CentOS8手动部署WordPress-Memcached+MariaDB+PHP+Nginx+CertBOT

如果你对宝塔面板已经审美疲劳，其他的一键编译web环境也不想安装了，那么就可以试试自己在CentOS8手动部署Memcached+MariaDB+PHP+Nginx+CertBOT之后来部署wordpress~~~

1、准备

下面的环境均在CentOS 8上面部署操作<CentOS Linux release 8.2.2004 (Core)>

1）查看CentOS版本

whoamirootcat /etc/redhat-release CentOS Linux release 8.2.2004 (Core)

2）系统尽量维持在最新版（可选）

dnf makecachednf update -y

3）建议关闭SELinux和Firewalld，防火墙可以使用云厂商自带的（可选）

vim /etc/selinux/configSELINUX=disabledsystemctl disable --now firewalld

4）最后重启保证修改生效

reboot

2、安装MariaDB

MariaDB和MySQL一样，相对来说更轻量，资源占用率比较低。MySQL新版占用内存太高，1G内存的小鸡扛不住~~，所以这里选择MariaDB~~

1）安装MariaDB

dnf install mariadb-server -y

2）开机启动mariadb

systemctl enable --now mariadb

3）初始化

mysql_secure_installation......Enter current password for root (enter for none): # 直接回车即可，因为我没还没有设置root密码......Set root password? [Y/n] Y # 设置ROOT密码New password: # 输入root密码，我这里输入的是：1nKf4D^0NGPb*AkRe-enter new password: Password updated successfully!......Remove anonymous users? [Y/n] Y # 移除匿名用户......Disallow root login remotely? [Y/n] Y # 关闭root远程登录......Remove test database and access to it? [Y/n] Y # 移除测试数据库......Reload privilege tables now? [Y/n] Y # 刷新权限表

4）设置字符编码为utf8

编辑配置文件我们需要修改字符集为utf8

vim /etc/my.cnf.d/mariadb-server.cnf......[mysqld]......# 在mysqld段增加下面的配置character-set-server=utf8collation-server=utf8_unicode_ci......

5）重启服务

systemctl restart mariadb

6）创建Wordpress数据库

$ mysql -uroot -p# 输入root密码Enter password:# 查看字符编码MariaDB [(none)]> \s--------------mysql  Ver 15.1 Distrib 10.3.17-MariaDB, for Linux (x86_64) using readline 5.1Connection id:          8Current database:Current user:           root@localhostSSL:        Not in useCurrent pager:          stdoutUsing outfile:          ''Using delimiter:        ;Server:     MariaDBServer version:         10.3.17-MariaDB MariaDB ServerProtocol version:       10Connection: Localhost via UNIX socketServer characterset:    utf8Db     characterset:    utf8Client characterset:    utf8Conn.  characterset:    utf8UNIX socket:/var/lib/mysql/mysql.sockUptime:     1 min 10 secThreads: 7  Questions: 4  Slow queries: 0  Opens: 17  Flush tables: 1  Open tables: 11  Queries per second avg: 0.057--------------# 创建wp数据库MariaDB [(none)]> create database wp;Query OK, 1 row affected (0.000 sec)

3、安装Memcached

为了加速我们的网站访问，减少查询，我们用了Memcached来做缓存服务，至于为什么不用redis，因为Memcached足以满足我们的服务~

1）安装memcached

dnf install memcached libmemcached -y

2）修改配置文件使只监听127.0.0.1

$ vim /etc/sysconfig/memcached......OPTIONS="-l 127.0.0.1"......

3）开机启动mariadb

systemctl enable memcached --now

4、安装PHP和nginx

PHP这里用的7.4版本，推荐用新版本~

1）安装

以下命令分别复制安装~

$ dnf install epel-release -y$ dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y$ dnf module reset php$ dnf module enable php:remi-7.4 -y$ dnf install php-pecl-memcached php-pecl-memcache php php-opcache php-gd php-curl php-mysqlnd php-zip php-mbstring php-devel php-json -y

2）安装

这里开始nginx服务安装

[reply]

dnf install nginx -y

3）修改配置

默认使用的用户是apache，但是我们使用的是nginx，所以需要把用户修改为nginx

$ vim /etc/php-fpm.d/www.conf......user = nginxgroup = nginx......

4）修改文件授权

$ chown -R root:nginx /var/lib/php

5）启动

systemctl enable --now php-fpm

5、WordPress安装

1）WordPress下载解压到指定目录下就可以了

# 安装wgey命令，下面需要用到$ dnf install wget -y$ cd /var/www$ wget https://wordpress.org/latest.tar.gz$ rm -fr html$ tar xf latest.tar.gz$ mv wordpress html$ rm -f latest.tar.gz

2）设置授权

$ chown -R nginx.nginx html

3）数据库配置

$ cd html/$ cp wp-config-sample.php wp-config.php$ chown nginx.nginx wp-config.php$ vim wp-config.php......define( 'DB_NAME', 'wp' );define( 'DB_USER', 'root' );define( 'DB_PASSWORD', '#1nKf4D^0NGPb*Ak' );define( 'DB_HOST', 'localhost' );......

6、Nginx部署

nginx在PHP部分已经安装好了，所以直接跳过安装进入部署

1）配置nginx.conf

这里准备的域名是：mm.qixi.ng，请根据需要修改为自己的~~

$ vim /etc/nginx/nginx.confuser nginx;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;include /usr/share/nginx/modules/*.conf;events {    worker_connections 1024;}http {    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '          '$status $body_bytes_sent "$http_referer" '          '"$http_user_agent" "$http_x_forwarded_for"';    access_log  /var/log/nginx/access.log  main;    sendfileon;    tcp_nopush          on;    tcp_nodelay         on;    keepalive_timeout   65;    types_hash_max_size 2048;    include /etc/nginx/mime.types;    default_type        application/octet-stream;    include /etc/nginx/conf.d/*.conf;    server {        listen 80;        server_name mm.qixi.ng;        root /var/www/html;        index index.php;        location / {           try_files $uri $uri/ /index.php$is_args$args;        }        location ~ \.php$ {try_files $uri =404;fastcgi_split_path_info ^(.+\.php)(/.+)$;fastcgi_pass unix:/run/php-fpm/www.sock;fastcgi_index index.php;include fastcgi_params;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param PATH_INFO $fastcgi_path_info;        }        location = /xmlrpc.php {deny all;access_log off;        }        location = /favicon.ico {log_not_found off;access_log off;        }        location = /robots.txt {allow all;log_not_found off;access_log off;        }        location ~ /\. {deny all;        }        location ~* /(?:uploads|files)/.*\.php$ {deny all;        }        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {expires max;log_not_found off;        }    }}

2）启动NGINX

systemctl enable --now  nginx

3）添加域名解析

本位用的域名为：mm.qixi.ng，请自行A解析域名到你的服务器，具体过程略过~~~

7、安装wordpress

1）如果打开域名不能访问，可以关闭防火墙，或者放行80和443端口~

firewall-cmd --zone=public --add-port=80/tcp --permanent

2）浏览器打开mm.qixi.ng，一步一步初始化安装，如何安装wordpress就略过了。

8、CertBOT

如果你的站点并不想使用https，那么可以直接跳过这段。为了使用https我们需要通过使用certbot来签发ssl证书！！

$ curl -O https://dl.eff.org/certbot-auto$ mv certbot-auto /usr/local/bin/certbot-auto$ chmod 0755 /usr/local/bin/certbot-auto# 根据提示输入一些信息即可$ /usr/local/bin/certbot-auto --nginx

2）由于签发的证书有效期只有三个月，所以我们需要添加定时任务来自动续签

$ crontab -e0 0,12 * * * /usr/local/bin/certbot-auto renew --dry-run

3）下面是使用了https的nginx完整的配置文件

$ vim /etc/nginx/nginx.confuser nginx;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;include /usr/share/nginx/modules/*.conf;events {    worker_connections 1024;}http {    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '          '$status $body_bytes_sent "$http_referer" '          '"$http_user_agent" "$http_x_forwarded_for"';    access_log  /var/log/nginx/access.log  main;    sendfileon;    tcp_nopush          on;    tcp_nodelay         on;    keepalive_timeout   65;    types_hash_max_size 2048;    # 添加gzip压缩    gzip on;    gzip_min_length 0;    gzip_comp_level 9;    gzip_types *;    gzip_vary on;    include /etc/nginx/mime.types;    default_type        application/octet-stream;    include /etc/nginx/conf.d/*.conf;    # 隐藏nginx版本信息    server_tokens off;    server {        if ($host = mm.qixi.ng) {return 301 https://$host$request_uri;        }        listen 80;        server_name mm.qixi.ng;        return 404;    }    server {        listen 443 ssl http2;        server_name mm.qixi.ng;        ssl_certificate /etc/letsencrypt/live/mm.qixi.ng/fullchain.pem;        ssl_certificate_key /etc/letsencrypt/live/mm.qixi.ng/privkey.pem;        include /etc/letsencrypt/options-ssl-nginx.conf;        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";        ssl_session_cache shared:SSL:20m;        root /var/www/html;        index index.php;        location / {           try_files $uri $uri/ /index.php$is_args$args;        }        location ~ \.php$ {try_files $uri =404;fastcgi_split_path_info ^(.+\.php)(/.+)$;fastcgi_pass unix:/run/php-fpm/www.sock;fastcgi_index index.php;include fastcgi_params;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;fastcgi_param PATH_INFO $fastcgi_path_info;        }        location = /xmlrpc.php {deny all;access_log off;        }        location = /favicon.ico {log_not_found off;access_log off;        }        location = /robots.txt {allow all;log_not_found off;access_log off;        }        location ~ /\. {deny all;        }        location ~* /(?:uploads|files)/.*\.php$ {deny all;        }        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {expires max;log_not_found off;        }    }}

4）当访问http会自动跳转到https

curl -I mm.qixi.ngHTTP/1.1 301 Moved PermanentlyServer: nginxDate: Wed, 21 Oct 2020 11:10:38 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveLocation: https://mm.qixi.ng/

5）https可以正常访问

curl -I https://mm.qixi.ng/HTTP/2 200 server: nginxdate: Wed, 21 Oct 2020 11:11:32 GMTcontent-type: text/html; charset=UTF-8vary: Accept-Encodingx-powered-by: PHP/7.4.11link: <https://mm.qixi.ng/wp-json/>; rel="https://api.w.org/"strict-transport-security: max-age=31536000; includeSubDomains

6）当Memcached缓存配置之后，访问几次页面，然后通过telnet连接memcached查看是否生效

$ dnf install telnet -y$ telnet localhost 11211Trying ::1...telnet: connect to address ::1: Connection refusedTrying 127.0.0.1...Connected to localhost.Escape character is '^]'.stats......# 关键数据# 缓存访问数STAT cmd_get 5654# 缓存命中数STAT get_hits 5456# 缓存miss数STAT get_misses 84333......

[/reply]

9、最后

以上教程属于瞎折腾，宝塔折腾腻了，可以玩玩这个教程，宝塔太臃肿了，用这个清凉下一也不错~~配置nginx.conf的时候，可以用SFTP来连接到服务器进行编辑文件的操作。

端口问题，你用用商家的防火墙，关闭centos的Firewalld，这个地方稍微注意下……