wordpress lnmp环境配置记录
nginx安装
配置nginx源
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
安装nginx-1.16版本
yum install -y nginx
确认是否安装:
rpm -qa | grep nginx
yum install nginx,会默认创建nginx:nginx,组和账户。
文件默认位置:
二进制文件在/usr/sbin/nginx
配置文件夹在/etc/nginx/
log文件夹在/var/log/nginx
yum安装会自动创建/usr/lib/systemd/system/nginx.service,可以用systemctl 启动停止。
mysql安装
配置mysql源
rpm -ivh http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
安装mysql5.7
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
yum -y install mysql-community-server
装社区版是因为mysql5.7收费了。
问题:
Public key for mysql-community-server-5.7.40-1.el7.x86_64.rpm is not installed
Failing package is: mysql-community-server-5.7.40-1.el7.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
https://blog.csdn.net/searlas/article/details/123393829
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
确认是否安装:
rpm -qa | grep mysql
php安装
https://blog.csdn.net/chpjmb/article/details/116402778
配置php源
首先安装 EPEL 源:
yum install -y epel-release
安装 REMI 源:
# CentOS 7
yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# CentOS 6
yum install -y http://rpms.remirepo.net/enterprise/remi-release-6.rpm
安装 Yum 源管理工具:
yum -y install yum-utils
安装PHP软件
# 安装 PHP7.3:
yum install -y php73-php-fpm php73-php-cli php73-php-bcmath php73-php-gd php73-php-json php73-php-mbstring php73-php-mcrypt php73-php-mysqlnd php73-php-opcache php73-php-pdo php73-php-pecl-crypto php73-php-pecl-mcrypt php73-php-pecl-geoip php73-php-recode php73-php-snmp php73-php-soap php73-php-xmll php73-php-imagick php73-php-zip php73-php-intl php73-php-xml
wordpress环境检查
https://csdn.net/wp-admin/site-health.php
设置开机启动、运行服务:
systemctl enable php73-php-fpm
systemctl start php73-php-fpm
查找安装包:
rpm -qa | grep 'php'
找到:php73-php-fpm-7.3.33-6.el7.remi.x86_64安装位置
rpm -ql php73-php-fpm-7.3.33-6.el7.remi.x86_64
查找php.ini位置:
find /etc/opt/remi/php73 -name php.ini
编辑/etc/opt/remi/php73/php.ini替换换 ;cgi.fix_pathinfo=1 为 cgi.fix_pathinfo=0 快捷命令:
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/opt/remi/php73/php.ini
php.ini中的cgi.fix_pathinfo选项
https://taobig.org/?p=650
重启php73-php-fpm
systemctl restart php73-php-fpm
验证一下是否安装成功:
php73 -v
查看安装的php拓展
php73 -m
安装更多组件
yum search php73
php服务相关软件说明:
php73w --> 主程序软件
php73w-gd --> 和显示图形相关的软件
php73w-mcrypt --> 和数据传输加密相关
php73w-pdo --> 让php和数据库建立联系
php73w-fpm --> fastcgi
重要的目录信息:
/etc/php-fpm.conf -->php-fpm进程的配置文件
/etc/php-fpm.d -->php-fpm进程加载配置文件的目录
/etc/php-fpm.d/www.conf
user = nginx -->利用指定用户管理php工作进程 建议配置和nginx服务相同的用户
group = nginx -->利用指定用户组管理php工作进程
listen = 127.0.0.1:9000 -->指定php服务运行后,监听的地址和端口信息
listen.allowed_clients = 127.0.0.1 -->只允许本地访问php 9000端口服务
软件配置及wordpress安装
yum -y install wget
wget https://cn.wordpress.org/latest-zh_CN.tar.gz
cd /usr/share/nginx/html
cp ~/latest-zh_CN.tar.gz wordpress.tar.gz
tar xf wordpress.tar.gz
mv wordpress csdn
安装ssl证书
配置证书需要网站访问,开始直接修改默认default.conf中绑定的server_name和根目录
cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
yum install -y vim
vim /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name csdn.net www.csdn.net;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html/csdn;
index index.html index.htm;
}
systemctl status nginx.service
systemctl enable nginx.service
systemctl start nginx.service
systemctl restart nginx.service
systemctl stop nginx.service
yum install -y certbot
certbot --version
测试参数 --dry-run
certbot certonly --webroot -w /usr/share/nginx/html/csdn -d csdn.net -d www.csdn.net -m [email protected] --agree-tos --dry-run
IMPORTANT NOTES:
- The dry run was successful.
通过测试后执行:
certbot certonly --webroot -w /usr/share/nginx/html/csdn -d csdn.net -d www.csdn.net -m [email protected] --agree-tos
成功结果看IMPORTANT NOTES:
Subscribe to the EFF mailing list (email: [email protected]).
Starting new HTTPS connection (1): supporters.eff.org
An unexpected error occurred:
TypeError: __str__ returned non-string (type Error)
Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/csdn.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/csdn.net/privkey.pem
Your certificate will expire on 2023-02-08. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[root@HKBGP348853 html]# ll /etc/letsencrypt/live/csdn.net/
total 4
lrwxrwxrwx 1 root root 30 Nov 10 04:48 cert.pem -> ../../archive/csdn.net/cert1.pem
lrwxrwxrwx 1 root root 31 Nov 10 04:48 chain.pem -> ../../archive/csdn.net/chain1.pem
lrwxrwxrwx 1 root root 35 Nov 10 04:48 fullchain.pem -> ../../archive/csdn.net/fullchain1.pem
lrwxrwxrwx 1 root root 33 Nov 10 04:48 privkey.pem -> ../../archive/csdn.net/privkey1.pem
-rw-r--r-- 1 root root 692 Nov 10 04:48 README
查看证书有效期:
openssl x509 -noout -dates -in /etc/letsencrypt/live/csdn.net/cert.pem
手动更新证书
certbot renew --dry-run
如果不需要返回的信息,可以用静默方式
certbot renew --quiet
自动更新证书
crontab -e
00 05 01 * * /usr/bin/certbot renew --quiet && /bin/systemctl restart nginx
配置nginx
mkdir /etc/ssl/private/ -p
cd /etc/ssl/private/
openssl dhparam 2048 -out dhparam.pem
rm -rf /etc/nginx/conf.d/default.conf
vim /etc/nginx/conf.d/default.conf
server {
listen 80 default;
return 444;
}
server {
listen 80;
server_name csdn.net www.csdn.net;
if ($scheme = http) {
rewrite ^/(.*)$ https://csdn.net/$1 permanent;
# return 301 https://csdn.net$request_uri;
}
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html/csdn;
index index.php index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html/csdn;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/csdn/$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 443 ssl;
server_name csdn.net www.csdn.net;
ssl_certificate /etc/letsencrypt/live/csdn.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/csdn.net/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_dhparam /etc/ssl/private/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html/csdn;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /usr/share/nginx/html/csdn;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/csdn/$fastcgi_script_name;
include fastcgi_params;
}
}
配置php权限
ps -ef | grep php
root 5049 1 0 04:00 ? 00:00:00 php-fpm: master process (/etc/opt/remi/php73/php-fpm.conf)
apache 5050 5049 0 04:00 ? 00:00:00 php-fpm: pool www
apache 5051 5049 0 04:00 ? 00:00:00 php-fpm: pool www
apache 5052 5049 0 04:00 ? 00:00:00 php-fpm: pool www
apache 5053 5049 0 04:00 ? 00:00:00 php-fpm: pool www
apache 5054 5049 0 04:00 ? 00:00:00 php-fpm: pool www
root 5413 1117 0 04:13 pts/0 00:00:00 grep --color=auto php
php执行权限用户为apache
chmod -R 777 csdn
chown -R apache:apache csdn/
配置mysql
systemctl enable mysqld
systemctl start mysqld
查看初始root密码
grep password /var/log/mysqld.log
mysql -u root -p
set password for root@localhost = password('pasSw0oO0Rd__');
create database csdn;
查看硬盘和内存可用容量
df -h
free -h
重启查看配置是否依然正常
reboot