CentOS8手动部署WordPress - Memcached+MariaDB+PHP+Nginx+CertBOT

如果你对宝塔面板已经审美疲劳，其他的一键编译web环境也不想安装了，那么就可以试试自己在CentOS8手动部署Memcached+MariaDB+PHP+Nginx+CertBOT之后来部署wordpress~~~

1、准备

下面的环境均在CentOS 8上面部署操作<CentOS Linux release 8.2.2004 (Core)>

1）查看CentOS版本

whoami
root
cat /etc/redhat-release 
CentOS Linux release 8.2.2004 (Core)

2）系统尽量维持在最新版（可选）

dnf makecache
dnf update -y

3）建议关闭SELinux和Firewalld，防火墙可以使用云厂商自带的（可选）

vim /etc/selinux/config
SELINUX=disabled
systemctl disable --now firewalld

4）最后重启保证修改生效

reboot

2、安装MariaDB

MariaDB和MySQL一样，相对来说更轻量，资源占用率比较低。MySQL新版占用内存太高，1G内存的小鸡扛不住~~，所以这里选择MariaDB~~

1）安装MariaDB

dnf install mariadb-server -y

2）开机启动mariadb

systemctl enable --now mariadb

3）初始化

mysql_secure_installation
......
Enter current password for root (enter for none): # 直接回车即可，因为我没还没有设置root密码
......
Set root password? [Y/n] Y # 设置ROOT密码
New password: # 输入root密码，我这里输入的是：1nKf4D^0NGPb*Ak
Re-enter new password: 
Password updated successfully!
......
Remove anonymous users? [Y/n] Y # 移除匿名用户
......
Disallow root login remotely? [Y/n] Y # 关闭root远程登录
......
Remove test database and access to it? [Y/n] Y # 移除测试数据库
......
Reload privilege tables now? [Y/n] Y # 刷新权限表

4）设置字符编码为utf8

编辑配置文件我们需要修改字符集为utf8

vim /etc/my.cnf.d/mariadb-server.cnf
......
[mysqld]
......
# 在mysqld段增加下面的配置
character-set-server=utf8
collation-server=utf8_unicode_ci
......

5）重启服务

systemctl restart mariadb

6）创建Wordpress数据库

$ mysql -uroot -p
# 输入root密码
Enter password:
# 查看字符编码
MariaDB [(none)]> \s
--------------
mysql  Ver 15.1 Distrib 10.3.17-MariaDB, for Linux (x86_64) using readline 5.1
Connection id:          8
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.3.17-MariaDB MariaDB Server
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /var/lib/mysql/mysql.sock
Uptime:                 1 min 10 sec
Threads: 7  Questions: 4  Slow queries: 0  Opens: 17  Flush tables: 1  Open tables: 11  Queries per second avg: 0.057
--------------
# 创建wp数据库
MariaDB [(none)]> create database wp;
Query OK, 1 row affected (0.000 sec)

3、安装Memcached

为了加速我们的网站访问，减少查询，我们用了Memcached来做缓存服务，至于为什么不用redis，因为Memcached足以满足我们的服务~

1）安装memcached

dnf install memcached libmemcached -y

2）修改配置文件使只监听127.0.0.1

$ vim /etc/sysconfig/memcached
......
OPTIONS="-l 127.0.0.1"
......

3）开机启动mariadb

systemctl enable memcached --now

4、安装PHP和nginx

PHP这里用的7.4版本，推荐用新版本~

1）安装

以下命令分别复制安装~

$ dnf install epel-release -y
$ dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
$ dnf module reset php
$ dnf module enable php:remi-7.4 -y
$ dnf install php-pecl-memcached php-pecl-memcache php php-opcache php-gd php-curl php-mysqlnd php-zip php-mbstring php-devel php-json -y

2）安装

这里开始nginx服务安装

[reply]

dnf install nginx -y

3）修改配置

默认使用的用户是apache，但是我们使用的是nginx，所以需要把用户修改为nginx

$ vim /etc/php-fpm.d/www.conf
......
user = nginx
group = nginx
......

4）修改文件授权

$ chown -R root:nginx /var/lib/php

5）启动

systemctl enable --now php-fpm

5、WordPress安装

1）WordPress下载解压到指定目录下就可以了

# 安装wgey命令，下面需要用到
$ dnf install wget -y
$ cd /var/www
$ wget https://wordpress.org/latest.tar.gz
$ rm -fr html
$ tar xf latest.tar.gz
$ mv wordpress html
$ rm -f latest.tar.gz

2）设置授权

$ chown -R nginx.nginx html

3）数据库配置

$ cd html/
$ cp wp-config-sample.php wp-config.php
$ chown nginx.nginx wp-config.php
$ vim wp-config.php
......
define( 'DB_NAME', 'wp' );
define( 'DB_USER', 'root' );
define( 'DB_PASSWORD', '#1nKf4D^0NGPb*Ak' );
define( 'DB_HOST', 'localhost' );
......

6、Nginx部署

nginx在PHP部分已经安装好了，所以直接跳过安装进入部署

1）配置nginx.conf

这里准备的域名是：mm.qixi.ng，请根据需要修改为自己的~~

$ vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;

    server {
        listen 80;
        server_name mm.qixi.ng;

        root /var/www/html;
        index index.php;

        location / {
           try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/run/php-fpm/www.sock;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
        }

        location = /xmlrpc.php {
            deny all;
            access_log off;
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ /\. {
            deny all;
        }

        location ~* /(?:uploads|files)/.*\.php$ {
            deny all;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
            expires max;
            log_not_found off;
        }
    }
}

2）启动NGINX

systemctl enable --now  nginx

3）添加域名解析

本位用的域名为：mm.qixi.ng，请自行A解析域名到你的服务器，具体过程略过~~~

7、安装wordpress

1）如果打开域名不能访问，可以关闭防火墙，或者放行80和443端口~

firewall-cmd --zone=public --add-port=80/tcp --permanent

2）浏览器打开mm.qixi.ng，一步一步初始化安装，如何安装wordpress就略过了。

8、CertBOT

如果你的站点并不想使用https，那么可以直接跳过这段。为了使用https我们需要通过使用certbot来签发ssl证书！！

$ curl -O https://dl.eff.org/certbot-auto
$ mv certbot-auto /usr/local/bin/certbot-auto
$ chmod 0755 /usr/local/bin/certbot-auto
# 根据提示输入一些信息即可
$ /usr/local/bin/certbot-auto --nginx

2）由于签发的证书有效期只有三个月，所以我们需要添加定时任务来自动续签

$ crontab -e
0 0,12 * * * /usr/local/bin/certbot-auto renew --dry-run

3）下面是使用了https的nginx完整的配置文件

$ vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    # 添加gzip压缩
    gzip on;
    gzip_min_length 0;
    gzip_comp_level 9;
    gzip_types *;
    gzip_vary on;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;

    # 隐藏nginx版本信息
    server_tokens off;

    server {
        if ($host = mm.qixi.ng) {
            return 301 https://$host$request_uri;
        }

        listen 80;
        server_name mm.qixi.ng;
        return 404;
    }

    server {
        listen 443 ssl http2;
        server_name mm.qixi.ng;

        ssl_certificate /etc/letsencrypt/live/mm.qixi.ng/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mm.qixi.ng/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
        ssl_session_cache shared:SSL:20m;

        root /var/www/html;
        index index.php;

        location / {
           try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/run/php-fpm/www.sock;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
        }

        location = /xmlrpc.php {
            deny all;
            access_log off;
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ /\. {
            deny all;
        }

        location ~* /(?:uploads|files)/.*\.php$ {
            deny all;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
            expires max;
            log_not_found off;
        }
    }
}

4）当访问http会自动跳转到https

curl -I mm.qixi.ng
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 21 Oct 2020 11:10:38 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://mm.qixi.ng/

5）https可以正常访问

curl -I https://mm.qixi.ng/
HTTP/2 200 
server: nginx
date: Wed, 21 Oct 2020 11:11:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.11
link: <https://mm.qixi.ng/wp-json/>; rel="https://api.w.org/"
strict-transport-security: max-age=31536000; includeSubDomains

6）当Memcached缓存配置之后，访问几次页面，然后通过telnet连接memcached查看是否生效

$ dnf install telnet -y
$ telnet localhost 11211
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
stats
......
# 关键数据
# 缓存访问数
STAT cmd_get 5654
# 缓存命中数
STAT get_hits 5456
# 缓存miss数
STAT get_misses 84333
......

[/reply]

9、最后

以上教程属于瞎折腾，宝塔折腾腻了，可以玩玩这个教程，宝塔太臃肿了，用这个清凉下一也不错~~配置nginx.conf的时候，可以用SFTP来连接到服务器进行编辑文件的操作。

端口问题，你用用商家的防火墙，关闭centos的Firewalld，这个地方稍微注意下……