LAMP架构WordPress博客平台部署
在Linux上搭建LAMP架构,此基础上部署WordPress博客平台。
一、架构
· Linux:Centos操作系统。
· nginx:Web 服务器。
· Mysql:MariaDB数据库服务器。
· PHP:php编程语言运行环境。
· WordPress:使用PHP语言开发的博客平台,也可以把 WordPress当作一个内容管理系统(CMS)来使用。下载地址: https://cn.wordpress.org/download/releases/
二、软硬件环境
节点 | 功能 | 硬件 | 操作系统 | IP | 软件 |
Web Server | LAMP+WordPress | VMware虚拟机2vcpu、2g内存 | CentOS8.5 | 192.168.80.11/24 | CentOS8.5.2111阿里源的Apache(httpd 2.4.37)、MariaDB(10.3.28)和PHP(7.4.19); WordPress(6.7.2) |
Client | 客户端浏览器 | 宿主机或虚拟机 | 任意 | 192.168.80.x/24 | 浏览器 |
三、实施
1、Web Server基础环境配置
· 设置ip
#配置ip [root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:72:c1:fb brd ff:ff:ff:ff:ff:ff inet 192.168.80.133/24 brd 192.168.80.255 scope global dynamic noprefixroute ens160 valid_lft 1442sec preferred_lft 1442sec inet6 fe80::20c:29ff:fe72:c1fb/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:1a:a4:fe brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:1a:a4:fe brd ff:ff:ff:ff:ff:ff [root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens160 [root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens160 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=ens160 UUID=fce3c4bd-556a-488c-ba0c-b28237ca2e59 DEVICE=ens160 ONBOOT=yes IPADDR=192.168.80.11 PREFIX=24 GATEWAY=192.168.80.2 DNS1=192.168.80.2 [root@localhost ~]# nmcli c reload [root@localhost ~]# nmcli c up ens160 连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/4) [root@localhost ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:72:c1:fb brd ff:ff:ff:ff:ff:ff inet 192.168.80.11/24 brd 192.168.80.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe72:c1fb/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:1a:a4:fe brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:1a:a4:fe brd ff:ff:ff:ff:ff:ff [root@localhost ~]# ping www.baidu.com PING www.baidu.com (183.240.98.161) 56(84) bytes of data. ^C64 bytes from 183.240.98.161: icmp_seq=1 ttl=128 time=14.10 ms
— www.baidu.com ping statistics — 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 14.950/14.950/14.950/0.000 ms
|
· 设置主机名、关闭防火墙和selinux、配置yum源
[root@localhost ~]# hostnamectl set-hostname gw80 && bash [root@gw80 ~]# systemctl stop firewalld && systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@gw80 ~]# setenforce 0 [root@gw80 ~]# getenforce Permissive [root@gw80 ~]# sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config [root@gw80 ~]# mkdir /opt/yumbackup [root@gw80 ~]# mv /etc/yum.repos.d/* /opt/yumbackup [root@gw80 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo –2025-03-17 22:50:56– https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo 正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)… 183.255.16.140, 183.255.16.145, 183.255.16.144 正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|183.255.16.140|:443… 已连接。 已发出 HTTP 请求,正在等待回应… 200 OK 长度:2495 (2.4K) [application/octet-stream] 正在保存至: “/etc/yum.repos.d/CentOS-Base.repo”
/etc/yum.repos.d/CentOS-Bas 100%[===========================================>] 2.44K –.-KB/s 用时 0s
2025-03-17 22:50:57 (21.7 MB/s) – 已保存 “/etc/yum.repos.d/CentOS-Base.repo” [2495/2495])
[root@gw80 ~]# ll /etc/yum.repos.d/ 总用量 4 -rw-r–r–. 1 root root 2495 8月 4 2022 CentOS-Base.repo [root@gw80 ~]# yum clean all && yum makecache 0 文件已删除 CentOS-8.5.2111 – Base – mirrors.aliyun.com 11 MB/s | 4.6 MB 00:00 CentOS-8.5.2111 – Extras – mirrors.aliyun.com 31 kB/s | 10 kB 00:00 CentOS-8.5.2111 – AppStream – mirrors.aliyun.com 8.9 MB/s | 8.4 MB 00:00 元数据缓存已建立。 |
2、Apache web服务器部署
#安装httpd服务 [root@gw80 ~]# yum install -y httpd ……. 已安装: apr-1.6.3-12.el8.x86_64 apr-util-1.6.1-6.el8.x86_64 apr-util-bdb-1.6.1-6.el8.x86_64 apr-util-openssl-1.6.1-6.el8.x86_64 centos-logos-httpd-85.8-2.el8.noarch httpd-2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64 httpd-filesystem-2.4.37-43.module_el8.5.0+1022+b541f3b1.noarch httpd-tools-2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64 mod_http2-1.15.7-3.module_el8.4.0+778+c970deab.x86_64
完毕! [root@gw80 ~]# systemctl start httpd && systemctl enable httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@gw80 ~]# systemctl status httpd ● httpd.service – The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/httpd.service.d └─php-fpm.conf Active: active (running) since Mon 2025-03-17 23:01:52 CST; 2min 35s ago Docs: man:httpd.service(8) Main PID: 34418 (httpd) Status: “Total requests: 2; Idle/Busy workers 100/0;Requests/sec: 0.0143; Bytes served/sec: 544 B/sec” Tasks: 278 (limit: 100788) Memory: 56.8M CGroup: /system.slice/httpd.service ├─34418 /usr/sbin/httpd -DFOREGROUND ├─34421 /usr/sbin/httpd -DFOREGROUND ├─34422 /usr/sbin/httpd -DFOREGROUND ├─34423 /usr/sbin/httpd -DFOREGROUND ├─34424 /usr/sbin/httpd -DFOREGROUND └─34644 /usr/sbin/httpd -DFOREGROUND
3月 17 23:01:42 gw80 systemd[1]: Starting The Apache HTTP Server… 3月 17 23:01:52 gw80 httpd[34418]: AH00558: httpd: Could not reliably determine the server’s fully qualified do> 3月 17 23:01:52 gw80 systemd[1]: Started The Apache HTTP Server. 3月 17 23:02:02 gw80 httpd[34418]: Server configured, listening on: port 80
[1]+ 已停止 systemctl status httpd [root@gw80 ~]# systemctl list-unit-files |grep httpd httpd.service enabled httpd@.service disabled httpd.socket disabled
|
3、PHP安装
#安装php语言支持环境 [root@gw80 ~]# yum module list php 上次元数据过期检查:0:01:06 前,执行于 2025年03月17日 星期一 22时57分06秒。 CentOS-8.5.2111 – AppStream – mirrors.aliyun.com Name Stream Profiles Summary php 7.2 [d] common [d], devel, minimal PHP scripting language php 7.3 common [d], devel, minimal PHP scripting language php 7.4 common [d], devel, minimal PHP scripting language
提示:[d]默认,[e]已启用,[x]已禁用,[i]已安装 [root@gw80 ~]# yum module -y enable php:7.4 上次元数据过期检查:0:01:28 前,执行于 2025年03月17日 星期一 22时57分06秒。 依赖关系解决。 ================================================================================================================ 软件包 架构 版本 仓库 大小 ================================================================================================================ 启用模块流: nginx 1.14 php 7.4
事务概要 ================================================================================================================
完毕! [root@gw80 ~]# yum install -y php …… 已安装: nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch php-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64 php-cli-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64 php-common-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64 php-fpm-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64 php-json-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64 php-mbstring-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64 php-opcache-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64 php-pdo-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64 php-xml-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64
完毕! [root@gw80 ~]# yum install -y php-mysqlnd …… 已安装: php-mysqlnd-7.4.19-1.module_el8.5.0+815+1c4fd2e5.x86_64
完毕! [root@gw80 ~]# php -v PHP 7.4.19 (cli) (built: May 4 2021 11:06:37) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies with Zend OPcache v7.4.19, Copyright (c), by Zend Technologies
#测试php网页 [root@gw80 ~]# echo “<?php phpinfo(); ?>” > /var/www/html/test.php [root@gw80 ~]# cat /var/www/html/test.php <?php phpinfo(); ?> [root@gw80 ~]# systemctl restart httpd |
4、Mariadb数据库引擎部署
#安装mariadb数据库服务 [root@gw80 ~]# yum install -y mariadb-server …… 已安装: mariadb-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64 mariadb-backup-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64 mariadb-common-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64 mariadb-connector-c-3.1.11-2.el8_3.x86_64 mariadb-connector-c-config-3.1.11-2.el8_3.noarch mariadb-errmsg-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64 mariadb-gssapi-server-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64 mariadb-server-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64 mariadb-server-utils-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64 perl-DBD-MySQL-4.046-3.module_el8.3.0+419+c2dec72b.x86_64
完毕! [root@gw80 ~]# systemctl start mariadb && systemctl enable mariadb Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.
[root@gw80 ~]# systemctl list-unit-files |grep mariadb mariadb.service enabled mariadb@.service disabled [root@gw80 ~]# systemctl status mariadb ● mariadb.service – MariaDB 10.3 database server Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2025-03-17 22:55:35 CST; 10min ago Docs: man:mysqld(8) https://mariadb.com/kb/en/library/systemd/ Main PID: 33771 (mysqld) Status: “Taking your SQL requests now…” Tasks: 30 (limit: 100788) Memory: 87.3M CGroup: /system.slice/mariadb.service └─33771 /usr/libexec/mysqld –basedir=/usr
3月 17 22:55:35 gw80 mysql-prepare-db-dir[33668]: See the MariaDB Knowledgebase at http://mariadb.com/kb or the 3月 17 22:55:35 gw80 mysql-prepare-db-dir[33668]: MySQL manual for more instructions. 3月 17 22:55:35 gw80 mysql-prepare-db-dir[33668]: Please report any problems at http://mariadb.org/jira 3月 17 22:55:35 gw80 mysql-prepare-db-dir[33668]: The latest information about MariaDB is available at http://m> 3月 17 22:55:35 gw80 mysql-prepare-db-dir[33668]: You can find additional information about the MySQL part at: 3月 17 22:55:35 gw80 mysql-prepare-db-dir[33668]: http://dev.mysql.com 3月 17 22:55:35 gw80 mysql-prepare-db-dir[33668]: Consider joining MariaDB’s strong and vibrant community: 3月 17 22:55:35 gw80 mysql-prepare-db-dir[33668]: https://mariadb.org/get-involved/ 3月 17 22:55:35 gw80 mysqld[33771]: 2025-03-17 22:55:35 0 [Note] /usr/libexec/mysqld (mysqld 10.3.28-MariaDB) s> 3月 17 22:55:35 gw80 systemd[1]: Started MariaDB 10.3 database server.
[2]+ 已停止 systemctl status mariadb
[root@gw80 ~]# mysqladmin -uroot password ‘000’ [root@gw80 ~]# mysql -uroot -p000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> show databases; +——————–+ | Database | +——————–+ | information_schema | | mysql | | performance_schema | +——————–+ 3 rows in set (0.001 sec)
MariaDB [(none)]> exit Bye [root@gw80 ~]# |
至此,LAMP架构部署完成!
5、WordPress博客平台部署
#验证lamp环境 [root@gw80 ~]# rpm -qi mariadb Name : mariadb Epoch : 3 Version : 10.3.28 Release : 1.module_el8.3.0+757+d382997d Architecture: x86_64 Install Date: 2025年03月19日 星期三 10时10分36秒 Group : Unspecified Size : 38821068 License : GPLv2 with exceptions and LGPLv2 and BSD Signature : RSA/SHA256, 2021年04月20日 星期二 04时36分38秒, Key ID 05b555b38483c65d Source RPM : mariadb-10.3.28-1.module_el8.3.0+757+d382997d.src.rpm Build Date : 2021年04月20日 星期二 00时19分39秒 Build Host : x86-01.mbox.centos.org Relocations : (not relocatable) Packager : CentOS Buildsys <bugs@centos.org> Vendor : CentOS URL : http://mariadb.org Summary : A very fast and robust SQL database server Description : MariaDB is a community developed branch of MySQL – a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files. [root@gw80 ~]# php -v PHP 7.4.19 (cli) (built: May 4 2021 11:06:37) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies with Zend OPcache v7.4.19, Copyright (c), by Zend Technologies [root@gw80 ~]# yum info httpd 上次元数据过期检查:5:44:22 前,执行于 2025年03月19日 星期三 10时34分22秒。 已安装的软件包 名称 : httpd 版本 : 2.4.37 发布 : 43.module_el8.5.0+1022+b541f3b1 架构 : x86_64 大小 : 4.3 M 源 : httpd-2.4.37-43.module_el8.5.0+1022+b541f3b1.src.rpm 仓库 : @System 来自仓库 : AppStream 概况 : Apache HTTP Server URL : https://httpd.apache.org/ 协议 : ASL 2.0 描述 : The Apache HTTP Server is a powerful, efficient, and extensible : web server.
#创建 wordpressdb 数据库 [root@gw80 ~]# mysql -uroot -p000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> create database wordpressdb; Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> show databases; +——————–+ | Database | +——————–+ | information_schema | | mysql | | performance_schema | | wordpressdb | +——————–+ 4 rows in set (0.003 sec)
MariaDB [(none)]> exit Bye
#下载和安装wordpress [root@gw80 ~]# wget https://cn.wordpress.org/latest-zh_CN.zip –2025-03-19 10:28:35– https://cn.wordpress.org/latest-zh_CN.zip 正在解析主机 cn.wordpress.org (cn.wordpress.org)… 198.143.164.252 正在连接 cn.wordpress.org (cn.wordpress.org)|198.143.164.252|:443… 已连接。 已发出 HTTP 请求,正在等待回应… 200 OK 长度:35776544 (34M) [application/zip] 正在保存至: “latest-zh_CN.zip”
latest-zh_CN.zip 100%[===========================================>] 34.12M 12.9MB/s 用时 2.6s
2025-03-19 10:28:38 (12.9 MB/s) – 已保存 “latest-zh_CN.zip” [35776544/35776544])
[root@gw80 ~]# ll 总用量 34948 drwxr-xr-x. 2 root root 6 2月 21 12:21 公共 drwxr-xr-x. 2 root root 6 2月 21 12:21 模板 drwxr-xr-x. 2 root root 6 2月 21 12:21 视频 drwxr-xr-x. 2 root root 6 2月 21 12:21 图片 drwxr-xr-x. 2 root root 6 2月 21 12:21 文档 drwxr-xr-x. 2 root root 6 2月 21 12:21 下载 drwxr-xr-x. 2 root root 6 2月 21 12:21 音乐 drwxr-xr-x. 2 root root 6 2月 21 12:21 桌面 -rw——-. 1 root root 1094 2月 21 12:17 anaconda-ks.cfg -rw-r–r–. 1 root root 1386 2月 21 12:18 initial-setup-ks.cfg -rw-r–r– 1 root root 35776544 3月 5 15:00 latest-zh_CN.zip [root@gw80 ~]# yum install -y unzip 上次元数据过期检查:0:21:54 前,执行于 2025年03月19日 星期三 10时07分02秒。 软件包 unzip-6.0-45.el8_4.x86_64 已安装。 依赖关系解决。 无需任何处理。 完毕! [root@gw80 ~]# unzip latest-zh_CN.zip -d /var/www/ Archive: latest-zh_CN.zip creating: /var/www/wordpress/ inflating: /var/www/wordpress/wp-login.php 。。。。。
[root@gw80 ~]# ll /var/www/ 总用量 4 drwxr-xr-x 2 root root 6 11月 12 2021 cgi-bin drwxr-xr-x 2 root root 22 3月 19 10:13 html drwxr-xr-x 5 root root 4096 3月 5 15:00 wordpress [root@gw80 ~]# /var/www/wordpress/ -bash: /var/www/wordpress/: 是一个目录 [root@gw80 ~]# ll /var/www/wordpress/ 总用量 232 -rw-r–r– 1 root root 405 2月 6 2020 index.php -rw-r–r– 1 root root 19915 1月 1 2024 license.txt -rw-r–r– 1 root root 7409 6月 18 2024 readme.html -rw-r–r– 1 root root 7387 2月 13 2024 wp-activate.php drwxr-xr-x 9 root root 4096 3月 5 15:00 wp-admin -rw-r–r– 1 root root 351 2月 6 2020 wp-blog-header.php -rw-r–r– 1 root root 2323 6月 14 2023 wp-comments-post.php -rw-r–r– 1 root root 3336 10月 15 23:24 wp-config-sample.php drwxr-xr-x 5 root root 69 3月 5 15:00 wp-content -rw-r–r– 1 root root 5617 8月 3 2024 wp-cron.php drwxr-xr-x 30 root root 12288 3月 5 15:00 wp-includes -rw-r–r– 1 root root 2502 11月 27 2022 wp-links-opml.php -rw-r–r– 1 root root 3937 3月 11 2024 wp-load.php -rw-r–r– 1 root root 51367 10月 1 03:12 wp-login.php -rw-r–r– 1 root root 8543 9月 19 06:37 wp-mail.php -rw-r–r– 1 root root 29032 10月 1 01:08 wp-settings.php -rw-r–r– 1 root root 34385 6月 20 2023 wp-signup.php -rw-r–r– 1 root root 5102 10月 18 23:56 wp-trackback.php -rw-r–r– 1 root root 3246 3月 2 2024 xmlrpc.php [root@gw80 ~]# chown -R apache:apache /var/www/wordpress [root@gw80 ~]# chmod -R 777 /var/www/wordpress [root@gw80 ~]# ll /var/www/wordpress 总用量 232 -rwxrwxrwx 1 apache apache 405 2月 6 2020 index.php -rwxrwxrwx 1 apache apache 19915 1月 1 2024 license.txt -rwxrwxrwx 1 apache apache 7409 6月 18 2024 readme.html -rwxrwxrwx 1 apache apache 7387 2月 13 2024 wp-activate.php drwxrwxrwx 9 apache apache 4096 3月 5 15:00 wp-admin -rwxrwxrwx 1 apache apache 351 2月 6 2020 wp-blog-header.php -rwxrwxrwx 1 apache apache 2323 6月 14 2023 wp-comments-post.php -rwxrwxrwx 1 apache apache 3336 10月 15 23:24 wp-config-sample.php drwxrwxrwx 5 apache apache 69 3月 5 15:00 wp-content -rwxrwxrwx 1 apache apache 5617 8月 3 2024 wp-cron.php drwxrwxrwx 30 apache apache 12288 3月 5 15:00 wp-includes -rwxrwxrwx 1 apache apache 2502 11月 27 2022 wp-links-opml.php -rwxrwxrwx 1 apache apache 3937 3月 11 2024 wp-load.php -rwxrwxrwx 1 apache apache 51367 10月 1 03:12 wp-login.php -rwxrwxrwx 1 apache apache 8543 9月 19 06:37 wp-mail.php -rwxrwxrwx 1 apache apache 29032 10月 1 01:08 wp-settings.php -rwxrwxrwx 1 apache apache 34385 6月 20 2023 wp-signup.php -rwxrwxrwx 1 apache apache 5102 10月 18 23:56 wp-trackback.php -rwxrwxrwx 1 apache apache 3246 3月 2 2024 xmlrpc.php [root@gw80 ~]# vi /etc/httpd/conf/httpd.conf [root@gw80 ~]# grep -v “#” /etc/httpd/conf/httpd.conf |grep -v “^$” ServerRoot “/etc/httpd” Listen 80 Include conf.modules.d/*.conf User apache Group apache ServerAdmin root@localhost <Directory /> AllowOverride none Require all denied </Directory> DocumentRoot “/var/www/wordpress” <Directory “/var/www”> AllowOverride None Require all granted </Directory> <Directory “/var/www/wordpress”> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <Files “.ht*”> Require all denied </Files> ErrorLog “logs/error_log” LogLevel warn <IfModule log_config_module> LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined LogFormat “%h %l %u %t \”%r\” %>s %b” common <IfModule logio_module> LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %I %O” combinedio </IfModule> CustomLog “logs/access_log” combined </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ “/var/www/cgi-bin/” </IfModule> <Directory “/var/www/cgi-bin”> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on IncludeOptional conf.d/*.conf
[root@gw80 ~]# systemctl restart httpd |
至此,博客平台部署完成!
6、提升服务器安全性
#禁止网站目录浏览、隐藏服务器敏感信息 [root@gw80 ~]# vi /etc/httpd/conf/httpd.conf [root@gw80 ~]# grep -v “#” /etc/httpd/conf/httpd.conf |grep -v “^$” ServerRoot “/etc/httpd” Listen 80 Include conf.modules.d/*.conf User apache Group apache ServerAdmin root@localhost <Directory /> AllowOverride none Require all denied </Directory> DocumentRoot “/var/www/wordpress” <Directory “/var/www”> AllowOverride None Require all granted </Directory> <Directory “/var/www/wordpress”> Options None AllowOverride None <RequireAll> Require all granted </RequireAll> </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <Files “.ht*”> Require all denied </Files> ErrorLog “logs/error_log” LogLevel warn <IfModule log_config_module> LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined LogFormat “%h %l %u %t \”%r\” %>s %b” common <IfModule logio_module> LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %I %O” combinedio </IfModule> CustomLog “logs/access_log” combined </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ “/var/www/cgi-bin/” </IfModule> <Directory “/var/www/cgi-bin”> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on IncludeOptional conf.d/*.conf #服务器在响应中仅包含“Apache”字样,而不包含操作系统的类型和编译进的模块信息。 ServerTokens Prod
#响应信息不显示php及版本 [root@gw80 ~]# vi /etc/php.ini 379 expose_php = Off
[root@gw80 ~]# systemctl reload php-fpm [root@gw80 ~]# systemctl restart httpd |
#开启selinux [root@gw80 ~]# getenforce Disabled [root@gw80 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. # disabled – No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted – Targeted processes are protected, # minimum – Modification of targeted policy. Only selected processes are protected. # mls – Multi Level Security protection. SELINUXTYPE=targeted [root@gw80 ~]# sed -i ‘s/SELINUX=disabled/SELINUX=enforcing/g’ /etc/selinux/config [root@gw80 ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. # disabled – No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these three values: # targeted – Targeted processes are protected, # minimum – Modification of targeted policy. Only selected processes are protected. # mls – Multi Level Security protection. SELINUXTYPE=targeted [root@gw80 ~]# reboot [root@gw80 ~]# getenforce Enforcing [root@gw80 ~]# sestatus -v SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 Process contexts: Current context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Init context: system_u:system_r:init_t:s0 /usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023 File contexts: Controlling terminal: unconfined_u:object_r:user_devpts_t:s0 /etc/passwd system_u:object_r:passwd_file_t:s0 /etc/shadow system_u:object_r:shadow_t:s0 /bin/bash system_u:object_r:shell_exec_t:s0 /bin/login system_u:object_r:login_exec_t:s0 /bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0 /sbin/agetty system_u:object_r:getty_exec_t:s0 /sbin/init system_u:object_r:bin_t:s0 -> system_u:object_r:init_exec_t:s0 /usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
|
#开启防火墙 [root@gw80 ~]# systemctl status firewalld ● firewalld.service – firewalld – dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) [root@gw80 ~]# systemctl start firewalld && systemctl enable firewalld Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service. Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service. [root@gw80 ~]# systemctl status firewalld ● firewalld.service – firewalld – dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2025-03-19 12:42:54 CST; 4s ago Docs: man:firewalld(1) Main PID: 2758 (firewalld) Tasks: 2 (limit: 100788) Memory: 28.6M CGroup: /system.slice/firewalld.service └─2758 /usr/libexec/platform-python -s /usr/sbin/firewalld –nofork –nopid 3月 19 12:42:53 gw80 systemd[1]: Starting firewalld – dynamic firewall daemon… 3月 19 12:42:54 gw80 systemd[1]: Started firewalld – dynamic firewall daemon. 3月 19 12:42:54 gw80 firewalld[2758]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure con> [1]+ 已停止 systemctl status firewalld #开放防火墙80端口 [root@gw80 ~]# firewall-cmd –permanent –zone=public –add-port=80/tcp success [root@gw80 ~]# firewall-cmd –reload success [root@gw80 ~]# firewall-cmd –list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ssh ports: 80/tcp protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
|
