如何在 CentOS 8 上安装 Vanila 论坛并使用 Lets Encrypt 保护它
本教程适用于这些操作系统版本
- 中央操作系统 8
- 中央操作系统 7
在此页
- 先决条件
- 安装 LEMP 服务器
- 配置 MariaDB 数据库
- 下载香草论坛
- 配置 PHP-FPM 池
- 为 Vanilla 配置 Nginx
- 使用 Lets Encrypt SSL 保护 Vanilla
- 配置 SELinux 和防火墙
- 访问香草论坛
- 结论
Vanilla 是一款免费、开源且灵活的社区论坛软件,可用于构建您自己的论坛站点。它是一个轻量级的多语言论坛解决方案,可帮助您在几分钟内建立一个在线社区。它是用 PHP 编写的,带有许多附加组件和主题。它具有高级功能,被顶级品牌用来吸引客户、提高忠诚度和降低支持成本。
在本教程中,我们将学习如何在 CentOS 8 上安装 Vanilla 论坛并使用 Lets Encrypt SSL 保护它。
先决条件
- 一台运行 CentOS 8 的服务器。
- 在您的服务器上设置了根密码。
安装 LEMP 服务器
首先,您需要在系统中安装 Nginx Web 服务器、MariaDB 数据库服务器、PHP 和其他所需的 PHP 扩展。您可以运行以下命令来安装所有这些:
dnf install nginx mariadb-server php php php-mysqlnd php-opcache php-xml php-xmlrpc php-gd php-mbstring php-json php-fpm php-curl php-pear php-openssl php-intl unzip -y安装所有包后,启动 Nginx、PHP-FPM 和 MariaDB 服务,并使用以下命令使它们在系统重启后启动:
systemctl start nginx
systemctl start php-fpm
systemctl start mariadb
systemctl enable nginx
systemctl enable php-fpm
systemctl enable mariadb配置 MariaDB 数据库
在开始之前,最好保护您的 MariaDB。您可以使用以下脚本保护它:
mysql_secure_installation如下图所示回答所有问题:
Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
保护 MariaDB 后,使用以下命令登录到 MariaDB shell:
mysql -u root -p使用以下命令提供您的 MariaDB root 密码并为 Vanilla 创建数据库和用户:
MariaDB [(none)]> CREATE DATABASE vanilladb CHARACTER SET utf8 COLLATE utf8_general_ci;
MariaDB [(none)]> CREATE USER 'vanilla'@'localhost' IDENTIFIED BY 'password';接下来,使用以下命令授予 Vanilla 数据库的所有权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON vanilladb.* TO 'vanilla'@'localhost';接下来,使用以下命令刷新权限并退出 MariaDB shell:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;下载香草论坛
您可以使用以下命令从其官方网站下载 Vanilla 论坛的最新稳定版本:
wget https://open.vanillaforums.com/get/vanilla-core-3.3.zip下载后,使用以下命令解压缩下载的文件:
unzip vanilla-core-3.3.zip接下来,使用以下命令将提取的目录移动到 Nginx web 根目录:
mv package /var/www/html/vanilla接下来,将 vanilla 目录的所有权更改为 Nginx:
chown -R nginx:nginx /var/www/html/vanilla完成后,您可以继续下一步。
配置 PHP-FPM 池
默认情况下,PHP-FPM 是为 Apache 配置的。在这里,我们将使用 Nginx 作为网络服务器。所以你需要为 Nginx 配置 PHP-FPM。您可以通过编辑文件 /etc/php-fpm.d/www.conf 来完成:
nano /etc/php-fpm.d/www.conf更改以下行:
user = nginx
group = nginx
完成后保存并关闭文件。然后,为 PHP 创建会话目录并更改其所有权:
mkdir -p /var/lib/php/session
chown -R nginx:nginx /var/lib/php/session接下来,重新启动 PHP-FPM 服务以应用更改:
systemctl restart php-fpm为 Vanilla 配置 Nginx
接下来,创建一个新的 Nginx 虚拟主机文件来服务 Vanilla 论坛。
nano /etc/nginx/conf.d/vanilla.conf添加以下行:
server {
listen 80;
server_name vanilla.linuxbuz.com;
root /var/www/html/vanilla;
index index.php;
location ~* /\.git { deny all; return 403; }
location /build/ { deny all; return 403; }
location /cache/ { deny all; return 403; }
location /cgi-bin/ { deny all; return 403; }
location /uploads/import/ { deny all; return 403; }
location /conf/ { deny all; return 403; }
location /tests/ { deny all; return 403; }
location /vendor/ { deny all; return 403; }
location ~* ^/index\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $fastcgi_script_name =404;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param SCRIPT_NAME /index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root/index.php;
fastcgi_param X_REWRITE 1;
fastcgi_pass unix:/var/run/php-fpm/www.sock;
}
location ~* \.php(/|$) {
rewrite ^ /index.php$uri last;
}
location / {
try_files $uri $uri/ @vanilla;
}
location @vanilla {
rewrite ^ /index.php$uri last;
}
}
完成后保存并关闭文件。然后,重新启动 Nginx 服务以应用更改:
systemctl restart nginx使用 Lets Encrypt SSL 保护 Vanilla
接下来,您需要在系统中安装 Certbot 实用程序,以便为您的 Vanilla 网站下载并安装 Lets Encrypt SSL。
您可以使用以下命令安装 Certbot 客户端:
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto接下来,使用以下命令为您的 Vanilla 网站获取并安装 SSL 证书:
certbot-auto --nginx -d vanilla.linuxbuz.com上面的命令将首先在您的服务器上安装所有必需的依赖项。安装后,系统会要求您提供电子邮件地址并接受服务条款,如下所示:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vanilla.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/vanilla.conf
选择是否要将 HTTP 流量重定向到 HTTPS,如下所示:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
键入 2 并按 Enter 键继续。安装成功完成后,您应该获得以下输出:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/vanilla.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://vanilla.linuxbuz.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=vanilla.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/vanilla.linuxbuz.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/vanilla.linuxbuz.com/privkey.pem
Your cert will expire on 2020-06-11. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the "certonly" option. To non-interactively renew *all*
of your certificates, run "certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
配置 SELinux 和防火墙
默认情况下,SELinux 在 CentOS 8 中启用。因此您需要为您的 Vanilla 论坛网站配置它。
您可以使用以下命令配置 SELinux:
setsebool httpd_can_network_connect on -P
chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/vanilla接下来,使用以下命令允许端口 80 和 443 通过防火墙:
firewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-service=https
firewall-cmd --reload完成后,您可以继续下一步。
访问香草论坛
打开您的 Web 浏览器并访问 URL https://vanilla.linuxbuz.com。您将被重定向到以下页面:
提供您的数据库详细信息、应用程序标题、电子邮件、管理员用户名、密码,然后单击“继续”按钮。安装完成后,您应该会在以下页面中看到 Vanilla 仪表板:
结论
恭喜!您已经使用 Lets Encrypt SSL 在 CentOS 8 上成功安装了 Vanilla 论坛。您现在可以轻松地托管自己的社区论坛网站。如果您有任何问题,请随时问我。