首先准备一台Google cloud server, CentOS 6.1
安装必要软件
sudo yum -y install nginx php php-mysql mysql mysql-server git php-fpm php-xml php-mbstring
启动相关软件
sudo chkconfig mysqld on
sudo service mysqld start
sudo chkconfig nginx on
sudo service nginx start
sudo service php-fpm start
sudo chkconfig php-fpm on
此时在浏览器输入 该服务器IP确保已经可以正常访问
设置mysql数据库
sudo mysql_secure_installation
1. Enter current password for root (enter for none): // 直接按 Enter,因為預設沒密碼
2. Set root password? [Y/n] //輸入 Y 來設定密碼
3. New password: // 輸入 root 新密碼
4. Re-enter new password: // 再一次輸入 root 新密碼
5. Remove anonymous users? [Y/n] //預設 Yes ,直接按 Enter
6. Disallow root login remotely? [Y/n] //預設 Yes ,直接按 Enter
7. Remove test database and access to it? [Y/n] //預設 Yes ,直接按 Enter
8. Reload privilege tables now? [Y/n] //預設 Yes ,直接按 Enter
接著利用剛剛設定的 root 密碼登入 MySQL,執行「sudo mysql -u root -p」,密碼正確就會進入「mysql>」這樣的提示符號。「參考」
9. 创建一个数据库给wordpress使用
create database wordpress;
mysql设置完毕。
为自己的网站申请Let’s Encrypt永久免费SSL证书
需要用到python 2.7,所以先安装python
#安装python所需的包
yum groupinstall -y "Development tools"
yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel
#获取到Python
# wget https://www.python.org/ftp/python/2.7.12/Python-2.7.12.tgz
# tar xf Python-2.7.12.tgz
# cd Python-2.7.12
# ./configure –prefix=/usr/local/python27
# make
# make install
#建立链接
ln -s /usr/local/python27/bin/python2.7 /usr/local/bin/python
#解决系统 Python 软链接指向 Python2.7 版本后,yum不能使用的问题,因为yum是不兼容 Python 2.7的,所需要指定 yum 的Python版本
# vim /usr/bin/yum
将头部的 #!/usr/bin/python 改成 #!/usr/bin/python2.6
#获取Let’s Encrypt免费SSL证书
git clone https://github.com/letsencrypt/letsencrypt
#进入letsencrypt目录
cd letsencrypt
#生成证书
./letsencrypt-auto certonly --standalone --email x@sample.com -d sample.com -d www.sample.com
在完成Let’s Encrypt证书的生成之后,我们会在”/etc/letsencrypt/live/sample.com/”域名目录下有4个文件就是生成的密钥证书文件。
cert.pem – Apache服务器端证书
chain.pem – Apache根证书和中继证书
fullchain.pem – Nginx所需要ssl_certificate文件
privkey.pem – 安全证书KEY文件
如果我们使用的Nginx环境,那就需要用到fullchain.pem和privkey.pem两个证书文件,在部署Nginx的时候需要用到。在Nginx环境中,只要将对应的ssl_certificate和ssl_certificate_key路径设置成我们生成的2个文件就可以。
#打开linux配置文件,找到HTTPS 443端口配置的server
ssl_certificate /etc/letsencrypt/live/sample.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sample.com/privkey.pem;
Let’s Encrypt证书是有效期90天的,需要我们自己手工更新续期才可以。
命令如下:
./letsencrypt-auto certonly --renew-by-default --email x@sample.com -d sample.com -d www.sample.com
这样我们在90天内再去执行一次就可以解决续期问题,这样又可以继续使用90天。如果我们怕忘记的话也可以利用linux crontab定时执行更新任务
现在我们修改nginx文件,让网站跑起来
sudo vim /etc/nginx/conf.d/ssl.conf
文件如下
# HTTPS server configuration
#
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl;
server_name sample.com;
root /var/www/html/sample.com/wordpress;
ssl_certificate /etc/letsencrypt/live/sample.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sample.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
再把80端口的所有链接跳转到443,我们编辑
sudo vim /etc/nginx/conf.d/default.conf
文件如下
# The default server
#
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name sample.com;
# root /var/www/html/testing;
rewrite ^(.*)$ https://$host$1 permanent;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
index index.php index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
这样我们的网站就完全抛在SSL的模式下了,wordpress 安装就按部就班了。
在wordpress上传附件或者其他文件时,如果遇到错误提示,可以修改
sudo vim /etc/nginx/nginx.conf
增加 client_max_body_size 10M;
文件如下
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 10M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}