CentOS 7 安装 wordpress
软件版本:
- 操纵系统: CentOS 7
- PHP: 7.4
- MySQL: 8.0
- WordPress: 5.6
配置CentOS和epel源(可选):
sed -i 's#https\?://[^/]*/\(centos\|\$contentdir\)/#http://mirrors.aliyun.com/centos/#g; s/^#baseurl/baseurl/; s/^metalink=/#metalink=/; s/^mirrorlist=/#mirrorlist=/' /etc/yum.repos.d/CentOS-Base.repo
sed -i 's#https\?://[^/]*/\(pub/\)\?epel#http://mirrors.aliyun.com/epel#g; s/^#baseurl/baseurl/; s/^metalink=/#metalink=/; s/^mirrorlist=/#mirrorlist=/' /etc/yum.repos.d/epel*.repo
yum install -y epel-release
sed -i 's#https\?://[^/]*/\(pub/\)\?epel#http://mirrors.aliyun.com/epel#g; s/^#baseurl/baseurl/; s/^metalink=/#metalink=/; s/^mirrorlist=/#mirrorlist=/' /etc/yum.repos.d/epel*.repo
安装nginx
yum -y install nginx # 安装nginx
systemctl start nginx.service # 启动nginx
systemctl enable nginx.service # 设置为开机启动
安装MySQL
清华大学yum源
# 安装 mysql release
releasever=$(cat /etc/redhat-release |awk '{print $(NF-1)}'|awk -F. '{print$1}')
yum install http://mirrors.tuna.tsinghua.edu.cn/mysql/yum/mysql80-community-el${releasever}/mysql80-community-release-el${releasever}-3.noarch.rpm
# 备份配置
cp /etc/yum.repos.d/mysql-community.repo /etc/yum.repos.d/mysql-community.repo.bak
# 修改为清华大学软件源
sed -i 's#repo.mysql.com/yum#mirrors.tuna.tsinghua.edu.cn/mysql/yum#; s/mysql-\([0-9]\)\.\([0-9]\)/mysql\1\2/; s#/el/\([0-9]\)/#-el\1/#; s#$basearch/##' /etc/yum.repos.d/mysql-community.repo
# 安装MySQL
yum install -y mysql-community-server
腾讯云yum源
# 安装 mysql release
releasever=$(cat /etc/redhat-release |awk '{print $(NF-1)}'|awk -F. '{print$1}')
yum install http://mirrors.tencent.com/mysql/yum/mysql80-community-el${releasever}/mysql80-community-release-el${releasever}-3.noarch.rpm
# 备份配置
cp /etc/yum.repos.d/mysql-community.repo /etc/yum.repos.d/mysql-community.repo.bak
# 修改为腾讯云软件源
sed -i 's#repo.mysql.com/yum#mirrors.tencent.com/mysql/yum#; s/mysql-\([0-9]\)\.\([0-9]\)/mysql\1\2/; s#/el/\([0-9]\)/#-el\1/#; s#$basearch/##' /etc/yum.repos.d/mysql-community.repo
# 安装MySQL
yum install -y mysql-community-server
启动并配置MySQL
启动MySQL
systemctl start mysqld.service
systemctl enable mysqld.service
查看MySQL初始密码
grep 'temporary password' /var/log/mysqld.log
运行 mysql_secure_installation
更改密码,加固MySQL
Securing the MySQL server deployment.
Enter password for user root: <–输入上一步得到的MySQL初始密码
The existing password for the user account root has expired. Please set a new password.
New password: <– 设置新的root用户的密码
Re-enter new password: <– 再输入一次新的root用户的密码
The 'validate_password' component is installed on the server.
The subsequent steps will run with the existing configuration
of the component.
Using existing password for root.
Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : y <– 系统检测到 'validate_password' 组件被安装,需要再次设置一次密码。 输入y并回车或直接回车
New password: <– 设置新的root用户的密码
Re-enter new password: <– 再输入一次新的root用户的密码
Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y <– 是否确认更新root用户密码,输入y并回车或直接回车
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y <– 是否删除匿名用户,输入y并回车或直接回车
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y <–是否禁止root远程登录,输入y并回车或直接回车
Success.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y <– 是否删除test数据库,输入y并回车或直接回车
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y <– 是否重新加载权限表,输入y并回车或直接回车
Success.
All done!
创建 wordpress 数据库和用户
用MySQL的root用户登录
mysql -u root -p
wordpress 数据库和用户
CREATE DATABASE wordpressdb; //新建的数据库为 wordpressdb
CREATE USER wordpressuser@'%' IDENTIFIED BY 'user1.Password'; //用户为 wordpressuser,密码为 user1.Password
GRANT ALL PRIVILEGES ON wordpressdb.* TO wordpressuser@'%'; //授权 wordpressuser 访问 wordpressdb
quit
安装PHP
# 安装 remi release
wget http://mirrors.aliyun.com/remi/enterprise/remi-release-7.rpm
yum -y localinstall remi-release-7.rpm
# 修改为阿里云镜像源
sed -e 's!^metalink=!#metalink=!g' \
-e 's!^mirrorlist=!#mirrorlist=!g' \
-e 's!^#baseurl=!baseurl=!g' \
-e '/^baseurl=/s!http://rpms.remirepo.net/\(.*\)!http://mirrors.aliyun.com/remi/\1!g;' \
-i /etc/yum.repos.d/remi*.repo;
# 配置 php 7.4 为系统默认源
yum-config-manager --disable 'remi-php*'
yum-config-manager --enable remi-php74
# 安装php及其组件
yum install -y php php-bcmath php-cli php-common php-gd php-json php-mbstring php-mcrypt php-mysqlnd php-opcache php-pdo php-soap php-xml php-xmlrpc php-fpm
# 启动 php-fpm 并设置开机自动启动
systemctl start php-fpm.service
systemctl enable php-fpm.service
修改nginx配置
vi /etc/nginx/nginx.conf
打开nginx主配置文件,按i进入编辑模式,修改其中的sever部分为以下内容
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html; # 你的站点的目录
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
输入完成后,按ESC
进入命令模式,输入:wq
,回车保存并退出后,重载nginx
systemctl reload nginx.service
测试php-fpm是否安装成功
输入vi /usr/share/nginx/html/info.php
,按i进入编辑模式,输入以下内容:
<?php
echo phpinfo();
?>
输入完成后,按ESC进入命令模式,输入:wq,回车保存并退出; 接着在浏览器中输入http://当前服务器公网IP/info.php; 如果浏览器中出现php 相关信息!则表示配置成功,可继续进行以下步骤,若出现文件下载弹窗,则配置失败,检查以上步骤是否出错。
安装wordpress并配置wordpress
cd ~/
wget https://cn.wordpress.org/wordpress-5.6-zh_CN.tar.gz # 下载wordpress安装包
tar zxvf wordpress-5.6-zh_CN.tar.gz # 解压缩
cd wordpress/ # 进入到wordpress目录
cp wp-config-sample.php wp-config.php # 复制wp-config-sample.php并重命名为wp-config.php
vim wp-config.php # 打开该文件
找到mysql设置的配置部分,按i进入编辑模式,将步骤2中配置的mysql信息填入以下内容中
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpressdb'); # 数据库名
/** MySQL database username */
define('DB_USER', 'wordpressuser'); # 数据库用户名
/** MySQL database password */
define('DB_PASSWORD', 'user1.Password'); # 数据库密码
/** MySQL hostname */
define('DB_HOST', 'localhost'); # 一般不修改,如果数据库安装在其他服务器上,修改为对应服务器的IP或域名
.....
/**#@+
* 身份认证密钥与盐。
*
* 修改为任意独一无二的字串!
* 或者直接访问{@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org密钥生成服务}
* 任何修改都会导致所有cookies失效,所有用户将必须重新登录。
*
* @since 2.6.0
*/
define( 'AUTH_KEY', 'put your unique phrase here' );
define( 'SECURE_AUTH_KEY', 'put your unique phrase here' );
define( 'LOGGED_IN_KEY', 'put your unique phrase here' );
define( 'NONCE_KEY', 'put your unique phrase here' );
define( 'AUTH_SALT', 'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT', 'put your unique phrase here' );
define( 'NONCE_SALT', 'put your unique phrase here' );
....
输入完成后,按ESC进入命令模式,输入:wq,回车保存并退出;
rm /usr/share/nginx/html/info.php # 删除刚才的 info.php,防止爆漏 php 信息
rm /usr/share/nginx/html/index.html # 删除nginx中的主页文件
mv * /usr/share/nginx/html/ # 将wordpress文件移动web站点的根目录
完成后,在浏览器中输入http://你的主机IP或者域名/wp-admin/install.php,进入到wordpress的配置页面,输入网站标题,用户名和密码后,就可以进入wordpress后台管理界面,到此便大功告成。
配置letsencrypt 证书
首先需要确保拥有公网域名,并将公网域名解析到本服务器。
测试是否可以通过公网访问本服务器。
下载 acme.sh 代码。
yum install git -y
git clone https://github.com/acmesh-official/acme.sh
cd acme.sh/
./acme.sh install
申请证书
/root/.acme.sh/acme.sh --issue -w /usr/share/nginx/html/ -d <你的域名> --keylength ec-256
将证书安装到制定位置
# 创建证书存放
mkdir /etc/nginx/certs/
# 安装证书到指定的目录,并指定更新证书时触发的重新载入服务的命令
/root/.acme.sh/acme.sh --install-cert --ecc -d <你的域名> \
--key-file /etc/nginx/certs/<你的域名>.key \
--fullchain-file /etc/nginx/certs/<你的域名>.crt \
--reloadcmd "/usr/bin/systemctl reload nginx.service"
配置nginx https
vi /etc/nginx/conf.d/<你的域名>.conf
, 添加如下内容:
server {
server_name <你的域名>;
listen 443 ssl http2 ;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/<你的域名>.crt;
ssl_certificate_key /etc/nginx/certs/<你的域名>.key;
#add_header Strict-Transport-Security "max-age=31536000" always;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
重新载入 nginx
nginx -t
nginx -s reload # 或者 systemctl reload nginx
测试一下是否能够通过https访问站点了: https://<你的域名>/
修改wordpress的siteurl
由于刚开始的时候,设置的 siteurl 是http协议,wordpress默认也从http加载,由于浏览器安全限制。导致很多元素加载不下来。
修改 wordpress 的 siteurl 让默认从https协议加载。
访问 https://<你的域名>/wp-admin/
点击 设置-> 常规。
将 “WordPress地址(URL)” 和 ”站点地址(URL)“设置为: https://<你的域名>/
然后点击保存更改。
配置 http -> https 跳转
vi /etc/nginx/conf.d/<你的域名>.conf
, 添加 http 的跳转内容:
server {
server_name <你的域名>;
listen 80 ;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name <你的域名>;
listen 443 ssl http2 ;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/<你的域名>.crt;
ssl_certificate_key /etc/nginx/certs/<你的域名>.key;
#add_header Strict-Transport-Security "max-age=31536000" always;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
重新载入 nginx
nginx -t
nginx -s reload # 或者 systemctl reload nginx