• WordPress部署


    上一篇编译安装LAMP的补充,实现WordPress个人博客搭建的应用

    附自动安装脚本:http://scripts.dongfei.tech/lamp_make.sh

    服务器端部署:

    [root@lamp ~]# wget http://src.dongfei.tech/wordpress-4.9.4-zh_CN.zip
    [root@lamp ~]# unzip wordpress-4.9.4-zh_CN.zip 
    [root@lamp ~]# mkdir /lamp/data/www/
    [root@lamp ~]# mv wordpress /lamp/data/www/
    [root@lamp ~]# setfacl -R -m u:apache:rwx /lamp/data/www/wordpress/
    [root@lamp ~]# cd /lamp/application/httpd24/conf/
    主配文件:
    [root@lamp conf]# vim httpd.conf  #保证以下参数与示例一致
    LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule ssl_module modules/mod_ssl.so
    LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
    Include conf/extra/httpd-ssl.conf
    Include conf/extra/httpd-vhosts.conf
    #AddType application/x-httpd-php .php
    #AddType application/x-httpd-php-source .phps
    #ProxyRequests Off
    #ProxyPassMatch  ^/(.*.php)$ fcgi://127.0.0.1:9000/lamp/application/httpd24/htdocs/
    #DocumentRoot "/lamp/application/httpd24/htdocs"
    #<Directory "/lamp/application/httpd24/htdocs">
    #    Options Indexes FollowSymLinks
    #    AllowOverride None
    #    Require all granted
    #</Directory>
    <IfModule dir_module>
        DirectoryIndex index.html
    </IfModule>
    虚拟主机配置文件:
    [root@lamp conf]# vim extra/httpd-vhosts.conf 
    DirectoryIndex index.php
    <VirtualHost *:80>
        DocumentRoot "/lamp/data/www/wordpress"
        <Directory "/lamp/data/www/wordpress">
            Options -Indexes +FollowSymLinks
            AllowOverride None
            Require all granted
        </Directory>
        ServerName blog.dongfei.com
        ErrorLog "logs/blog.dongfei.com-error_log"
        CustomLog "logs/blog.dongfei.com-access_log" common
        AddType application/x-httpd-php .php
        AddType application/x-httpd-php-source .phps
        ProxyRequests Off
        ProxyPassMatch  ^/(.*.php)$ fcgi://127.0.0.1:9000/lamp/data/www/wordpress/
        Header always set Strict-Transport-Security "max-age=31536000"
        RewriteEngine on
        RewriteRule ^(/wp-admin.*)$  https://%{HTTP_HOST}$1 [redirect=302]
        RewriteRule ^(/wp-login.*)$  https://%{HTTP_HOST}$1 [redirect=302]
    </VirtualHost>
    搭建CA:
    [root@lamp CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:bj
    Locality Name (eg, city) [Default City]:bj
    Organization Name (eg, company) [Default Company Ltd]:dongfei.com
    Organizational Unit Name (eg, section) []:opt
    Common Name (eg, your name or your server's hostname) []:ca.dongfei.com
    [root@lamp CA]# touch index.txt
    [root@lamp CA]# echo 01 > serial
    [root@lamp CA]# cd /lamp/application/httpd24/conf/extra/
    [root@lamp extra]# mkdir ssl
    [root@lamp extra]# cd ssl
    [root@lamp ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
    [root@lamp ssl]# openssl req -new -key httpd.key -out httpd.csr
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:bj
    Locality Name (eg, city) [Default City]:bj
    Organization Name (eg, company) [Default Company Ltd]:dongfei.com
    Organizational Unit Name (eg, section) []:opt
    Common Name (eg, your name or your server's hostname) []:blog.dongfei.com
    [root@lamp ssl]# cp httpd.csr /etc/pki/CA/
    [root@lamp ssl]# cd /etc/pki/CA/
    [root@lamp CA]# openssl ca -in httpd.csr -out certs/httpd.crt -days 350
    Sign the certificate? [y/n]:y
    1 out of 1 certificate requests certified, commit? [y/n]y
    [root@lamp CA]# cp certs/httpd.crt cacert.pem /lamp/application/httpd24/conf/extra/ssl/
    [root@lamp ~]# scp /etc/pki/CA/cacert.pem 192.168.0.7:/root/cacert.crt  #将根证书发给客户端一份
    
    配置https:
    [root@lamp CA]# cd /lamp/application/httpd24/conf
    [root@lamp conf]# cp extra/httpd-ssl.conf{,.bak}
    [root@lamp conf]# vim extra/httpd-ssl.conf
    Listen 443
    SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
    SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
    SSLHonorCipherOrder on 
    SSLProtocol all -SSLv3
    SSLProxyProtocol all -SSLv3
    SSLPassPhraseDialog  builtin
    SSLSessionCache        "shmcb:/lamp/application/httpd24/logs/ssl_scache(512000)"
    SSLSessionCacheTimeout  300
    <VirtualHost _default_:443>
    DocumentRoot "/lamp/data/www/wordpress/"
    ServerName blog.dongfei.com:443
    ServerAdmin admin@dongfei.com
    ErrorLog "/lamp/application/httpd24/logs/error_log"
    TransferLog "/lamp/application/httpd24/logs/access_log"
    SSLEngine on
    SSLCertificateFile "/lamp/application/httpd24/conf/extra/ssl/httpd.crt"
    SSLCertificateKeyFile "/lamp/application/httpd24/conf/extra/ssl/httpd.key"
    SSLCACertificateFile "/lamp/application/httpd24/conf/extra/ssl/cacert.pem"
    <FilesMatch ".(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "/lamp/application/httpd24/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    BrowserMatch "MSIE [2-5]" 
             nokeepalive ssl-unclean-shutdown 
             downgrade-1.0 force-response-1.0
    CustomLog "/lamp/application/httpd24/logs/ssl_request_log" 
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
    <Directory "/lamp/data/www/wordpress">
        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
    ProxyRequests Off
    ProxyPassMatch  ^/(.*.php)$ fcgi://127.0.0.1:9000/lamp/data/www/wordpress/
    </VirtualHost>
    [root@lamp ~]# apachectl restart
    
    创建数据库:
    [root@lamp ~]# mysql
    MariaDB [(none)]> CREATE DATABASE wpdb;
    MariaDB [(none)]> GRANT ALL ON wpdb.* TO wpuser@'127.0.0.1' IDENTIFIED BY 'wppass';
    

    在客户端配置WordPress:

    [root@centos7 ~]# vim /etc/hosts
    192.168.0.8 blog.dongfei.com
    [root@centos7 ~]# firefox http://blog.dongfei.com
    

    此时我们由于没有信任根证书,所以提示不安全

    导入证书:Preferences - Advanced - Certificates - View Certificates - Import... - 选择/root/cacert.crt导入证书,刷新

    接下来根据提示来填写信息

    到此,实现了访问后台管理页面是基于https协议,访问博客基于http协议,主要是为了保护登录时是加密传输,防止密码泄露。在以上配置中使用的是私有证书,仅仅为自己使用,如果是开发注册站点建议申请ssl证书。

    推荐几个实用的wordpress插件:

    Autoptimize:缓存加速功能

    Limit Login Attempts Reloaded:管理后台防暴力破解

    WP Editor.md:markdown编辑器插件

    WP 统计:站点统计插件

    Crayon Syntax Highlighter:代码高亮插件

  • 相关阅读:
    3月工作问题总结
    【读书笔记】linux编程艺术
    项目管理工具 Trac入门
    [node.js]开放平台接口调用测试
    mysql 高并发更新计数问题
    memcache 问题 socket or its streams already null in trueClose call
    hadoop学习笔记
    node.js学习与应用
    mc参数备忘&javajson备忘
    WCF技术剖析_学习笔记之三
  • 原文地址:https://www.cnblogs.com/L-dongf/p/9220471.html
Copyright © 2020-2023  润新知