WordPress就不用介绍是什么了吧,以前部署代码我总喜欢用OneinStack的一键编译部署环境,崇尚源码编译安装,现在懒得折腾了,直接用Docker来部署。
既然要用Docker部署,那么就需要安装Docker服务吧,因为Centos生命周期问题,我这里使用的是Rocky 9,所以使用CentOS的软件源安装,其它系统请查看Docker官方部署文档,Let’s Go…
# install yum tools
yum install -y yum-utils
# add docker repo
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# install docker server
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
# start docker service
systemctl start docker && systemctl enable dockerDocker服务安装OK,下一步进行WordPress相关服务的部署吧!
首先我们先下载Docker Image,直接使用官方Image。
# pull mysql
docker pull mysql
# pull nginx
docker pull mysql
# pull wordpress
docker pull wordpressDocker Image下载好了,下面开始启动相关Docker服务,我这里所有数据都挂载在/data目录下,MySQL注意修改密码,其它参数根据自己的癖好去改。
# run mysql
docker run -d -v /data/mysql:/var/lib/mysql -e MYSQL_DATABASE=wordpress -e MYSQL_ROOT_PASSWORD=your-passwd -p 3306:3306 --name mysql --restart=always mysql --default-authentication-plugin=mysql_native_password
# run wordpress
docker run -d -v /data/wordpress:/var/www/html -e WORDPRESS_DB_HOST=mysql -e WORDPRESS_DB_USER=root -e WORDPRESS_DB_PASSWORD=your-passwd -e WORDPRESS_DB_NAME=wordpress -p 8080:80 --name wordpress --link mysql:mysql --restart=always wordpress
# run nginx
docker run -d -p 80:80 -p 443:443 -v /data/nginx:/etc/nginx --name nginx --restart=always nginx上面需要注意的是Nginx官方镜像部署是不支持直接挂载文件夹的,需要先把-v挂载参数去掉启动,然后拷贝Nginx的文件出来,添加你的网站反代配置文件,然后在进行-v挂载启动。
# copy nginx file
docker cp nginx:/etc/nginx /data/nginx到此为止就差不多了,最后再分享下简单优化过的Nginx主配置和虚拟机配置文件吧,注意WordPress的伪静态文件/Nginx的证书文件路径的添加和修改,Enjoy It~
# nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 1024m;
client_body_buffer_size 10m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 120;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
include /etc/nginx/conf.d/*.conf;
}
# vhost configuration
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/www.svipc.com.crt;
ssl_certificate_key /etc/nginx/ssl/www.svipc.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256;
ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256;
ssl_conf_command Options PrioritizeChaCha;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_buffer_size 2k;
add_header Strict-Transport-Security max-age=15768000;
#ssl_stapling on;
#ssl_stapling_verify on;
server_name www.svipc.com svipc.com;
access_log /var/log/nginx//www.svipc.com_nginx.log combined;
index index.html index.htm index.php;
#root /var/www/html
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
if ($host != www.svipc.com) { return 301 $scheme://www.svipc.com$request_uri; }
include /etc/nginx/rewrite/wordpress.conf;
#error_page 404 /404.html;
#error_page 502 /502.html;
#location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
# valid_referers none blocked *.svipc.com www.svipc.com svipc.com;
# if ($invalid_referer) {
# return 403;
# }
#}
location ~/ {
proxy_pass http://192.168.1.10:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md) {
deny all;
}
location /.well-known {
allow all;
}
}
# wordpress rewrite
location / {
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^/wp-content/uploads/.*\.php$ {
deny all;
}
Comments NOTHING