Typecho建站

2018年4月29日 Linux 0条评论 阅读次数 1,635


Typecho建站小流程 Ubuntu 16.04 x86-64

卸载postfix、apache2
rm -rf /var/www
apt purge -y apache* postfix* xinet*
apt update & upgrad
安装Nging和php
apt install -y nginx php7.0-fpm php7.0-xml \
              php7.0-curl php7.0-mbstring \
              php7.0-sqlite3
下载typecho
mkdir /www
wget http://typecho.org/downloads/1.1-17.10.30-release.tar.gz
tar xvzf 1.1.17.10.30.-release.tar.gz -C /www
mv /www/build /www/typecho
chown -R www-data:www-data /www/typecho
绑定域名

这里能申请到免费的域名,解析到你ip地址即可。

在nginx绑定域名

vim /etc/nginx/sites-available/default

找到

server_name _;

改为申请到的域名(注意加分号):

erver_name www.96mb.tk 96mb.tk;
安装Let’s Encrypt证书
mkdir /etc/nginx/ssl
apt install -y socat curl
curl https://get.acme.sh | sh
source ~/.bashr

acme.sh --issue -d www.96mb.tk -d 96mb.tk --nginx

安装证书

acme.sh --installcert -d www.96mb.tk -d 96mb.tk\
        --key-file /etc/nginx/ssl/96mb.key\
        --fullchain-file /etc/nginx/ssl/fullchain.cer\
        --reloadcmd "service nginx force-reload"

自动升级Let’s Encrypt证书:

acme.sh --upgrade --auto-upgrade 1

取消自动升级

acme.sh --upgrade --auto-upgrade 0

生成dhparam

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
检查php-fmp

检查php-fmp的listen方式以及运行账户

cat /etc/php/7.0/fpm/pool.d/www.conf | grep ^listen

结果:默认情况是sock形式(如下不需要改动)

listen = /run/php/php7.0-fpm.sock
listen.owner = www-data
listen.group = www-data

更改cgi.fix_pathinfo

sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=1/' /etc/php/7.0/fpm/php.ini

查看修改结果

cat /etc/php/7.0/fpm/php.ini | grep ^cgi.fix_pathinfo</pre>

输出(修改完情况是)

cgi.fix_pathinfo=1

配置nginx https
mv /etc/nginx/sites-available/default /etc/nginx/default.bak
vim /etc/nginx/sites-available/default

输入

server{
     listen   443 ssl http2 default_server;
     listen   [::]:443 ssl http2 default_server;
     server_name          www.96mb.tk;
     root                 /www/typecho;
     index                index.php;
     ssl_certificate      /etc/nginx/ssl/fullchain.cer; 
     ssl_certificate_key  /etc/nginx/ssl/96mb.key;
     ssl_dhparam          /etc/nginx/ssl/dhparam.pem;
     ssl_ciphers          EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
     ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
     ssl_session_cache    shared:SSL:10m;
     ssl_session_timeout  10m;
     ssl_stapling         on;
     ssl_stapling_verify  on;
     ssl_prefer_server_ciphers on;
     add_header Strict-Transport-Security max-age=15552000;
     gzip                 on;
     gzip_comp_level      6;
     gzip_proxied         any;
     gzip_types           text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/x-font-woff application/octet-stream ;
     location / { 
        if (!-e request_filename) {            #rewrite ^(.*) /index.php1 last;         }      }      location ~ .*.php(/.*)* {
         include          snippets/fastcgi-php.conf;
         fastcgi_pass     unix:/run/php/php7.0-fpm.sock;
         fastcgi_param    SCRIPT_FILENAME      document_rootfastcgi_script_name;
     }
}
server{
     listen      80 default_server;
     listen      [::]:80 default_server;
     return 301  https://www.96mb.tkrequest_uri;  } server {      server_name 96mb.tk;      return 301  https://www.96mb.tkrequest_uri;
}

重启nginx

service nginx force-reload
给https站跑分

SSL test


不出意料是个 A+


升级nginx 1.14.0
  1. 添加key
wget http://nginx.org/keys/nginx_signing.key
apt-key add nginx_signing.key
  1. 添加源
echo "deb http://nginx.org/packages/ubuntu/ xenial nginx" >> /etc/apt/sources.list
echo "deb-src http://nginx.org/packages/ubuntu/ xenial nginx" >> /etc/apt/sources.list
  1. 更新源
apt update
apt install nginx
  1. 更改配置文件

/etc/nginx/sites-available/default

内容拷贝至

/etc/nginx/conf.d/default.conf
  1. 添加tls1.3协议
ssl_protocols    LSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  1. 重启nginx
service nginx restart