如何在 CentOS 8 上使用 Nginx 和 LE SSL 安装 Flarum Forum
在此页
- 要求
- 开始
- 安装 Nginx、MariaDB 和 PHP
- 配置 MariaDB 数据库
- 为 Nginx 配置 PHP-FPM
- 安装 Flarum
- 为 Flarum 配置 Nginx
- 配置 SELinux 和防火墙
- 访问 Flarum 网络用户界面
- 使用 Lets Encrypt SSL 保护 Flarum
Flarum 是一款免费、开源的下一代论坛软件,可让您更轻松地启动和发展成功的在线社区。它是基于 PHP 的简单、轻量级、快速且适合移动设备的软件。它具有丰富的功能集,包括优雅的 UI、双窗格界面、无限滚动、浮动编写器、完全响应等等。
在本教程中,我们将介绍如何在 CentOS 8 服务器上安装 Flarum 论坛。
要求
- 一台运行 CentOS 8 的服务器。
- 用您的服务器 IP 指向的有效域名
- 在服务器上配置了根密码。
入门
在开始之前,您需要在您的系统中安装 EPEL 和 Remi 存储库。首先,使用以下命令安装 EPEL 存储库:
dnf install epel-release -y接下来,使用以下命令下载并安装 Remi 存储库:
wget http://rpms.remirepo.net/enterprise/remi-release-8.rpm
rpm -Uvh remi-release-8.rpm安装 Nginx、MariaDB 和 PHP
首先,使用以下命令安装 Nginx 网络服务器和 MariaDB 服务器:
dnf install nginx mariadb-server -y安装完这两个包后,您将需要启用 php:remi-7.3 模块来安装 PHP 7.3。您可以使用以下命令启用它:
dnf module enable php:remi-7.3接下来,使用以下命令安装 PHP 和其他所需的依赖项:
dnf install php php-fpm php-common php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml -y安装所有包后,启动 Nginx、MariaDB 和 PHP-FPM 服务,并使用以下命令使它们在系统重启后启动:
systemctl start nginx
systemctl start mariadb
systemctl start php-fpm
systemctl enable nginx
systemctl enable mariadb
systemctl enable php-fpm完成后,您可以继续下一步。
配置 MariaDB 数据库
默认情况下,MariaDB 是不安全的。您可以使用以下脚本保护它:
mysql_secure_installation如下图所示回答所有问题:
Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
完成后,使用以下命令登录 MariaDB shell:
mysql -u root -p在出现提示时提供您的 root 密码,然后使用以下命令为 Flarum 创建数据库和用户:
MariaDB [(none)]> CREATE DATABASE flarumdb;
MariaDB [(none)]> GRANT ALL PRIVILEGES on flarumdb.* to 'flarum'@'localhost' identified by 'password';接下来,使用以下命令刷新权限并退出 MariaDB shell:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;完成后,您可以继续下一步。
为 Nginx 配置 PHP-FPM
接下来,您需要配置 PHP-FPM 以使用 Nginx。您可以通过编辑文件 www.conf 来完成:
nano /etc/php-fpm.d/www.conf将用户名和组名从 apache 更改为 nginx,如下所示:
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx
接下来,找到以下行:
;listen = /run/php-fpm/www.sock
并将其替换为以下行:
listen = 127.0.0.1:9000
完成后保存并关闭文件。然后,重新启动 PHP-FPM 服务以应用更改:
systemctl restart php-fpm安装 Flarum
在安装 Flarum 之前,您需要在系统中安装 Composer。
您可以使用以下命令安装它:
curl -sS https://getcomposer.org/installer | php安装后,您应该得到以下输出:
All settings correct for using Composer
Downloading...
Composer (version 1.9.2) successfully installed to: /root/composer.phar
Use it: php composer.phar
接下来,将 Composer 二进制文件移动到 /usr/local/bin 目录并授予适当的权限:
mv composer.phar /usr/local/bin/composer
chmod 755 /usr/local/bin/composer接下来,将目录更改为 Nginx 文档根目录并使用以下命令创建一个 Flarum 项目:
cd /var/www/html
composer create-project flarum/flarum . --stability=beta接下来,使用以下命令为 Nginx web 根目录授予适当的权限:
chown -R nginx:nginx /var/www/html
chmod -R 755 /var/www/html
chown -R nginx:nginx /var/lib/php完成后,您可以继续下一步。
为 Flarum 配置 Nginx
接下来,您需要为 Nginx 创建一个 Nginx 虚拟主机配置文件。您可以使用以下命令创建它:
nano /etc/nginx/conf.d/flarum.conf添加以下行:
server {
listen 80;
server_name flarum.example.com;
# note that these lines are originally from the "location /" block
root /var/www/html/public;
index index.php index.html index.htm;
location / { try_files $uri $uri/ /index.php?$query_string; }
location /api { try_files $uri $uri/ /api.php?$query_string; }
location /admin { try_files $uri $uri/ /admin.php?$query_string; }
location /flarum {
deny all;
return 404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.html$ {
expires -1;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 1M;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml
application/javascript
application/json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
#text/html -- text/html is gzipped by default by nginx
text/plain
text/xml;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
}
完成后保存并关闭文件。接下来,您需要增加 nginx.conf 文件中的 hash_bucket 大小。
您可以通过编辑文件 /etc/nginx/nginx.conf 来完成:
nano /etc/nginx/nginx.conf在最后一行的正上方添加以下行:
server_names_hash_bucket_size 64;
保存并关闭文件。然后,使用以下命令检查 Nginx 是否存在任何语法错误:
nginx -t您应该看到以下输出:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
最后,重启 Nginx 和 PHP-FPM 服务以应用更改:
systemctl restart php-fpm
systemctl restart nginx配置 SELinux 和防火墙
首先,您需要创建防火墙规则以允许来自外部网络的 HTTP 和 HTTPS 服务。您可以使用以下命令允许它:
firewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-service=https
firewall-cmd --reload默认情况下,SELinux 在 CentOS 8 中是启用的。因此您需要配置 SELinux 以使 Flarum 正常工作。您可以使用以下命令配置 SELinux:
setsebool httpd_can_network_connect on -P完成后,您可以继续下一步。
访问 Flarum 网页界面
现在,打开您的 Web 浏览器并输入 URL http://flarum.example.com。您将被重定向到以下页面:
提供您的论坛名称、数据库详细信息、管理员用户名、密码,然后单击安装 Flarum 按钮。安装成功完成后,您应该会在以下页面中看到 Flarum 仪表板:
使用 Lets Encrypt SSL 保护 Flarum
Flarum 现已安装和配置。是时候使用 Lets Encrypt 免费 SSL 来保护它了。
为此,您需要在服务器上下载 certbot 客户端。您可以通过运行以下命令下载并设置正确的权限:
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto现在,运行以下命令为您的 flarum 网站获取并安装 SSL 证书。
certbot-auto --nginx -d flarum.example.com上面的命令将首先在您的服务器上安装所有必需的依赖项。安装后,系统会要求您提供电子邮件地址并接受服务条款,如下所示:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for flarum.example.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/flarum.conf
接下来,您需要选择是否将 HTTP 流量重定向到 HTTPS,如下所示:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
键入 2 并按 Enter 键继续。安装完成后,您应该会看到以下输出:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/flarum.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://flarum.example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=flarum.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/flarum.example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/flarum.example.com/privkey.pem
Your cert will expire on 2020-03-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the "certonly" option. To non-interactively renew *all*
of your certificates, run "certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
就是这样!您现在可以使用安全 URL https://flarum.example.com 访问您的 Flarum 网站。