.conf;
# 調用共用設定檔 - 不快取條件
include /etc/nginx/global/no-cache.conf;
#
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
#
# SSL 憑證證書路徑
ssl_certificate /etc/nginx/ssl/nginx.crt;
# 私鑰路徑
ssl_certificate_key /etc/nginx/ssl/nginx.key;
# 調用共用設定檔 - TLS/SSL 憑證
include /etc/nginx/global/ssl.conf;
}
* /etc/nginx/global/restrictions.conf
mkdir /etc/nginx/global
vi /etc/nginx/global/restrictions.conf
# Global restrictions configuration file.
# Designed to be included in any server {} block.
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
* /etc/nginx/global/ssl.conf
vi /etc/nginx/global/ssl.conf
# 快取有效期
ssl_session_timeout 1d;
# 快取憑證類型和大小
ssl_session_cache shared:SSL:50m;
#
# intermediate configuration. tweak to your needs.
#
# 使用的加密協定
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# 加密演算法,越前面的優先級越高
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
# 交握過程使用 Server 的首選加演算法,這裡使用 Client 為首選
ssl_prefer_server_ciphers on;
#
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
# 增加 http header
add_header Strict-Transport-Security max-age=15768000;
* /etc/nginx/global/no-cache.conf
vi /etc/nginx/global/no-cache.conf
# 啟用 FastCGI Cache 快取
set $no_cache 0;
# POST 請求和帶有查詢字串的網址不快取
if ($request_method = POST) {
set $no_cache 1;
}
if ($query_string != "") {
set $no_cache 1;
}
# 以下 URI 不快取
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $no_cache 1;
}
# 登入用戶或最近留言者不快取
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $no_cache 1;
}
# 加入快取資訊表頭 (除錯用)
add_header X-Cache $upstream_cache_status;
* 修改 php 設定
vi /etc/php.ini
:
;cgi.fix_pathinfo=1
cgi.fix_pathinfo=0
:
[Date]
:
date.timezone = Asia/Taipei
:
* 修改 php-fpm 設定
vi /etc/php-fpm.d/www.conf
:
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = nobody
listen.group = nobody
;listen.mode = 0660
:
systemctl restart php-fpm
systemctl enable php-fpm
* 啟動 MariaDB 與驗證新密碼
systemctl restart mariadb
systemctl enable mariadb
mysql_secure_installation
設定 root 密碼, 與移除預設的用戶與資料庫..完成後可以使用
mysql -u root -p
來進行驗證使用新密碼登入
* 安裝其他 php 套件
dnf install php-mysqlnd php-mbstring php-xmlrpc php-soap php-gd php-xml php-intl php-zip php-curl php-cli
systemctl restart php-fpm
systemctl restart nginx
===== 下載最新版 Wordpress ======
* 下載網址 : http://wordpress.org/download/
dnf install wget unzip
cd /usr/share/nginx/html
wget http://wordpress.org/latest.zip
unzip latest.zip
chown -R apache:apache wordpress
===== 開始基本設定 =====
* 建立 wordpress db
mysql -u root -p
create database `wordpress`;
create user 'wpadmin'@'localhost' identified by '**Password**';
grant all on wordpress.* to 'wpadmin'@'localhost';
flush privileges;
quit
* 透過網頁安裝設定 wordpress : http://xxx.xxx.xxx/wordpress ←- 依據只是經過三個步驟就可以安裝完成
* 使用 admin 與預設密碼(0adf3e 這樣的密碼) 登入, 先將預設密碼改成你要的密碼
====== 參考網址 =====
* https://www.tecmint.com/install-php-on-centos-8/
* https://blog.gtwang.org/linux/nginx-create-and-install-ssl-certificate-on-ubuntu-linux/
* https://www.footmark.info/web-design/wordpress/nginx-php-fpm-wordpress-centos8/
{{tag>centos8 wordpress}}