Ubuntu 上的 Linux WordPress 架設完整教學

# Ubuntu 上的 Linux WordPress 架設完整教學 > 註:大部分安裝需用到sudo,可直接升級權限至root,可省略掉前面要打sudo的部分 ``` sudo su ``` ## **安裝環境** * System: Linux Ubuntu 22.04 * MariaDB Version:10.11 * Nginx Version:1.18.0 * PHP Version:8.1 * Wordpress Version:6.1.1 :::warning :warning: 每個版本安裝設定可能會有變更,開始安裝前請先查詢版本變更 ::: ## 安裝步驟 ### 1. 檢查系統更新 ``` sudo apt update & sudo apt upgrade ``` ### 2. 安裝Nginx ``` sudo add-apt-repository ppa:ondrej/nginx -y sudo apt install nginx ``` 安裝完成後先放著,等等再做設定 ### 3. 安裝MariaDB > 這邊引用[此教學](https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-ubuntu-20-04)的安裝，感謝此網站作者的貢獻執行第一行安裝，安裝完後執行下一行指令做MariaDB快速設定 ``` sudo apt install mariadb-server #mariadb-client #可選 sudo mysql_secure_installation ``` 這邊要你輸入資料庫root的密碼，由於還沒有設置密碼，所以直接按**Enter**進行下一步 ``` NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): ``` 接下來這邊問你是否要設定資料庫root的密碼，由於你的root已經用密碼保護所以可以直接輸入n(預設Y)跳過，不過照我的習慣還是會去做設定是否要使用密碼可自行做選擇 ``` OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. ``` --- :::info :information_source: 這邊我會做密碼設定，如果你是輸入n，可跳過此步驟 ::: 如果你輸入Y，會再問你一次是否要變更root密碼，輸入Y或按下**Enter**(預設Y) ``` You already have your root account protected, so you can safely answer 'n'. Change the root password? [Y/n] ``` 這邊輸入一次後，需要再輸入一次確認，顯示success完成 > 如果出現Sorry, passwords do not match.，請確認輸入的密碼是否相同 ``` New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! ``` --- :::info :information_source: 如果設定root密碼那邊輸入n，請從此步驟開始 ::: 接下來問是否要刪除anonymous users(匿名使用者)，MariaDB預設有匿名使用者，可讓所有人使用匿名使用者來查看你的資料庫，建議輸入Y或按**Enter**刪除(預設Y) ``` By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] ``` 問是否允許遠端登入資料庫的root使用者，通常不建議使用遠端登入，輸入Y或**Enter**下一步(預設Y) 如果你需要允許遠端訪問root，輸入n繼續 ``` Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] ``` 這邊表示MariaDB預設會創建一個名為test的資料庫，可供所有使用者進行新增修改刪除查詢，該資料庫僅限測試用，這選項不影響安全性，可自行選擇是否要刪除(預設Y) ``` By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] ``` 輸入Y或**Enter**來重新載入(預設Y) 到這邊就完成了資料庫的設定 ``` Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ``` ### 4. 設定Wordpress資料庫 > Wordpress需要自己的一個資料庫和帳號，這邊統一先進行建置 > 這邊需要用到資料庫語法，請記得結尾要加結束語具;(跟寫程式一樣) 輸入指令進入mariadb設定，輸入root的帳密登入 ``` sudo mariadb -u root -p #password #可輸入密碼直接登入，想保有隱私請留空，下一行將輸入密碼 Enter password: ``` > 如果在設定時沒有設定root密碼，請直接輸入sudo mariadb -u root 登入之後新增資料庫，wordpress可以換成任何資料庫名稱，請記住名稱，以便於安裝wordpress用 ``` CREATE DATABASE wordpress; ``` > 註:新增完後可以用SHOW DATABASES;來確認是否有創建成功接下來新增使用者來存取這個資料庫，語法如上，第一行的wordpress請換成你剛新增資料庫的名稱第二行的wordpress指使用者名稱，localhost指的是哪個網路位置可以存取你的Database，如果你的Database跟網頁伺服器是在不同電腦架設，請把localhost改成目標IP 第三行password請改成你要設定的密碼 :::danger 密碼部分越複雜越好，不要設定過於簡單的密碼 ::: ``` GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"localhost" IDENTIFIED BY "password"; ``` 最後執行第一行來刷新權限，刷新完後輸入exit離開mariadb ``` FLUSH PRIVILEGES; exit ``` ### 5. 安裝PHP及PHP FPM 輸入這長串指令來安裝了PHP及包括wordpress所需的Packages :::warning :warning:如果需要安裝其他版本的PHP，Package版本需要一致 ::: ``` sudo apt install php8.1 php8.1-fpm php8.1-common php8.1-mysql php8.1-xml php8.1-xmlrpc php8.1-curl php8.1-gd php8.1-imagick php8.1-cli php8.1-dev php8.1-imap php8.1-mbstring php8.1-soap php8.1-zip php8.1-bcmath php8.1-intl ``` ### 6. 設定PHP.ini及PHP FPM > Nginx設定及PHP設定參考[此網站](https://spinupwp.com/hosting-wordpress-yourself-nginx-php-mysql/)，感謝作者的貢獻新增使用者群組與使用者，用來給網頁及PHP使用，請記得你設定的名稱，等等會用到 ``` groupadd usergroup useradd -g usergroup username ``` 執行此指令來編輯php fpm設定檔案 ``` sudo nano /etc/php/8.1/fpm/pool.d/www.conf ``` :::info :information_source:如果輸出Command 'nano' not found，你可以使用sudo install nano安裝，或者使用vim編輯 sudo vim /etc/php/8.1/fpm/pool.d/www.conf ::: 編輯以下四行，注意**youruser**請改成剛新增的**username** 最後一行請留意路徑並記下來，修改nginx設定會用到修改完成按下**CTRL+S & CTRL+X**儲存並離開 :::info :information_source: 可以使用CTRL+W搜尋，會更加快速，**CTRL+W & CTRL+M**查詢下一個 ::: ``` user = youruser group = yourgroup listen.owner = youruser listen.group = yourgroup listen = /run/php/php8.1-fpm.sock ``` 編輯php.ini設定檔，找到這兩行並更改(數值不固定，可依情況調整) 修改完一樣按**CTRL+S & CTRL+X**儲存離開 ```bash sudo nano /etc/php/8.1/fpm/php.ini #找到並修改以下兩行 upload_max_filesize = 64M post_max_size = 64M ``` :::warning :warning: 請注意兩個數值須**相同** ::: 執行第一行來檢查是否設定有誤，如果出現Successful則代表設定成功接著執行第二行重啟php fpm服務到這邊PHP和PHP FPM設定完成 ```bash sudo php-fpm8.1 -t NOTICE: configuration file /etc/php/8.1/fpm/php-fpm.conf test is successful sudo service php8.1-fpm restart ``` ### 7.設定Nginx 首先，要讓Nginx運行最大化，你必須先執行第一行來查詢CPU核心數接著執行第二行修改Nginx設定檔 ```bash grep processor /proc/cpuinfo | wc -l #確認CPU核心數 sudo nano /etc/nginx/nginx.conf ``` 設定部分如下所示，請**依照自己的需求**及**電腦性能**去修改檔案 :::warning :warning: 修改任何Nginx設定後務必要先請nginx做測試，比較不容易出錯 ::: ``` user www-data->youruser; #使用者名稱 worker_processes auto->YourCPUcores(Num); #線成數(輸入你的核心數) pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768->1024; #修改成1024(可選) multi_accept on; #取消註解 } http { ## # Basic Settings ## sendfile on; tcp_nopush on; types_hash_max_size 2048; server_tokens off; #為了安全建議取消註解，以免標頭(Header)傳送到Nginx的版本資訊 # server_names_hash_bucket_size 64; # server_name_in_redirect off; keepalive_timeout 30; #新增此行，設定連線逾時的時間30秒，可自行做選擇 client_max_body_size 64M; #新增此行，設置跟php一樣的大小 include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # 如有需要使用到SSL建議將TLSv1與TLSv1.1刪除，原因是已經被棄用 ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; # gzip_vary on; gzip_proxied any; #取消註解，確保所有請求都被壓縮 gzip_comp_level 6; #取消註解，壓縮等級，可調1-9，不建議調太大，太大CPU負擔會變重 # gzip_buffers 16 8k; # gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; #取消註解，確保所有格式能被壓縮 ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #} ``` 為了確保PHP正常運行，執行第一行進入編輯後，在檔案最後一行中新增第二行並儲存關閉上述編輯完成後請運行第三行做檢查，如出現Successful則表示正常 ```sh sudo nano /etc/nginx/fastcgi_params fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #在最後一行新增 sudo nginx -t ``` 接下來設定PHP FPM連接的部分: > 設定方式部分來源為[Nginx Wordpress官網](https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/) ```shell server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html/wordpress; #可選，修改根目錄(建議,等等安裝解壓縮會放置此位置) # Add index.php to the list if you are using PHP index index.html index.htm index.php; #刪除index.nginx-debian.htm並新增index.php server_name yourdomain; #填入你的域名或IP,如果沒有則不需更改 location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. #try_files $uri $uri/ =404; # 下一行來源:https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/ try_files $uri $uri/ /index.php?$args; #wordpress短連結會用到 } # pass PHP scripts to FastCGI server # 請取消以下PHP註解 location ~ \.php$ { include snippets/fastcgi-php.conf; # With php-fpm (or other unix sockets): fastcgi_pass unix:/run/php/php8.1-fpm.sock; #請將之前設定php fpm的路徑貼至unix:後 # With php-cgi (or other tcp sockets): #fastcgi_pass 127.0.0.1:9000; #加註解，如果有用到fastcgi才無須註解 } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } ``` 依據上面做設置，設定完後執行`nginx -t`檢查是否正確設定，出現Successful代表設定成功執行`sudo service nginx restart`來重新啟動nginx #### 8. 安裝wordpress(最後一步啦╰(°▽°\*)╯) 接下來就是最後環節，要來安裝wordpress了接下來執行以下指令下載並解壓縮wordpress 完成以後至瀏覽器輸入localhost或你的域名來安裝 ```bash cd /home/user/下載 #切換至下載目錄 wget https://tw.wordpress.org/latest-zh_TW.zip #下載檔案 unzip latest-zh_TW.zip -d /var/www/html #解壓縮到目錄 ``` 如下圖，資料庫名稱指你要安裝到哪個資料庫，也就是先前所創的資料庫使用者名稱是該資料庫誰能存取，也就是為該資料庫所創的使用者密碼是你該帳戶的資料庫密碼資料庫主機位置如果你有把資料庫架在另外一個電腦，請更改這個欄位，否則請保持localhost 一切就緒後，按下傳送進入創建使用者頁面 ![](https://i.imgur.com/ocJBXy2.png) 接下來就創建之後管理網站後台的資料夾啦電子郵件的部分因為沒有設定可以發送電子郵件的設定，所以可以不用使用真實信件 ![](https://i.imgur.com/aLCk0y0.png) :::warning :warning: 如果出現下面這種現象，代表有可能權限不夠，wordpress無法變更資料 ![](https://i.imgur.com/5BvEOKW.jpg) 解決方法: 使用指令全部人對該目錄有讀寫權限 ```bash sudo chmod -R 777 /var/www/html ``` ::: ## 補充:SSL取得與設定 :::info :information_source: 補充來源為[Certbot官網](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal)，如果是使用不同系統，網站都有收錄解決方案 ![](https://i.imgur.com/GuV2944.png) ::: ### 1.確保snap版本是最新版 ```bash sudo snap install core; sudo snap refresh core ``` :::info :information_source: 如果出現command snap not found,請到[這邊安裝snap](https://snapcraft.io/docs/installing-snapd/)(或許也可以用apt安裝) ::: ### 2.安裝Certbot ```bash sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot ``` ### 3.取得SSL證書這邊有兩種方式取得，一種是讓Certbot自動設定你的WebServer Config檔案，另一種是只取得證書，Certbot不會設定你的WebServer Config，需自行設定要讓Certbot自動完成SSL證書安裝及Nginx Config SSL設定，輸入以下Command: ```bash sudo certbot --nginx ``` 要讓Certbot只取得SSL證書，輸入下面Command: ```bash sudo certbot certonly --nginx ``` 執行之後需要你輸入你的Email，Email主要用途為提醒證書狀況 ```shell Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): ``` 下一步會看到Certbot要你同意[EULA](https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf)﹑輸入Y同意 ```shell - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: ``` 這邊問是否要跟Certbot分享Email去取得些最新資訊與活動，可根據自己是否要收到做選擇 ```shell - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Account registered. ``` :::info 下一步如果出現你有註冊過SSL的域名，根據我目前是同域名重新架設的模式，我會輸入1繼續，如果你是要為你的新域名取得，輸入空白跳過此選項 ::: ```shell Which names would you like to activate HTTPS for? We recommend selecting either all domains, or all domains in a VirtualHost/server block. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 ``` 接下來輸入你要註冊的域名，輸入完按Enter，Certbot會幫你取得證書 ```shell Requesting a certificate for example.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem #SSL證書存放位置 Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem #私鑰存放位置 This certificate expires on 2023-06-03. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for example.com to /etc/nginx/sites-enabled/default Congratulations! You have successfully enabled HTTPS on https://example.com We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ``` ## 結語及感謝首先我要感謝某些人讓我有機會去做Wordpress的架設其次也感謝我的導師也給予未來有需要的學弟妹作為參考如果文章有不正確的地方再麻煩其他大佬糾正,感謝 <br><br> > 編輯紀錄： > 23/03/30：初版並發布於網路 > 24/10/14：刪除Email，修改文章標題