上一篇编译安装LAMP的补充,实现WordPress个人博客搭建的应用

附自动安装脚本:http://scripts.dongfei.tech/lamp_make.sh

服务器端部署:

[root@lamp ~]# wget http://src.dongfei.tech/wordpress-4.9.4-zh_CN.zip [root@lamp ~]# unzip wordpress-4.9.4-zh_CN.zip [root@lamp ~]# mkdir /lamp/data/www/ [root@lamp ~]# mv wordpress /lamp/data/www/ [root@lamp ~]# setfacl -R -m u:apache:rwx /lamp/data/www/wordpress/ [root@lamp ~]# cd /lamp/application/httpd24/conf/ 主配文件: [root@lamp conf]# vim httpd.conf #保证以下参数与示例一致 LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule proxy_module modules/mod_proxy.so LoadModule ssl_module modules/mod_ssl.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Include conf/extra/httpd-ssl.conf Include conf/extra/httpd-vhosts.conf #AddType application/x-httpd-php .php #AddType application/x-httpd-php-source .phps #ProxyRequests Off #ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/lamp/application/httpd24/htdocs/ #DocumentRoot "/lamp/application/httpd24/htdocs" #<Directory "/lamp/application/httpd24/htdocs"> # Options Indexes FollowSymLinks # AllowOverride None # Require all granted #</Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> 虚拟主机配置文件: [root@lamp conf]# vim extra/httpd-vhosts.conf DirectoryIndex index.php <VirtualHost *:80> DocumentRoot "/lamp/data/www/wordpress" <Directory "/lamp/data/www/wordpress"> Options -Indexes +FollowSymLinks AllowOverride None Require all granted </Directory> ServerName blog.dongfei.com ErrorLog "logs/blog.dongfei.com-error_log" CustomLog "logs/blog.dongfei.com-access_log" common AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps ProxyRequests Off ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/lamp/data/www/wordpress/ Header always set Strict-Transport-Security "max-age=31536000" RewriteEngine on RewriteRule ^(/wp-admin.*)$ https://%{HTTP_HOST}$1 [redirect=302] RewriteRule ^(/wp-login.*)$ https://%{HTTP_HOST}$1 [redirect=302] </VirtualHost> 搭建CA: [root@lamp CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650 Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:bj Locality Name (eg, city) [Default City]:bj Organization Name (eg, company) [Default Company Ltd]:dongfei.com Organizational Unit Name (eg, section) []:opt Common Name (eg, your name or your server's hostname) []:ca.dongfei.com [root@lamp CA]# touch index.txt [root@lamp CA]# echo 01 > serial [root@lamp CA]# cd /lamp/application/httpd24/conf/extra/ [root@lamp extra]# mkdir ssl [root@lamp extra]# cd ssl [root@lamp ssl]# (umask 077; openssl genrsa -out httpd.key 1024) [root@lamp ssl]# openssl req -new -key httpd.key -out httpd.csr Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:bj Locality Name (eg, city) [Default City]:bj Organization Name (eg, company) [Default Company Ltd]:dongfei.com Organizational Unit Name (eg, section) []:opt Common Name (eg, your name or your server's hostname) []:blog.dongfei.com [root@lamp ssl]# cp httpd.csr /etc/pki/CA/ [root@lamp ssl]# cd /etc/pki/CA/ [root@lamp CA]# openssl ca -in httpd.csr -out certs/httpd.crt -days 350 Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y [root@lamp CA]# cp certs/httpd.crt cacert.pem /lamp/application/httpd24/conf/extra/ssl/ [root@lamp ~]# scp /etc/pki/CA/cacert.pem 192.168.0.7:/root/cacert.crt #将根证书发给客户端一份 
配置https: [root@lamp CA]# cd /lamp/application/httpd24/conf [root@lamp conf]# cp extra/httpd-ssl.conf{,.bak} [root@lamp conf]# vim extra/httpd-ssl.conf Listen 443 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLHonorCipherOrder on SSLProtocol all -SSLv3 SSLProxyProtocol all -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/lamp/application/httpd24/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost _default_:443> DocumentRoot "/lamp/data/www/wordpress/" ServerName blog.dongfei.com:443 ServerAdmin admin@dongfei.com ErrorLog "/lamp/application/httpd24/logs/error_log" TransferLog "/lamp/application/httpd24/logs/access_log" SSLEngine on SSLCertificateFile "/lamp/application/httpd24/conf/extra/ssl/httpd.crt" SSLCertificateKeyFile "/lamp/application/httpd24/conf/extra/ssl/httpd.key" SSLCACertificateFile "/lamp/application/httpd24/conf/extra/ssl/cacert.pem" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/lamp/application/httpd24/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/lamp/application/httpd24/logs/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <Directory "/lamp/data/www/wordpress"> Options -Indexes +FollowSymLinks AllowOverride None Require all granted </Directory> AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps ProxyRequests Off ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/lamp/data/www/wordpress/ </VirtualHost> [root@lamp ~]# apachectl restart 
创建数据库: [root@lamp ~]# mysql MariaDB [(none)]> CREATE DATABASE wpdb; MariaDB [(none)]> GRANT ALL ON wpdb.* TO wpuser@'127.0.0.1' IDENTIFIED BY 'wppass'; 

在客户端配置WordPress:

[root@centos7 ~]# vim /etc/hosts 192.168.0.8 blog.dongfei.com [root@centos7 ~]# firefox http://blog.dongfei.com 

此时我们由于没有信任根证书,所以提示不安全

导入证书:Preferences - Advanced - Certificates - View Certificates - Import... - 选择/root/cacert.crt导入证书,刷新

接下来根据提示来填写信息

到此,实现了访问后台管理页面是基于https协议,访问博客基于http协议,主要是为了保护登录时是加密传输,防止密码泄露。在以上配置中使用的是私有证书,仅仅为自己使用,如果是开发注册站点建议申请ssl证书。

推荐几个实用的wordpress插件:

Autoptimize:缓存加速功能

Limit Login Attempts Reloaded:管理后台防暴力破解

WP Editor.md:markdown编辑器插件

WP 统计:站点统计插件

Crayon Syntax Highlighter:代码高亮插件

原文链接:https://www.cnblogs.com/L-dongf/p/9220471.html

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注