Setup Typecho 1.1 (17.10.30) on Tencent Cloud
Setup Typecho 1.1 (17.10.30) on Tencent Cloud
Jiankangbao was blocked in the beginning of the Chinese New Year and I have to stay at home for all the holidays. The subscription of Alibaba Cloud was expired recently and my blog cannot work for a long time. Luckily Tencent Cloud just has the discount in the holiday, then buy a new lighthouse server, and migrate the Typecho to the new cloud.
environment
Server type: TencentCloud Lighthouse
OS: CentOS 7.6
ngnix: 1.20.2
MySQL: 8.0.26
PHP: 7.4.27
enable ssh login with password
it need reset the password of root if the OS is reinstalled in Tencent Cloud, ensure the setting 'PasswordAuthentication yes' & PermitRootLogin yes' in the file /etc/ssh/sshd_config
sudo vim /etc/ssh/sshd_config
sudo systemctl restart sshduser, group & permission
login with root, create the new user and add to sudoers (add 'lzy ALL=(ALL) ALL' to file /etc/sudoers)
useradd lzy
passwd lzy
vim /etc/sudoersinstall ngnix
refer to https://nginx.org/en/linux_packages.html#RHEL-CentOS to install nginx on CentOS 7.6
create the file nginx.repo under /etc/yum.repos.d
sudo vim /etc/yum.repos.d/nginx.repoadd below section to the the file nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=trueinstall nginx
sudo yum install nginxinstall PHP
install PHP 7.4.27 and extensions on CentOS 7.6
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum -y install yum-utils
sudo yum-config-manager --enable remi-php74
sudo yum -y install php-{common,mysql,xml,xmlrpc,curl,gd,imagick,cli,fpm,mbstring,opcache,zip}
sudo yum -y install php-mysqlnd install MySQL and initialize the configuration
install MySQL
sudo rpm -qa | grep mariadb
sudo rpm -e --nodeps mariadb-libs-5.5.68-1.el7.x86_64
sudo wget https://dev.mysql.com/get/mysql80-community-release-el7-5.noarch.rpm
sudo yum localinstall mysql80-community-release-el7-5.noarch.rpm
sudo yum repolist all | grep mysql
sudo yum clean all
sudo yum makecache
sudo yum -y install mysql-community-serverget the default root password
sudo systemctl start mysqld
sudo cat /var/log/mysqld.log | grep passwordsecure the MySQL server deployment
sudo mysql_secure_installationlogin with root and allow its remote access
mysql -u root -p
use mysql;
update user set host = '%' where user = 'root';
flush privileges;restart MySQL
sudo systemctl restart mysqlddownload typecho
sudo mkdir /home/site/wwwroot
cd /home/site/wwwroot
sudo wget http://typecho.org/downloads/1.1-17.10.30-release.tar.gz
sudo tar -xzvf 1.1-17.10.30-release.tar.gz
sudo mv build typecho
sudo chmod -R 777 typecho/allow SSL connection in /config.inc.php
define('__TYPECHO_SECURE__',true);setup DNS server
update the domains' DNS setting to the DNS server provided by Tencent Cloud
get wildcard certificate
apply wildcard certificate from Let's Encrypt (https://letsencrypt.org/getting-started)
sudo yum install certbot
sudo certbot certonly -d lzy129.com -d *.lzy129.com -d lzy129.cn -d *.lzy129.cn --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
sudo openssl dhparam -out /etc/letsencrypt/live/dhparams.pem 2048setup web server/SSL/FastCGI in nginx
update the configuration in /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name lzy129.com lzy129.cn www.lzy129.cn;
return 301 https://www.lzy129.com$request_uri;
}
server {
listen 80;
server_name www.lzy129.com;
root <your wwwroot path>;
ssl_certificate /etc/letsencrypt/live/lzy129.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lzy129.com/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/dhparams.pem;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/lzy129.com/fullchain.pem;
add_header Strict-Transport-Security max-age=60;
location / {
#root /usr/share/nginx/html;
index index.html index.htm index.php;
}
if (!-e $request_filename) {
rewrite ^/ /index.php last;
}
location ~ .*\.php(\/.*)*$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
set $path_info "";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
include fastcgi_params;
}
}change the nginx user and update other configuration including http block in /etc/nginx/nginx.conf
user <your nginx user>;
http {
client_max_body_size 30M;
include /etc/nginx/conf.d/*.conf;
}
include servers/*;update the configuration of PHP
update the configuration of php-fpm under /etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000
user = <your nginx user>allow to upload the attachment > 30M in /etc/php.ini
upload_max_filesize = 30M;
post_max_size = 30M;
max_execution_time = 600;reboot and start all the key services
sudo reboot
sudo nginx
sudo systemctl start php-fpm
sudo systemctl start mysqld
评论已关闭