前不久免费领了一台阿里云的服务器. 配置也还行,内存有4G,带宽是1M的,那个疫情在家学习搞活动领的,领了6个月,到期前一个月通过阶段性测试可以免费续,除了带宽小了点,感觉还行。最近越来忙了,没时间开发博客了,然后自己平时还是有做笔记📒的习惯,所以安装了WordPress,之前博客里面的文章都是以markdown源码保存了,全部迁移过来,也不是什么难题。
安装LAMP
wordpress对php的版本要求是7.4以上,对于CentOS而言,源里面的版本较低,需要卸载完再安装, mariadb也比较旧:
sudo yum remove php* # 卸载所有php相关软件
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
yum install yum-utils -y
yum-config-manager --enable remi-php74
echo "# MariaDB 10.5 [Stable] CentOS repository list - created 2020-08-20 08:53 UTC
# https://mariadb.org/download-test/
[mariadb]
name = MariaDB
baseurl = https://mariadb.nethub.com.hk/yum/10.5/centos7-amd64
gpgkey=https://mariadb.nethub.com.hk/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1" > /etc/yum.repos.d/MariaDB.repo
yum updatesudo yum update -y # 更新软件
ssh-keygen -t rsa -C kiss@ourfor.top # 生成ssh秘钥对
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
echo "$本机公钥" >> ~/.ssh/authorized_keys
sudo yum install httpd -y # 安装apache httpd
sudo yum install MariaDB-server MariaDB-client -y # 安装 mariadb数据库
sudo yum install php php-fpm php-mysqlnd php-mbstring php-imagick php-zip php-pdo php-xml php-pear php-devel gcc-c++ gcc make -y # 安装php
sudo systemctl enable mariadb # 设置数据库开机启动
sudo systemctl start mariadb # 启动数据库
mysql_secure_installation # 设置密码
sudo systemctl enable php-fpm # 设置php-fpm开机启动
sudo systemctl start php-fpm # 启动php-fpm
sudo mkdir /var/www/blog # 创建名为blog的文件夹
curl -L https://wordpress.org/latest.tar.gz --output ~/wordpress.tar.gz # 下载wordpress
tar -xvf ~/wordpress.tar.gz -C /var/www/ #解压到目录/var/www
mv /var/www/wordpress /var/www/blog # 重命名为blog
sudo chown -R apache:apache /var/www/blog # 修改文件所有者
sudo systemctl enable httpd # 设置httpd开机启动配置Apache Httpd
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/00-gzip.conf
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/00-http.conf
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/00-https.conf
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/blog.conf
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/blog-ssl.conf
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/pagespeed.conf
wget -P /etc/ssl/certs http://drive.ourfor.top/backup/20200815/options-ssl.conf
wget -P /etc/ssl/certs/blog.ourfor.top http://drive.ourfor.top/backup/20200815/blog.ourfor.top/chain.crt
wget -P /etc/ssl/certs/blog.ourfor.top http://drive.ourfor.top/backup/20200815/blog.ourfor.top/public.crt
wget -P /etc/ssl/certs/blog.ourfor.top http://drive.ourfor.top/backup/20200815/blog.ourfor.top/one.key安装Google的Pagespeed httpd拓展模块
sudo yum install https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm # 下载最新
# (20200820更新 )备用链接: sudo yum install http://drive.ourfor.top/backup/20200815/mod-pagespeed-stable_current_x86_64.rpm常见问题
[root@romance conf.d]# httpd -t
AH00526: Syntax error on line 1 of /etc/httpd/conf.d/00-http.conf:
Invalid command '<Macro', perhaps misspelled or defined by a module not included in the server configuration安装mod_macro模块(RHEl、CentOS启用即可),echo LoadModule macro_module modules/mod_macro.so >> /etc/httpd/conf.modules.d/00-base.conf
启动Apache httpd
sudo systemctl start httpd # 启动httpd同时需要修改防火墙设置
sudo systemctl enable firewalld # 防火墙开机启动
sudo systemctl start firewalld # 启动防火墙
firewall-cmd --set-default-zone=public # 设置默认规则
firewall-cmd --permanent --add-service=http # 放行80
firewall-cmd --permanent --add-service=https # 放行443
firewall-cmd --permanent --add-service=mysql # 放行3306
firewall-cmd --reload # 重载规则值得注意的是,云服务厂商本身也有防火墙设定,需要自行在控制台配置。
接下来修改域名blog.ourfor.top的DNS解析,指向服务器即可。
配置数据库
打开数据库命令: mysql -u root -p
CREATE DATABASE blog;
CREATE USER `admin`@`localhost` IDENTIFIED BY 'adminpass';
GRANT ALL ON blog.* TO `admin`@`localhost`;
FLUSH PRIVILEGES;键入exit退出即可
WordPress推荐模块
安装
sudo yum install ImageMagick ImageMagick-devel ImageMagick-perl -y # imagemagick 图像处理相关
pecl install memcache # 安装memcache模块
echo "extension=memcache.so" > /etc/php.d/20-memcache.ini # 启用memcache模块WordPress推荐启用的模块
一般情况下,在CentOS通过包管理工具安装好php后,wordpress基本就可以运行了,就连apache也都是免配置php,但是通过站点仪表盘->工具->健康,可以看到有两个模块imagick、zip没有启用,应为默认没有安装。通过下面的命令安装:
dnf install php-imagick php-zip -y # 安装模块
php -m | egrep '(zip|imagick)' # 检查是否识别添加SSL支持
sudo dnf install mod_ssl openssl -y阿里云提供的证书服务
一般来说我会把证书放在/etc/ssl/certs这个目录下面
.
├── ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
├── ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
├── localhost.crt
└── vlog.ourfor.top
├── vlog.ourfor.top_chain.crt
├── vlog.ourfor.top.key
└── vlog.ourfor.top_public.crt然后在``
证书模板
下面这个是阿里云提供的ssl配置模板
<VirtualHost *:443>
ServerName example.com #修改为申请证书时绑定的域名www.YourDomainName1.com
DocumentRoot /data/www/hbappserver/public
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 # 添加SSL协议支持协议,去掉不安全的协议。
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM # 修改加密套件。
SSLHonorCipherOrder on
SSLCertificateFile cert/domain name1_public.crt # 将domain name1_public.crt替换成您证书文件名。
SSLCertificateKeyFile cert/domain name1.key # 将domain name1.key替换成您证书的密钥文件名。
SSLCertificateChainFile cert/domain name1_chain.crt # 将domain name1_chain.crt替换成您证书的密钥文件名;证书链开头如果有#字符,请删除。
</VirtualHost>我觉得可以优化下,😜
优化配置模板, 文件名00-http.conf, 以00命名可以保证在其它文件加载前先加载
<Macro VHostHttp $host $port $dir>
<VirtualHost *:$port>
DocumentRoot $dir
ServerName $host
DirectoryIndex index.html index.php
<Directory "/">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Require all granted
Allow from all
</Directory>
ErrorLog "/var/log/httpd/$host-error_log"
RewriteEngine on
RewriteCond %{SERVER_NAME} =$host
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</Macro>00-https.conf
<Macro VHost $host $port $dir>
<IfModule mod_ssl.c>
<VirtualHost *:$port>
DocumentRoot $dir
ServerName $host
<Directory "/">
Options -Indexes +FollowSymLinks
AllowOverride None
Order allow,deny
Require all granted
Allow from all
</Directory>
ErrorLog /var/log/httpd/$host_error_log
SSLCertificateFile /etc/ssl/certs/$host/public.crt
SSLCertificateKeyFile /etc/ssl/certs/$host/one.key
SSLCertificateChainFile /etc/ssl/certs/$host/chain.crt
Include /etc/ssl/certs/options-ssl.conf
</VirtualHost>
</IfModule>
</Macro>使用blog-ssl.conf
Use VHost vlog.ourfor.top 443 /var/www/blogoptions-ssl.conf内容:
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on最后检查下语法
httpd -t重新加载配置文件apachectl graceful
通过Certbot申请免费证书
安装Certbot
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto执行sudo /usr/local/bin/certbot-auto --apache申请证书的时候, 遇到了错误❌
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.
AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:\nSSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty\n",)意思是找不到ssl.conf里面引用的文件,需要通过下面的命令生成这些文件:
/usr/libexec/httpd-ssl-gencerts最后会生成apache配置文件
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/blog
ServerName vlog.ourfor.top
<Directory "/">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Require all granted
Allow from all
</Directory>
ErrorLog "/var/log/httpd/blog.ourfor.com-error_log"
SSLCertificateFile /etc/letsencrypt/live/vlog.ourfor.top/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vlog.ourfor.top/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>还是WordPress
一个成熟流行的CMS需要做哪些设计,该怎么权衡功能和体验
WordPress 相关问题
提示429请求次数过多
这个是由于国内的网络请求达到了限制,比较好的解决办法是通过插件Kill 429来科学上网
插件更新和安装提示文件拷贝失败
需要将网站根目录以及下面的所有文件的所有者修改为web服务器的用户
比如我使用的是Apache的httpd服务器程序,并且我在httpd里面看到用户名为apache,组名为apache,
那么我需要修改我的网站根目录/var/www/blog的用户和组
chown -R apache:apache /var/www/blog安装Certbot
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto执行sudo /usr/local/bin/certbot-auto --apache申请证书的时候, 遇到了错误❌
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.
AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:\nSSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty\n",)意思是找不到ssl.conf里面引用的文件,需要通过下面的命令生成这些文件:
/usr/libexec/httpd-ssl-gencerts安装数据库和php拓展模块
sudo dnf install php-mysqlnd php-fpm php-json配置数据库
安装MariaDB数据库
sudo dnf install mariadb-server设置root用户密码
mysql_secure_installation添加用户admin, 用来连接blog这个数据库
CREATE DATABASE blog;
CREATE USER `admin`@`localhost` IDENTIFIED BY 'adminpass';
GRANT ALL ON blog.* TO `admin`@`localhost`;
FLUSH PRIVILEGES;数据库备份与还原
使用命令行工具mysqldump备份, 来源WordPress官网
mysqldump --add-drop-table -h localhost -u root -p blog > blog.bak.sql添加压缩
mysqldump --add-drop-table -h localhost -u root -p blog | bzip2 -c > blog.bak.sql.bz2 # localhost是数据库所在机器, root是数据库用户, blog是数据库名
还原
如果是以bzip2方式压缩,即后缀名为bz2, 先使用bzip2 -d blog.bak.sql.bz2解压,如果是带tar结尾,使用tar -zxvf blog.bak.sql.tar.gz解压。解压完成后得到.sql文件,使用下面的命令还原:
mysql -h localhost -u root -p blog < blog.bak.sql # blog是数据库的名称-
备份数据库kong
pg_dump -h 127.0.0.1 -p 5432 -U username -c -f db_kong.sql kong -
还原数据到kong数据库
psql -U postgres -f /db_kong.sql kong