\u67e5\u770bdebian\/ubuntu\u7248\u672c\uff1a<\/p>\n\n\n\n
cat \/etc\/issue<\/code><\/pre>\n\n\n\n\u66f4\u65b0\u7cfb\u7edf\uff1a<\/p>\n\n\n\n
apt-get update && apt-get upgrade -y<\/code><\/pre>\n\n\n\n\u5b89\u88c5\u4f9d\u8d56\uff1a<\/p>\n\n\n\n
apt -y install build-essential libpcre3 libpcre3-dev zlib1g-dev git dbus manpages-dev aptitude g++ wget curl unzip libssl-dev libxslt-dev libgd-dev libgeoip-dev <\/code><\/pre>\n\n\n\n\n- debian<\/li>\n<\/ul>\n\n\n\n
apt -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring<\/code><\/pre>\n\n\n\n\n- ubuntu<\/li>\n<\/ul>\n\n\n\n
apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y<\/code><\/pre>\n\n\n\n\u6821\u51c6\u65f6\u95f4\uff1a<\/p>\n\n\n\n
ln -sf \/usr\/share\/zoneinfo\/Asia\/Shanghai \/etc\/localtime && date -R<\/code><\/pre>\n\n\n\n\u4e0b\u8f7d\/\u5b89\u88c5\/\u89e3\u538b openssl-3.3.2<\/p>\n\n\n\n
wget -nc --no-check-certificate https:\/\/www.openssl.org\/source\/openssl-3.3.2.tar.gz && tar -zxvf openssl-3.3.2.tar.gz<\/code><\/pre>\n\n\n\n\u4e0b\u8f7d\/\u89e3\u538b nginx-1.26.2\uff1a<\/p>\n\n\n\n
wget -nc --no-check-certificate https:\/\/nginx.org\/download\/nginx-1.26.2.tar.gz && tar -zxvf nginx-1.26.2.tar.gz<\/code><\/pre>\n\n\n\n\u5220\u9664 nginx-1.26.1.tar.gz\uff1a<\/p>\n\n\n\n
rm -rf nginx-1.26.2.tar.gz && rm -rf openssl-3.3.2.tar.gz && cd nginx-1.26.2<\/code><\/pre>\n\n\n\n\u6dfb\u52a0\u7f16\u8bd1\u63d2\u4ef6\uff1a<\/p>\n\n\n\n
.\/configure --prefix=\/etc\/nginx \\\n --with-threads \\\n --with-file-aio \\\n --with-http_ssl_module \\\n --with-http_v2_module \\\n --with-http_v3_module \\\n --with-http_realip_module \\\n --with-http_addition_module \\\n --with-http_xslt_module=dynamic \\\n --with-http_image_filter_module=dynamic \\\n --with-http_geoip_module=dynamic \\\n --with-http_sub_module \\\n --with-http_dav_module \\\n --with-http_flv_module \\\n --with-http_mp4_module \\\n --with-http_gunzip_module \\\n --with-http_gzip_static_module \\\n --with-http_auth_request_module \\\n --with-http_random_index_module \\\n --with-http_secure_link_module \\\n --with-http_degradation_module \\\n --with-http_slice_module \\\n --with-http_stub_status_module \\\n --with-cc-opt='-O3' \\\n --with-cpu-opt=CPU \\\n --with-pcre \\\n --with-stream \\\n --with-stream=dynamic \\\n --with-stream_ssl_module \\\n --with-stream_realip_module \\\n --with-stream_geoip_module \\\n --with-stream_geoip_module=dynamic \\\n --with-stream_ssl_preread_module \\\n --with-compat \\\n --with-pcre-jit \\\n --with-openssl-opt=enable-tls1_3 \\\n --with-openssl=..\/openssl-3.3.2<\/code><\/pre>\n\n\n\n\u7f16\u8bd1\/\u5b89\u88c5 nginx-1.26.2\uff1a<\/p>\n\n\n\n
make && make install<\/code><\/pre>\n\n\n\n\u914d\u7f6enginx-1.26.2\u670d\u52a1\uff1a<\/p>\n\n\n\n
cat >\/etc\/systemd\/system\/nginx.service <<EOF\n[Unit]\nDescription=A high performance web server and a reverse proxy server\nDocumentation=man:nginx(8)\nAfter=network.target nss-lookup.target\n\n[Service]\nType=forking\nPIDFile=\/etc\/nginx\/logs\/nginx.pid\nExecStartPre=\/etc\/nginx\/sbin\/nginx -t -q -g 'daemon on; master_process on;'\nExecStart=\/etc\/nginx\/sbin\/nginx -g 'daemon on; master_process on;'\nExecReload=\/etc\/nginx\/sbin\/nginx -g 'daemon on; master_process on;' -s reload\nExecStop=-\/sbin\/start-stop-daemon --quiet --stop --retry QUIT\/5 --pidfile \/etc\/nginx\/logs\/nginx.pid\nTimeoutStopSec=5\nKillMode=mixed\n\n[Install]\nWantedBy=multi-user.target\nEOF<\/code><\/pre>\n\n\n\n\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\uff1a<\/p>\n\n\n\n
mkdir -p \/etc\/nginx\/ssl \/etc\/systemd\/system\/nginx.service.d<\/code><\/pre>\n\n\n\n\u914d\u7f6enginx.pid\uff1a<\/p>\n\n\n\n
printf \"[Service]\\nExecStartPost=\/bin\/sleep 0.1\\n\" > \/etc\/systemd\/system\/nginx.service.d\/override.conf<\/code><\/pre>\n\n\n\n\n- \u8fd4\u56de\u5217\u8868<\/strong><\/li>\n<\/ul>\n\n\n\n
cd && rm -rf nginx-1.26.2 openssl-3.3.2<\/code><\/pre>\n\n\n\n\u5b89\u88c5MariaDB php\uff1a<\/p>\n\n\n\n
apt install php-fpm php-mysql mariadb-server -y<\/code><\/pre>\n\n\n\n\u5b89\u88c5php\u63d2\u4ef6\uff1a<\/p>\n\n\n\n
apt install php-curl php-gd php-imagick php-intl php-mbstring php-zip php-dom -y<\/code><\/pre>\n\n\n\nmysql\u6216MariaDB\u5b89\u5168\u52a0\u56fa\uff1a
\u4f1a\u8bbe\u7f6e\u5bc6\u7801\uff0c\u754c\u97621\u76f4\u63a5\u56de\u8f66\uff0c\u5269\u7684\u90fd\u9009Y\uff1a<\/p>\n\n\n\n
mysql_secure_installation<\/code><\/pre>\n\n\n\nroot\u767b\u5f55\uff1a<\/p>\n\n\n\n
mysql -u root -p<\/code><\/pre>\n\n\n\n\u67e5\u770b\u5f53\u524d\u7684\u6570\u636e\u5e93\uff1a<\/p>\n\n\n\n
show databases;<\/code><\/pre>\n\n\n\n\u521b\u5efa\u6570\u636e\u5e93\u975eroot\u7528\u6237\u540d\u5bc6\u7801\uff1a<\/p>\n\n\n\n
create database wordpress; create user name@localhost identified by 'password';<\/code><\/pre>\n\n\n\n\u6388\u4e88\u6743\u9650\uff1a<\/p>\n\n\n\n
grant all privileges on wordpress.* to name@localhost; flush privileges;<\/code><\/pre>\n\n\n\n\n- \u4f7f\u5bc6\u7801\u751f\u6548<\/li>\n<\/ul>\n\n\n\n
ALTER USER root@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD(\"password\");<\/code><\/pre>\n\n\n\n\u9000\u51fa\uff1a<\/p>\n\n\n\n
exit<\/code><\/pre>\n\n\n\n\u4e0b\u8f7dhttps:\/\/typecho.org\/ \u89e3\u538b\u653e\u5728\/etc\/nginx\/html\u6587\u4ef6\u5939\u4e0b\uff0c<\/strong><\/p>\n\n\n\n\u5b89\u88c5wordpress<\/p>\n\n\n\n
cd \/etc\/nginx\/html && wget https:\/\/cn.wordpress.org\/latest-zh_CN.zip && unzip latest-zh_CN.zip && mv wordpress\/* \/etc\/nginx\/html && rm -rf latest-zh_CN.zip wordpress && cd ..<\/span><\/code><\/code><\/pre>\n\n\n\n\u7528\u7684\u975eroot\u8d26\u6237\u8981\u7ed9html\u6587\u4ef6\u5939\u8d4b\u7ed9\u6743\u9650\uff1a<\/p>\n\n\n\n
chown -R www-data:www-data html<\/code><\/pre>\n\n\n\n\u91cd\u65b0\u914d\u7f6enginx.conf<\/p>\n\n\n\n
# generated 2022-12-24, Mozilla Guideline v5.6, nginx 1.22.1, OpenSSL 3.0.7, intermediate configuration, no OCSP\n# https:\/\/ssl-config.mozilla.org\/#server=nginx&version=1.22.1&config=intermediate&openssl=3.0.7&ocsp=false&guideline=5.6\nmap $http_upgrade $connection_upgrade {\n default upgrade;\n '' close;\n}\nserver {\n listen 80;\n\tserver_name _;\n location \/ {\n\t\tif ($host ~* \"\\d+\\.\\d+\\.\\d+\\.\\d+\") {\n\t\t\treturn 500;\n\t\t}\n\t\tif ($host != \"xxxxxxxxx.com\") {\n\t\t\treturn 500;\n\t\t}\n return 301 https:\/\/$host$request_uri;\n }\n}\nserver {\n listen 443 quic reuseport;\n listen 443 ssl;\n# listen [::]:443 quic reuseport;\n# listen [::]:443 ssl http2;\n http2 on;\n ssl_certificate \/etc\/nginx\/ssl\/xxxxxxxxx.com_cert_chain.pem;\n ssl_certificate_key \/etc\/nginx\/ssl\/xxxxxxxxx.com_key.key;\n ssl_session_timeout 1d;\n ssl_session_cache shared:MozSSL:10m; # about 40000 sessions\n ssl_session_tickets off;\n\n # curl https:\/\/ssl-config.mozilla.org\/ffdhe2048.txt > \/etc\/nginx\/ssl\/dhparam\n ssl_dhparam \/etc\/nginx\/ssl\/dhparam;\n\n # intermediate configuration\n ssl_protocols TLSv1.2 TLSv1.3;\n ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;\n ssl_prefer_server_ciphers off;\n # \u5f00\u542f 1.3 o-RTT\n ssl_early_data on;\n # HSTS (ngx_http_headers_module is required) (63072000 seconds)\n add_header Strict-Transport-Security \"max-age=63072000\" always;\n location = \/favicon.ico {\n\t\t\tlog_not_found off;\n }\n location = \/robots.txt {\n\t\t\tlog_not_found off;\n }\n location = \/conf.js {\n\t\t\tlog_not_found off;\n }\n location = \/1 {\n\t\t\tlog_not_found off;\n }\n location = \/sitemap.xml {\n\t\t\tlog_not_found off;\n }\n location = \/admin {\n\t\t\tlog_not_found off;\n }\n location = \/wp-json\/* {\n\t\t\tlog_not_found off;\n }\n location = \/.well-known\/* {\n\t\t\tlog_not_found off;\n }\n location = \/api\/* {\n\t\t\tlog_not_found off;\n }\n location = \/movie\/* {\n\t\t\tlog_not_found off;\n }\n location = \/sites\/* {\n\t\t\tlog_not_found off;\n }\n location = \/templates\/* {\n\t\t\tlog_not_found off;\n }\n location = \/wp-content\/* {\n\t\t\tlog_not_found off;\n }\n location = \/wp-includes\/* {\n\t\t\tlog_not_found off;\n }\n location = \/wp-admin\/* {\n\t\t\tlog_not_found off;\n }\n location = \/cgialfa {\n\t\t\tlog_not_found off;\n }\n location = \/alfacgiapi {\n\t\t\tlog_not_found off;\n }\n location = \/ALFA_DATA {\n\t\t\tlog_not_found off;\n }\n location = \/gank.php.PhP {\n\t\t\tlog_not_found off;\n }\n location = \/dns-query {\n\t\t\tlog_not_found off;\n }\n location = \/PHPBonusChallengeExploits.php\/* {\n\t\t\tlog_not_found off;\n }\n location = \/service\/* {\n\t\t\tlog_not_found off;\n }\n location = \/member\/* {\n\t\t\tlog_not_found off;\n }\n location = \/securityRealm\/* {\n\t\t\tlog_not_found off;\n }\n location = \/users\/* {\n\t\t\tlog_not_found off;\n }\n location = \/index.php\/* {\n\t\t\tlog_not_found off;\n }\n location = \/node\/* {\n\t\t\tlog_not_found off;\n }\n location = \/user\/* {\n\t\t\tlog_not_found off;\n }\n location ~ \\.php$ {\n fastcgi_pass unix:\/run\/php-fpm\/www.sock;\n fastcgi_index index.php;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n include fastcgi_params;\n }\n location ~ \/\\.ht {\n deny all;\n }\n location \/ {\n if ($host ~* \"\\d+\\.\\d+\\.\\d+\\.\\d+\") {\n return 500;\n }\n if ($host != \"xxxxxxxxx.com\") {\n return 500;\n }\n root html;\n index index.php index.html index.htm;\n add_header Alt-Svc 'h3=\":443\"; ma=86400'; #\u901a\u544a HTTP\/3 server \u7684\u53ef\u7528\u6027\n }\n}<\/code><\/pre>\n\n\n\n\u5f00\u542fBBR\uff1a<\/p>\n\n\n\n
echo \"net.core.default_qdisc=fq\" >> \/etc\/sysctl.conf && echo \"net.ipv4.tcp_congestion_control=bbr\" >> \/etc\/sysctl.conf && sysctl -p && lsmod | grep bbr<\/code><\/pre>\n\n\n\n\u52a0\u8f7d\u5355\u5143\uff1a<\/p>\n\n\n\n
systemctl daemon-reload<\/code><\/pre>\n\n\n\n\u5f00\u542fnginx\uff1a<\/p>\n\n\n\n
systemctl start nginx<\/code><\/pre>\n\n\n\n\u5f00\u542f\u72b6\u6001\uff1a<\/p>\n\n\n\n
systemctl status nginx<\/code><\/pre>\n\n\n\n\u5f00\u673a\u81ea\u52a8\u542f\u52a8\uff1a<\/p>\n\n\n\n
systemctl enable nginx<\/code><\/pre>\n\n\n\n\u91cd\u65b0\u542f\u52a8\uff1a<\/p>\n\n\n\n
systemctl restart nginx<\/code><\/pre>\n\n\n\n\u505c\u6b62nginx\uff1a<\/p>\n\n\n\n
service nginx stop<\/code><\/pre>\n\n\n\n\u5f00\u542fphp8.2-fpm\uff1a<\/p>\n\n\n\n
systemctl start php8.2-fpm<\/code><\/pre>\n\n\n\n\u5f00\u542f\u72b6\u6001\uff1a<\/p>\n\n\n\n
systemctl status php8.2-fpm<\/code><\/pre>\n\n\n\n\u5f00\u673a\u81ea\u52a8\u542f\u52a8\uff1a<\/p>\n\n\n\n
systemctl enable php8.2-fpm<\/code><\/pre>\n\n\n\n\u91cd\u65b0\u542f\u52a8\uff1a<\/p>\n\n\n\n
systemctl restart php8.2-fpm<\/code><\/pre>\n\n\n\n\u5f00\u542fmysql\uff1a<\/p>\n\n\n\n
systemctl start mariadb.service<\/code><\/pre>\n\n\n\n\u5f00\u542f\u72b6\u6001\uff1a<\/p>\n\n\n\n
systemctl status mariadb.service<\/code><\/pre>\n\n\n\n\u5f00\u673a\u81ea\u52a8\u542f\u52a8\uff1a<\/p>\n\n\n\n
systemctl enable mariadb.service<\/code><\/pre>\n\n\n\n\u91cd\u65b0\u542f\u52a8\uff1a<\/p>\n\n\n\n
systemctl restart mariadb.service<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"\u67e5\u770bdebian\/ubuntu\u7248\u672c\uff1a \u66f4\u65b0\u7cfb\u7edf\uff1a \u5b89\u88c5\u4f9d\u8d56\uff1a \u6821\u51c6\u65f6\u95f4\uff1a \u4e0b\u8f7d\/\u5b89\u88c5\/\u89e3\u538b openssl-3…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-118","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/txt.book2020.top\/index.php?rest_route=\/wp\/v2\/posts\/118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/txt.book2020.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/txt.book2020.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/txt.book2020.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/txt.book2020.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=118"}],"version-history":[{"count":0,"href":"https:\/\/txt.book2020.top\/index.php?rest_route=\/wp\/v2\/posts\/118\/revisions"}],"wp:attachment":[{"href":"https:\/\/txt.book2020.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/txt.book2020.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/txt.book2020.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}