Personal nest in the information age

在Debian9下安装WordPress+LAMP+HTTPS(Let’s Encrypt)

一、具体配置:

1. 安装Apache2、MariaDB、PHP、cURL:
# apt install apache2 mariadb-server curl php php-mysql libapache2-mod-php php-gd php-curl php-xml php-mbstring php-imagick php-zip
2. 为WordPress创建MariaDB数据库和用户

(1) 以管理员身份仅进入MariaDB命令交互界面(普通用户可能会被拒绝):

# mariadb

如果有设置其他可以访问数据库的用户:

$ mariadb -u username -p

(2) 创建WordPress的数据库,这里的数据库名为“wordpress”:

> CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

(3) 为数据库wordpress创建单独的本地用户名和密码:

> GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost' IDENTIFIED BY 'password';

(4) 不重启MySQL服务”的情况下,上面的配置直接生效,然后再退出数据库交互界面:

> FLUSH PRIVILEGES;
> EXIT;

3. 调整Apache的配置以允许.htaccess覆盖和重写

# a2enmod rewrite
4. 配置WordPress:

(1) 下载:

官网下载(仅英文语言包):

$ curl https://wordpress.org/latest.tar.gz

或者下载附带中文语言包的版本:

$ curl https://cn.wordpress.org/latest.tar.gz

(2) 解压:

$ tar -zxvf latest.tar.gz

(3) 移动:

将解压出来的WordPress文件夹“wordpress/”复制或者移动到指定目录,下面的示例命令移动到“/var/www/”文件夹下:

# mv -r wordpress/ /var/www/wordpress

(4) 创建“.htaccess”文件和“upgrade/”文件夹,将wp-config-sample.php复制更名为wp-config-sample.php

# cd /var/www/wordpress/
# touch .htaccess
# mkdir ./wp-content/upgrade
# cp wp-config-sample.php wp-config.php

(5) 将所有文件加入Apache Web服务器运行的用户和组

# chown -R www-data:www-data /var/www/wordpress

(6) 设置WordPress目录和文件的权限,保证安全性:

# find /var/www/wordpress/ -type d -exec chmod 750 {} \;
# find /var/www/wordpress/ -type f -exec chmod 640 {} \;

(7) 从WordPress密钥生成器中获取安全值:

 curl -s https://api.wordpress.org/secret-key/1.1/salt/

(9) 将终端输出的内容复制到“wp-config.php”中,并删掉下面的值:

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

(10) 打开“wp-config.php”文件,在下面的位置中根据提示写入用户名和密码等内容:

/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
/** MySQL database username */
define( 'DB_USER', 'username_here' );
/** MySQL database password */
define( 'DB_PASSWORD', 'password_here' );

假设根据本文上面数据库的配置,用户名和密码设置如下:

/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );
/** MySQL database username */
define( 'DB_USER', 'wordpressuser' );
/** MySQL database password */
define( 'DB_PASSWORD', 'password' );

(11) 有些情况下会出现首页加载不全等网页加载异常现象,一般是链接不一致引起的,有两种解决方法:

  • 修改的是wp_options表中的siteurl和home两个字段,修改siteurl和home两条数据的值为对应你的数据库IP或者对应域名。也可以登录WordPress仪表盘里面找对应设置进行更改。
  • 打开“wp-config.php”,在“if ( ! defined( 'ABSPATH' ) ) {”的上面任何位置插入如下代码:
define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST']);
define('WP_CONTENT_URL', '/wp-content');

如果是https就写成这样:

define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST']);
define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
define('WP_CONTENT_URL', '/wp-content');
5. 配置Apache2:

(1) 新建“/etc/apache2/sites-available/wordpress.conf”,“wordpress.conf”也可以换成其他名字:

# cd /etc/apache2/
# touch ./sites-available/wordpress.conf

(2) 删除“/etc/apache2/sites-enable/000-default.conf”,千万不要把“sites-available”下的“000-default.conf”删掉。将“wordpress.conf”向“/etc/apache2/sites-enabled/”下添加软链接:

# rm ./sites-enable/000-default.conf
# ln -s ./sites-available/wordpress.conf ./sites-enabled/

(3) 编辑“wordpress.conf”,拒接直接通过访问IPv4地址访问WordPress,下面以本网站为例:

<VirtualHost *:80>
	ServerName haar.xyz
	#Redirect permanent / https://haar.xyz/
	<Directory /var/www/wordpress>
		AllowOverride All
	</Directory>
</VirtualHost>

<VirtualHost *:80>
	ServerName 45.77.208.65
	<Location />
		Order Allow,Deny
		Deny from all
	</Location>
</VirtualHost>

值得注意的是:Apache2官方已经声明,类似“Order Allow,Deny”这种的语法将在未来版本中淘汰,尽量用“Require”代替。

(4) 测试配置:

# apache2ctl configtest

如果输出“Syntax OK”,说明“wordpress.conf”配置语法没问题,重启Apache2服务:

# systemctl restart apache2
6. 安装Certbot和申请配置SSL证书:

(1) 安装Certbot:

# apt install python3-certbot-apache

(2) 获取并自动配置证书,下面以本网站为例:

# certbot --apache -d haar.xyz

(3) 经过上面的配置,文件夹下会生成新的文件:“/etc/apache2/sites-available/wordpress-le-ssl.conf”,适当自行修改配置文件,下面给出一个示例:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerName haar.xyz
	#ServerAlias localhost 127.0.0.1
	DocumentRoot /var/www/wordpress

	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/haar.xyz-0001/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/haar.xyz-0001/privkey.pem
	<Directory /var/www/wordpress>
		AllowOverride All
	</Directory>
</VirtualHost>
</IfModule>

<VirtualHost *:443>
	ServerName 45.77.208.65
	<Location />
		Order Allow,Deny
		Deny from all
	</Location>
</VirtualHost>

二、经过如上步骤,配置便基本完成,下面给出一些异常情况的处理:

  • Error Message:
Your PHP installation appears to be missing the MySQL extension which is require

Solution: apt install php-mysql

  • Error Message:
Error establishing a database connection

Solution: 检查wp-config.php文件

  • Error Message:
<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */
/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define( 'WP_USE_THEMES', true );
/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );

Solution: apt install php libapache2-mod-php。已经安装的就把这个重装一下。

  • 安装WP-Statistics插件所需要的组建:
# apt install php-curl php-bcmath
  • 上传主题,有时候上传主题会提示文件大小限制。如果有权限控制服务器后台,可以通过wget、curl、git等支持下载的工具下载解压到“wordpress/wp-content/themes/”目录下。下载完成后注意下载文件的权限、用户和用户组。

Bibliography:

Leave a comment

Your email address will not be published. Required fields are marked *