Linux项目

【1.0手动构建】从零设计部署LNMP环境(Debian+Nginx+Mariadb+PHP)搭建WordPress博客

2026-05-01 13:58 · 0 次阅读 · 4 分钟阅读 · 添加评论
📑 文章目录 收起 ▴

首先需要购买一个云服务器(以阿里云为例)

权益 >普惠上云>轻量应用服务器 2核2g就够了(甚至可以权益里领一个月先用)

后面可以买个域名,但是要备案啥的,以后有需要在搞吧

服务器环境选择:debian12,amd64\

开始

换源 
# 换清华大学镜像源
echo "# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-updates main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free non-free-firmware

deb https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security bookworm-security main contrib non-free non-free-firmware" | tee /etc/apt/sources.list

# 更新
apt update -y && apt upgrade -y

选yes

局部截取 20260515 174826 1
Nginx 
一个一个执行
#一般安装
apt install nginx -y


#安装最新版
## 安装依赖包
apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring -y

## 添加密钥
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
 | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
 
## 添加nginx的存储库
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian $(lsb_release -cs) nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list

## 设置存储库优先选择自定义的仓库的包而不是发行版提供的包
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
 | sudo tee /etc/apt/preferences.d/99nginx
 
## 安装
apt update
apt install nginx -y


nginx -v
MariaDB(MySQL 的兼容分支 
# 更新
apt-get update

# 安装Mariadb,密码可设可不设
apt-get install mariadb-server -y

# 检查运行状态
systemctl status mariadb


mariadb -V
PHP 
# 添加密钥
curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg

# 添加存储库
sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'

# 更新软件源
apt-get update

# 安装php及其扩展
apt install php-fpm php-mysql php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip php-imagick -y


php -v

配置相关服务

下载wordpress 
# 下载
wget https://cn.wordpress.org/latest-zh_CN.tar.gz

# 创建一个目录(重要)
mkdir -p /var/www/wordpress

# 将下载的wordpress文件解压到该目录
tar -xzvf latest-zh_CN.tar.gz -C /var/www/wordpress/ --strip-components=1
配置Nginx 
# 新建配置文件
vi /etc/nginx/conf.d/wordpress.conf
# wordpress.longdaiquan.cn
    server {
        listen                             80;
        listen                             [::]:80;
        server_name                        wordpress.longdaiquan.cn;
        set                                $base /var/www/wordpress;
        root                               $base/;
        charset                            utf-8;
        client_max_body_size               100m; 
        
        # security headers
        add_header X-XSS-Protection        "1; mode=block" always;
        add_header X-Content-Type-Options  "nosniff" always;
        add_header Referrer-Policy         "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
        add_header Permissions-Policy      "interest-cohort=()" always;

        # . files
        location ~ /\.(?!well-known) {
            deny all;
        }

        # logging
        access_log /var/log/nginx/wordpress.longdaiquan.cn.access.log;
        error_log  /var/log/nginx/wordpress.longdaiquan.cn.error.log warn;

        # index.php
        index      index.php;

        # index.php fallback
        location / {
            try_files $uri $uri/ /index.php?$query_string;
        }

        # favicon.ico
        location = /favicon.ico {
            log_not_found off;
            access_log    off;
        }

        # robots.txt
        location = /robots.txt {
            log_not_found off;
            access_log    off;
        }

        # assets, media
        location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
            expires    7d;
            access_log off;
        }

        # svg, fonts
        location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
            add_header Access-Control-Allow-Origin "*";
            expires    7d;
            access_log off;
        }

        # gzip
        gzip            on;
        gzip_vary       on;
        gzip_proxied    any;
        gzip_comp_level 6;
        gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

        # WordPress: allow TinyMCE
        location = /wp-includes/js/tinymce/wp-tinymce.php {
            include nginxconfig.io/php_fastcgi.conf;
        }

        # WordPress: deny wp-content, wp-includes php files
        location ~* ^/(?:wp-content|wp-includes)/.*\.php$ {
            deny all;
        }

        # WordPress: deny wp-content/uploads nasty stuff
        location ~* ^/wp-content/uploads/.*\.(?:s?html?|php|js|swf)$ {
            deny all;
        }

        # WordPress: SEO plugin
        location ~* ^/wp-content/plugins/wordpress-seo(?:-premium)?/css/main-sitemap\.xsl$ {}

        # WordPress: deny wp-content/plugins (except earlier rules)
        location ~ ^/wp-content/plugins {
            deny all;
        }

        # WordPress: deny general stuff
        location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
            deny all;
        }

        # handle .php
        location ~ \.php$ {
            fastcgi_pass unix:/var/run/php/php-fpm.sock;
            include      nginxconfig.io/php_fastcgi.conf;
        }
    }

# 单独创建一个php处理请求的配置文件
mkdir -p /etc/nginx/nginxconfig.io/

vi /etc/nginx/nginxconfig.io/php_fastcgi.conf

(以下一起写进vim文件)

# 404
try_files                     $fastcgi_script_name =404;

# default fastcgi_params
include                       fastcgi_params;

# fastcgi settings
fastcgi_index                 index.php;
fastcgi_buffers               8 16k;
fastcgi_buffer_size           32k;

# fastcgi params
fastcgi_param DOCUMENT_ROOT   $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";

(退出vim运行)

# 修改nginx.conf文件:/etc/nginx/nginx.conf
把user  nginx;改为user  www-data;
# 查看nginx配置是否正确
nginx -t 

# 更改权限
chown -R www-data:www-data /var/www/wordpress

# 使配置生效
systemctl restart nginx
局部截取 20260515 181509
配置Mariadb 
# 进入数据库
mariadb

# 创建数据库用户
CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'your_password';

# 创建数据库
CREATE DATABASE wordpress;    

# 给新建用户授权
GRANT ALL PRIVILEGES ON wordpress.* TO 'wp_user'@'localhost';
    

# 刷新权限
FLUSH PRIVILEGES;

# 直接退出即可
exit

上面是授予全部权限,安全性不高,下面只授予SELECT,INSERT,UPDATE,DELETE,LOCK TABLES五个应用层日常读写权限

GRANT SELECT, INSERT, UPDATE, DELETE, LOCK TABLES ON wordpress.* TO 'wp_user'@'localhost';
网站文件更改

在服务器目录下找到/etc/nginx/conf.d/wordpress.conf

server_name 后网站改为47.97.100.212(ps:自己的网站,域名也可以,ip地址也可以)

安装配置

局部截取 20260512 225614 1024x883

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注