Wordpress LNMP/LEMP 環境建置

wordpress_lnmp.md

Wordpress LNMP/LEMP 環境建置

Create by @terrychan999 on 2021-Apr-30, feel free to share :)

0. Linux ENV: Ubuntu 20.04 Server

   此教學僅在Ubuntu 20.04測試過

1. 更新apt套件庫
   sudo apt update && sudo apt upgrade

   如果是在台灣的話推薦使用 NCHC FSLab mirror

2. 安裝Web Server (nginx)
   sudo apt install nginx
sudo systemctl enable nginx
   Wordpress是基於帳號的後台管理系統
   因此安裝好nginx後推薦先設置SSL
   以Certbot設置Let’s Encrypt SSL為例: (請先確認dns record有正確設置)

   acme.sh 也是很棒的alternative, 尤其是在沒有sudo權限下也可以使用

• 安裝certbot

  sudo apt install certbot
  sudo apt install python3-certbot-nginx

• 執行certbot

  sudo certbot --nginx -d example.com

• 確認certbot.timer是否正常運作:

  sudo systemctl status certbot.timer

  SSL設定參數補充參考: Mozilla SSL Config Generator

3. 安裝Wordpress所需的 php & plugins
   sudo apt install php-cli php-common php-fpm php-mysql php-imagick php-gd php-mbstring php-curl php-zip php-xml php-intl

4. 在nginx site config上設定php
   我們直接修改/etc/nginx/sites-available/default

• 修改index優先度

  index  index.php index.html;

• 修改location成 /index.php?$args;

  location / {
      try_files $uri $uri/ /index.php?$args;
  }

• 將下列這段取消註解，其他用不到的註解也可以刪掉

  # pass PHP scripts to FastCGI server
  #
  location ~ \.php$ {
      include snippets/fastcgi-php.conf;
  #
  #       # With php-fpm (or other unix sockets):
      fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  #       # With php-cgi (or other tcp sockets):
  #       fastcgi_pass 127.0.0.1:9000;
  }

  精簡後會長這樣

  location ~ \.php$ {
      include snippets/fastcgi-php.conf;
      fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  }

5. 加上fastcgi_param (這樣就不需要動到php.ini)

   請自行了解以下這些參數的意義及大小，此範例僅供參考

   location ~ \.php$ {
       include snippets/fastcgi-php.conf;
       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
       fastcgi_param PHP_VALUE "memory_limit=256M \n
       post_max_size=256M \n
       upload_max_filesize=250M \n
       max_file_uploads=200 \n
       max_execution_time=3600 \n
       max_input_time=3600 \n";
       fastcgi_read_timeout 3600s;
   }
   client_max_body_size 0;

   這樣php基本上就設定好了
   確認語法有沒有錯誤
   sudo nginx -t
   沒錯的話重啟nignx
   sudo systemctl restart nginx

6. 安裝mysql server
   sudo apt install mysql-server

   如果系統本身的ram很少的話可以關閉Performance Schema，設定在/etc/mysql/my.cnf

7. 設定mysql database和user/password
   sudo mysql
   請將wp_user, wp_passwd, db_name替換掉

   CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'wp_passwd';
   CREATE DATABASE db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
   GRANT ALL PRIVILEGES ON db_name.* TO 'wp_user'@'localhost';
   FLUSH PRIVILEGES;
   \q

8. 下載wordpress:

   cd ~
   wget -c https://tw.wordpress.org/latest-zh_TW.tar.gz
   tar xzvf ./latest-zh_TW.tar.gz

9. 安裝wordpress:
   a. 如果你想建立在example.com/sitefolder下的話:

   sudo mkdir /var/www/html/sitefolder
   sudo cp -R wordpress/. /var/www/html/sitefolder
   sudo chown -R www-data:www-data /var/www/html/sitefolder
   sudo chmod -R 775 /var/www/html/sitefolder

   4.b 的路徑也要一同修改:

   location /sitefolder {
       try_files $uri $uri/ /sitefolder/index.php?$args;
   }

   b. 如果你想建立在example.com/下的話:

   sudo cp -R wordpress/. /var/www/html/
   sudo chown -R www-data:www-data /var/www/html/
   sudo chmod -R 775 /var/www/html/

10. 開啟網頁設定wordpress

11. 安裝完成後續，一些資安防護:
    修改/etc/nginx/sites-available/default
    a. 禁用xmlrpc *極度推薦

    location /sitefolder {
        try_files $uri $uri/ /sitefolder/index.php?$args;
        location = /sitefolder/xmlrpc.php { deny all; }
    }

    b. 關閉autoindex *極度推薦

    autoindex off;

    c. 關閉.git/存取 *極度推薦

    location ~ /\.git {
        deny all;
    }