在 CentOS 7 上安装 wordpress

内容目录

CentOS 7 安装 wordpress

软件版本:

  • 操纵系统: CentOS 7
  • PHP: 7.4
  • MySQL: 8.0
  • WordPress: 5.6

配置CentOS和epel源(可选):

sed -i 's#https\?://[^/]*/\(centos\|\$contentdir\)/#http://mirrors.aliyun.com/centos/#g; s/^#baseurl/baseurl/; s/^metalink=/#metalink=/; s/^mirrorlist=/#mirrorlist=/' /etc/yum.repos.d/CentOS-Base.repo
sed -i 's#https\?://[^/]*/\(pub/\)\?epel#http://mirrors.aliyun.com/epel#g; s/^#baseurl/baseurl/; s/^metalink=/#metalink=/; s/^mirrorlist=/#mirrorlist=/' /etc/yum.repos.d/epel*.repo
yum install -y epel-release
sed -i 's#https\?://[^/]*/\(pub/\)\?epel#http://mirrors.aliyun.com/epel#g; s/^#baseurl/baseurl/; s/^metalink=/#metalink=/; s/^mirrorlist=/#mirrorlist=/' /etc/yum.repos.d/epel*.repo

安装nginx

yum -y install nginx       # 安装nginx
systemctl start nginx.service       # 启动nginx
systemctl enable nginx.service      # 设置为开机启动

安装MySQL

清华大学yum源

# 安装 mysql release
releasever=$(cat /etc/redhat-release |awk '{print $(NF-1)}'|awk -F. '{print$1}')
yum install http://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql80-community-el${releasever}/mysql80-community-release-el${releasever}-3.noarch.rpm
# 备份配置
cp /etc/yum.repos.d/mysql-community.repo /etc/yum.repos.d/mysql-community.repo.bak
# 修改为清华大学软件源
sed -i 's#repo.mysql.com/yum#mirrors.tuna.tsinghua.edu.cn/mysql/yum#; s/mysql-\([0-9]\)\.\([0-9]\)/mysql\1\2/; s#/el/\([0-9]\)/#-el\1/#; s#$basearch/##' /etc/yum.repos.d/mysql-community.repo
# 安装MySQL
yum install -y mysql-community-server

腾讯云yum源

# 安装 mysql release
releasever=$(cat /etc/redhat-release |awk '{print $(NF-1)}'|awk -F. '{print$1}')
yum install http://mirrors.tencent.com/mysql/yum/mysql80-community-el${releasever}/mysql80-community-release-el${releasever}-3.noarch.rpm
# 备份配置
cp /etc/yum.repos.d/mysql-community.repo /etc/yum.repos.d/mysql-community.repo.bak
# 修改为腾讯云软件源
sed -i 's#repo.mysql.com/yum#mirrors.tencent.com/mysql/yum#; s/mysql-\([0-9]\)\.\([0-9]\)/mysql\1\2/; s#/el/\([0-9]\)/#-el\1/#; s#$basearch/##' /etc/yum.repos.d/mysql-community.repo
# 安装MySQL
yum install -y mysql-community-server

启动并配置MySQL

启动MySQL

systemctl start mysqld.service
systemctl enable mysqld.service

查看MySQL初始密码

grep 'temporary password' /var/log/mysqld.log

运行 mysql_secure_installation 更改密码,加固MySQL

Securing the MySQL server deployment.

Enter password for user root:   <–输入上一步得到的MySQL初始密码

The existing password for the user account root has expired. Please set a new password.

New password:  <– 设置新的root用户的密码

Re-enter new password:  <– 再输入一次新的root用户的密码
The 'validate_password' component is installed on the server.
The subsequent steps will run with the existing configuration
of the component.
Using existing password for root.

Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : y  <– 系统检测到 'validate_password' 组件被安装,需要再次设置一次密码。 输入y并回车或直接回车

New password: <– 设置新的root用户的密码

Re-enter new password: <– 再输入一次新的root用户的密码

Estimated strength of the password: 100 
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y  <– 是否确认更新root用户密码,输入y并回车或直接回车
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y  <– 是否删除匿名用户,输入y并回车或直接回车
Success.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y   <–是否禁止root远程登录,输入y并回车或直接回车
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y   <– 是否删除test数据库,输入y并回车或直接回车
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y   <– 是否重新加载权限表,输入y并回车或直接回车
Success.

All done! 

创建 wordpress 数据库和用户

用MySQL的root用户登录

mysql -u root -p

wordpress 数据库和用户

CREATE DATABASE wordpressdb;  //新建的数据库为 wordpressdb
CREATE USER wordpressuser@'%' IDENTIFIED BY 'user1.Password';   //用户为 wordpressuser,密码为 user1.Password
GRANT ALL PRIVILEGES ON wordpressdb.* TO wordpressuser@'%';   //授权 wordpressuser 访问 wordpressdb
quit 

安装PHP

# 安装 remi release
wget http://mirrors.aliyun.com/remi/enterprise/remi-release-7.rpm
yum -y localinstall remi-release-7.rpm

# 修改为阿里云镜像源
sed -e 's!^metalink=!#metalink=!g' \
    -e 's!^mirrorlist=!#mirrorlist=!g' \
    -e 's!^#baseurl=!baseurl=!g' \
    -e '/^baseurl=/s!http://rpms.remirepo.net/\(.*\)!http://mirrors.aliyun.com/remi/\1!g;' \
    -i /etc/yum.repos.d/remi*.repo;
# 配置 php 7.4 为系统默认源 
yum-config-manager --disable 'remi-php*'
yum-config-manager --enable   remi-php74

# 安装php及其组件
yum install -y php php-bcmath php-cli php-common php-gd php-json php-mbstring php-mcrypt php-mysqlnd php-opcache php-pdo php-soap php-xml php-xmlrpc php-fpm

# 启动 php-fpm 并设置开机自动启动
systemctl start php-fpm.service
systemctl enable php-fpm.service

修改nginx配置

vi /etc/nginx/nginx.conf 打开nginx主配置文件,按i进入编辑模式,修改其中的sever部分为以下内容

server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html; # 你的站点的目录

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$args;
    }

    rewrite /wp-admin$ $scheme://$host$uri/ permanent;

    location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
                access_log off; log_not_found off; expires max;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

输入完成后,按ESC进入命令模式,输入:wq,回车保存并退出后,重载nginx

systemctl reload nginx.service

测试php-fpm是否安装成功

输入vi /usr/share/nginx/html/info.php,按i进入编辑模式,输入以下内容:

<?php
    echo phpinfo();
?>

输入完成后,按ESC进入命令模式,输入:wq,回车保存并退出; 接着在浏览器中输入http://当前服务器公网IP/info.php; 如果浏览器中出现php 相关信息!则表示配置成功,可继续进行以下步骤,若出现文件下载弹窗,则配置失败,检查以上步骤是否出错。

安装wordpress并配置wordpress

cd ~/
wget https://cn.wordpress.org/wordpress-5.6-zh_CN.tar.gz  # 下载wordpress安装包
tar zxvf wordpress-5.6-zh_CN.tar.gz   # 解压缩
cd wordpress/   # 进入到wordpress目录
cp wp-config-sample.php wp-config.php   # 复制wp-config-sample.php并重命名为wp-config.php
vim wp-config.php   # 打开该文件

找到mysql设置的配置部分,按i进入编辑模式,将步骤2中配置的mysql信息填入以下内容中

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpressdb'); # 数据库名

/** MySQL database username */
define('DB_USER', 'wordpressuser');  # 数据库用户名

/** MySQL database password */
define('DB_PASSWORD', 'user1.Password');    # 数据库密码

/** MySQL hostname */
define('DB_HOST', 'localhost'); # 一般不修改,如果数据库安装在其他服务器上,修改为对应服务器的IP或域名
.....

/**#@+
 * 身份认证密钥与盐。
 *
 * 修改为任意独一无二的字串!
 * 或者直接访问{@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org密钥生成服务}
 * 任何修改都会导致所有cookies失效,所有用户将必须重新登录。
 *
 * @since 2.6.0
 */
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );
....

输入完成后,按ESC进入命令模式,输入:wq,回车保存并退出;

rm /usr/share/nginx/html/info.php  # 删除刚才的 info.php,防止爆漏 php 信息 
rm /usr/share/nginx/html/index.html # 删除nginx中的主页文件
mv * /usr/share/nginx/html/ # 将wordpress文件移动web站点的根目录

完成后,在浏览器中输入http://你的主机IP或者域名/wp-admin/install.php,进入到wordpress的配置页面,输入网站标题,用户名和密码后,就可以进入wordpress后台管理界面,到此便大功告成。

配置letsencrypt 证书

首先需要确保拥有公网域名,并将公网域名解析到本服务器。

测试是否可以通过公网访问本服务器。

下载 acme.sh 代码。

yum install git -y
git clone https://github.com/acmesh-official/acme.sh
cd acme.sh/
./acme.sh install

申请证书

/root/.acme.sh/acme.sh --issue -w /usr/share/nginx/html/ -d <你的域名> --keylength ec-256

将证书安装到制定位置

# 创建证书存放
mkdir /etc/nginx/certs/

# 安装证书到指定的目录,并指定更新证书时触发的重新载入服务的命令
/root/.acme.sh/acme.sh --install-cert --ecc -d <你的域名> \
--key-file       /etc/nginx/certs/<你的域名>.key  \
--fullchain-file /etc/nginx/certs/<你的域名>.crt \
--reloadcmd     "/usr/bin/systemctl reload nginx.service"

配置nginx https

vi /etc/nginx/conf.d/<你的域名>.conf, 添加如下内容:

server {
        server_name <你的域名>;
        listen 443 ssl http2 ;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/<你的域名>.crt;
        ssl_certificate_key /etc/nginx/certs/<你的域名>.key;
        #add_header Strict-Transport-Security "max-age=31536000" always;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$args;
        }

        rewrite /wp-admin$ $scheme://$host$uri/ permanent;

        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
                    access_log off; log_not_found off; expires max;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
}

重新载入 nginx

nginx -t
nginx -s reload  # 或者 systemctl reload nginx

测试一下是否能够通过https访问站点了: https://<你的域名>/

修改wordpress的siteurl

由于刚开始的时候,设置的 siteurl 是http协议,wordpress默认也从http加载,由于浏览器安全限制。导致很多元素加载不下来。

修改 wordpress 的 siteurl 让默认从https协议加载。

访问 https://<你的域名>/wp-admin/

点击 设置-> 常规。

将 “WordPress地址(URL)” 和 ”站点地址(URL)“设置为: https://<你的域名>/

然后点击保存更改。

配置 http -> https 跳转

vi /etc/nginx/conf.d/<你的域名>.conf, 添加 http 的跳转内容:

server {
        server_name <你的域名>;
        listen 80 ;
        # Do not HTTPS redirect Let'sEncrypt ACME challenge
        location /.well-known/acme-challenge/ {
                auth_basic off;
                allow all;
                root /usr/share/nginx/html;
                try_files $uri =404;
                break;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}

server {
        server_name <你的域名>;
        listen 443 ssl http2 ;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/<你的域名>.crt;
        ssl_certificate_key /etc/nginx/certs/<你的域名>.key;
        #add_header Strict-Transport-Security "max-age=31536000" always;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$args;
        }

        rewrite /wp-admin$ $scheme://$host$uri/ permanent;

        location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
                    access_log off; log_not_found off; expires max;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
}

重新载入 nginx

nginx -t
nginx -s reload  # 或者 systemctl reload nginx