Tutorial on installing WordPress on Alibaba Cloud, building LNMP environment on Centos8

Alibaba Cloud Centos8 uses Dnf to install LNMP, WordPress installation tutorial

Alibaba CloudCentos8Build LNMP environment and install WordPress After setting up the CentOS 8 operating system in Alibaba Cloud, do some basic settings first. Install WordPress on Alibaba Cloud

Alibaba Cloud installs centos8 Chinese language package

pass dnf search Command to search for Chinese language pack

dnf search langpacks

The installation package for Simplified Chinese is found to be: langpacks-zh_CN.noarch
Directly via DNF command:

dnf install langpacks-zh_CN

Modify language:

vi /etc/locale.conf

Modify the original content to the following:

LANG="zh_CN.UTF-8"

Finally, pass the command:locale -a Check whether zh_CN is installed successfully

Alibaba Cloud configures EPEL and REMI sources under centos8

Install the epel repository

dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y

Confirm whether the epel library is installed successfully

rpm -qa | grep epel

Install remi repository

dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm

Confirm whether the remi library is installed successfully

rpm -qa | grep remi

After the software source is installed, rebuild the dnf cache

dnf makecache

If it is Centos9, install the software source according to the following path

dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm dnf -y install https://rpms.remirepo.net/enterprise/remi-release-9.rpm

Get all running services and view port usage:

systemctl list-units --type=service netstat -lntup

Alibaba Cloud installs php/nginx/mysql through DNF under cnetos8

Install PHP on Alibaba Cloud

After successfully adding EPEL and Remi repositories, execute the following command to get a list of available PHP module streams:

dnf module list php

Reset php module:

dnf module reset php

Enable the stream module corresponding to the PHP version. Here we install the PHP 7.4 version, so enable the remi-7.4 version of the stream:

dnf module enable php:remi-7.4

Install PHP. This command also installs many other packages:

dnf install php

dnf install php-mysqlnd php-gd 

 
After installing PHP, modify PHP permissions:

vi /etc/php-fpm.d/www.conf

user = nginx
group = nginx When installing WordPress and the directory cannot be created, make sure that the wp file storage directory, nginx user group and PHP user group are under the same user.
Modify the permissions of the wp storage directory:

chown -R nginx:nginx /home/www

Check which user group php-fpm belongs to:

ps -ef | grep php-fpm

Modify the PHP configuration file:

vi /etc/php.ini

cgi.fix_pathinfo, changed to = 0;
upload_max_filesize = 2M file upload size, the default value is too small, it is recommended to change it to 1024M
display_errors = on Print errors
post_max_size = 8M maximum form size, 1024M is recommended
max_execution_time=600 PHP script maximum execution time Permission settings:

chown -R nginx:nginx /run/php-fpm/www.sock

Check whether PHP is installed successfully:

php -v

Set the startup and running services:

systemctl enable php-fpm

systemctl start php-fpm

Common operation commands:
Restart:

systemctl restart php-fpm

start up:

systemctl start php-fpm

closure:

systemctl stop php-fpm

state:

systemctl status php-fpm

Install nginx on Alibaba Cloud

After successfully adding EPEL and Remi repositories, execute the following command to get a list of available nginx module streams:

dnf module list nginx

Reset nginx modules:

dnf module reset nginx

Enable the stream module corresponding to the nginx version. Here we install the nginx1.18 version, so enable the stream of the nginx1.18 version:

dnf module enable nginx:1.18

Install nginx. This command also installs many other packages:

dnf install nginx -y

Check whether nginx is installed successfully:

nginx -v

Check port usage:

netstat -lntup

Set the startup and running services:

systemctl enable nginx

systemctl start nginx

Uninstall nginx

dnf remove nginx

Common commands:
Restart:

systemctl restart nginx

start up:

systemctl start nginx

closure:

systemctl stop nginx

state:

systemctl status nginx

Note: If the installed nginx version does not support PHP, it will cause the page to download after opening the PHP page. You can create a test page called test.php. Page content:

<?php
phpinfo();
?>

  If PHP is not supported, you need to create conf.d and default.d folders in the nginx installation directory /etc/nginx. Create the /default.d/php.conf file with the following content:

# pass the PHP scripts to FastCGI server # # See conf.d/php-fpm.conf for socket configuration # index index.php index.html index.htm; location ~ \.php$ { try_files $uri =404; fastcgi_intercept_errors on; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass php-fpm; }

  Create the /conf.d/php-fpm.conf file with the following content:

# PHP-FPM FastCGI server # network or unix domain socket configuration upstream php-fpm { server unix:/run/php-fpm/www.sock; }

In the nginx.conf file, add two folder insertion reference statements.

nginx generates domain name certificate ssl

Use the acme.sh script to apply for an SSL certificate. First install socat:

dnf install socat

Install acme.sh

curl https://get.acme.sh | sh

Note that after the script is installed, be sure to restart.

reboot

Certificate Application:
After setting the domain name in nginx, apply for a certificate, for example:

acme.sh --issue -d www.uzbox.tk -d uzbox.tk --webroot /home/uzbox/

You can also use the command to read the nginx configuration. If the site is not set up in nginx, please set up the site first.

acme.sh --issue -d www.uzbox.tk -d uzbox.tk --nginx

After the certificate application is successful, install the certificate: First, add the following to the server block of the nginx configuration file:

ssl_certificate /home/ssl/uzbox.tk/fullchain.cer; ssl_certificate_key /home/ssl/uzbox.tk/uzbox.tk.key;

  After the domain name certificate application is successful, you need to install the certificate in the specified location. Create a new /ssl/ folder in the /home/ folder, and create a certificate storage folder /uzbox.tk/ under the /ssl/ folder. Then run the following command to install the certificate. Note: If you do not create a folder for storing certificates, the certificate installation will fail with the error message: Unable to touch '/home/ssl/uzbox.tk/uzbox.tk.key': No such file or directory.

acme.sh --installcert -d uzbox.tk --key-file /home/ssl/uzbox.tk/uzbox.tk.key --fullchain-file /home/ssl/uzbox.tk/fullchain.cer --reloadcmd "service nginx force-reload"

More detailed domain name certificate application tutorial:acme.sh Free application for domain name SSL/TSL certificate

Install MySQL via dnf in Alibaba Cloud CentOS 8

Install using the latest package managerMySQL

dnf install @mysql

Startup

systemctl enable --now mysqld

Check if the MySQL server is running

systemctl status mysqld

Add password and security settings
Run the mysql_secure_installation script, which performs some security-related operations and sets the MySQL root password:

sudo mysql_secure_installation

Here are the steps:
You are asked to configure the VALIDATE PASSWORD component: Enter y and press Enter to enter the configuration
Select the password verification policy level. I choose 0 (low) and press Enter.
Enter new password twice
Are you sure you want to continue using the password you provided? Enter y and press Enter.
Remove anonymous users? Enter y and press Enter
Allow root remote login? Enter n and press Enter
Remove the test database? Enter y and press Enter
Reload the permission table? Enter y and press Enter
Configure MySQL remote login. If you need to set up remote login for the root account, repeat the previous step, "Allow root remote login?" This step needs to be set to y.
Next, log in to MySQL locally and set the host field of the root user to '%', which means accepting login requests from all IP addresses of root.
Restart the mysql service after setting

systemctl restart mysqld

MySQL 8.0 has been set by defaultutf8mb4character set, so the character set is no longer modified

Install phpMyAdmin on Alibaba Cloud

phpMyAdminwebsite:https://www.phpmyadmin.net/
Download the latest version of phpMyAdmin, phpMyAdmin is a visual MySQL management tool.

wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz

After downloading, unzip the file

tar -zxvf phpMyAdmin-latest-all-languages.tar.gz

Rename the decompressed file

mv phpMyAdmin-5.2.0-all-languages phpMyAdmin

Move the folder to the website directory

mv phpMyAdmin /home/www

If the PHP extension is not installed after installation, you need to install the PHP-mysqlnd extension

dnf install php-mysqlnd

Finally, re-authorize the web directory.

chown -R nginx:nginx /home/www

Modify the phpMyAdmin configuration file:

In the phpMyAdmin home directory, rename the configuration file.

cd /home/uzbox/phpMyAdmin/

mv config.sample.inc.php config.inc.php

vi config.inc.php

$cfg['Servers'][$i]['host'] = 'localhost'; changed to $cfg['Servers'][$i]['host'] = '127.0.0.1';
Then change the short password that phpMyAdmin uses for cookies.
$cfg['blowfish_secret'] = ''; is changed to $cfg['blowfish_secret'] = '123456'; (Note: '123456' is any character greater than 32 bits.)
This password is used to encrypt Cookies to avoid confusion when multiple PhpMyAdmins or other programs share Cookies.

Modify the user group and permissions of the session path (for example, /var/lib/php/session), and then go to the corresponding session path

cd /var/lib/php

chown nginx:nginx ./session

chmod -R 777 ./session

Create a new tmp folder in the phpmyadmin directory and set the permission to 777

chmod -R 777 /home/uzbox/phpMyAdmin/tmp

Resolved the issue where advanced features in phpMyAdmin were not fully configured and some features were not activated.
This can be solved by clicking on create an empty phpmyadmin database in phpMyAdmin.
Finally, after configuring the access path of phpMyAdmin in Nginx, you can access it normally. What to do if phpmyadmin is blank when accessing it? Try another version! Note: phpMyAdmin 5.2.0 only supports php7.2 and above. php7.2 is not supported. If phpMyAdmin displays a blank page, try changing the php version or changing the phpMyAdmin version. If the phpMyAdmin page opens with an error, try accessing it again after changing the php version. phpMyAdmin 5.2.0

Welcome to the release of phpMyAdmin 5.2.0. This release contains many new features and quite a few bug fixes. We are also releasing phpMyAdmin 5.1.4, the last release in the 5.1 series, primarily to help downstream packaging teams. Most users should migrate to 5.2.0. Most notably, these releases resolve network errors when exporting files ( https://github.com/phpmyadmin/phpmyadmin/issues/17445 ). Some other highlights of 5.2.0 include:

• Removed support for Microsoft Internet Explorer
• Requires PHP 7.2 or newer
• Requires openssl PHP extension
• Improved handling of system CA bundles and cacert.pem, with fallback to Mozilla CA if needed
• Replace "master/slave" terminology with "master/replica"
• Add "NOT LIKE %...%" operator to table search
• Add support for Mroonga engine
• Add support for account lockout
• Some fixes and improvements to the SQL parser library

Of course, you can find it in the ChangeLog file included in this release or onlineSee more fixes and new features at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog Now available inhttps://phpmyadmin.net/downloads/Download

Install WordPress on Alibaba Cloud

WordPress official website:https://cn.wordpress.org/
Start by downloading the latest version of WordPress.

wget https://cn.wordpress.org/latest-zh_CN.tar.gz

Unzip the file after downloading.

tar -xzvf latest-zh_CN.tar.gz

Move the folder to the website directory

mv wordpress /var/wwwroot

cd /var/wwwroot

Rename the wp-config-sample.php file

cp wp-config-sample.php wp-config.php 

Modify the website configuration file:

vim wp-config.php

The name of the WordPress database: define( 'DB_NAME', 'WordPress' );
MySQL database username: define( 'DB_USER', 'root' );
MySQL database password: define( 'DB_PASSWORD', 'mysql password' );
MySQL host: define( 'DB_HOST', '127.0.0.1' );
The default text encoding when creating a data table: define('DB_CHARSET', 'utf8' );
Add the following code at the end of the file:

if(is_admin()) {add_filter('filesystem_method', create_function('$a', 'return "direct";' ));define( 'FS_CHMOD_DIR', 0751 );}

After modifying the configuration file, place phpMyAdmin in the wordpress directory

mv phpMyAdmin /var/wwwroot/phpMyAdmin

https://your website domain name/phpMyAdmin
Then open phpMyAdmin, create a new WordPress database, name it WordPress, and create an empty database. This database name should be the same as the one configured in wp-config.php above.
After that, configure the website in your browser and follow the installation steps step by step. It is recommended to use Google Chrome.
https://website domain name/wp-admin/install.php Website plugin update installation and template installation permission configuration:
In this step, some people will configure the directory permission to 777, which poses certain security risks. The correct configuration is to unify all user groups and users, that is, the user group of PHP, the user group of NGINX, and the user group of the wordpress storage directory.
First enter the website storage directory and check the folder user groups and permissions

cd /var/wwwroot/

Use the ls -l command to view the user group to which the directory belongs. The default user group and user are both root.

ls -l

Modify the user group permissions for the directory where the website is stored.

chown -R nginx:nginx /var/wwwroot/

For example, nginx is started using the nginx user, so here you need to change it to the nginx user group and nginx user.
In PHP, you also need to use the nginx user group to start it.

vi /etc/php-fpm.d/www.conf

user = apache
group = apache
Modify to nginx user group and user
user = nginx
group = nginx
After modifying the php user group, NGINX user group, and the user group of the wordpress storage directory, just reboot the server.
NGINX nginx.conf configuration, for reference only: nginx.conf configuration:

user nginx; #Configure user or group, the default is nobody nobody. worker_processes auto; #The number of processes allowed to be generated, the default is 1 pid /run/nginx.pid; #Specify the storage address of the nginx process running file error_log /var/log/nginx/error.log error; #Specify the error log path and level. This setting can be placed in the global block, http block, server block, the levels are: debug|info|notice|warn|error|crit|alert|emerg, the higher the level, the less records, generally set error #Load dynamic modules. include /usr/share/nginx/modules/*.conf; #Working mode and upper limit of connection number-eventsGlobal setting events { accept_mutex on; #Set network connection serialization to prevent panicking, the default is on multi_accept on; #Set whether a process accepts multiple network connections at the same time, the default is off #use epoll; #Event-driven model, select|poll|kqueue|epoll|resig|/dev/poll|eventport worker_connections 1024; #The maximum number of connections allowed for a single worker process, the default is 512 } #http server configuration file block http { log_format myFormat '$remote_addr–$remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for'; #Customize log format access_log /var/log/nginx/access.log myFormat; #Set access log path and format. combined is the default value of log format. rewrite_log on; #access_log off; #Cancel service access log sendfile on; #Allow sendfile to transfer files, the default is off, can be in http block, server block, location block. sendfile_max_chunk 0; #The number of transfers per call per process cannot be greater than the set value, the default is 0, that is, there is no upper limit. keepalive_timeout 1000; #Connection timeout, the default is 75s, can be in http, server, location block. client_max_body_size 1024m; types_hash_max_size 4096; tcp_nodelay on; tcp_nopush on; default_type application/octet-stream; #Default file type, default is text/plain fastcgi_connect_timeout 3000; #fastcgi connection timeout, default is 60 secondsfastcgi_send_timeout 3000; #Timeout for nginx process to send request to fastcgi process, default is 60 secondsfastcgi_read_timeout 3000; #Timeout for fastcgi process to send output to nginx process, default is 60 secondsgzip on; #gzip compression switch, on turns on Gzip compression, default is off turns offgzip_min_length 1k; # Enable the minimum file for gzip compression, files smaller than the set value will not be compressedgzip_comp_level 8; # gzip compression level, 1-9, the larger the number, the better the compression, but also takes up more CPU timegzip_buffers 4 16k; # Set the buffer size required for compressiongzip_http_version 1.1; # Set the HTTP protocol version for gzip compression, which can be ignored if no payload is usedgzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml; # The file type to be compressed. JavaScript has many forms. The values can be found in the mime.types file. gzip_vary on; # Whether to add Vary: Accept-Encoding in the http header, it is recommended to turn on gzip_disable "MSIE [1-6]\."; # Disable IE 6 gzip gzip_proxied off; include /etc/nginx/mime.types; # File extension and file type mapping table. Set the mime type (mail support type), the type is defined by the mime.types file. include /etc/nginx/conf.d/*.conf; # Load modular configuration files from the /etc/nginx/conf.d directory. }

Server configuration:

server { listen 80; listen [::]:80; server_name www.uzbox.tk uzbox.tk; #your website domain namereturn 301 https://uzbox.tk$request_uri; #301Redirect to https } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.uzbox.tk; # The website's domain name, can be multiple, separated by spacesreturn 301 https://uzbox.tk$request_uri; ssl_certificate /home/ssl/uzbox.tk/fullchain.cer; ssl_certificate_key /home/ssl/uzbox.tk/uzbox.tk.key; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name uzbox.tk; root /home/www; index index.php index.html index.htm; ssl_certificate /home/ssl/uzbox.tk/fullchain.cer; ssl_certificate_key /home/ssl/uzbox.tk/uzbox.tk.key; ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1440m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; include /etc/nginx/default.d/*.conf; # Load the configuration file for the default server block from /etc/nginx/default.d. # pseudo-static page location / { if (-f $request_filename/index.html){ rewrite (.*) $1/index.html break; } if (-f $request_filename/index.php){ rewrite (.*) $1/index.php; } if (!-f $request_filename){ rewrite (.*) /index.php; } } }

Pseudo-static plugin installation:
First, you need to modify the WordPress fixed link, go to the backend, and open the fixed link settings.
自定义结构后面填入%category%/%post_id%
Install the "No Category Base" plugin to remove the category directory /category/ and finally check all the services running on the server.

systemctl list-units --type=service