Wordpress搭建教程

环境：debian12，amd64

安装LNMP环境

换源

# 换清华大学镜像源
echo "# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware" | tee /etc/apt/sources.list

# 更新
apt update -y && apt upgrade -y

需求：php7.4及以上，Mysql5.7及以上，nginx

nginx1.24.0

mysql8.0

php8.2

Nginx

#一般安装
apt install nginx -y


#安装最新版
## 安装依赖包
apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring -y

## 添加密钥
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
    
## 添加nginx的存储库
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian $(lsb_release -cs) nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list

## 设置存储库优先选择自定义的仓库的包而不是发行版提供的包
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx
    
## 安装
apt update
apt install nginx -y


nginx -v

Mysql

# 下载MySQL APT 存储库
wget https://dev.mysql.com/get/mysql-apt-config_0.8.28-1_all.deb

# 安装包,默认即可
dpkg -i mysql-apt-config_0.8.28-1_all.deb

# 更新
apt-get update

# 安装Mysql，密码可设可不设
apt-get install mysql-server -y

# 检查运行状态
systemctl status mysql


mysql -V

PHP

默认的 Debian 仓库不包含最新版本的 PHP,需导入第三方库

# 添加密钥
curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg

# 添加存储库
sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'

# 更新软件源
apt-get update

# 安装php及其扩展
apt install php-fpm php-mysql php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip php-imagick -y


php -v

配置相关服务

下载wordpress

# 下载
wget https://cn.wordpress.org/latest-zh_CN.tar.gz

# 创建一个目录
mkdir -p /var/www/wordpress

# 将下载的wordpress文件解压到该目录
tar -xzvf latest-zh_CN.tar.gz -C /var/www/wordpress/ --strip-components=1

配置Nginx

# 新建配置文件
vi /etc/nginx/conf.d/wordpress.conf


# wordpress.longdaiquan.cn
    server {
        listen                             80;
        listen                             [::]:80;
        server_name                        wordpress.longdaiquan.cn;
        set                                $base /var/www/wordpress;
        root                               $base/;
        charset                            utf-8;
        client_max_body_size               100m; 
        
        # security headers
        add_header X-XSS-Protection        "1; mode=block" always;
        add_header X-Content-Type-Options  "nosniff" always;
        add_header Referrer-Policy         "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
        add_header Permissions-Policy      "interest-cohort=()" always;

        # . files
        location ~ /\.(?!well-known) {
            deny all;
        }

        # logging
        access_log /var/log/nginx/wordpress.longdaiquan.cn.access.log;
        error_log  /var/log/nginx/wordpress.longdaiquan.cn.error.log warn;

        # index.php
        index      index.php;

        # index.php fallback
        location / {
            try_files $uri $uri/ /index.php?$query_string;
        }

        # favicon.ico
        location = /favicon.ico {
            log_not_found off;
            access_log    off;
        }

        # robots.txt
        location = /robots.txt {
            log_not_found off;
            access_log    off;
        }

        # assets, media
        location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
            expires    7d;
            access_log off;
        }

        # svg, fonts
        location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
            add_header Access-Control-Allow-Origin "*";
            expires    7d;
            access_log off;
        }

        # gzip
        gzip            on;
        gzip_vary       on;
        gzip_proxied    any;
        gzip_comp_level 6;
        gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

        # WordPress: allow TinyMCE
        location = /wp-includes/js/tinymce/wp-tinymce.php {
            include nginxconfig.io/php_fastcgi.conf;
        }

        # WordPress: deny wp-content, wp-includes php files
        location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
            deny all;
        }

        # WordPress: deny wp-content/uploads nasty stuff
        location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
            deny all;
        }

        # WordPress: SEO plugin
        location ~* ^/wp-content/plugins/wordpress-seo(?:-premium)?/css/main-sitemap\.xsl$ {}

        # WordPress: deny wp-content/plugins (except earlier rules)
        location ~ ^/wp-content/plugins {
            deny all;
        }

        # WordPress: deny general stuff
        location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
            deny all;
        }

        # handle .php
        location ~ \.php$ {
            fastcgi_pass unix:/var/run/php/php-fpm.sock;
            include      nginxconfig.io/php_fastcgi.conf;
        }
    }

# 单独创建一个php处理请求的配置文件
mkdir -p /etc/nginx/nginxconfig.io/

vi /etc/nginx/nginxconfig.io/php_fastcgi.conf


# 404
try_files                     $fastcgi_script_name =404;

# default fastcgi_params
include                       fastcgi_params;

# fastcgi settings
fastcgi_index                 index.php;
fastcgi_buffers               8 16k;
fastcgi_buffer_size           32k;

# fastcgi params
fastcgi_param DOCUMENT_ROOT   $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";



# 修改nginx.conf文件
把user  nginx;改为user  www-data;

# 查看nginx配置是否正确
nginx -t 

# 更改权限
chown -R www-data:www-data /var/www/wordpress

# 使配置生效
systemctl restart nginx

配置Mysql

# 进入数据库
mysql

# 创建数据库用户
CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'your_password';

# 创建数据库
CREATE DATABASE wordpress;    

# 给新建用户授权
GRANT ALL PRIVILEGES ON wordpress.* TO 'wp_user'@'localhost';
    

# 刷新权限
FLUSH PRIVILEGES;

# 直接退出即可
exit    

现在应该可以使用http+域名访问了

配置SSL

# 安装snapd
apt install snapd -y

# 注销并重新登录系统
logout

# 安装coresnap以获得最新的snapd
snap install core

# 检查是否安装成功，国内没有镜像，下载会很慢
snap install hello-world

hello-world
# 输出Hello World!即为安装成功

# 安装Certbot
snap install --classic certbot

ln -s /snap/bin/certbot /usr/bin/certbot

# 安装证书
certbot --nginx

依次输入：输入邮箱
        是否同意服务条款
        是否分享邮箱地址
        要将HTTPS应用到哪个站点
        
# 测试自动续订
certbot renew --dry-run
        

成功打开HTTPS

安装

访问网址，配置即可

完成！！！