差異處
這裏顯示兩個版本的差異處。
兩邊的前次修訂版 前次修改 | |||
tech:centos8_wordpress [2020/11/04 18:08] – [安裝 Nginx / MariaDB 10 / PHP 7.4] jonathan_tsai | tech:centos8_wordpress [2020/11/19 15:39] (目前版本) – jonathan_tsai | ||
---|---|---|---|
行 1: | 行 1: | ||
+ | ====== CentOS8 安裝 WordPress 5 程序 ====== | ||
+ | * centOS 8.2.2004 (Core) | ||
+ | * Nginx | ||
+ | * MariaDB 10 | ||
+ | * PHP 8 | ||
+ | ===== 安裝 Nginx / MariaDB 10 / PHP 7.4 ===== | ||
+ | * EPEL <code sh> | ||
+ | dnf install https:// | ||
+ | </ | ||
+ | * REMI 啟用 PHP 7.4 <code sh> | ||
+ | dnf install https:// | ||
+ | dnf module list php | ||
+ | dnf module enable php: | ||
+ | </ | ||
+ | * Nginx <code sh> | ||
+ | vi / | ||
+ | </ | ||
+ | [nginx] | ||
+ | name=nginx repo | ||
+ | baseurl=http:// | ||
+ | gpgcheck=0 | ||
+ | enabled=1 | ||
+ | </ | ||
+ | dnf install nginx | ||
+ | </ | ||
+ | * php-fpm <code sh> | ||
+ | dnf install php php-fpm | ||
+ | </ | ||
+ | * mariadb-server <code sh> | ||
+ | dnf install mariadb-server | ||
+ | </ | ||
+ | |||
+ | ===== 設定與驗證 nginx+php-fpm / mariadb ===== | ||
+ | * Firewall 開啟 http / https <code sh> | ||
+ | firewall-cmd --permanent --zone=public --add-service=http | ||
+ | firewall-cmd --permanent --zone=public --add-service=https | ||
+ | firewall-cmd --reload | ||
+ | </ | ||
+ | * 設定 nginx 開機啟動 <code sh> | ||
+ | systemctl restart nginx | ||
+ | systemctl enable nginx | ||
+ | </ | ||
+ | * 產生自簽 SSL 測試憑證< | ||
+ | openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout / | ||
+ | </ | ||
+ | * 設定主網站頁目錄 | ||
+ | * / | ||
+ | vi / | ||
+ | </ | ||
+ | server { | ||
+ | listen | ||
+ | server_name | ||
+ | |||
+ | # 將 HTTP 資源永久導向至 HTTPS | ||
+ | return 301 https:// | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | # 使用 https 和 http/2 協定 | ||
+ | listen 443 ssl http2; | ||
+ | # 上述的 IPv6 方式 | ||
+ | listen [::]:443 ssl http2; | ||
+ | |||
+ | gzip on; | ||
+ | gzip_comp_level | ||
+ | gzip_min_length | ||
+ | gzip_proxied | ||
+ | gzip_vary | ||
+ | |||
+ | gzip_types | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | application/ | ||
+ | font/ | ||
+ | image/bmp | ||
+ | image/ | ||
+ | image/ | ||
+ | text/ | ||
+ | text/css | ||
+ | text/plain | ||
+ | text/vcard | ||
+ | text/ | ||
+ | text/vtt | ||
+ | text/ | ||
+ | text/ | ||
+ | # text/html is always compressed by gzip module | ||
+ | |||
+ | location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf)$ { | ||
+ | expires 7d; | ||
+ | } | ||
+ | |||
+ | |||
+ | charset utf-8; | ||
+ | access_log | ||
+ | |||
+ | index index.php; | ||
+ | |||
+ | # 調用 PHP FastCGI 設定檔 (NGINX 預設提供) | ||
+ | include | ||
+ | # 調用共用設定檔 - 限制檔案 | ||
+ | include | ||
+ | # 調用共用設定檔 - 不快取條件 | ||
+ | include | ||
+ | |||
+ | # | ||
+ | # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate | ||
+ | # | ||
+ | |||
+ | # SSL 憑證證書路徑 | ||
+ | ssl_certificate | ||
+ | # 私鑰路徑 | ||
+ | ssl_certificate_key / | ||
+ | |||
+ | # 調用共用設定檔 - TLS/SSL 憑證 | ||
+ | include | ||
+ | |||
+ | } | ||
+ | </ | ||
+ | * / | ||
+ | mkdir / | ||
+ | vi / | ||
+ | </ | ||
+ | # Global restrictions configuration file. | ||
+ | # Designed to be included in any server {} block. | ||
+ | location = / | ||
+ | log_not_found off; | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | location = /robots.txt { | ||
+ | allow all; | ||
+ | log_not_found off; | ||
+ | access_log off; | ||
+ | } | ||
+ | |||
+ | # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). | ||
+ | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | ||
+ | location ~ /\. { | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | # Deny access to any files with a .php extension in the uploads directory | ||
+ | # Works in sub-directory installs and also in multisite network | ||
+ | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) | ||
+ | location ~* / | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | location / { | ||
+ | # This is cool because no php is touched for static content. | ||
+ | # include the "? | ||
+ | try_files $uri $uri/ / | ||
+ | } | ||
+ | |||
+ | location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { | ||
+ | expires max; | ||
+ | log_not_found off; | ||
+ | } | ||
+ | </ | ||
+ | * / | ||
+ | vi / | ||
+ | </ | ||
+ | # 快取有效期 | ||
+ | ssl_session_timeout 1d; | ||
+ | # 快取憑證類型和大小 | ||
+ | ssl_session_cache shared: | ||
+ | |||
+ | |||
+ | # | ||
+ | # intermediate configuration. tweak to your needs. | ||
+ | # | ||
+ | |||
+ | # 使用的加密協定 | ||
+ | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
+ | # 加密演算法,越前面的優先級越高 | ||
+ | ssl_ciphers ' | ||
+ | # 交握過程使用 Server 的首選加演算法,這裡使用 Client 為首選 | ||
+ | ssl_prefer_server_ciphers on; | ||
+ | |||
+ | |||
+ | # | ||
+ | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) | ||
+ | # | ||
+ | |||
+ | # 增加 http header | ||
+ | add_header Strict-Transport-Security max-age=15768000; | ||
+ | </ | ||
+ | * / | ||
+ | vi / | ||
+ | # 啟用 FastCGI Cache 快取 | ||
+ | set $no_cache 0; | ||
+ | |||
+ | # POST 請求和帶有查詢字串的網址不快取 | ||
+ | if ($request_method = POST) { | ||
+ | set $no_cache 1; | ||
+ | } | ||
+ | if ($query_string != "" | ||
+ | set $no_cache 1; | ||
+ | } | ||
+ | |||
+ | # 以下 URI 不快取 | ||
+ | if ($request_uri ~* " | ||
+ | set $no_cache 1; | ||
+ | } | ||
+ | |||
+ | # 登入用戶或最近留言者不快取 | ||
+ | if ($http_cookie ~* " | ||
+ | set $no_cache 1; | ||
+ | } | ||
+ | |||
+ | # 加入快取資訊表頭 (除錯用) | ||
+ | add_header X-Cache $upstream_cache_status; | ||
+ | </ | ||
+ | * 修改 php 設定 <code sh> | ||
+ | vi / | ||
+ | </ | ||
+ | : | ||
+ | ; | ||
+ | cgi.fix_pathinfo=0 | ||
+ | : | ||
+ | [Date] | ||
+ | : | ||
+ | date.timezone = Asia/Taipei | ||
+ | : | ||
+ | </ | ||
+ | * 修改 php-fpm 設定 <code sh> | ||
+ | vi / | ||
+ | </ | ||
+ | : | ||
+ | ; Default Values: user and group are set as the running user | ||
+ | ; mode is set to 0660 | ||
+ | listen.owner = nobody | ||
+ | listen.group = nobody | ||
+ | ; | ||
+ | : | ||
+ | </ | ||
+ | systemctl restart php-fpm | ||
+ | systemctl enable php-fpm | ||
+ | </ | ||
+ | * 啟動 MariaDB 與驗證新密碼 <code sh> | ||
+ | systemctl restart mariadb | ||
+ | systemctl enable mariadb | ||
+ | mysql_secure_installation | ||
+ | </ | ||
+ | mysql -u root -p | ||
+ | </ | ||
+ | * 安裝其他 php 套件 <code sh> | ||
+ | dnf install php-mysqlnd php-mbstring php-xmlrpc php-soap php-gd php-xml php-intl php-zip php-curl php-cli | ||
+ | systemctl restart php-fpm | ||
+ | systemctl restart nginx | ||
+ | </ | ||
+ | |||
+ | ===== 下載最新版 Wordpress ====== | ||
+ | * 下載網址 : http:// | ||
+ | dnf install wget unzip | ||
+ | cd / | ||
+ | wget http:// | ||
+ | unzip latest.zip | ||
+ | chown -R apache: | ||
+ | </ | ||
+ | |||
+ | ===== 開始基本設定 ===== | ||
+ | * 建立 wordpress db <code sh> | ||
+ | mysql -u root -p | ||
+ | </ | ||
+ | create database `wordpress`; | ||
+ | create user ' | ||
+ | grant all on wordpress.* to ' | ||
+ | flush privileges; | ||
+ | quit | ||
+ | </ | ||
+ | * 透過網頁安裝設定 wordpress : http:// | ||
+ | * 使用 admin 與預設密碼(0adf3e 這樣的密碼) 登入, 先將預設密碼改成你要的密碼 | ||
+ | |||
+ | ====== 參考網址 ===== | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ | {{tag> |