差異處

這裏顯示兩個版本的差異處。

連向這個比對檢視

兩邊的前次修訂版 前次修改
下次修改		 前次修改
tech:centos8_wordpress [2020/10/16 14:54] – [安裝 Nginx / MariaDB 10 / PHP 7.4] jonathan_tsaitech:centos8_wordpress [2020/11/19 15:39] (目前版本) jonathan_tsai
行 1: 行 1:
 +====== CentOS8 安裝 WordPress 5 程序 ======
 +  * centOS 8.2.2004 (Core)
 +  * Nginx 
 +  * MariaDB 10
 +  * PHP 8
  
 +===== 安裝 Nginx / MariaDB 10 / PHP 7.4 =====
 +  * EPEL <code sh>
 +dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
 +</code>
 +  * REMI 啟用 PHP 7.4 <code sh>
 +dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
 +dnf module list php
 +dnf module enable php:remi-7.4
 +</code>
 +  * Nginx <code sh>
 +vi /etc/yum.repos.d/nginx.repo
 +</code><file>
 +[nginx]
 +name=nginx repo
 +baseurl=http://nginx.org/packages/centos/8/$basearch/
 +gpgcheck=0
 +enabled=1
 +</file><code sh>
 +dnf install nginx
 +</code>
 +  * php-fpm <code sh>
 +dnf install php php-fpm
 +</code>
 +  * mariadb-server <code sh>
 +dnf install mariadb-server
 +</code>
 +
 +===== 設定與驗證 nginx+php-fpm / mariadb =====
 +  * Firewall 開啟 http / https <code sh>
 +firewall-cmd --permanent --zone=public --add-service=http
 +firewall-cmd --permanent --zone=public --add-service=https
 +firewall-cmd --reload
 +</code>
 +  * 設定 nginx 開機啟動 <code sh>
 +systemctl restart nginx
 +systemctl enable nginx 
 +</code>
 +  * 產生自簽 SSL 測試憑證<code sh>
 +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
 +</code>
 +  * 設定主網站頁目錄 
 +    * /etc/nginx/conf.d/default.conf<code sh>
 +vi /etc/nginx/conf.d/default.conf
 +</code><file>
 +server {
 +    listen       80;
 +    server_name  localhost;
 +
 +    # 將 HTTP 資源永久導向至 HTTPS
 +    return 301 https://$server_name$request_uri;
 +}
 +
 +server {
 +    # 使用 https 和 http/2 協定
 +    listen 443 ssl http2;
 +    # 上述的 IPv6 方式
 +    listen [::]:443 ssl http2;
 +
 +    gzip on;
 +    gzip_comp_level    5;
 +    gzip_min_length    256;
 +    gzip_proxied       any;
 +    gzip_vary          on;
 +
 +    gzip_types
 +    application/atom+xml
 +    application/javascript
 +    application/json
 +    application/ld+json
 +    application/manifest+json
 +    application/rss+xml
 +    application/vnd.geo+json
 +    application/vnd.ms-fontobject
 +    application/x-font-ttf
 +    application/x-web-app-manifest+json
 +    application/xhtml+xml
 +    application/xml
 +    font/opentype
 +    image/bmp
 +    image/svg+xml
 +    image/x-icon
 +    text/cache-manifest
 +    text/css
 +    text/plain
 +    text/vcard
 +    text/vnd.rim.location.xloc
 +    text/vtt
 +    text/x-component
 +    text/x-cross-domain-policy;
 +    # text/html is always compressed by gzip module
 +
 +    location ~*  \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ {
 +        expires 7d;
 +    }
 +
 +
 +    charset utf-8;
 +    access_log  /var/log/nginx/access.log  main;
 +
 +    index  index.php; 
 +
 +    # 調用 PHP FastCGI 設定檔 (NGINX 預設提供)
 +    include             /etc/nginx/default.d/php.conf;
 +    # 調用共用設定檔 - 限制檔案
 +    include             /etc/nginx/global/restrictions.conf;
 +    # 調用共用設定檔 - 不快取條件
 +    include             /etc/nginx/global/no-cache.conf;
 +
 +    #
 +    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
 +    #
 +
 +    # SSL 憑證證書路徑
 +    ssl_certificate     /etc/nginx/ssl/nginx.crt;
 +    # 私鑰路徑
 +    ssl_certificate_key /etc/nginx/ssl/nginx.key;
 +
 +    # 調用共用設定檔 - TLS/SSL 憑證
 +    include             /etc/nginx/global/ssl.conf;
 +
 +}
 +</file>
 +    * /etc/nginx/global/restrictions.conf<code sh>
 +mkdir /etc/nginx/global
 +vi /etc/nginx/global/restrictions.conf
 +</code><file>
 +# Global restrictions configuration file.
 +# Designed to be included in any server {} block.
 +location = /favicon.ico {
 +    log_not_found off;
 +    access_log off;
 +}
 + 
 +location = /robots.txt {
 +    allow all;
 +    log_not_found off;
 +    access_log off;
 +}
 + 
 +# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
 +# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 +location ~ /\. {
 +    deny all;
 +}
 + 
 +# Deny access to any files with a .php extension in the uploads directory
 +# Works in sub-directory installs and also in multisite network
 +# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
 +location ~* /(?:uploads|files)/.*\.php$ {
 +    deny all;
 +}
 +
 +location / {
 +    # This is cool because no php is touched for static content.
 +    # include the "?$args" part so non-default permalinks doesn't break when using query string
 +    try_files $uri $uri/ /index.php?$args;
 +}
 +
 +location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
 +        expires max;
 +        log_not_found off;
 +}
 +</file>
 +    * /etc/nginx/global/ssl.conf <code sh>
 +vi /etc/nginx/global/ssl.conf
 +</code><file>
 +# 快取有效期
 +ssl_session_timeout 1d;
 +# 快取憑證類型和大小
 +ssl_session_cache shared:SSL:50m;
 +
 +
 +#
 +# intermediate configuration. tweak to your needs.
 +#
 +
 +# 使用的加密協定
 +ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 +# 加密演算法,越前面的優先級越高
 +ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
 +# 交握過程使用 Server 的首選加演算法,這裡使用 Client 為首選
 +ssl_prefer_server_ciphers on;
 +
 +
 +#
 +# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
 +#
 +
 +# 增加 http header
 +add_header Strict-Transport-Security max-age=15768000;
 +</file>
 +    * /etc/nginx/global/no-cache.conf <code sh>
 +vi /etc/nginx/global/no-cache.conf</code><file>
 +# 啟用 FastCGI Cache 快取
 +set $no_cache 0;
 + 
 +# POST 請求和帶有查詢字串的網址不快取
 +if ($request_method = POST) {
 +    set $no_cache 1;
 +}
 +if ($query_string != "") {
 +    set $no_cache 1;
 +}   
 + 
 +# 以下 URI 不快取
 +if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
 +    set $no_cache 1;
 +}   
 + 
 +# 登入用戶或最近留言者不快取
 +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
 +    set $no_cache 1;
 +}
 +
 +# 加入快取資訊表頭 (除錯用)
 +add_header X-Cache $upstream_cache_status;
 +</file>
 +  * 修改 php 設定 <code sh>
 +vi /etc/php.ini
 +</code><file>
 +:
 +;cgi.fix_pathinfo=1
 +cgi.fix_pathinfo=0
 +:
 +[Date]
 +:
 +date.timezone = Asia/Taipei
 +:
 +</file>
 +  * 修改 php-fpm 設定 <code sh>
 +vi /etc/php-fpm.d/www.conf
 +</code><file>
 +:
 +; Default Values: user and group are set as the running user
 +;                 mode is set to 0660
 +listen.owner = nobody
 +listen.group = nobody
 +;listen.mode = 0660
 +:
 +</file><code sh>
 +systemctl restart php-fpm
 +systemctl enable php-fpm 
 +</code>
 +  * 啟動 MariaDB 與驗證新密碼 <code sh>
 +systemctl restart mariadb
 +systemctl enable mariadb 
 +mysql_secure_installation
 +</code>設定 root 密碼, 與移除預設的用戶與資料庫..完成後可以使用 <code sh>
 +mysql -u root -p
 +</code> 來進行驗證使用新密碼登入
 +  * 安裝其他 php 套件 <code sh>
 +dnf install php-mysqlnd php-mbstring php-xmlrpc php-soap php-gd php-xml php-intl php-zip php-curl php-cli
 +systemctl restart php-fpm
 +systemctl restart nginx
 +</code>
 +
 +===== 下載最新版 Wordpress ======
 +  * 下載網址 : http://wordpress.org/download/ <code sh>
 +dnf install wget unzip
 +cd /usr/share/nginx/html
 +wget http://wordpress.org/latest.zip
 +unzip latest.zip
 +chown -R apache:apache wordpress
 +</code>
 +
 +===== 開始基本設定 =====
 +  * 建立 wordpress db <code sh>
 +mysql -u root -p
 +</code><code sql>
 +create database `wordpress`;
 +create user 'wpadmin'@'localhost' identified by '**Password**';
 +grant all on wordpress.* to 'wpadmin'@'localhost';
 +flush privileges;
 +quit
 +</code>
 +  * 透過網頁安裝設定 wordpress : http://xxx.xxx.xxx/wordpress ←- 依據只是經過三個步驟就可以安裝完成
 +  * 使用 admin 與預設密碼(0adf3e 這樣的密碼) 登入, 先將預設密碼改成你要的密碼
 +
 +====== 參考網址 =====
 +  * https://www.tecmint.com/install-php-on-centos-8/
 +  * https://blog.gtwang.org/linux/nginx-create-and-install-ssl-certificate-on-ubuntu-linux/
 +  * https://www.footmark.info/web-design/wordpress/nginx-php-fpm-wordpress-centos8/
 +
 +{{tag>centos8 wordpress}}