LazyBlog

建構Server常用指令與工具

先檢查一下

1
apt-get update
1
apt-get upgrade

安裝 Nginx

1
apt-get install nginx -y

安裝 MariaDB

1
apt-get install mariadb-server -y
1
systemctl enable mariadb.service

安装 PHP 7.4

1
apt-get update
1
apt install software-properties-common -y
1
add-apt-repository ppa:ondrej/php
1
apt-get install php7.4 php7.4-cli php7.4-fpm php7.4-mysql php7.4-json php7.4-opcache php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl -y
1
php -verson

建立WordPressDB

1
mysql -u root -p
1
CREATE DATABASE wordpress_db;
1
GRANT ALL ON wordpress_db.* TO 'wpuser'@'localhost' IDENTIFIED BY 'Password' WITH GRANT OPTION;
1
FLUSH PRIVILEGES;

nginx相關

建立WP目錄

1
mkdir /var/www/html/wordpress

為 WordPress 創建 Nginx 服務器文件。

1
/etc/nginx/sites-available/wordpress.conf

連接符號文件,順便重新載入設定

1
cd /etc/nginx/sites-enabled && ln -s ../sites-available/wordpress.conf . && systemctl reload nginx

刷新,通常配置有變動後使用

1
systemctl reload nginx

強制重啟nginx

1
systemctl restart nginx

檢查狀態

1
systemctl status nginx

檢查設定檔案語法有無錯誤

1
nginx -t

WordPress下載與安裝

1
cd /var/www/html/wordpress
1
wget https://tw.wordpress.org/latest-zh_TW.tar.gz
1
tar -zxvf latest-zh_TW.tar.gz
1
mv wordpress/* .
1
rm -rf wordpress latest-zh_TW.tar.gz

權限變更

1
cd /var/www/html && chown -R www-data:www-data *
1
chmod -R 755 *

設定WP文件

1
cd /var/www/html/wordpress && mv wp-config-sample.php wp-config.php
1
vi wp-config.php
1
2
3
define('DB_NAME', 'wordpress_db'); 
define('DB_USER', 'wpuser');
define('DB_PASSWORD', 'Passw0rd!');

點擊產生安全鑰匙
https://api.wordpress.org/secret-key/1.1/salt/

修改上傳檔案大小的位置

1
vi /etc/php/7.4/fpm/php.ini
1
upload_max_filesize = 32M
1
post_max_size = 32M
1
memory_limit = 64M
1
max_execution_time = 300

重新啟動fpm

1
systemctl restart php7.4-fpm.service

nginx.conf的http括號內添加上限

1
client_max_body_size 0;
1
service nginx reload

80配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
server { 
listen 80;
root /var/www/html/wordpress;
index index.php index.html;
server_name XXXX;

access_log /var/log/nginx/www.access.log;
error_log /var/log/nginx/www.error.log;

location / {
try_files $uri $uri/ =404;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}

location ~ /\.ht {
deny all;
}

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}

443配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
server {

listen 443 ssl;
listen [::]:443 ssl;

server_name demo1.xuanci.tw;
root /var/www/html/wordpress/;
index index.php index.html index.htm;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

ssl_certificate /etc/nginx/ssl/demo1.xuanci.tw/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/demo1.xuanci.tw/keyfile.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;

add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy "no-referrer-when-downgrade";

location / {
try_files $uri $uri/ /index.php?$query_string;
#try_files $uri $uri/ =404;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}

location ~ /\.ht {
deny all;
}

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}

}
server {
listen 80;
listen [::]:80;
server_name demo1.xuanci.tw;
rewrite ^/(.*) https://demo1.xuanci.tw/$1 permanent;
}

重新導向

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
server {

listen 443 ssl;
listen [::]:443 ssl;
server_name www.sunofmorning.com sunofmorning.com;
rewrite ^/(.*) https://shop.sunofmorning.com/ permanent;
}

server {

listen 80;
listen [::]:80;
server_name www.sunofmorning.com sunofmorning.com;
rewrite ^/(.*) https://shop.sunofmorning.com/ permanent;
}

nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
user  www-data;
worker_processes auto;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
accept_mutex on;
use epoll; # The method used in linux 2.6+
accept_mutex_delay 100ms;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

gzip on;
client_max_body_size 0;

# Server Configuration

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

 評論