first version

2019-06-05 22:18:26 +08:00 · 2019-06-05 22:18:26 +08:00 · e02b458ac1
commit e02b458ac1
2 changed files with 190 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,139 @@
+## 系統需求
+OS: Debian / Ubuntu
+> 以下範例使用 Debian 9 安裝
+
+----
+## 安裝步驟
+- 安裝 Nginx
+```bash
+sudo apt-get install nginx
+```
+- 安裝 MariaDB (MySQL)
+> 官方網站 https://downloads.mariadb.org/mariadb/repositories/
+```bash
+# 安裝系統依賴
+sudo apt-get install software-properties-common dirmngr
+# 新增安裝包來源與金鑰
+sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xF1656F24C74CD1D8
+sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://ftp.yz.yamagata-u.ac.jp/pub/dbms/mariadb/repo/10.3/debian stretch main'
+# 更新來源與安裝
+sudo apt-get update
+sudo apt-get install mariadb-server
+```
+- 修改資料庫設定
+> 設定資料庫文字編碼為UTF-8
+```bash
+# sudo vim /etc/mysql/mariadb.cnf
+# MariaDB-specific config file.
+# Read by /etc/mysql/my.cnf
+
+[client]
+# Default is Latin1, if you need UTF-8 set this (also in server section)
+default-character-set = utf8 
+
+[mysqld]
+#
+# * Character sets
+# 
+# Default is Latin1, if you need UTF-8 set all this (also in client section)
+#
+character-set-server  = utf8 
+collation-server      = utf8_general_ci 
+character_set_server   = utf8 
+collation_server       = utf8_general_ci 
+# Import all .cnf files from configuration directory
+```
+- 重啟資料庫完成設定
+```bash
+sudo systemctl restart mysql
+```
+- 安裝 PHP-FPM 與相關套件 (PHP 7.0)
+```bash
+sudo apt-get install php7.0-cli php7.0-curl php7.0-dev php7.0-fpm php7.0-imap php7.0-intl php7.0-json php7.0-mbstring php7.0-mcrypt php7.0-mysql php7.0-readline php7.0-xml php7.0-xmlrpc php7.0-zip
+```
+- 修改 php-fpm 設定
+```bash
+# sudo vim /etc/php/7.0/fpm/pool.d/www.conf
+# 確認 fpm cgi 監聽位置
+listen = /run/php/php7.0-fpm.sock
+```
+- 新增 Nginx 執行 PHP 設定
+```bash
+# sudo vim /etc/nginx/php-fpm.conf
+location ~ \.php$ {
+ include snippets/fastcgi-php.conf;
+
+ # With php-fpm (or other unix sockets):
+ fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+ # With php-cgi (or other tcp sockets):
+ #fastcgi_pass 127.0.0.1:9000;
+}
+```
+- 產生SSL DHParam
+```bash
+sudo openssl -out /etc/nginx/dhparam.pem 2048
+```
+- 新增Let's encrypt 設定
+```bash
+# sudo vim /etc/nginx/letsencrypt.conf
+location ^~ /.well-known/acme-challenge/ {
+  default_type "text/plain";
+  root /var/www/letsencrypt;
+}
+```
+- 安裝 Certbot (let's encrypt cli)
+```bash
+sudo apt-get install certbot -t stretch-backports
+```
+- 修改 Nginx 設定用來執行 Let's encrypt
+> 找到 location / 在上面新增 include letsencrypt.conf;
+```bash
+# sudo vim /etc/nginx/sites-enabled/default
+include letsencrypt.conf;
+
+location / { 
+# First attempt to serve request as file, then
+# as directory, then fall back to displaying a 404.
+try_files $uri $uri/ =404;
+}
+```
+- 建立 let's encrypt 驗證用資料夾
+```bash
+sudo mkdir -p /var/www/letsencrypt
+# 變更資料夾擁有者到 www-data
+sudo chown -R www-data:www-data /var/www
+```
+- 重新啟動 Nginx 應用剛剛修改的設定
+```bash
+sudo systemctl restart nginx
+```
+- 申請SSL憑證 (webroot)
+> 執行前確定DNS A record 是不是有指到伺服器上
+```bash
+sudo certbot certonly --webroot -w /var/www/letsencrypt -d domain.name
+```
+- 下載Wordpress 網頁檔案
+```bash
+cd /var/www
+sudo wget https://tw.wordpress.org/wordpress-5.2-zh_TW.tar.gz
+sudo tar zxvf wordpress-5.2-zh_TW.tar.gz
+sudo chown -R www-data:www-data /var/www
+```
+- 新增wordpress nginx 設定
+> [Config file](wordpress.conf) 下載此設定檔到伺服器，並且修改設定檔內部的 "domain.name" 為自己的domain name
+```bash
+# 移動檔案到 nginx 工作目錄
+sudo mv wordpress.conf /etc/nginx/sites-available/
+# 建立軟連結到 nginx 啟用的設定檔案目錄
+sudo ln -s /etc/nginx/sites-available/wordpress.conf /etc/nginx/sites-enabled/wordpress.conf
+# 測試 nginx 設定是否正確
+sudo nginx -t 
+# 確定設定無誤 重啟nginx
+sudo systemctl restart nginx
+```
+- 建立wordpress用的資料庫
+```bash
+# 建立名為 wordpress 的資料庫
+echo "create database wordpress;" | mysql -u root -p
+```
+- 開啟瀏覽器設定安裝wordpress
--- a/wordpress.conf
+++ b/wordpress.conf
@ -0,0 +1,51 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name domain.name;
+	access_log /var/log/nginx/access.log;
+
+  include letsencrypt.conf;
+
+  location / {
+	  return 301 https://$server_name$request_uri;
+  }
+
+}
+server {
+	listen 443 http2;
+	listen [::]:443 http2;
+	server_name domain.name;
+
+	ssl on;
+	ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem;
+	ssl_trusted_certificate /etc/letsencrypt/live/domain.name/fullchain.pem;
+	ssl_session_timeout 1d;
+	ssl_session_cache shared:SSL:50m;
+
+	ssl_dhparam /etc/nginx/dhparam.pem;
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+	ssl_prefer_server_ciphers on;
+
+	add_header Strict-Transport-Security max-age=31556926;
+
+	ssl_stapling on;
+	ssl_stapling_verify on;
+
+	client_max_body_size 1024m;
+
+	access_log /var/log/nginx/access.log;
+
+	root /var/www/wordpress;
+	index index.php index.html index.htm;
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+
+	include php-fpm.conf;
+
+}
+