建構Server常用指令與工具

目錄

先檢查一下

apt-get update 
apt-get upgrade

安裝 Nginx

apt-get install nginx -y

安裝 MariaDB

apt-get install mariadb-server -y
systemctl enable mariadb.service

安装 PHP 7.4

apt-get update 
apt install software-properties-common -y
add-apt-repository ppa:ondrej/php 
apt-get install php7.4 php7.4-cli php7.4-fpm php7.4-mysql php7.4-json php7.4-opcache php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl -y
php -verson

建立WordPressDB

mysql -u root -p
CREATE DATABASE wordpress_db;
GRANT ALL ON wordpress_db.* TO 'wpuser'@'localhost' IDENTIFIED BY 'Password' WITH GRANT OPTION;
FLUSH PRIVILEGES;

nginx相關

建立WP目錄

mkdir /var/www/html/wordpress

為 WordPress 創建 Nginx 服務器文件。

vi /etc/nginx/sites-available/wordpress.conf

連接符號文件,順便重新載入設定

cd /etc/nginx/sites-enabled && ln -s ../sites-available/wordpress.conf . && systemctl reload nginx

刷新,通常配置有變動後使用

systemctl reload nginx

強制重啟nginx

systemctl restart nginx

檢查狀態

systemctl status nginx

檢查設定檔案語法有無錯誤

nginx -t

WordPress下載與安裝

cd /var/www/html/wordpress
wget https://tw.wordpress.org/latest-zh_TW.tar.gz
tar -zxvf latest-zh_TW.tar.gz
mv wordpress/* .
rm -rf wordpress latest-zh_TW.tar.gz

權限變更

cd /var/www/html && chown -R www-data:www-data *
chmod -R 755 *

設定WP文件

cd /var/www/html/wordpress && mv wp-config-sample.php wp-config.php
vi wp-config.php
define('DB_NAME', 'wordpress_db'); 
define('DB_USER', 'wpuser'); 
define('DB_PASSWORD', 'Passw0rd!'); 

點擊產生安全鑰匙
https://api.wordpress.org/secret-key/1.1/salt/

修改上傳檔案大小的位置

vi /etc/php/7.4/fpm/php.ini
upload_max_filesize = 32M
post_max_size = 32M
memory_limit = 64M
max_execution_time = 300

重新啟動fpm

systemctl restart php7.4-fpm.service

nginx.conf的http括號內添加上限

client_max_body_size 0;
service nginx reload

80配置

server { 
           listen 80; 
           root /var/www/html/wordpress; 
           index index.php index.html; 
           server_name XXXX; 

           access_log /var/log/nginx/www.access.log; 
           error_log /var/log/nginx/www.error.log;  

           location / { 
                          try_files $uri $uri/ =404;  
           } 

           location ~ \.php$ { 
                          include snippets/fastcgi-php.conf; 
                          fastcgi_pass unix:/run/php/php7.4-fpm.sock; 
           }

           location ~ /\.ht { 
                          deny all; 
           } 

           location = /favicon.ico { 
                          log_not_found off; 
                          access_log off; 
           } 

           location = /robots.txt { 
                          allow all; 
                          log_not_found off; 
                          access_log off; 
           } 

           location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { 
                          expires max; 
                          log_not_found off; 
           } 
}   

443配置

server {

    listen 443 ssl;
    listen [::]:443 ssl;

    server_name demo1.xuanci.tw;
    root /var/www/html/wordpress/;
    index index.php index.html index.htm;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ssl_certificate /etc/nginx/ssl/demo1.xuanci.tw/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/demo1.xuanci.tw/keyfile.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;

    add_header Content-Security-Policy upgrade-insecure-requests;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options nosniff;
    add_header Referrer-Policy "no-referrer-when-downgrade"; 

    location / {
        try_files $uri $uri/ /index.php?$query_string;
        #try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }

}
server {
    listen 80;
    listen [::]:80;
    server_name demo1.xuanci.tw;
    rewrite ^/(.*) https://demo1.xuanci.tw/$1 permanent;
}

重新導向

server {

    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.sunofmorning.com sunofmorning.com;
    rewrite ^/(.*) https://shop.sunofmorning.com/ permanent;
}

server {

    listen 80;
    listen [::]:80;
    server_name www.sunofmorning.com sunofmorning.com;
    rewrite ^/(.*) https://shop.sunofmorning.com/ permanent;
}

nginx.conf

user  www-data;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
    accept_mutex on;
    use epoll; # The method used in linux 2.6+
    accept_mutex_delay 100ms;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;
    client_max_body_size 0;

    # Server Configuration

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

發佈留言