CentOS8 安裝 WordPress 5 程序
- centOS 8.2.2004 (Core)
- Nginx
- MariaDB 10
- PHP 8
安裝 Nginx / MariaDB 10 / PHP 7.4
- EPEL
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
- REMI 啟用 PHP 7.4
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm dnf module list php dnf module enable php:remi-7.4
- Nginx
vi /etc/yum.repos.d/nginx.repo
[nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/8/$basearch/ gpgcheck=0 enabled=1
dnf install nginx
- php-fpm
dnf install php php-fpm
- mariadb-server
dnf install mariadb-server
設定與驗證 nginx+php-fpm / mariadb
- Firewall 開啟 http / https
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload
- 設定 nginx 開機啟動
systemctl restart nginx systemctl enable nginx
- 產生自簽 SSL 測試憑證
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
- 設定主網站頁目錄
- /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/default.conf
server { listen 80; server_name localhost; # 將 HTTP 資源永久導向至 HTTPS return 301 https://$server_name$request_uri; } server { # 使用 https 和 http/2 協定 listen 443 ssl http2; # 上述的 IPv6 方式 listen [::]:443 ssl http2; gzip on; gzip_comp_level 5; gzip_min_length 256; gzip_proxied any; gzip_vary on; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # text/html is always compressed by gzip module location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ { expires 7d; } charset utf-8; access_log /var/log/nginx/access.log main; index index.php; # 調用 PHP FastCGI 設定檔 (NGINX 預設提供) include /etc/nginx/default.d/php.conf; # 調用共用設定檔 - 限制檔案 include /etc/nginx/global/restrictions.conf; # 調用共用設定檔 - 不快取條件 include /etc/nginx/global/no-cache.conf; # # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate # # SSL 憑證證書路徑 ssl_certificate /etc/nginx/ssl/nginx.crt; # 私鑰路徑 ssl_certificate_key /etc/nginx/ssl/nginx.key; # 調用共用設定檔 - TLS/SSL 憑證 include /etc/nginx/global/ssl.conf; }
- /etc/nginx/global/restrictions.conf
mkdir /etc/nginx/global vi /etc/nginx/global/restrictions.conf
# Global restrictions configuration file. # Designed to be included in any server {} block. location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~ /\. { deny all; } # Deny access to any files with a .php extension in the uploads directory # Works in sub-directory installs and also in multisite network # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~* /(?:uploads|files)/.*\.php$ { deny all; } location / { # This is cool because no php is touched for static content. # include the "?$args" part so non-default permalinks doesn't break when using query string try_files $uri $uri/ /index.php?$args; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; }
- /etc/nginx/global/ssl.conf
vi /etc/nginx/global/ssl.conf
# 快取有效期 ssl_session_timeout 1d; # 快取憑證類型和大小 ssl_session_cache shared:SSL:50m; # # intermediate configuration. tweak to your needs. # # 使用的加密協定 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # 加密演算法,越前面的優先級越高 ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; # 交握過程使用 Server 的首選加演算法,這裡使用 Client 為首選 ssl_prefer_server_ciphers on; # # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) # # 增加 http header add_header Strict-Transport-Security max-age=15768000;
- /etc/nginx/global/no-cache.conf
vi /etc/nginx/global/no-cache.conf
# 啟用 FastCGI Cache 快取 set $no_cache 0; # POST 請求和帶有查詢字串的網址不快取 if ($request_method = POST) { set $no_cache 1; } if ($query_string != "") { set $no_cache 1; } # 以下 URI 不快取 if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { set $no_cache 1; } # 登入用戶或最近留言者不快取 if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $no_cache 1; } # 加入快取資訊表頭 (除錯用) add_header X-Cache $upstream_cache_status;
- 修改 php 設定
vi /etc/php.ini
: ;cgi.fix_pathinfo=1 cgi.fix_pathinfo=0 : [Date] : date.timezone = Asia/Taipei :
- 修改 php-fpm 設定
vi /etc/php-fpm.d/www.conf
: ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = nobody listen.group = nobody ;listen.mode = 0660 :
systemctl restart php-fpm systemctl enable php-fpm
- 啟動 MariaDB 與驗證新密碼
systemctl restart mariadb systemctl enable mariadb mysql_secure_installation
設定 root 密碼, 與移除預設的用戶與資料庫..完成後可以使用
mysql -u root -p
來進行驗證使用新密碼登入
- 安裝其他 php 套件
dnf install php-mysqlnd php-mbstring php-xmlrpc php-soap php-gd php-xml php-intl php-zip php-curl php-cli systemctl restart php-fpm systemctl restart nginx
下載最新版 Wordpress
- 下載網址 : http://wordpress.org/download/
dnf install wget unzip cd /usr/share/nginx/html wget http://wordpress.org/latest.zip unzip latest.zip chown -R apache:apache wordpress
開始基本設定
- 建立 wordpress db
mysql -u root -p
CREATE DATABASE `wordpress`; CREATE USER 'wpadmin'@'localhost' IDENTIFIED BY '**Password**'; GRANT ALL ON wordpress.* TO 'wpadmin'@'localhost'; FLUSH privileges; quit
- 透過網頁安裝設定 wordpress : http://xxx.xxx.xxx/wordpress ←- 依據只是經過三個步驟就可以安裝完成
- 使用 admin 與預設密碼(0adf3e 這樣的密碼) 登入, 先將預設密碼改成你要的密碼