League2eb

建構Server常用指令與工具

先檢查一下

1
apt-get update
1
apt-get upgrade

安裝 Nginx

1
apt-get install nginx -y

安裝 MariaDB

1
apt-get install mariadb-server -y
1
systemctl enable mariadb.service

安装 PHP 7.4

1
apt-get update
1
apt install software-properties-common -y
1
add-apt-repository ppa:ondrej/php
1
apt-get install php7.4 php7.4-cli php7.4-fpm php7.4-mysql php7.4-json php7.4-opcache php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl -y
1
php -verson

建立WordPressDB

1
mysql -u root -p
1
CREATE DATABASE wordpress_db;
1
GRANT ALL ON wordpress_db.* TO 'wpuser'@'localhost' IDENTIFIED BY 'Password' WITH GRANT OPTION;
1
FLUSH PRIVILEGES;

nginx相關

建立WP目錄

1
mkdir /var/www/html/wordpress

為 WordPress 創建 Nginx 服務器文件。

1
/etc/nginx/sites-available/wordpress.conf

連接符號文件,順便重新載入設定

1
cd /etc/nginx/sites-enabled && ln -s ../sites-available/wordpress.conf . && systemctl reload nginx

刷新,通常配置有變動後使用

1
systemctl reload nginx

強制重啟nginx

1
systemctl restart nginx

檢查狀態

1
systemctl status nginx

檢查設定檔案語法有無錯誤

1
nginx -t

WordPress下載與安裝

1
cd /var/www/html/wordpress
1
wget https://tw.wordpress.org/latest-zh_TW.tar.gz
1
tar -zxvf latest-zh_TW.tar.gz
1
mv wordpress/* .
1
rm -rf wordpress latest-zh_TW.tar.gz

權限變更

1
cd /var/www/html && chown -R www-data:www-data *
1
chmod -R 755 *

設定WP文件

1
cd /var/www/html/wordpress && mv wp-config-sample.php wp-config.php
1
vi wp-config.php
1
2
3
define('DB_NAME', 'wordpress_db'); 
define('DB_USER', 'wpuser'); 
define('DB_PASSWORD', 'Passw0rd!');

點擊產生安全鑰匙
https://api.wordpress.org/secret-key/1.1/salt/

修改上傳檔案大小的位置

1
vi /etc/php/7.4/fpm/php.ini
1
upload_max_filesize = 32M
1
post_max_size = 32M
1
memory_limit = 64M
1
max_execution_time = 300

重新啟動fpm

1
systemctl restart php7.4-fpm.service

nginx.conf的http括號內添加上限

1
client_max_body_size 0;
1
service nginx reload

80配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
server { 
           listen 80; 
           root /var/www/html/wordpress; 
           index index.php index.html; 
           server_name XXXX; 

           access_log /var/log/nginx/www.access.log; 
           error_log /var/log/nginx/www.error.log;  

           location / { 
                          try_files $uri $uri/ =404;  
           } 

           location ~ \.php$ { 
                          include snippets/fastcgi-php.conf; 
                          fastcgi_pass unix:/run/php/php7.4-fpm.sock; 
           }
 
           location ~ /\.ht { 
                          deny all; 
           } 

           location = /favicon.ico { 
                          log_not_found off; 
                          access_log off; 
           } 

           location = /robots.txt { 
                          allow all; 
                          log_not_found off; 
                          access_log off; 
           } 

           location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { 
                          expires max; 
                          log_not_found off; 
           } 
}

443配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
server {

    listen 443 ssl;
    listen [::]:443 ssl;

    server_name demo1.xuanci.tw;
    root /var/www/html/wordpress/;
    index index.php index.html index.htm;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ssl_certificate /etc/nginx/ssl/demo1.xuanci.tw/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/demo1.xuanci.tw/keyfile.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
   
    add_header Content-Security-Policy upgrade-insecure-requests;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header Referrer-Policy "no-referrer-when-downgrade"; 
    
    location / {
        try_files $uri $uri/ /index.php?$query_string;
        #try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
 
}
server {
    listen 80;
    listen [::]:80;
    server_name demo1.xuanci.tw;
    rewrite ^/(.*) https://demo1.xuanci.tw/$1 permanent;
}

重新導向

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
server {

    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.sunofmorning.com sunofmorning.com;
    rewrite ^/(.*) https://shop.sunofmorning.com/ permanent;
}

server {

    listen 80;
    listen [::]:80;
    server_name www.sunofmorning.com sunofmorning.com;
    rewrite ^/(.*) https://shop.sunofmorning.com/ permanent;
}

nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
user  www-data;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
    accept_mutex on;
    use epoll; # The method used in linux 2.6+
    accept_mutex_delay 100ms;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;
    client_max_body_size 0;

    # Server Configuration

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

 上一頁

 評論