wordpress lnmp environment configuration record
nginx installation
Configure nginx source
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
Install nginx-1.16 version
yum install -y nginx
Confirm whether it is installed:
rpm -qa | grep nginx
yum install nginx will create nginx:nginx, group and account by default.
File default location:
binary files in /usr/sbin/nginx
configuration folder in /etc/nginx/
log folder in /var/log/nginx
yum installation will automatically create /usr/lib/systemd/system/nginx.service, It can be started and stopped with systemctl.
mysql installation
Configure mysql source
rpm -ivh http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
Install mysql5.7
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
yum -y install mysql-community-server
to install the community version because mysql5.7 is charged.
question:
Public key for mysql-community-server-5.7.40-1.el7.x86_64.rpm is not installed
Failing package is: mysql-community-server-5.7.40-1.el7.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
https://blog.csdn.net/searlas/article/details/123393829
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
Confirm whether it is installed:
rpm -qa | grep mysql
php installation
https://blog.csdn.net/chpjmb/article/details/116402778
configure php source
首先安装 EPEL 源:
yum install -y epel-release
安装 REMI 源:
# CentOS 7
yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# CentOS 6
yum install -y http://rpms.remirepo.net/enterprise/remi-release-6.rpm
安装 Yum 源管理工具:
yum -y install yum-utils
安装PHP软件
# 安装 PHP7.3:
yum install -y php73-php-fpm php73-php-cli php73-php-bcmath php73-php-gd php73-php-json php73-php-mbstring php73-php-mcrypt php73-php-mysqlnd php73-php-opcache php73-php-pdo php73-php-pecl-crypto php73-php-pecl-mcrypt php73-php-pecl-geoip php73-php-recode php73-php-snmp php73-php-soap php73-php-xmll php73-php-imagick php73-php-zip php73-php-intl php73-php-xml
wordpress环境检查
https://csdn.net/wp-admin/site-health.php
Set up the startup and running services:
systemctl enable php73-php-fpm
systemctl start php73-php-fpm
Find the installation package:
rpm -qa | grep 'php'
Found: php73-php-fpm-7.3.33-6.el7.remi.x86_64 installation location
rpm -ql php73-php-fpm-7.3.33-6.el7.remi.x86_64
Find the php.ini location:
find /etc/opt/remi/php73 -name php.ini
Edit /etc/opt/remi/php73/php.ini to replace; cgi.fix_pathinfo=1 is cgi.fix_pathinfo=0 shortcut command:
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/opt/remi/php73/php.ini
cgi.fix_pathinfo option in php.ini
https://taobig.org/?p=650
restart php73-php-fpm
systemctl restart php73-php-fpm
Verify that the installation was successful:
php73 -v
View installed php extensions
php73 -m
Install more components
yum search php73
php service-related software description:
php73w --> main program software
php73w-gd --> software
php73w-mcrypt related to display graphics --> php73w-pdo related to data transmission encryption
--> let php establish a connection with the database
php73w- fpm --> fastcgi
Important directory information:
/etc/php-fpm.conf --> configuration file of php-fpm process
/etc/php-fpm.d --> directory of configuration file loaded by php-fpm process
/etc/php-fpm. d/www.conf
user = nginx --> use the specified user to manage the php work process, it is recommended to configure the same user group as the nginx service
group = nginx --> use the specified user group to manage the php work process
listen = 127.0.0.1:9000 --> After specifying the php service to run, the listening address and port information
listen.allowed_clients = 127.0.0.1 --> only allow local access to the php 9000 port service
Software configuration and wordpress installation
yum -y install wget
wget https://cn.wordpress.org/latest-zh_CN.tar.gz
cd /usr/share/nginx/html
cp ~/latest-zh_CN.tar.gz wordpress.tar.gz
tar xf wordpress.tar.gz
mv wordpress csdn
install ssl certificate
配置证书需要网站访问,开始直接修改默认default.conf中绑定的server_name和根目录
cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
yum install -y vim
vim /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name csdn.net www.csdn.net;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html/csdn;
index index.html index.htm;
}
systemctl status nginx.service
systemctl enable nginx.service
systemctl start nginx.service
systemctl restart nginx.service
systemctl stop nginx.service
yum install -y certbot
certbot --version
测试参数 --dry-run
certbot certonly --webroot -w /usr/share/nginx/html/csdn -d csdn.net -d www.csdn.net -m [email protected] --agree-tos --dry-run
IMPORTANT NOTES:
- The dry run was successful.
通过测试后执行:
certbot certonly --webroot -w /usr/share/nginx/html/csdn -d csdn.net -d www.csdn.net -m [email protected] --agree-tos
成功结果看IMPORTANT NOTES:
Subscribe to the EFF mailing list (email: [email protected]).
Starting new HTTPS connection (1): supporters.eff.org
An unexpected error occurred:
TypeError: __str__ returned non-string (type Error)
Please see the logfiles in /var/log/letsencrypt for more details.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/csdn.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/csdn.net/privkey.pem
Your certificate will expire on 2023-02-08. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[root@HKBGP348853 html]# ll /etc/letsencrypt/live/csdn.net/
total 4
lrwxrwxrwx 1 root root 30 Nov 10 04:48 cert.pem -> ../../archive/csdn.net/cert1.pem
lrwxrwxrwx 1 root root 31 Nov 10 04:48 chain.pem -> ../../archive/csdn.net/chain1.pem
lrwxrwxrwx 1 root root 35 Nov 10 04:48 fullchain.pem -> ../../archive/csdn.net/fullchain1.pem
lrwxrwxrwx 1 root root 33 Nov 10 04:48 privkey.pem -> ../../archive/csdn.net/privkey1.pem
-rw-r--r-- 1 root root 692 Nov 10 04:48 README
查看证书有效期:
openssl x509 -noout -dates -in /etc/letsencrypt/live/csdn.net/cert.pem
手动更新证书
certbot renew --dry-run
如果不需要返回的信息,可以用静默方式
certbot renew --quiet
自动更新证书
crontab -e
00 05 01 * * /usr/bin/certbot renew --quiet && /bin/systemctl restart nginx
configure nginx
mkdir /etc/ssl/private/ -p
cd /etc/ssl/private/
openssl dhparam 2048 -out dhparam.pem
rm -rf /etc/nginx/conf.d/default.conf
vim /etc/nginx/conf.d/default.conf
server {
listen 80 default;
return 444;
}
server {
listen 80;
server_name csdn.net www.csdn.net;
if ($scheme = http) {
rewrite ^/(.*)$ https://csdn.net/$1 permanent;
# return 301 https://csdn.net$request_uri;
}
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html/csdn;
index index.php index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html/csdn;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/csdn/$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 443 ssl;
server_name csdn.net www.csdn.net;
ssl_certificate /etc/letsencrypt/live/csdn.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/csdn.net/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_dhparam /etc/ssl/private/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
ssl_prefer_server_ciphers on;
location / {
root /usr/share/nginx/html/csdn;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /usr/share/nginx/html/csdn;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/csdn/$fastcgi_script_name;
include fastcgi_params;
}
}
Configure php permissions
ps -ef | grep php
root 5049 1 0 04:00 ? 00:00:00 php-fpm: master process (/etc/opt/remi/php73/php-fpm.conf)
apache 5050 5049 0 04:00 ? 00:00:00 php-fpm: pool www
apache 5051 5049 0 04:00 ? 00:00:00 php-fpm: pool www
apache 5052 5049 0 04:00 ? 00:00:00 php-fpm: pool www
apache 5053 5049 0 04:00 ? 00:00:00 php-fpm: pool www
apache 5054 5049 0 04:00 ? 00:00:00 php-fpm: pool www
root 5413 1117 0 04:13 pts/0 00:00:00 grep --color=auto php
php执行权限用户为apache
chmod -R 777 csdn
chown -R apache:apache csdn/
configure mysql
systemctl enable mysqld
systemctl start mysqld
查看初始root密码
grep password /var/log/mysqld.log
mysql -u root -p
set password for root@localhost = password('pasSw0oO0Rd__');
create database csdn;
Check hard disk and memory available capacity
df -h
free -h
Restart to see if the configuration is still normal
reboot