WordPress就不用介绍是什么了吧,以前部署代码我总喜欢用OneinStack的一键编译部署环境,崇尚源码编译安装,现在懒得折腾了,直接用Docker来部署。

既然要用Docker部署,那么就需要安装Docker服务吧,因为Centos生命周期问题,我这里使用的是Rocky 9,所以使用CentOS的软件源安装,其它系统请查看Docker官方部署文档,Let’s Go…

# install yum tools
yum install -y yum-utils

# add docker repo
yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

# install docker server
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

# start docker service
systemctl start docker && systemctl enable docker

Docker服务安装OK,下一步进行WordPress相关服务的部署吧!

首先我们先下载Docker Image,直接使用官方Image。

# pull mysql
docker pull mysql

# pull nginx
docker pull mysql

# pull wordpress
docker pull wordpress

Docker Image下载好了,下面开始启动相关Docker服务,我这里所有数据都挂载在/data目录下,MySQL注意修改密码,其它参数根据自己的癖好去改。

# run mysql
docker run -d -v /data/mysql:/var/lib/mysql -e MYSQL_DATABASE=wordpress -e MYSQL_ROOT_PASSWORD=your-passwd -p 3306:3306 --name mysql --restart=always mysql --default-authentication-plugin=mysql_native_password

# run wordpress
docker run -d -v /data/wordpress:/var/www/html -e WORDPRESS_DB_HOST=mysql -e WORDPRESS_DB_USER=root -e WORDPRESS_DB_PASSWORD=your-passwd -e WORDPRESS_DB_NAME=wordpress -p 8080:80 --name wordpress --link mysql:mysql --restart=always wordpress

# run nginx
docker run -d -p 80:80 -p 443:443 -v /data/nginx:/etc/nginx --name nginx --restart=always nginx

上面需要注意的是Nginx官方镜像部署是不支持直接挂载文件夹的,需要先把-v挂载参数去掉启动,然后拷贝Nginx的文件出来,添加你的网站反代配置文件,然后在进行-v挂载启动。

# copy nginx file
docker cp nginx:/etc/nginx /data/nginx

到此为止就差不多了,最后再分享下简单优化过的Nginx主配置和虚拟机配置文件吧,注意WordPress的伪静态文件/Nginx的证书文件路径的添加和修改,Enjoy It~

# nginx.conf
user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 51200;

events {
    use epoll;
    worker_connections  51200;
    multi_accept on;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 1024m;
    client_body_buffer_size 10m;

    sendfile        on;
    tcp_nopush     on;
    tcp_nodelay on;
    server_tokens off;

    keepalive_timeout  120;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    fastcgi_intercept_errors on;

    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
    gzip_types
      text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
      text/javascript application/javascript application/x-javascript
      text/x-json application/json application/x-web-app-manifest+json
      text/css text/plain text/x-component
      font/opentype application/x-font-ttf application/vnd.ms-fontobject
      image/x-icon;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    include /etc/nginx/conf.d/*.conf;
}
# vhost configuration
server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  ssl_certificate /etc/nginx/ssl/www.svipc.com.crt;
  ssl_certificate_key /etc/nginx/ssl/www.svipc.com.key;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256;
  ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256;
  ssl_conf_command Options PrioritizeChaCha;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache shared:SSL:10m;
  ssl_buffer_size 2k;
  add_header Strict-Transport-Security max-age=15768000;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  server_name www.svipc.com svipc.com;
  access_log /var/log/nginx//www.svipc.com_nginx.log combined;
  index index.html index.htm index.php;
  #root /var/www/html
  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
  if ($host != www.svipc.com) {  return 301 $scheme://www.svipc.com$request_uri;  }
  include /etc/nginx/rewrite/wordpress.conf;
  #error_page 404 /404.html;
  #error_page 502 /502.html;
  
  #location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
  #  valid_referers none blocked *.svipc.com www.svipc.com svipc.com;
  #  if ($invalid_referer) {
  #      return 403;
  #  }
  #}

  location ~/ {
              proxy_pass http://192.168.1.10:8080;
              proxy_set_header Host $host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto https;
      }

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }

  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }

  location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
    deny all;
  }

  location /.well-known {
    allow all;
  }

}
# wordpress rewrite
location / {
  try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^/wp-content/uploads/.*\.php$ {
  deny all;
}

Hello World