如何在Ubuntu 18.04上用Apache安装WordPress
安装 apache2
sudo apt update
sudo apt install apache2
// check
sudo systemctl status apache2
申请 SSL
sudo apt update
sudo apt install certbot
生成强Dh(Diffie-Hellman)组
Diffie-Hellman密钥交换(DH)是一种在不安全的通信信道上安全地交换加密密钥的方法。我们将生成一组新的2048位DH参数以增强安全性:
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
获得让我们加密的SSL证书
要获取域的SSL证书,我们将使用Webroot插件,该插件的工作原理是在${webroot-path}/.well-known/acme-challenge
目录中创建一个用于验证请求的域的临时文件。 Let’s Encrypt服务器向临时文件发出HTTP请求,以验证请求的域是否解析为certbot运行的服务器。
为简化起见,我们将针对.well-known/acme-challenge
的所有HTTP请求映射到单个目录/var/lib/letsencrypt
。
sudo mkdir -p /var/lib/letsencrypt/.well-known
sudo chgrp www-data /var/lib/letsencrypt
sudo chmod g+s /var/lib/letsencrypt
配置文件
sudo vim /etc/apache2/conf-available/letsencrypt.conf
letsencrypt.conf 文件内容
Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"
<Directory "/var/lib/letsencrypt/">
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
sudo vim /etc/apache2/conf-available/ssl-params.conf
ssl-params.conf 文件内容
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
# for the problem of ssh in elementor of wordpress
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
启动相关模组
sudo a2enmod ssl
sudo a2enmod headers
启动配置文件
sudo a2enconf letsencrypt
sudo a2enconf ssl-params
启用HTTP / 2模块,这将使您的网站更快,更健壮:
sudo a2enmod http2
重启 apache2
sudo systemctl reload apache2
现在,我们可以运行带有Webroot插件的Certbot工具,并通过输入以下内容获取SSL证书文件:
sudo certbot certonly --agree-tos --email admin@example.com --webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com
自动更新以加密SSL证书
sudo vim /etc/cron.d/certbot
cerbot 内容
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --renew-hook "systemctl reload apache2"
测试
sudo certbot renew --dry-run
如果没有错误,则表示更新过程成功。
安装 WordPress
sudo apt update
sudo apt upgrade
安装 php
// http
// for wordpress
sudo apt install php7.2 php7.2-mysql
// for updraftPlus Backups
sudo apt install php7.2-xml php7.2-curl
// for alidswoo,字符处理
sudo apt install php7.2-mbstring
// Wordpres, media - edit image 图像处理
sudo apt install php7.2-gd
// 其实上面的代码就够了
sudo apt install php7.2 php7.2-cli php7.2-mysql php7.2-json php7.2-opcache php7.2-mbstring php7.2-xml php7.2-gd php7.2-curl
sudo systemctl restart apache2
下载 WordPress
cd /var/www/
sudo wget https://wordpress.org/latest.tar.gz
sudo tar xf latest.tar.gz
sudo mv wordpress/ example.com
配置 Apache2
sudo vim /etc/apache2/sites-available/example.com.conf
HTTP – /etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com
ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
<Directory /var/www/example.com>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
HTTPS – /etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
Protocols h2 http:/1.1
<If "%{HTTP_HOST} == 'www.example.com'">
Redirect permanent / https://example.com/
</If>
DirectoryIndex index.html index.php
DocumentRoot /var/www/example.com
ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
<Directory /var/www/example.com>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
启动
sudo a2ensite example.com
sudo systemctl restart apache2
问题
链接失效
sudo a2enmod rewrite
apachectl configtest
sudo systemctl restart apache2