WordPress部署

上一篇编译安装LAMP的补充,实现WordPress个人博客搭建的应用

附自动安装脚本:http://scripts.dongfei.tech/lamp_make.sh

服务器端部署:

[root@lamp ~]# wget http://src.dongfei.tech/wordpress-4.9.4-zh_CN.zip
[root@lamp ~]# unzip wordpress-4.9.4-zh_CN.zip 
[root@lamp ~]# mkdir /lamp/data/www/
[root@lamp ~]# mv wordpress /lamp/data/www/
[root@lamp ~]# setfacl -R -m u:apache:rwx /lamp/data/www/wordpress/
[root@lamp ~]# cd /lamp/application/httpd24/conf/
主配文件:
[root@lamp conf]# vim httpd.conf  #保证以下参数与示例一致
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-vhosts.conf
#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps
#ProxyRequests Off
#ProxyPassMatch  ^/(.*\.php)$ fcgi://127.0.0.1:9000/lamp/application/httpd24/htdocs/
#DocumentRoot "/lamp/application/httpd24/htdocs"
#<Directory "/lamp/application/httpd24/htdocs">
#    Options Indexes FollowSymLinks
#    AllowOverride None
#    Require all granted
#</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
虚拟主机配置文件:
[root@lamp conf]# vim extra/httpd-vhosts.conf 
DirectoryIndex index.php
<VirtualHost *:80>
    DocumentRoot "/lamp/data/www/wordpress"
    <Directory "/lamp/data/www/wordpress">
        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
    ServerName blog.dongfei.com
    ErrorLog "logs/blog.dongfei.com-error_log"
    CustomLog "logs/blog.dongfei.com-access_log" common
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
    ProxyRequests Off
    ProxyPassMatch  ^/(.*\.php)$ fcgi://127.0.0.1:9000/lamp/data/www/wordpress/
    Header always set Strict-Transport-Security "max-age=31536000"
    RewriteEngine on
    RewriteRule ^(/wp-admin.*)$  https://%{HTTP_HOST}$1 [redirect=302]
    RewriteRule ^(/wp-login.*)$  https://%{HTTP_HOST}$1 [redirect=302]
</VirtualHost>
搭建CA:
[root@lamp CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:dongfei.com
Organizational Unit Name (eg, section) []:opt
Common Name (eg, your name or your server's hostname) []:ca.dongfei.com
[root@lamp CA]# touch index.txt
[root@lamp CA]# echo 01 > serial
[root@lamp CA]# cd /lamp/application/httpd24/conf/extra/
[root@lamp extra]# mkdir ssl
[root@lamp extra]# cd ssl
[root@lamp ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
[root@lamp ssl]# openssl req -new -key httpd.key -out httpd.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:dongfei.com
Organizational Unit Name (eg, section) []:opt
Common Name (eg, your name or your server's hostname) []:blog.dongfei.com
[root@lamp ssl]# cp httpd.csr /etc/pki/CA/
[root@lamp ssl]# cd /etc/pki/CA/
[root@lamp CA]# openssl ca -in httpd.csr -out certs/httpd.crt -days 350
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
[root@lamp CA]# cp certs/httpd.crt cacert.pem /lamp/application/httpd24/conf/extra/ssl/
[root@lamp ~]# scp /etc/pki/CA/cacert.pem 192.168.0.7:/root/cacert.crt  #将根证书发给客户端一份
配置https:
[root@lamp CA]# cd /lamp/application/httpd24/conf
[root@lamp conf]# cp extra/httpd-ssl.conf{,.bak}
[root@lamp conf]# vim extra/httpd-ssl.conf
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on 
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/lamp/application/httpd24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
<VirtualHost _default_:443>
DocumentRoot "/lamp/data/www/wordpress/"
ServerName blog.dongfei.com:443
ServerAdmin admin@dongfei.com
ErrorLog "/lamp/application/httpd24/logs/error_log"
TransferLog "/lamp/application/httpd24/logs/access_log"
SSLEngine on
SSLCertificateFile "/lamp/application/httpd24/conf/extra/ssl/httpd.crt"
SSLCertificateKeyFile "/lamp/application/httpd24/conf/extra/ssl/httpd.key"
SSLCACertificateFile "/lamp/application/httpd24/conf/extra/ssl/cacert.pem"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/lamp/application/httpd24/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog "/lamp/application/httpd24/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "/lamp/data/www/wordpress">
    Options -Indexes +FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
ProxyRequests Off
ProxyPassMatch  ^/(.*\.php)$ fcgi://127.0.0.1:9000/lamp/data/www/wordpress/
</VirtualHost>
[root@lamp ~]# apachectl restart
创建数据库:
[root@lamp ~]# mysql
MariaDB [(none)]> CREATE DATABASE wpdb;
MariaDB [(none)]> GRANT ALL ON wpdb.* TO wpuser@'127.0.0.1' IDENTIFIED BY 'wppass';

在客户端配置WordPress:

[root@centos7 ~]# vim /etc/hosts
192.168.0.8 blog.dongfei.com
[root@centos7 ~]# firefox http://blog.dongfei.com

1331725-20180624142358931-1339059970.jpg

此时我们由于没有信任根证书,所以提示不安全

导入证书:Preferences - Advanced - Certificates - View Certificates - Import... - 选择/root/cacert.crt导入证书,刷新

1331725-20180624142413861-1478331277.jpg

接下来根据提示来填写信息

1331725-20180624142431378-420861268.jpg

1331725-20180624142438690-984351675.jpg

1331725-20180624142506074-545037806.jpg

到此,实现了访问后台管理页面是基于https协议,访问博客基于http协议,主要是为了保护登录时是加密传输,防止密码泄露。在以上配置中使用的是私有证书,仅仅为自己使用,如果是开发注册站点建议申请ssl证书。

推荐几个实用的wordpress插件:

Autoptimize:缓存加速功能

Limit Login Attempts Reloaded:管理后台防暴力破解

WP Editor.md:markdown编辑器插件

WP 统计:站点统计插件

Crayon Syntax Highlighter:代码高亮插件

转载于:https://www.cnblogs.com/L-dongf/p/9220471.html

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值