关于

以前一直也是用的vultr,但是最近发现vultr推出了2.5刀的512m,1cpu,20g ssd的超高性价比的vps,而且vultr的东京节点速度也不错。所以就把博客从hexo迁到了wordpress。hexo静态虽快,但是markdown书写,写一次博客花的时间较长。和环境搭建麻烦,一旦换了电脑,重装系统什么的又得重新搭建。遂放弃。这里顺便扔个邀请链接,各得10刀。

安装lnmp

由于2.5刀vps不支持一键部署wordpress,所以就只有手动安装了。网上大部分安装lnmp都是用的LNMP一键安装包。试了一下的确是方便。但是自己是搞安全的,更喜欢纯净的安装方式。

系统选择的是centos6.8,准备安装nginx1.1,mysql5.7,php5.6。由于centos6.8直接域名安装的mysql和php版本较低。所以需要添加额外的源。

1.首先安装epel repository和相关源

sudo yum install epel-release

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh http://repo.mysql.com/mysql-community-release-el6-5.noarch.rpm

2.安装mysql

yum –enablerepo=mysql57-community-dmr,remi install mysql-server

安装好后需要注意的是mysql5.7默认root安装了validate_password插件,这个插件要求必须使用强密码,生产的root密码在/var/log/mysqld.log,查看:

cat /var/log/mysqld.log |grep passsword

重启mysql和初始化

sudo /etc/init.d/mysqld restart
sudo /usr/bin/mysql_secure_installation

输入如下

Enter current password for root (enter for none):
OK, successfully used password, moving on…

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
… Success!

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
… Success!

By default, MySQL comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
… Success!

Cleaning up…

All done! If you’ve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

3.安装nginx

sudo yum install nginx
sudo /etc/init.d/nginx start

这里要注意添加防火墙规则,不然无法访问。

iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart

好了,现在输入自己的ip就可以访问了nginx的默认页面了!

4.安装php

yum –enablerepo=mysql57-community-dmr,remi,remi-php56 install php php-fpm php-common php-gd php-mysql php-mcrypt php-mbstring php-xml

5.配置php

sudo vi /etc/php.ini

把cgi.fix_pathinfo=1改为cgi.fix_pathinfo=0,并去掉前面注释。这样会提高php安全性。

6.配置nginx

sudo vi /etc/nginx/conf.d/default.conf

改为如下内容:

#
# The default server
#
server {
listen 80;
server_name example.com;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}

error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

除了server_name改为自己的,其他不变。

7.配置php-fpm

把user和group的apache改为nginx。

; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

重启php-fpm

sudo service php-fpm restart

8.开机自启

sudo chkconfig –levels 235 mysqld on
sudo chkconfig –levels 235 nginx on
sudo chkconfig –levels 235 php-fpm on

lnmp环境就搭建完成了。写个phpinfo测试一下。

sudo vi /usr/share/nginx/html/phpinfo.php

写入:

<?php
phpinfo();
?>

重启nginx

sudo service nginx restart

访问http://your ip/phpinfo.php,就可以看见phpinfo页面。以后这个环境就可以安装自己喜欢的位网站了,改下nginx配置文件就可以了。

安装wordpress
下载wordpress

wget http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz

创建数据库

mysql -u root -p

输入上面自己设置的mysql密码

创建过程如下,用户名和密码改为自己的

CREATE DATABASE wordpress;
Query OK, 1 row affected (0.00 sec)
CREATE USER wordpressuser@localhost;
Query OK, 0 rows affected (0.00 sec)
SET PASSWORD FOR wordpressuser@localhost= PASSWORD('password');
Query OK, 0 rows affected (0.00 sec)
GRANT ALL PRIVILEGES ON wordpress.* TO wordpressuser@localhost IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)
FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
exit

修改wordpress数据库配置

cp ~/wordpress/wp-config-sample.php ~/wordpress/wp-config.php
sudo vi ~/wordpress/wp-config.php

把下面的内容修改为自己设置的

// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define(‘DB_NAME’, ‘wordpress’);

/** MySQL database username */
define(‘DB_USER’, ‘wordpressuser’);

/** MySQL database password */
define(‘DB_PASSWORD’, ‘password’);

创建网站文件目录

sudo mkdir -p /var/www/wordpress
sudo cp -r ~/wordpress/* /var/www/wordpress

修改权限

cd /var/www/
sudo chown nginx:nginx * -R

修改nginx的配置

sudo vi /etc/nginx/conf.d/default.conf

如下:

upstream php-handler-http {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}

server {
listen 80 default_server;
#server_name _;
server_name wordpress.example.com;

root /var/www/wordpress;
index index.php index.html index.htm;

# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;

access_log /var/log/nginx/wordpress_http_access.log combined;
error_log /var/log/nginx/wordpress_http_error.log;

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location / {
try_files $uri $uri/ /index.php?$args ;
}

location ^~ /wp-admin/ {

location ~* \.(htaccess|htpasswd) {
deny all;
}

location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php-handler-http;
fastcgi_read_timeout 60s;
}
}

location ~* \.(htaccess|htpasswd) {
deny all;
}

location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php-handler-http;
fastcgi_read_timeout 60s;
}

# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}

}

这个配置我参考了vultr的一键部署的wordpress。

重启nginx

sudo service nginx restart

大功告成!访问http://ip,即可完成wordpress的安装。

后记

使用后发现存在mysql奔溃现象,看了日志后发现原来是512m内存不够,于是再增加了1G的交换内存。

dd if=/dev/zero of=/swapfile bs=1M count=1024
mkswap /swapfile
swapon /swapfile

把这行添加到 /etc/fstab

/swapfile swap swap defaults 0 0

设置开机自启

swapon -s 
free -k
swapoff -a
swapon -a