wordpress lnmp环境配置记录

wordpress lnmp环境配置记录

nginx安装

配置nginx源
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

安装nginx-1.16版本
yum install -y nginx

确认是否安装：
rpm -qa | grep nginx

yum install nginx，会默认创建nginx:nginx，组和账户。

文件默认位置:
二进制文件在/usr/sbin/nginx
配置文件夹在/etc/nginx/
log文件夹在/var/log/nginx
yum安装会自动创建/usr/lib/systemd/system/nginx.service，可以用systemctl 启动停止。

mysql安装

配置mysql源
rpm -ivh http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm

安装mysql5.7
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
yum -y install mysql-community-server
装社区版是因为mysql5.7收费了。

问题：

Public key for mysql-community-server-5.7.40-1.el7.x86_64.rpm is not installed
Failing package is: mysql-community-server-5.7.40-1.el7.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql

https://blog.youkuaiyun.com/searlas/article/details/123393829
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

确认是否安装：
rpm -qa | grep mysql

php安装

https://blog.youkuaiyun.com/chpjmb/article/details/116402778
配置php源

首先安装 EPEL 源：
yum install -y epel-release

安装 REMI 源：
# CentOS 7
yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# CentOS 6
yum install -y http://rpms.remirepo.net/enterprise/remi-release-6.rpm

安装 Yum 源管理工具：
yum -y install yum-utils

安装PHP软件
# 安装 PHP7.3：
yum install -y php73-php-fpm php73-php-cli php73-php-bcmath php73-php-gd php73-php-json php73-php-mbstring php73-php-mcrypt php73-php-mysqlnd php73-php-opcache php73-php-pdo php73-php-pecl-crypto php73-php-pecl-mcrypt php73-php-pecl-geoip php73-php-recode php73-php-snmp php73-php-soap php73-php-xmll php73-php-imagick php73-php-zip php73-php-intl php73-php-xml

wordpress环境检查
https://youkuaiyun.com/wp-admin/site-health.php

设置开机启动、运行服务：

systemctl enable php73-php-fpm
systemctl start php73-php-fpm

查找安装包：
rpm -qa | grep 'php'

找到：php73-php-fpm-7.3.33-6.el7.remi.x86_64安装位置
rpm -ql php73-php-fpm-7.3.33-6.el7.remi.x86_64

查找php.ini位置：
find /etc/opt/remi/php73 -name php.ini

编辑/etc/opt/remi/php73/php.ini替换换 ;cgi.fix_pathinfo=1 为 cgi.fix_pathinfo=0 快捷命令：
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/opt/remi/php73/php.ini

php.ini中的cgi.fix_pathinfo选项
https://taobig.org/?p=650

重启php73-php-fpm
systemctl restart php73-php-fpm

验证一下是否安装成功：
php73 -v

查看安装的php拓展
php73 -m

安装更多组件
yum search php73

php服务相关软件说明：
php73w --> 主程序软件
php73w-gd --> 和显示图形相关的软件
php73w-mcrypt --> 和数据传输加密相关
php73w-pdo --> 让php和数据库建立联系
php73w-fpm --> fastcgi

重要的目录信息：
/etc/php-fpm.conf -->php-fpm进程的配置文件
/etc/php-fpm.d -->php-fpm进程加载配置文件的目录
/etc/php-fpm.d/www.conf
user = nginx -->利用指定用户管理php工作进程 建议配置和nginx服务相同的用户
group = nginx -->利用指定用户组管理php工作进程
listen = 127.0.0.1:9000 -->指定php服务运行后，监听的地址和端口信息
listen.allowed_clients = 127.0.0.1 -->只允许本地访问php 9000端口服务

软件配置及wordpress安装

yum -y install wget

wget https://cn.wordpress.org/latest-zh_CN.tar.gz
cd /usr/share/nginx/html
cp ~/latest-zh_CN.tar.gz wordpress.tar.gz
tar xf wordpress.tar.gz
mv wordpress csdn

安装ssl证书

配置证书需要网站访问，开始直接修改默认default.conf中绑定的server_name和根目录
cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
yum install -y vim
vim /etc/nginx/conf.d/default.conf

server {
    listen       80;
    server_name  youkuaiyun.com www.youkuaiyun.com;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html/csdn;
        index  index.html index.htm;
    }


systemctl status nginx.service
systemctl enable nginx.service
systemctl start nginx.service
systemctl restart nginx.service
systemctl stop nginx.service


yum install -y certbot
certbot --version


测试参数  --dry-run
certbot certonly --webroot -w /usr/share/nginx/html/csdn -d youkuaiyun.com -d www.youkuaiyun.com -m admin@youkuaiyun.com --agree-tos --dry-run

IMPORTANT NOTES:
 - The dry run was successful.
 
通过测试后执行：
certbot certonly --webroot -w /usr/share/nginx/html/csdn -d youkuaiyun.com -d www.youkuaiyun.com -m admin@youkuaiyun.com --agree-tos


成功结果看IMPORTANT NOTES：
Subscribe to the EFF mailing list (email: admin@youkuaiyun.com).
Starting new HTTPS connection (1): supporters.eff.org
An unexpected error occurred:
TypeError: __str__ returned non-string (type Error)
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/youkuaiyun.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/youkuaiyun.com/privkey.pem
   Your certificate will expire on 2023-02-08. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

[root@HKBGP348853 html]# ll /etc/letsencrypt/live/youkuaiyun.com/
total 4
lrwxrwxrwx 1 root root  30 Nov 10 04:48 cert.pem -> ../../archive/youkuaiyun.com/cert1.pem
lrwxrwxrwx 1 root root  31 Nov 10 04:48 chain.pem -> ../../archive/youkuaiyun.com/chain1.pem
lrwxrwxrwx 1 root root  35 Nov 10 04:48 fullchain.pem -> ../../archive/youkuaiyun.com/fullchain1.pem
lrwxrwxrwx 1 root root  33 Nov 10 04:48 privkey.pem -> ../../archive/youkuaiyun.com/privkey1.pem
-rw-r--r-- 1 root root 692 Nov 10 04:48 README

查看证书有效期：
openssl x509 -noout -dates -in /etc/letsencrypt/live/youkuaiyun.com/cert.pem

手动更新证书
certbot renew --dry-run

如果不需要返回的信息，可以用静默方式
certbot renew --quiet

自动更新证书
crontab -e
00 05 01 * * /usr/bin/certbot renew --quiet && /bin/systemctl restart nginx

配置nginx

mkdir /etc/ssl/private/ -p
cd /etc/ssl/private/
openssl dhparam 2048 -out dhparam.pem

rm -rf /etc/nginx/conf.d/default.conf
vim /etc/nginx/conf.d/default.conf

server {
    listen 80 default;
    return 444;
}
server {
    listen       80;
    server_name  youkuaiyun.com www.youkuaiyun.com;
    if ($scheme = http) {
        rewrite ^/(.*)$ https://youkuaiyun.com/$1 permanent;
    #    return 301 https://youkuaiyun.com$request_uri;
    }

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html/csdn;
        index  index.php index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        root           /usr/share/nginx/html/csdn;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html/csdn/$fastcgi_script_name;
        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
server {
    listen       443 ssl;
    server_name  youkuaiyun.com  www.youkuaiyun.com;
 
    ssl_certificate      /etc/letsencrypt/live/youkuaiyun.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/youkuaiyun.com/privkey.pem;
 
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
 
    ssl_dhparam /etc/ssl/private/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
    ssl_ciphers  'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
        ssl_prefer_server_ciphers  on;
 
        location / {
        root   /usr/share/nginx/html/csdn;
        index  index.php index.html index.htm;
        }

    location ~ \.php$ {
        root           /usr/share/nginx/html/csdn;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html/csdn/$fastcgi_script_name;
        include        fastcgi_params;
    }

    }

配置php权限

ps -ef | grep php

root      5049     1  0 04:00 ?        00:00:00 php-fpm: master process (/etc/opt/remi/php73/php-fpm.conf)
apache    5050  5049  0 04:00 ?        00:00:00 php-fpm: pool www
apache    5051  5049  0 04:00 ?        00:00:00 php-fpm: pool www
apache    5052  5049  0 04:00 ?        00:00:00 php-fpm: pool www
apache    5053  5049  0 04:00 ?        00:00:00 php-fpm: pool www
apache    5054  5049  0 04:00 ?        00:00:00 php-fpm: pool www
root      5413  1117  0 04:13 pts/0    00:00:00 grep --color=auto php

php执行权限用户为apache

chmod -R 777 csdn
chown -R apache:apache csdn/

配置mysql

systemctl enable mysqld
systemctl start mysqld

查看初始root密码
grep password /var/log/mysqld.log

mysql -u root -p
set password for root@localhost = password('pasSw0oO0Rd__');
create database csdn;

查看硬盘和内存可用容量

df -h
free -h

重启查看配置是否依然正常
reboot