迁移博客 👏

前不久免费领了一台阿里云的服务器. 配置也还行,内存有4G,带宽是1M的,那个疫情在家学习搞活动领的,领了6个月,到期前一个月通过阶段性测试可以免费续,除了带宽小了点,感觉还行。最近越来忙了,没时间开发博客了,然后自己平时还是有做笔记📒的习惯,所以安装了WordPress,之前博客里面的文章都是以markdown源码保存了,全部迁移过来,也不是什么难题。

安装LAMP

wordpress对php的版本要求是7.4以上,对于CentOS而言,源里面的版本较低,需要卸载完再安装, mariadb也比较旧:

sudo yum remove php* # 卸载所有php相关软件
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
yum install yum-utils -y
yum-config-manager --enable remi-php74
echo "# MariaDB 10.5 [Stable] CentOS repository list - created 2020-08-20 08:53 UTC
# https://mariadb.org/download-test/
[mariadb]
name = MariaDB
baseurl = https://mariadb.nethub.com.hk/yum/10.5/centos7-amd64
gpgkey=https://mariadb.nethub.com.hk/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1" > /etc/yum.repos.d/MariaDB.repo
yum update

参考自微软SQL Server部分文档

sudo yum update -y # 更新软件
ssh-keygen -t rsa -C kiss@ourfor.top # 生成ssh秘钥对
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
echo "$本机公钥" >> ~/.ssh/authorized_keys
sudo yum install httpd -y # 安装apache httpd
sudo yum install MariaDB-server MariaDB-client -y # 安装 mariadb数据库
sudo yum install php php-fpm php-mysqlnd php-mbstring php-imagick php-zip php-pdo php-xml php-pear php-devel gcc-c++ gcc make -y # 安装php
sudo systemctl enable mariadb # 设置数据库开机启动
sudo systemctl start mariadb # 启动数据库
mysql_secure_installation # 设置密码
sudo systemctl enable php-fpm # 设置php-fpm开机启动
sudo systemctl start php-fpm # 启动php-fpm
sudo mkdir /var/www/blog # 创建名为blog的文件夹
curl -L https://wordpress.org/latest.tar.gz --output ~/wordpress.tar.gz # 下载wordpress
tar -xvf ~/wordpress.tar.gz -C /var/www/ #解压到目录/var/www
mv /var/www/wordpress /var/www/blog # 重命名为blog
sudo chown -R apache:apache /var/www/blog # 修改文件所有者
sudo systemctl enable httpd # 设置httpd开机启动

配置Apache Httpd

wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/00-gzip.conf
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/00-http.conf 
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/00-https.conf
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/blog.conf
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/blog-ssl.conf
wget -P /etc/httpd/conf.d http://drive.ourfor.top/backup/20200815/pagespeed.conf
wget -P /etc/ssl/certs http://drive.ourfor.top/backup/20200815/options-ssl.conf
wget -P /etc/ssl/certs/blog.ourfor.top http://drive.ourfor.top/backup/20200815/blog.ourfor.top/chain.crt
wget -P /etc/ssl/certs/blog.ourfor.top http://drive.ourfor.top/backup/20200815/blog.ourfor.top/public.crt
wget -P /etc/ssl/certs/blog.ourfor.top http://drive.ourfor.top/backup/20200815/blog.ourfor.top/one.key

安装Google的Pagespeed httpd拓展模块

sudo yum install https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm # 下载最新
# (20200820更新 )备用链接: sudo yum install http://drive.ourfor.top/backup/20200815/mod-pagespeed-stable_current_x86_64.rpm

常见问题

[root@romance conf.d]# httpd -t
AH00526: Syntax error on line 1 of /etc/httpd/conf.d/00-http.conf:
Invalid command '<Macro', perhaps misspelled or defined by a module not included in the server configuration

安装mod_macro模块(RHEl、CentOS启用即可),echo LoadModule macro_module modules/mod_macro.so >> /etc/httpd/conf.modules.d/00-base.conf

启动Apache httpd

sudo systemctl start httpd # 启动httpd

同时需要修改防火墙设置

sudo systemctl enable firewalld # 防火墙开机启动
sudo systemctl start firewalld # 启动防火墙
firewall-cmd --set-default-zone=public # 设置默认规则
firewall-cmd --permanent --add-service=http # 放行80
firewall-cmd --permanent --add-service=https # 放行443
firewall-cmd --permanent --add-service=mysql # 放行3306
firewall-cmd --reload # 重载规则

值得注意的是,云服务厂商本身也有防火墙设定,需要自行在控制台配置。

接下来修改域名blog.ourfor.top的DNS解析,指向服务器即可。

配置数据库

打开数据库命令: mysql -u root -p

CREATE DATABASE blog;
CREATE USER `admin`@`localhost` IDENTIFIED BY 'adminpass';
GRANT ALL ON blog.* TO `admin`@`localhost`;
FLUSH PRIVILEGES;

键入exit退出即可

WordPress推荐模块

官网文档

安装

sudo yum install ImageMagick ImageMagick-devel ImageMagick-perl -y # imagemagick 图像处理相关
pecl install memcache # 安装memcache模块
echo "extension=memcache.so" > /etc/php.d/20-memcache.ini # 启用memcache模块

WordPress推荐启用的模块

一般情况下,在CentOS通过包管理工具安装好php后,wordpress基本就可以运行了,就连apache也都是免配置php,但是通过站点仪表盘->工具->健康,可以看到有两个模块imagickzip没有启用,应为默认没有安装。通过下面的命令安装:

dnf install php-imagick php-zip -y # 安装模块
php -m | egrep '(zip|imagick)' # 检查是否识别

添加SSL支持

sudo dnf install mod_ssl openssl -y

阿里云提供的证书服务

一般来说我会把证书放在/etc/ssl/certs这个目录下面

.
├── ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
├── ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
├── localhost.crt
└── vlog.ourfor.top
    ├── vlog.ourfor.top_chain.crt
    ├── vlog.ourfor.top.key
    └── vlog.ourfor.top_public.crt

然后在``

证书模板

下面这个是阿里云提供的ssl配置模板

<VirtualHost *:443>
    ServerName  example.com #修改为申请证书时绑定的域名www.YourDomainName1.com
    DocumentRoot  /data/www/hbappserver/public
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3 # 添加SSL协议支持协议,去掉不安全的协议。
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM   # 修改加密套件。
    SSLHonorCipherOrder on
    SSLCertificateFile cert/domain name1_public.crt   # 将domain name1_public.crt替换成您证书文件名。
    SSLCertificateKeyFile cert/domain name1.key   # 将domain name1.key替换成您证书的密钥文件名。
    SSLCertificateChainFile cert/domain name1_chain.crt  # 将domain name1_chain.crt替换成您证书的密钥文件名;证书链开头如果有#字符,请删除。
</VirtualHost>

我觉得可以优化下,😜
优化配置模板, 文件名00-http.conf, 以00命名可以保证在其它文件加载前先加载

<Macro VHostHttp $host $port $dir>
<VirtualHost *:$port>
    DocumentRoot  $dir
    ServerName  $host
    DirectoryIndex index.html index.php
    <Directory "/">
        Options Indexes FollowSymLinks
        AllowOverride   None
        Order   allow,deny
        Require all granted
        Allow from all
    </Directory>
    ErrorLog "/var/log/httpd/$host-error_log"
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =$host
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</Macro>

00-https.conf

<Macro VHost $host $port $dir>
    <IfModule mod_ssl.c>
    <VirtualHost *:$port>
        DocumentRoot $dir
        ServerName  $host
        <Directory "/">
            Options -Indexes +FollowSymLinks
            AllowOverride   None
            Order   allow,deny
            Require all granted
            Allow from all
        </Directory>
        ErrorLog /var/log/httpd/$host_error_log

        SSLCertificateFile /etc/ssl/certs/$host/public.crt
        SSLCertificateKeyFile /etc/ssl/certs/$host/one.key
        SSLCertificateChainFile /etc/ssl/certs/$host/chain.crt
        Include /etc/ssl/certs/options-ssl.conf
    </VirtualHost>
    </IfModule>
</Macro>

使用blog-ssl.conf

Use VHost vlog.ourfor.top 443 /var/www/blog

options-ssl.conf内容:

SSLEngine on   
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on

最后检查下语法

httpd -t

重新加载配置文件apachectl graceful

通过Certbot申请免费证书

安装Certbot

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

执行sudo /usr/local/bin/certbot-auto --apache申请证书的时候, 遇到了错误❌

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:\nSSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty\n",)

意思是找不到ssl.conf里面引用的文件,需要通过下面的命令生成这些文件:

/usr/libexec/httpd-ssl-gencerts

最后会生成apache配置文件

<IfModule mod_ssl.c>
<VirtualHost *:443>
    DocumentRoot    /var/www/blog
    ServerName  vlog.ourfor.top
    <Directory "/">
        Options Indexes FollowSymLinks
        AllowOverride   None
        Order   allow,deny
        Require all granted
        Allow from all
    </Directory>
    ErrorLog "/var/log/httpd/blog.ourfor.com-error_log"

SSLCertificateFile /etc/letsencrypt/live/vlog.ourfor.top/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vlog.ourfor.top/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

还是WordPress

一个成熟流行的CMS需要做哪些设计,该怎么权衡功能和体验

WordPress 相关问题

提示429请求次数过多

这个是由于国内的网络请求达到了限制,比较好的解决办法是通过插件Kill 429来科学上网

插件更新和安装提示文件拷贝失败

需要将网站根目录以及下面的所有文件的所有者修改为web服务器的用户
比如我使用的是Apache的httpd服务器程序,并且我在httpd里面看到用户名为apache,组名为apache,
那么我需要修改我的网站根目录/var/www/blog的用户和组

chown -R apache:apache /var/www/blog

安装Certbot

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

执行sudo /usr/local/bin/certbot-auto --apache申请证书的时候, 遇到了错误❌

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.

AH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apachectl configtest.\n\nAH00526: Syntax error on line 85 of /etc/httpd/conf.d/ssl.conf:\nSSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty\n",)

意思是找不到ssl.conf里面引用的文件,需要通过下面的命令生成这些文件:

/usr/libexec/httpd-ssl-gencerts

安装数据库和php拓展模块

sudo dnf install php-mysqlnd php-fpm php-json

配置数据库

安装MariaDB数据库

sudo dnf install mariadb-server

设置root用户密码

mysql_secure_installation

添加用户admin, 用来连接blog这个数据库

CREATE DATABASE blog;
CREATE USER `admin`@`localhost` IDENTIFIED BY 'adminpass';
GRANT ALL ON blog.* TO `admin`@`localhost`;
FLUSH PRIVILEGES;

数据库备份与还原

使用命令行工具mysqldump备份, 来源WordPress官网

mysqldump --add-drop-table -h localhost -u root -p blog > blog.bak.sql

添加压缩

mysqldump --add-drop-table -h localhost -u root -p blog | bzip2 -c > blog.bak.sql.bz2 # localhost是数据库所在机器, root是数据库用户, blog是数据库名

还原

如果是以bzip2方式压缩,即后缀名为bz2, 先使用bzip2 -d blog.bak.sql.bz2解压,如果是带tar结尾,使用tar -zxvf blog.bak.sql.tar.gz解压。解压完成后得到.sql文件,使用下面的命令还原:

mysql -h localhost -u root -p blog < blog.bak.sql # blog是数据库的名称

👏 怎么样,给个评价呗?