Kukhazikitsa WordPress yokha ndi NGINX Unit ndi Ubuntu
Pali maphunziro ambiri amomwe mungayikitsire WordPress, kusaka kwa Google kwa "WordPress install" kudzatulutsa zotsatira pafupifupi theka la miliyoni. Komabe, kwenikweni, pali maupangiri abwino ochepa kwambiri pakati pawo, malinga ndi momwe mungakhazikitsire ndikusintha WordPress ndi makina ogwiritsira ntchito kuti athe kuthandizira kwa nthawi yayitali. Mwina makonda olondola amadalira kwambiri zosowa zapadera, kapena izi ndichifukwa choti kufotokozera mwatsatanetsatane kumapangitsa kuti nkhaniyo ikhale yovuta kuwerenga.
M'nkhaniyi, tiyesa kuphatikiza zabwino kwambiri padziko lonse lapansi popereka bash script kuti mukhazikitse WordPress pa Ubuntu, komanso kudutsamo, kufotokoza zomwe chidutswa chilichonse chimachita, komanso kusagwirizana komwe tidapanga pakukulitsa. . Ngati ndinu wogwiritsa ntchito kwambiri, mutha kudumpha zolemba zankhaniyo komanso basi tengani script kusinthidwa ndikugwiritsa ntchito m'malo anu. Kutulutsa kwa script ndikokhazikika kwa WordPress kukhazikitsa ndi Lets Encrypt support, kuthamanga pa NGINX Unit komanso yoyenera kugwiritsidwa ntchito popanga.
Zomangamanga zopangira WordPress pogwiritsa ntchito NGINX Unit zikufotokozedwa mu nkhani yakale, tsopano tikonzanso zinthu zomwe sizinafotokozedwe pamenepo (monga maphunziro ena ambiri):
WordPress CLI
Tiyeni Tilembetse ndi Ziphaso za TLSSSL
Kukonzanso ziphaso zokha
NGINX caching
NGINX Compression
HTTPS ndi HTTP/2 thandizo
Process Automation
Nkhaniyi ifotokoza za kukhazikitsa pa seva imodzi, yomwe nthawi yomweyo idzakhala ndi seva yokhazikika, seva yopangira PHP, ndi database. Kuyika komwe kumathandizira ma Host angapo ndi mautumiki ndi mutu womwe ungachitike mtsogolo. Ngati mukufuna kuti tilembe zomwe sizili m'nkhanizi, lembani mu ndemanga.
amafuna
Seva ya Container (Mtengo wa LXC kapena Chithunzi cha LXD), makina enieni, kapena seva yachitsulo yanthawi zonse yokhala ndi 512MB ya RAM ndi Ubuntu 18.04 kapena yatsopano.
Madoko opezeka pa intaneti 80 ndi 443
Dzina ladomeni lolumikizidwa ndi adilesi yapagulu ya seva iyi
Kufikira kwa mizu (sudo).
Zomangamanga mwachidule
Zomangamanga ndizofanana ndi zomwe zafotokozedwa kale, pulogalamu yapaintaneti ya magawo atatu. Zili ndi zolemba za PHP zomwe zimayenda pa injini ya PHP ndi mafayilo osasunthika omwe amakonzedwa ndi seva yapaintaneti.
Mfundo zambiri
Malamulo ambiri osinthika mu script amakulungidwa ngati zikhalidwe za idempotency: script ikhoza kuyendetsedwa kangapo popanda chiopsezo chosintha makonda omwe ali kale.
Script imayesa kukhazikitsa mapulogalamu kuchokera ku repositories, kotero mutha kugwiritsa ntchito zosintha zamakina mu lamulo limodzi (apt upgrade kwa Ubuntu).
Kuti muyike kuchuluka kwa ulusi kuti muyambike pazosintha, script imayesa kulingalira zosintha zokha zogwirira ntchito muzotengera, makina enieni, ndi maseva a hardware.
WORDPRESS_URL ndiye ulalo wathunthu wa tsamba la WordPress, kuyambira pa https://.
LETS_ENCRYPT_STAGING - opanda kanthu mwachisawawa, koma poyika mtengo kukhala 1, mudzagwiritsa ntchito ma seva a Let Encrypt staging, omwe ndi ofunikira kuti mupemphe ziphaso pafupipafupi poyesa zokonda zanu, apo ayi Let's Encrypt ikhoza kuletsa adilesi yanu ya ip kwakanthawi chifukwa chazopempha zambiri. .
TLS_HOSTNAME= "$(echo ${WORDPRESS_URL} | cut -d'/' -f3)" - dzina lachidziwitso chadongosolo, lotengedwa kuchokera ku WORDPRESS_URL kusintha. Amagwiritsidwa ntchito kupeza ziphaso zoyenera za TLS/SSL kuchokera ku Let's Encrypt komanso kutsimikizira kwamkati kwa WordPress.
NGINX_CONF_DIR="/etc/nginx" - njira yopita ku chikwatu chokhala ndi zoikamo za NGINX, kuphatikiza fayilo yayikulu nginx.conf.
CERT_DIR="/etc/letsencrypt/live/${TLS_HOSTNAME}" - njira yopita ku Let's Encrypt satifiketi zatsamba la WordPress, zotengedwa kuchokera pazosintha TLS_HOSTNAME.
Kupereka dzina la alendo ku seva ya WordPress
Zolemba zimakhazikitsa dzina la seva kuti lifanane ndi dzina la tsambalo. Izi sizofunika, koma ndizosavuta kutumiza makalata otuluka kudzera pa SMTP mukakhazikitsa seva imodzi, monga momwe zimakhalira ndi script.
script kodi
# Change the hostname to be the same as the WordPress hostname
if [ ! "$(hostname)" == "${TLS_HOSTNAME}" ]; then
echo " Changing hostname to ${TLS_HOSTNAME}"
hostnamectl set-hostname "${TLS_HOSTNAME}"
fi
# Add the hostname to /etc/hosts
if [ "$(grep -m1 "${TLS_HOSTNAME}" /etc/hosts)" = "" ]; then
echo " Adding hostname ${TLS_HOSTNAME} to /etc/hosts so that WordPress can ping itself"
printf "::1 %sn127.0.0.1 %sn" "${TLS_HOSTNAME}" "${TLS_HOSTNAME}" >> /etc/hosts
fi
Kuyika zida zofunika pamasitepe otsatirawa
Zolemba zonse zimafunikira mapulogalamu ena ndipo amaganiza kuti zosungirako zasinthidwa. Timasintha mndandanda wa nkhokwe, pambuyo pake timayika zida zofunika:
script kodi
# Make sure tools needed for install are present
echo " Installing prerequisite tools"
apt-get -qq update
apt-get -qq install -y
bc
ca-certificates
coreutils
curl
gnupg2
lsb-release
Kuwonjezera NGINX Unit ndi NGINX Repositories
Zolemba zimayika NGINX Unit ndi gwero lotseguka la NGINX kuchokera ku malo ovomerezeka a NGINX kuti atsimikizire kuti matembenuzidwe omwe ali ndi zigamba zaposachedwa zachitetezo ndi kukonza zolakwika zimagwiritsidwa ntchito.
Zolembazo zimawonjezera NGINX Unit repository kenako chosungira cha NGINX, ndikuwonjezera makiyi osungira ndi mafayilo osinthira. apt, kutanthauzira mwayi wopeza nkhokwe kudzera pa intaneti.
Kuyika kwenikweni kwa NGINX Unit ndi NGINX kumachitika mu gawo lotsatira. Timayikatu zosungirako kuti tisamasinthe metadata kangapo, zomwe zimapangitsa kuyika mwachangu.
script kodi
# Install the NGINX Unit repository
if [ ! -f /etc/apt/sources.list.d/unit.list ]; then
echo " Installing NGINX Unit repository"
curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add -
echo "deb https://packages.nginx.org/unit/ubuntu/ $(lsb_release -cs) unit" > /etc/apt/sources.list.d/unit.list
fi
# Install the NGINX repository
if [ ! -f /etc/apt/sources.list.d/nginx.list ]; then
echo " Installing NGINX repository"
curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add -
echo "deb https://nginx.org/packages/mainline/ubuntu $(lsb_release -cs) nginx" > /etc/apt/sources.list.d/nginx.list
fi
Kuyika NGINX, NGINX Unit, PHP MariaDB, Certbot (Let's Encrypt) ndi kudalira kwawo
echo " Updating repository metadata"
apt-get -qq update
# Install PHP with dependencies and NGINX Unit
echo " Installing PHP, NGINX Unit, NGINX, Certbot, and MariaDB"
apt-get -qq install -y --no-install-recommends
certbot
python3-certbot-nginx
php-cli
php-common
php-bcmath
php-curl
php-gd
php-imagick
php-mbstring
php-mysql
php-opcache
php-xml
php-zip
ghostscript
nginx
unit
unit-php
mariadb-server
Kukhazikitsa PHP kuti mugwiritse ntchito ndi NGINX Unit ndi WordPress
Script imapanga fayilo yosintha mu chikwatu conf.d. Izi zimayika kukula kwakukulu kwa fayilo kwa kukweza kwa PHP, kuyatsa zotulukapo zolakwika za PHP ku STDERR kotero kuti zilembedwe ku chipika cha NGINX Unit, ndikuyambitsanso NGINX Unit.
script kodi
# Find the major and minor PHP version so that we can write to its conf.d directory
PHP_MAJOR_MINOR_VERSION="$(php -v | head -n1 | cut -d' ' -f2 | cut -d'.' -f1,2)"
if [ ! -f "/etc/php/${PHP_MAJOR_MINOR_VERSION}/embed/conf.d/30-wordpress-overrides.ini" ]; then
echo " Configuring PHP for use with NGINX Unit and WordPress"
# Add PHP configuration overrides
cat > "/etc/php/${PHP_MAJOR_MINOR_VERSION}/embed/conf.d/30-wordpress-overrides.ini" << EOM
; Set a larger maximum upload size so that WordPress can handle
; bigger media files.
upload_max_filesize=${UPLOAD_MAX_FILESIZE}
post_max_size=${UPLOAD_MAX_FILESIZE}
; Write error log to STDERR so that error messages show up in the NGINX Unit log
error_log=/dev/stderr
EOM
fi
# Restart NGINX Unit because we have reconfigured PHP
echo " Restarting NGINX Unit"
service unit restart
Kufotokozera Zokonda Zamasamba za MariaDB za WordPress
Tasankha MariaDB pa MySQL popeza ili ndi zochitika zambiri zapagulu komanso ikuyenera kutero imapereka magwiridwe antchito bwino mwa kusakhazikika (mwina, chilichonse ndi chosavuta apa: kukhazikitsa MySQL, muyenera kuwonjezera chosungira china, pafupifupi. womasulira).
# Set up the WordPress database
echo " Configuring MariaDB for WordPress"
mysqladmin create wordpress || echo "Ignoring above error because database may already exist"
mysql -e "GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"localhost" IDENTIFIED BY "$WORDPRESS_DB_PASSWORD"; FLUSH PRIVILEGES;"
Kukhazikitsa WordPress CLI Program
Pa sitepe iyi, script imayika pulogalamuyo WP-CLI. Ndi iyo, mutha kukhazikitsa ndikuwongolera zoikamo za WordPress popanda kusintha mafayilo, kusintha nkhokwe, kapena kulowa gulu lowongolera. Itha kugwiritsidwanso ntchito kukhazikitsa mitu ndi zowonjezera ndikusintha WordPress.
script kodi
if [ ! -f /usr/local/bin/wp ]; then
# Install the WordPress CLI
echo " Installing the WordPress CLI tool"
curl --retry 6 -Ls "https://github.com/wp-cli/wp-cli/releases/download/v${WORDPRESS_CLI_VERSION}/wp-cli-${WORDPRESS_CLI_VERSION}.phar" > /usr/local/bin/wp
echo "$WORDPRESS_CLI_MD5 /usr/local/bin/wp" | md5sum -c -
chmod +x /usr/local/bin/wp
fi
Kukhazikitsa ndi kukonza WordPress
Script imayika mtundu waposachedwa wa WordPress mu bukhu /var/www/wordpressndikusinthanso zoikamo:
Kulumikizana kwa database kumagwira ntchito pa socket ya unix m'malo mwa TCP pa loopback kuti muchepetse kuchuluka kwa TCP.
WordPress imawonjezera choyambirira https:// ku URL ngati makasitomala akugwirizanitsa ndi NGINX pa HTTPS, komanso amatumiza dzina lakutali (monga laperekedwa ndi NGINX) ku PHP. Timagwiritsa ntchito chidutswa cha code kuti tiyike izi.
WordPress ikufunika HTTPS kuti mulowe
Mapangidwe a URL osasinthika amatengera zinthu
Imakhazikitsa zilolezo zolondola pamafayilo a WordPress directory.
script kodi
if [ ! -d /var/www/wordpress ]; then
# Create WordPress directories
mkdir -p /var/www/wordpress
chown -R www-data:www-data /var/www
# Download WordPress using the WordPress CLI
echo " Installing WordPress"
su -s /bin/sh -c 'wp --path=/var/www/wordpress core download' www-data
WP_CONFIG_CREATE_CMD="wp --path=/var/www/wordpress config create --extra-php --dbname=wordpress --dbuser=wordpress --dbhost="localhost:/var/run/mysqld/mysqld.sock" --dbpass="${WORDPRESS_DB_PASSWORD}""
# This snippet is injected into the wp-config.php file when it is created;
# it informs WordPress that we are behind a reverse proxy and as such
# allows it to generate links using HTTPS
cat > /tmp/wp_forwarded_for.php << 'EOM'
/* Turn HTTPS 'on' if HTTP_X_FORWARDED_PROTO matches 'https' */
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
$_SERVER['HTTPS'] = 'on';
}
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}
EOM
# Create WordPress configuration
su -s /bin/sh -p -c "cat /tmp/wp_forwarded_for.php | ${WP_CONFIG_CREATE_CMD}" www-data
rm /tmp/wp_forwarded_for.php
su -s /bin/sh -p -c "wp --path=/var/www/wordpress config set 'FORCE_SSL_ADMIN' 'true'" www-data
# Install WordPress
WP_SITE_INSTALL_CMD="wp --path=/var/www/wordpress core install --url="${WORDPRESS_URL}" --title="${WORDPRESS_SITE_TITLE}" --admin_user="${WORDPRESS_ADMIN_USER}" --admin_password="${WORDPRESS_ADMIN_PASSWORD}" --admin_email="${WORDPRESS_ADMIN_EMAIL}" --skip-email"
su -s /bin/sh -p -c "${WP_SITE_INSTALL_CMD}" www-data
# Set permalink structure to a sensible default that isn't in the UI
su -s /bin/sh -p -c "wp --path=/var/www/wordpress option update permalink_structure '/%year%/%monthnum%/%postname%/'" www-data
# Remove sample file because it is cruft and could be a security problem
rm /var/www/wordpress/wp-config-sample.php
# Ensure that WordPress permissions are correct
find /var/www/wordpress -type d -exec chmod g+s {} ;
chmod g+w /var/www/wordpress/wp-content
chmod -R g+w /var/www/wordpress/wp-content/themes
chmod -R g+w /var/www/wordpress/wp-content/plugins
fi
Kukhazikitsa NGINX Unit
Zolembazo zimapanga NGINX Unit kuti iyendetse PHP ndikukonzekera njira za WordPress, kupatula malo a PHP process namespace ndikukonza zoikamo. Pali zinthu zitatu zofunika kuziwona apa:
Thandizo la malo a mayina limatsimikiziridwa ndi chikhalidwe, kutengera kuwona kuti script ikuyenda mu chidebe. Izi ndizofunikira chifukwa makonzedwe ambiri a chidebe samathandizira kukhazikitsidwa kwa zisa.
Ngati pali thandizo lamalo, zimitsani dzinalo zopezera. Izi ndikulola WordPress kuti ilumikizane ndi mathero onse ndikupezeka pa intaneti nthawi imodzi.
Kuchuluka kwa njira kumatanthauzidwa motere: (Kukumbukira komwe kulipo pakuyendetsa MariaDB ndi NGINX Uniy)/(malire a RAM mu PHP + 5)
Mtengo uwu wakhazikitsidwa muzokonda za NGINX Unit.
if [ "${container:-unknown}" != "lxc" ] && [ "$(grep -m1 -a container=lxc /proc/1/environ | tr -d '')" == "" ]; then
NAMESPACES='"namespaces": {
"cgroup": true,
"credential": true,
"mount": true,
"network": false,
"pid": true,
"uname": true
}'
else
NAMESPACES='"namespaces": {}'
fi
PHP_MEM_LIMIT="$(grep 'memory_limit' /etc/php/7.4/embed/php.ini | tr -d ' ' | cut -f2 -d= | numfmt --from=iec)"
AVAIL_MEM="$(grep MemAvailable /proc/meminfo | tr -d ' kB' | cut -f2 -d: | numfmt --from-unit=K)"
MAX_PHP_PROCESSES="$(echo "${AVAIL_MEM}/${PHP_MEM_LIMIT}+5" | bc)"
echo " Calculated the maximum number of PHP processes as ${MAX_PHP_PROCESSES}. You may want to tune this value due to variations in your configuration. It is not unusual to see values between 10-100 in production configurations."
echo " Configuring NGINX Unit to use PHP and WordPress"
cat > /tmp/wordpress.json << EOM
{
"settings": {
"http": {
"header_read_timeout": 30,
"body_read_timeout": 30,
"send_timeout": 30,
"idle_timeout": 180,
"max_body_size": $(numfmt --from=iec ${UPLOAD_MAX_FILESIZE})
}
},
"listeners": {
"127.0.0.1:8080": {
"pass": "routes/wordpress"
}
},
"routes": {
"wordpress": [
{
"match": {
"uri": [
"*.php",
"*.php/*",
"/wp-admin/"
]
},
"action": {
"pass": "applications/wordpress/direct"
}
},
{
"action": {
"share": "/var/www/wordpress",
"fallback": {
"pass": "applications/wordpress/index"
}
}
}
]
},
"applications": {
"wordpress": {
"type": "php",
"user": "www-data",
"group": "www-data",
"processes": {
"max": ${MAX_PHP_PROCESSES},
"spare": 1
},
"isolation": {
${NAMESPACES}
},
"targets": {
"direct": {
"root": "/var/www/wordpress/"
},
"index": {
"root": "/var/www/wordpress/",
"script": "index.php"
}
}
}
}
}
EOM
curl -X PUT --data-binary @/tmp/wordpress.json --unix-socket /run/control.unit.sock http://localhost/config
Kukhazikitsa NGINX
Kukonza Zokonda Zoyambira za NGINX
Zolemba zimapanga chikwatu cha cache ya NGINX ndikupanga fayilo yayikulu yosinthira nginx.conf. Samalani ku kuchuluka kwa njira zogwirira ntchito komanso makonzedwe a kukula kwa fayilo kuti muyike. Palinso mzere womwe umaphatikizapo fayilo ya zoikamo za compression yomwe ikufotokozedwa mu gawo lotsatira, ndikutsatiridwa ndi makonda a caching.
Kupondereza zomwe zili pa ntchentche musanazitumize kwa makasitomala ndi njira yabwino yopititsira patsogolo ntchito za tsamba, koma pokhapokha ngati kuponderezedwa kumakonzedwa bwino. Gawo ili la script limachokera pa zoikamo kuchokera pano.
script kodi
cat > ${NGINX_CONF_DIR}/gzip_compression.conf << 'EOM'
# Credit: https://github.com/h5bp/server-configs-nginx/
# ----------------------------------------------------------------------
# | Compression |
# ----------------------------------------------------------------------
# https://nginx.org/en/docs/http/ngx_http_gzip_module.html
# Enable gzip compression.
# Default: off
gzip on;
# Compression level (1-9).
# 5 is a perfect compromise between size and CPU usage, offering about 75%
# reduction for most ASCII files (almost identical to level 9).
# Default: 1
gzip_comp_level 6;
# Don't compress anything that's already small and unlikely to shrink much if at
# all (the default is 20 bytes, which is bad as that usually leads to larger
# files after gzipping).
# Default: 20
gzip_min_length 256;
# Compress data even for clients that are connecting to us via proxies,
# identified by the "Via" header (required for CloudFront).
# Default: off
gzip_proxied any;
# Tell proxies to cache both the gzipped and regular version of a resource
# whenever the client's Accept-Encoding capabilities header varies;
# Avoids the issue where a non-gzip capable client (which is extremely rare
# today) would display gibberish if their proxy gave them the gzipped version.
# Default: off
gzip_vary on;
# Compress all output labeled with one of the following MIME-types.
# `text/html` is always compressed by gzip module.
# Default: text/html
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/vnd.ms-fontobject
application/wasm
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/bmp
image/svg+xml
text/cache-manifest
text/calendar
text/css
text/javascript
text/markdown
text/plain
text/xml
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
EOM
Kukhazikitsa NGINX kwa WordPress
Kenako, script imapanga fayilo yosinthira ya WordPress default.conf mu katalogu conf.d. Idakonzedwa apa:
Kutsegula ziphaso za TLS zolandiridwa kuchokera kwa Let's Encrypt kudzera Certbot (kukhazikitsa kudzakhala gawo lotsatira)
Kukonza makonda achitetezo a TLS kutengera malingaliro a Let's Encrypt
Yambitsani zopempha zodumpha posungira kwa ola limodzi mwachisawawa