Nginx安装部署WordPress保姆级教程

在 CentOS 7/8 上使用 Nginx 安装部署 WordPress 的步骤如下。整个过程将涉及安装和配置 Nginx、PHP 和 MySQL 等，以下是详细步骤：

1. 安装Nginx

Nginx 在 CentOS 7 的默认仓库中不可用，所以我们需要先安装 EPEL（Extra Packages for Enterprise Linux）仓库。

yum install -y epel-release
yum install -y nginx

2. 启动Nginx服务并设置开机自启动

systemctl start nginx
systemctl enable nginx
systemctl status nginx

3. 其它用法

#检查nginx配置文件是否正确
nginx -t
#启动Nginx服务
nginx
#检查Nginx服务是否启动
ps -ef |grep nginx
#杀死Nginx服务
kill -9 `ps -ef|grep nginx|grep -v grep |awk '{print $2}'`

4. Nginx安装WordPrsss的基本配置

    server {
        listen       80;
        server_name  10.8.0.2;
        root         /etc/nginx/html/wordpress;
        index index.php index.html index.htm;

        location / {
        try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
        try_files $uri =404;  # 如果找不到文件，则返回 404
        include fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;  # PHP-FPM 地址
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

要想确保可以通过nginx安装部署WordPress,还需要确保服务器上安装了PHP与MySQL。如果已经准备好了则忽略此步骤。

CentOS7通过yum安装PHP8.0以上版本

CnetOS7通过yum安装MySQL8.0

5.下载WordPress最新安装包

官网直达

或者命令行下载：

wget https://wordpress.org/latest.zip
unzip latest.zip
mv wordpress  /etc/nginx/html/
chown nginx:nginx /etc/nginx/html/wordpress

6. 浏览器进行安装部署WordPress

此时我们通过服务器公网IP进行访问即可。顺利得话在浏览器输入公网IP就可以看到安装页面了。

7. Nginx全量配置

我的站点Nginx有两层，也就是俩个Nginx服务器。接下来我把最外层得Nginx配置放在下面。

为什么我这里有俩层Nginx，一台在国内，一台在国外。

user nginx;
worker_processes auto;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 10240;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /etc/nginx/logs/wxspace_access.log  main;
    error_log /etc/nginx/logs/wxspace_error.log warn;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    client_max_body_size 50M;

    include             /etc/nginx/mime.types;
    include /etc/nginx/conf.d/*.conf;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    server {
        listen 80;
        server_name wxspace.cn;
        return 301 https://www.wxspace.cn$request_uri;
    }
    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  www.wxspace.cn;
    # START Nginx Rewrites for Rank Math Sitemaps
    rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
    rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
    # END Nginx Rewrites for Rank Math Sitemaps
    # SSL 证书路径
    ssl_certificate /etc/letsencrypt/live/wxspace.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/wxspace.cn/privkey.pem;
    ## 推荐的 SSL 配置
    ssl_protocols TLSv1.2 TLSv1.3;  # 仅启用 TLS 1.2 和 TLS 1.3
    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';  # 推荐的加密套件
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    # 启用 OCSP Stapling（提高性能和安全性）
    ssl_stapling on;
    ssl_stapling_verify on;
    # 强化 HTTP 安全头
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;  # 强制所有请求通过 HTTPS
    add_header X-Frame-Options "SAMEORIGIN" always;  # 防止点击劫持
    add_header X-Content-Type-Options "nosniff" always;  # 防止浏览器进行 MIME 类型嗅探
    add_header X-XSS-Protection "1; mode=block" always;  # 防止跨站脚本攻击
    add_header Referrer-Policy "no-referrer-when-downgrade" always;  # 防止泄露信息
	location / {
        proxy_pass http://10.8.0.2;  # 目标服务器的 IP 地址
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
	# 启用 Gzip 压缩
	gzip on;
	gzip_min_length 1000;
	gzip_buffers 16 8k;
	gzip_comp_level 6;
	gzip_types text/plain text/css application/javascript application/json text/xml application/xml application/xml+rss text/javascript application/x-javascript;
	gzip_disable "msie6";
	

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }
}