如何在CentOS 8上使用Nginx和LE SSL安装Flarum论坛

Flarum是一个免费的开放源代码和下一代论坛软件,它使您可以轻松地建立和发展成功的在线社区。它是基于PHP的简单,轻巧,快速且易于移动的软件。它具有丰富的功能集,包括优雅的用户界面,两窗格界面,无限滚动,浮动编辑器,完全响应等。

在本教程中,我们将说明如何在CentOS 8服务器上安装Flarum论坛。

要求

  • 运行CentOS的服务器8。
  • 指向您服务器IP的有效域名
  • 在服务器上配置了root密码。

入门

开始之前,您需要在系统中安装EPEL和Remi存储库。首先,使用以下命令安装EPEL存储库:

dnf install epel-release -y

接下来,使用以下命令下载并安装Remi存储库:

wget http://rpms.remirepo.net/enterprise/remi-release-8.rpm
 rpm -Uvh remi-release-8.rpm

安装Nginx,MariaDB和PHP

首先,使用以下命令安装Nginx Web服务器和MariaDB服务器:

dnf install nginx mariadb-server -y

一旦安装了两个软件包,就需要启用php:remi-7.3模块来安装PHP 7.3。您可以使用以下命令启用它:

dnf module enable php:remi-7.3

接下来,使用以下命令安装具有其他必需依赖项的PHP:

dnf install php php-fpm php-common php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml -y

安装完所有软件包后,启动Nginx,MariaDB和PHP-FPM服务,并使用以下命令使它们在系统重新引导后启动:

systemctl start nginx
 systemctl start mariadb
 systemctl start php-fpm
 systemctl enable nginx
 systemctl enable mariadb
 systemctl enable php-fpm

完成后,您可以继续下一步。

配置MariaDB数据库

默认情况下,MariaDB不安全。您可以使用以下脚本保护它:

mysql_secure_installation

回答所有问题,如下所示:

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

完成后,使用以下命令登录MariaDB shell:

mysql -u root -p

在提示时提供您的root密码,然后使用以下命令为Flarum创建数据库和用户:

MariaDB [(none)]> CREATE DATABASE flarumdb;
 MariaDB [(none)]> GRANT ALL PRIVILEGES on flarumdb.* to 'flarum'@'localhost' identified by 'password';

接下来,刷新特权并使用以下命令从MariaDB shell退出:

MariaDB [(none)]> FLUSH PRIVILEGES;
 MariaDB [(none)]> EXIT;

完成后,您可以继续下一步。

为Nginx配置PHP-FPM

接下来,您将需要配置PHP-FPM以与Nginx一起使用。您可以通过编辑文件www.conf来实现:

nano /etc/php-fpm.d/www.conf

将用户名和组名从apache更改为nginx,如下所示:

user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx

接下来,找到以下行:

;listen = /run/php-fpm/www.sock

并将其替换为以下行:

listen = 127.0.0.1:9000

完成后保存并关闭文件。然后,重新启动PHP-FPM服务以应用更改:

systemctl restart php-fpm

安装Flarum

在安装Flarum之前,您需要在系统中安装Composer。

您可以使用以下命令进行安装:

curl -sS https://getcomposer.org/installer | php

安装完成后,您应该获得以下输出:

All settings correct for using Composer
Downloading...

Composer (version 1.9.2) successfully installed to: /root/composer.phar
Use it: php composer.phar

接下来,将Composer二进制文件移动到/ usr / local / bin目录并给予适当的权限:

mv composer.phar /usr/local/bin/composer
 chmod 755 /usr/local/bin/composer

接下来,将目录更改为Nginx文档根目录,并使用以下命令创建Flarum项目:

cd /var/www/html
 composer create-project flarum/flarum . --stability=beta

接下来,使用以下命令对Nginx Web根目录授予适当的权限:

chown -R nginx:nginx /var/www/html
 chmod -R 755 /var/www/html
 chown -R nginx:nginx /var/lib/php

完成后,您可以继续下一步。

为Flarum配置Nginx

接下来,您将需要为Nginx创建一个Nginx虚拟主机配置文件。您可以使用以下命令创建它:

nano /etc/nginx/conf.d/flarum.conf

添加以下行:

server {
    listen   80;
    server_name  flarum.example.com;

# note that these lines are originally from the "location /" block
root   /var/www/html/public;
index index.php index.html index.htm;

location / { try_files $uri $uri/ /index.php?$query_string; }
location /api { try_files $uri $uri/ /api.php?$query_string; }
location /admin { try_files $uri $uri/ /admin.php?$query_string; }

location /flarum {
    deny all;
    return 404;
}

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

location ~* \.html$ {
    expires -1;
}

location ~* \.(css|js|gif|jpe?g|png)$ {
    expires 1M;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml
           application/javascript
           application/json
           application/vnd.ms-fontobject
           application/x-font-ttf
           application/x-web-app-manifest+json
           application/xhtml+xml
           application/xml
           font/opentype
           image/svg+xml
           image/x-icon
           text/css
           #text/html -- text/html is gzipped by default by nginx
           text/plain
           text/xml;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
   }

完成后,保存并关闭文件。接下来,您需要在nginx.conf文件中增加hash_bucket的大小。

您可以通过编辑文件/etc/nginx/nginx.conf来实现:

nano /etc/nginx/nginx.conf

在最后一行的上方添加以下行:

server_names_hash_bucket_size 64;

保存并关闭文件。然后,使用以下命令检查Nginx是否存在语法错误:

nginx -t

您应该看到以下输出:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

最后,重新启动Nginx和PHP-FPM服务以应用更改:

systemctl restart php-fpm
 systemctl restart nginx

配置SELinux和防火墙

首先,您将需要创建防火墙规则以允许来自外部网络的HTTP和HTTPS服务。您可以使用以下命令允许它:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
 firewall-cmd --reload

默认情况下,CentOS 8中启用了SELinux。因此,您需要为Flarum配置SELinux才能正常工作。您可以使用以下命令配置SELinux:

setsebool httpd_can_network_connect on -P

完成后,您可以继续下一步。

访问Flarum Web UI

现在,打开Web浏览器并输入URL http://flarum.example.com。您将被重定向到以下页面:

Flarum论坛安装程序

提供您的论坛名称,数据库详细信息,管理员用户名,密码,然后单击“ 安装 Flarum”按钮。成功完成安装后,您应该在以下页面中看到Flarum仪表板:

Flarum论坛

让我们加密SSL保护Flarum

Flarum现在已安装和配置。是时候使用“免费加密SSL”来保护它了。

为此,您需要在服务器上下载certbot客户端。您可以通过运行以下命令下载并设置正确的权限:

wget https://dl.eff.org/certbot-auto
 mv certbot-auto /usr/local/bin/certbot-auto
 chown root /usr/local/bin/certbot-auto
 chmod 0755 /usr/local/bin/certbot-auto

现在,运行以下命令为flarum网站获取并安装SSL证书。

certbot-auto --nginx -d flarum.example.com

上面的命令将首先在服务器上安装所有必需的依赖项。安装后,将要求您提供一个电子邮件地址并接受服务条款,如下所示:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): hitjethva@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y 


Obtaining a new certificate
Performing the following challenges:
http-01 challenge for flarum.example.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/flarum.conf

接下来,您将需要选择是否将HTTP流量重定向到HTTPS,如下所示:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

输入2,然后按Enter键继续。安装完成后,您应该看到以下输出:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/flarum.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://flarum.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=flarum.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/flarum.example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/flarum.example.com/privkey.pem
   Your cert will expire on 2020-03-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

而已!您现在可以使用安全URL https://flarum.example.com访问Flarum网站。

原文地址:https://www.howtoforge.com/how-to-install-flarum-forum-on-centos-8/

发表评论
  • 发表评论
  • 评论列表
     
     

    为你推荐
    Ta的个人站点

    Ubar发布文章117篇

    与他人进行分享是一种快乐!当你的分享可以帮助到他们,会感觉更快乐!