WordPress部署

上一篇編譯安裝LAMP的補充，實現WordPress我的博客搭建的應用

附自動安裝腳本：http://scripts.dongfei.tech/lamp_make.sh

服務器端部署：

[root@lamp ~]# wget http://src.dongfei.tech/wordpress-4.9.4-zh_CN.zip
[root@lamp ~]# unzip wordpress-4.9.4-zh_CN.zip 
[root@lamp ~]# mkdir /lamp/data/www/
[root@lamp ~]# mv wordpress /lamp/data/www/
[root@lamp ~]# setfacl -R -m u:apache:rwx /lamp/data/www/wordpress/
[root@lamp ~]# cd /lamp/application/httpd24/conf/
主配文件：
[root@lamp conf]# vim httpd.conf  #保證如下參數與示例一致
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-vhosts.conf
#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps
#ProxyRequests Off
#ProxyPassMatch  ^/(.*\.php)$ fcgi://127.0.0.1:9000/lamp/application/httpd24/htdocs/
#DocumentRoot "/lamp/application/httpd24/htdocs"
#<Directory "/lamp/application/httpd24/htdocs">
#    Options Indexes FollowSymLinks
#    AllowOverride None
#    Require all granted
#</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
虛擬主機配置文件：
[root@lamp conf]# vim extra/httpd-vhosts.conf 
DirectoryIndex index.php
<VirtualHost *:80>
    DocumentRoot "/lamp/data/www/wordpress"
    <Directory "/lamp/data/www/wordpress">
        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>
    ServerName blog.dongfei.com
    ErrorLog "logs/blog.dongfei.com-error_log"
    CustomLog "logs/blog.dongfei.com-access_log" common
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
    ProxyRequests Off
    ProxyPassMatch  ^/(.*\.php)$ fcgi://127.0.0.1:9000/lamp/data/www/wordpress/
    Header always set Strict-Transport-Security "max-age=31536000"
    RewriteEngine on
    RewriteRule ^(/wp-admin.*)$  https://%{HTTP_HOST}$1 [redirect=302]
    RewriteRule ^(/wp-login.*)$  https://%{HTTP_HOST}$1 [redirect=302]
</VirtualHost>
搭建CA：
[root@lamp CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:dongfei.com
Organizational Unit Name (eg, section) []:opt
Common Name (eg, your name or your server's hostname) []:ca.dongfei.com
[root@lamp CA]# touch index.txt
[root@lamp CA]# echo 01 > serial
[root@lamp CA]# cd /lamp/application/httpd24/conf/extra/
[root@lamp extra]# mkdir ssl
[root@lamp extra]# cd ssl
[root@lamp ssl]# (umask 077; openssl genrsa -out httpd.key 1024)
[root@lamp ssl]# openssl req -new -key httpd.key -out httpd.csr
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:dongfei.com
Organizational Unit Name (eg, section) []:opt
Common Name (eg, your name or your server's hostname) []:blog.dongfei.com
[root@lamp ssl]# cp httpd.csr /etc/pki/CA/
[root@lamp ssl]# cd /etc/pki/CA/
[root@lamp CA]# openssl ca -in httpd.csr -out certs/httpd.crt -days 350
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
[root@lamp CA]# cp certs/httpd.crt cacert.pem /lamp/application/httpd24/conf/extra/ssl/
[root@lamp ~]# scp /etc/pki/CA/cacert.pem 192.168.0.7:/root/cacert.crt  #將根證書發給客戶端一份

配置https：
[root@lamp CA]# cd /lamp/application/httpd24/conf
[root@lamp conf]# cp extra/httpd-ssl.conf{,.bak}
[root@lamp conf]# vim extra/httpd-ssl.conf
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on 
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/lamp/application/httpd24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
<VirtualHost _default_:443>
DocumentRoot "/lamp/data/www/wordpress/"
ServerName blog.dongfei.com:443
ServerAdmin admin@dongfei.com
ErrorLog "/lamp/application/httpd24/logs/error_log"
TransferLog "/lamp/application/httpd24/logs/access_log"
SSLEngine on
SSLCertificateFile "/lamp/application/httpd24/conf/extra/ssl/httpd.crt"
SSLCertificateKeyFile "/lamp/application/httpd24/conf/extra/ssl/httpd.key"
SSLCACertificateFile "/lamp/application/httpd24/conf/extra/ssl/cacert.pem"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/lamp/application/httpd24/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog "/lamp/application/httpd24/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "/lamp/data/www/wordpress">
    Options -Indexes +FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
ProxyRequests Off
ProxyPassMatch  ^/(.*\.php)$ fcgi://127.0.0.1:9000/lamp/data/www/wordpress/
</VirtualHost>
[root@lamp ~]# apachectl restart

建立數據庫：
[root@lamp ~]# mysql
MariaDB [(none)]> CREATE DATABASE wpdb;
MariaDB [(none)]> GRANT ALL ON wpdb.* TO wpuser@'127.0.0.1' IDENTIFIED BY 'wppass';

在客戶端配置WordPress：

[root@centos7 ~]# vim /etc/hosts
192.168.0.8 blog.dongfei.com
[root@centos7 ~]# firefox http://blog.dongfei.com

此時咱們因爲沒有信任根證書，因此提示不安全

導入證書：Preferences - Advanced - Certificates - View Certificates - Import... - 選擇/root/cacert.crt導入證書，刷新

接下來根據提示來填寫信息

到此，實現了訪問後臺管理頁面是基於https協議，訪問博客基於http協議，主要是爲了保護登陸時是加密傳輸，防止密碼泄露。在以上配置中使用的是私有證書，僅僅爲本身使用，若是是開發註冊站點建議申請ssl證書。

推薦幾個實用的wordpress插件：

Autoptimize：緩存加速功能

Limit Login Attempts Reloaded：管理後臺防暴力破解

WP Editor.md：markdown編輯器插件

WP 統計：站點統計插件

Crayon Syntax Highlighter：代碼高亮插件