Ubuntu 18.04/CentOS 7/Debian 9上设置WordPress Multisite网络

本文介绍在Ubuntu 18.04/CentOS 7/Debian 9系统上使用Nginx和Letsencrypt设置WordPress Multisite网络的方法，在同一个WordPress实例上托管多个域，先参考在Ubuntu 18.04系统下搭建WordPress全过程一文。

在CentOS 7/Ubuntu 18.04/Debian 9上安装MariaDB

此设置需要数据库服务器，我们将安装并创建一个供WordPress使用的数据库。参考：

在CentOS 7服务器中安装MariaDB 10.4的方法

在Ubuntu 18.04系统上安装MariaDB 10.4的步骤

在Debian 9/Debian 8系统中安装MariaDB 10.4数据库的步骤

安装MariaDB服务器后，继续为WordPress创建数据库，以root用户身份登录MariaDB数据库并为OCS创建数据库：

$ mysql -u root -p

Enter password: 

Welcome to the MariaDB monitor. Commands end with ; or g.

Your MariaDB connection id is 19258

MariaDB [(none)]> create database wp_db;

MariaDB [(none)]> grant all privileges on wp_db.* to wp_user identified by "strongpassword";

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.001 sec)

数据库准备就绪后，继续安装nginx Web服务器。

在CentOS 7/Ubuntu 18.04/Debian 9上安装Nginx

在EPEL存储库上可以使用CentOS 7上的Nginx包，你可以使用以下命令安装epel存储库：

$ sudo yum install epel-release

然后运行以下命令安装nginx：

$ sudo yum -y install nginx

对于Ubuntu 18.04和Debian 9，你可以从apt存储库安装nginx：

$ sudo apt-get install nginx

在两个方法上启动nginx服务来自systemd服务管理器：

$ sudo systemctl start nginx

使用以下命令启用服务以启动：

$ sudo systemctl enable nginx

在CentOS 7/Ubuntu 18.04/Debian 9上安装php和php-fpm

下一阶段是安装php和所有必需的模块，与Apache Web服务器不同，Nginx不包含本机PHP处理，为此，我们必须安装PHP-FPM（FastCGI Process Manager），在Ubuntu和Debian上，使用以下命令安装php和php-fpm：

$ sudo apt-get install php

php-{fpm,pear,cgi,common,mbstring,net-socket,gd,xml-util,mysql,gettext,bcmath}

将从此安装的php版本是v7.2，Php socket位于/var/run/php/目录中，对于php的7.2版本，它位于/var/run/php/php7.2-fpm.sock，你可以在/etc/php/7.2/fpm/pool.d/www.conf上确认，该服务默认启动，名称为php7.2-fpm.service。

对于CentOS 7，使用以下命令安装php和所需模块：

# yum -y install php72w-{cli,common,fpm,gd,mbstring,mysql,odbc,pdo,xml,opcache}

启动php fpm，使用：

# systemctl start php-fpm.service

在CentOS 7上，用于运行php-fpm的默认用户是apache，你可以将其更改为nginx：

# vim /etc/php-fpm.d/www.conf

user = nginx

group = nginx

服务侦听地址为127.0.0.1:9000：

# grep "listen = 127.0.0.1:9000" /etc/php-fpm.d/www.conf 

listen = 127.0.0.1:9000

下载并安装WordPress：

$ wget wordpress.org/latest.tar.gz

$ tar xvf latest.tar.gz

$ sudo mkdir /srv/wp.computingforgeeks.com

$ sudo mv wordpress/* /srv/wp.computingforgeeks.com/

配置WordPress数据库连接：

# cd /srv/wp.computingforgeeks.com/

# cp wp-config-sample.php wp-config.php

编辑wp-config.php：

define('DB_NAME', 'wp_db');

define('DB_USER', 'wp_user');

define('DB_PASSWORD', 'strongpassword');

将/srv/wp.computingforgeeks.com/的所有权更改为Web用户：

# Ubuntu / Debian

$ sudo chown -R www-data:www-data /srv/wp.computingforgeeks.com/

# CentOS 7

$ sudo chown -R nginx:nginx /srv/wp.computingforgeeks.com/

然后配置Nginx，将以下配置代码段复制到/etc/nginx/conf.d/wp-site.conf：

##################################

# WORDPRESS NGINX CONFIGURATIONS

##################################

server {

listen 80;

root /srv/wp.computingforgeeks.com;

server_name wp.computingforgeeks.com;

return 301 https://$server_name$request_uri;

}

server {

listen 443 ssl http2;

root /srv/wp.computingforgeeks.com;

access_log /var/log/nginx/wp_client_access.log;

error_log /var/log/nginx/wp_client_error.log;

server_name wp.computingforgeeks.com;

ssl_certificate /etc/letsencrypt/live/wp.computingforgeeks.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/wp.computingforgeeks.com/privkey.pem;

# Attempt to rewrite wordpress in sub directory 

rewrite ^/wp/([_0-9a-zA-Z-]+)/(xmlrpc.php|wp-[0-9a-z-]+.php) /wp/$2;

rewrite ^/wp/([_0-9a-zA-Z-]+)/(wp-(admin|content|includes).*) /wp/$2;

location / {

index                               index.php index.html;

try_files                           $uri $uri/ /index.php?$args;

}

#############

# Specify a charset

############

charset                         utf-8;

############

# GZIP

###########

gzip                            off;

#############

# Add trailing slash to */wp-admin requests.

############

rewrite /wp-admin$ $scheme://$host$uri/ permanent;

############

# this prevents hidden files (beginning with a period) from being served

############

location ~ /. {

access_log                      off;

log_not_found                   off;

deny                            all;

}

###########

# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING

###########

location ~* ^.+.(xml|mp4|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|rtf)$ {

access_log                      off;

log_not_found                   off;

expires                         max;

}

############

# Pass uploaded files to wp-includes/ms-files.php.

############

#       rewrite                         /files/$ /index.php last;

if ($uri !~ wp-content/plugins) {

rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;

}

# Rewrite multisite in a subdirectory '.../wp-.*' and '.../*.php'.

# if (!-e $request_filename) {

#    rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;

#    rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*.php)$ $1 last;

#    rewrite ^/[_0-9a-zA-Z-]+(/.*.php)$ $1 last;

#}

# Rewrite multisite '.../wp-.*' and '.../*.php'.

if (!-e $request_filename) {

rewrite /wp-admin$ $scheme://$host$uri/ permanent;

rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) /wp$1 last;

rewrite ^/[_0-9a-zA-Z-]+(/.*.php)$ /wp$1 last;

}

############

# Pass all .php files onto a php-fpm or php-cgi server

############

location ~ .php$ {

# Try the files specified in order. In our case, try the requested URI and if

# that fails, try (successfully) to pass a 404 error.

# zero day exploit defense

try_files                       $uri =404;

# Include the fastcgi_params defaults provided by nginx

include                         /etc/nginx/fastcgi_params;

# The amount of time for upstream to wait for a fastcgi process to send data.

# We keep this *extremely* high so that one can be lazy when remote debugging.

fastcgi_read_timeout            3600s;

# Buffer size for reading the header of the backend FastCGI process.

# This defaults to the value of a single fastcgi_buffers, so does not

# need to be specified in our case, but it's good to be explicit.

fastcgi_buffer_size             128k;

# The number and size of the buffers into which the reply from the FastCGI

# process in the backend is read.

#

# 4 buffers at 128k means that any reply by FastCGI greater than 512k goes

# to disk and replies under 512k are handled directly in memory.

fastcgi_buffers                 4 128k;

# SCRIPT_FILENAME is a required parameter for things to work properly,

# but was missing in the default fastcgi_params on upgrade to nginx 1.4.

# We define it here to be sure that it exists.

fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;

# Use the upstream for php7.0-fpm that we defined in nginx.conf

#fastcgi_pass                    unix:/run/php/php7.2-fpm.sock;

fastcgi_pass                    127.0.0.1:9000;

# And get to serving the file!

fastcgi_index                   index.php;

}

############

# ROBOTS

###########

location = /robots.txt {

allow all;

log_not_found off;

access_log off;

}

############

# RESTRICTIONS

############

# Deny access to any files with a .php extension in the uploads directory

# Works in sub-directory installs and also in multisite network

# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)

location ~* /(?:uploads|files)/.*.php$ {

deny all;

}

}

请注意使用你的有效域名替换wp.computingforgeeks.com，/srv/wp.computingforgeek.com使用你的Web根目录。

为域生成Letsencryt SSL证书

一旦你使用正确的设置修改了nginx，请继续请求我们将用于保护主站点的Letsencrypt证书，下载并安装certbot-auto客户端以使用：

# wget https://dl.eff.org/certbot-auto -P /usr/local/bin

# chmod a+x /usr/local/bin/certbot-auto

在防火墙上打开http和https端口：

# For CentOS

firewall-cmd --add-service={http,https} --permanent

firewall-cmd --reload

# For Ubuntu/Debian ufw

ufw allow http

ufw allow https

参考：Debian、Ubuntu、Linux Mint系统中的UFW防火墙入门教程。

申请证书：

# export DOMAIN='wp.computingforgeeks.com

# export EMAIL="webmaster@computingforgeeks.com"

# certbot-auto certonly --standalone -d $DOMAIN --preferred-challenges http

--agree-tos -n -m $EMAIL --keep-until-expiring

你应该得到这样的输出：

确认我们生成的证书：

# ls -1 /etc/letsencrypt/live/wp.computingforgeeks.com/

cert.pem

chain.pem

fullchain.pem

privkey.pem

README

确保修改nginx配置ssl部分以指向letsencrypt私钥和证书的正确路径，重新启动nginx以使受影响的更改：

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

$ sudo systemctl restart nginx

配置WordPress

打开http:domain启动wordpress安装，你应该得到初始安装页面：

提供所需信息，然后单击“安装WordPress（Install WordPress）”按钮，如果一切顺利，应该出现登录页面：

单击登录并提供用户名和密码：

在登录时，你应该能够访问wordpress Admin仪表板了，如下图所示：

设置WordPress Multisite

要使WordPress Multisite工作，你需要首先在wordpress配置文件上启用它：

# vim /srv/wp.computingforgeeks.com/wp-config.php

/* That's all, stop editing! Happy blogging. */行之前添加以下内容：

define( 'WP_ALLOW_MULTISITE', true );

重启Nginx服务：

$ sudo systemctl restart nginx

重新登录WordPress管理页面并转到工具>网络设置（Tools > Network Setup）：

选择是使用子域还是子目录来托管其他站点。

启用WordPress Network

将给定的配置代码段粘贴到/srv/wp.computingforgeeks.com/wp-config.php上，就在/* That's all, stop editing! Happy blogging. */前：

define('MULTISITE', true);

define('SUBDOMAIN_INSTALL', true);

define('DOMAIN_CURRENT_SITE', 'wp.computingforgeeks.com');

define('PATH_CURRENT_SITE', '/');

define('SITE_ID_CURRENT_SITE', 1);

define('BLOG_ID_CURRENT_SITE', 1);

重启nginx：

# systemct restart nginx

Relogin开始使用WordPress Network Multisite功能，应该看到新的网络管理员菜单了：

你可以通过导航到“站点”>“新建”来开始将网站添加到WordPress网络：

到了这里，全部的设置WordPress Multisite工作已经完成。

相关主题

使用Caddy Web Server托管WordPress网站的方法