RAiN's Blog

Embrace technology, enjoy life!

用Nginx + WordPress + Sqlite搭建博客

VPS

用Nginx + WordPress + Sqlite搭建博客

3月 1, 2021 由 RAiN

安装Nginx

# apt install nginx

申请SSL证书

# apt install certbot python2-certbot-nginx
# certbot --nginx

安装PHP

# apt install software-properties-common
# add-apt-repository ppa:ondrej/php
# apt-get update
# apt-get install php7.4 php7.4-cli php7.4-fpm php7.4-mysql php7.4-json php7.4-opcache php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl php7.4-sqlite3

修改Nginx配置

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name www.myhost.cf myhost.cf;

        # Redirect http to https
        rewrite ^(.*)$  https://$host$1 permanent;
}

server {
        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm;

        server_name www.myhost.cf myhost.cf; # managed by Certbot

        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/myhost.cf/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/myhost.cf/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location ^~ /wordpress/wp-content/database/ {
                deny all;
        }

        # pass PHP scripts to FastCGI server
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;

                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        }
}

安装配置WordPress

为确保可以使用Sqlite,不使用最新版本的WordPress,而是使用5.4版。

# cd /var/www/html
# wget https://wordpress.org/wordpress-5.4.4.tar.gz
# tar zxvf wordpress-5.4.4.tar.gz
# wget https://github.com/aaemnnosttv/wp-sqlite-db/archive/v1.0.tar.gz
# tar zxvf v1.0.tar.gz wp-sqlite-db-1.0/src/db.php
# mv wp-sqlite-db-1.0/src/db.php wordpress/wp-content/
# rm -rf wp-sqlite-db-1.0

修改wordpress默认配置文件,以支持sqlite数据库:

# cp wordpress/wp-config-sample.php wordpress/wp-config.php
# nano wordpress/wp-config.php
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpress' );

/** MySQL database username */
define( 'DB_USER', '' );

/** MySQL database password */
define( 'DB_PASSWORD', '' );

/** MySQL hostname */
define( 'DB_HOST', 'localhost' );

/** Database Charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The Database Collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

/** sqlite setting */
define('USE_MYSQL', false);

设置目录权限:

# chown -R www-data:www-data wordpress

最后,创建index.php文件,重定向至wordpress:

<?php
        if (!empty($_SERVER['HTTPS']) && ('on' == $_SERVER['HTTPS'])) {
                $uri = 'https://';
        } else {
                $uri = 'http://';
        }
        $uri .= $_SERVER['HTTP_HOST'];
        header('Location: '.$uri.'/wordpress/');
        exit;
?>
VPS

为基于XAMPP的网站申请Let’s Encrypt永久免费SSL证书

3月 31, 2020 , , 由 RAiN

由于XAMPP采用的Apache2并非安装在标准位置,采用certbot默认参数安装会报错,必须使用命令行参数来指导certbot进行安装。

我的vps使用的是Debian,xampp安装位置为/opt/lampp。

以下是安装步骤:

1. 安装certbot

$ sudo apt-get install certbot python-certbot-apache

2. 添加VirtualHost

更改目录至XAMPP安装目录(一般为/opt/lampp),用文本编辑器打开etc/httpd.conf文件。在文件中查找以下行,并删除行首的#字号以取消该行注释。

Include etc/extra/httpd-vhosts.conf

接下来,用文本编辑器编辑/etc/extra/httpd-vhosts.conf文件,修改尾部的VirtualHost设置:

<VirtualHost *:80>
    ServerAdmin rain@dvbrain.tk
    DocumentRoot "/opt/lampp/htdocs"
    ServerName dvbrain.tk
    ServerAlias www.dvbrain.tk
    ErrorLog "logs/dvbrain.tk-error_log"
    CustomLog "logs/dvbrain.tk-access_log" common
</VirtualHost>

重启Apache2:

$ sudo /opt/lampp/xampp stopapache
$ sudo /opt/lampp/xampp startapache

验证VirtualHost配置:

# /opt/lampp/bin/apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server dvbrain.tk (/opt/lampp/etc/extra/httpd-vhosts.conf:23)
         port 80 namevhost dvbrain.tk (/opt/lampp/etc/extra/httpd-vhosts.conf:23)
                 alias www.dvbrain.tk

3. 申请证书

使用以下命令申请证书并自动配置Apache2使用申请的证书:

$ sudo certbot --apache --apache-server-root /opt/lampp/etc --apache-ctl /opt/lampp/bin/apachectl -d dvbrain.tk -d www.dvbrain.tk

其中,–apache-server-root配置为httpd.conf文件所在的目录,–apache-ctl配置为apachectl文件的路径,用于控制Apache2启停。-d为申请证书的域名,在申请证书过程中会进行验证,应与VirtualHost中的配置相匹配。

申请过程中会询问是否重定向HTTP至HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

建议选择2: Redirect,禁止HTTP访问。

申请成功后可以看到:

Congratulations! You have successfully enabled https://dvbrain.tk,
and https://www.dvbrain.tk

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=dvbrain.tk
https://www.ssllabs.com/ssltest/analyze.html?d=www.dvbrain.tk

4. 验证证书

通过浏览器打开https://www.ssllabs.com/ssltest/analyze.html?d=dvbrain.tk进行验证,可见证书已经生效:

5. 禁用TLS 1.0、1.1

上面测试的结果是B,问题在于开启了已过时的TLS 1.0和1.1。

关闭的方法:编辑/etc/letsencrypt/options-ssl-apache.conf文件,将其中的:

SSLProtocol             all -SSLv2 -SSLv3

修改为:

SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

重启Apache2。

6. 验证证书自动更新

certbot在申请证书成功后会自动设置定时更新命令,通过以下命令可以查看自动更新配置:

$ sudo systemctl list-timers
NEXT                         LEFT          LAST                         PASSED       UNIT                         ACTIVATES
Tue 2020-03-31 14:11:39 EDT  1h 12min left Tue 2020-03-31 11:39:26 EDT  1h 19min ago certbot.timer                certbot.service

以下命令可以测试自动更新:

$ sudo certbot renew --dry-run
......
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/dvbrain.tk/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
......

大功告成!