Ubuntu 18 安装 Apache2,配置php 安装 wordpress

如何在Ubuntu 18.04上用Apache安装WordPress


安装 apache2

sudo apt update
sudo apt install apache2
// check
sudo systemctl status apache2

申请 SSL

sudo apt update
sudo apt install certbot

生成强Dh(Diffie-Hellman)组

Diffie-Hellman密钥交换(DH)是一种在不安全的通信信道上安全地交换加密密钥的方法。我们将生成一组新的2048位DH参数以增强安全性:

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

获得让我们加密的SSL证书

要获取域的SSL证书,我们将使用Webroot插件,该插件的工作原理是在${webroot-path}/.well-known/acme-challenge目录中创建一个用于验证请求的域的临时文件。 Let’s Encrypt服务器向临时文件发出HTTP请求,以验证请求的域是否解析为certbot运行的服务器。

为简化起见,我们将针对.well-known/acme-challenge的所有HTTP请求映射到单个目录/var/lib/letsencrypt

sudo mkdir -p /var/lib/letsencrypt/.well-known
sudo chgrp www-data /var/lib/letsencrypt
sudo chmod g+s /var/lib/letsencrypt

配置文件

sudo vim /etc/apache2/conf-available/letsencrypt.conf

letsencrypt.conf 文件内容

Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"
<Directory "/var/lib/letsencrypt/">
    AllowOverride None
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>
sudo vim /etc/apache2/conf-available/ssl-params.conf

ssl-params.conf 文件内容

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
# for the problem of ssh in elementor of wordpress
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"

启动相关模组

sudo a2enmod ssl
sudo a2enmod headers

启动配置文件

sudo a2enconf letsencrypt
sudo a2enconf ssl-params

启用HTTP / 2模块,这将使您的网站更快,更健壮:

sudo a2enmod http2

重启 apache2

sudo systemctl reload apache2

现在,我们可以运行带有Webroot插件的Certbot工具,并通过输入以下内容获取SSL证书文件:

sudo certbot certonly --agree-tos --email admin@example.com --webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com

自动更新以加密SSL证书

sudo vim /etc/cron.d/certbot

cerbot 内容

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --renew-hook "systemctl reload apache2"

测试

sudo certbot renew --dry-run

如果没有错误,则表示更新过程成功。


安装 WordPress

sudo apt update
sudo apt upgrade

安装 php

// http
// for wordpress
sudo apt install php7.2 php7.2-mysql
// for updraftPlus Backups
sudo apt install php7.2-xml php7.2-curl
// for alidswoo,字符处理
sudo apt install php7.2-mbstring
// Wordpres, media - edit image 图像处理
sudo apt install php7.2-gd
// 其实上面的代码就够了
sudo apt install php7.2 php7.2-cli php7.2-mysql php7.2-json php7.2-opcache php7.2-mbstring php7.2-xml php7.2-gd php7.2-curl
sudo systemctl restart apache2

下载 WordPress

cd /var/www/
sudo wget https://wordpress.org/latest.tar.gz
sudo tar xf latest.tar.gz
sudo mv wordpress/ example.com

配置 Apache2

sudo vim /etc/apache2/sites-available/example.com.conf

HTTP – /etc/apache2/sites-available/example.com.conf

<VirtualHost *:80>
	ServerAdmin webmaster@example.com
	ServerName example.com
	ServerAlias www.example.com
	DocumentRoot /var/www/example.com
	ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
	CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
	<Directory /var/www/example.com>
          Options FollowSymLinks
          AllowOverride All
          Require all granted
	</Directory>
</VirtualHost>

HTTPS – /etc/apache2/sites-available/example.com.conf

<VirtualHost *:80>
  ServerAdmin webmaster@example.com
  ServerName example.com
  ServerAlias www.example.com
  Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
  ServerName example.com
  ServerAlias www.example.com
  Protocols h2 http:/1.1
  <If "%{HTTP_HOST} == 'www.example.com'">
    Redirect permanent / https://example.com/
  </If>
  DirectoryIndex index.html index.php
  DocumentRoot /var/www/example.com
  ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
  CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
  <Directory /var/www/example.com>
      Options FollowSymLinks
      AllowOverride All
      Require all granted
  </Directory>
</VirtualHost>

启动

sudo a2ensite example.com
sudo systemctl restart apache2

 

问题

链接失效

sudo a2enmod rewrite
apachectl configtest
sudo systemctl restart apache2

 


欢迎大家关顾我的Facebook主页「Y Life Book」以及我的公众微信号「不点语书」,我们下期见。

Leave a Comment

Your email address will not be published. Required fields are marked *