Jay
Jay

Nginx + Docker WordPress Mysql搭建

Nginx + Docker WordPress Mysql搭建

博客挂了好久,正好最近在家闲着 尝试着回复博客。也想过替换掉wordpress,遂尝试了vuepress,过于麻烦,舍弃。也想过hexo,那玩意要vps干啥。。。。几经周折,还是装回了wp。

这次用docker起wp,拒绝漏洞塔从我做起。

VPS配置:

https://blog.jay6.tech/wp-content/uploads/2020/02/QQ截图20200206174718-300x151.png

阿里云轻量,5M带宽。debian系统安装

开始安装

安装基础依赖

apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common

添加 Docker 的官方 GPG 密钥: 

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -

apt-key fingerprint 0EBFCD88

设置稳定版仓库:

add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
  $(lsb_release -cs) \
  stable"

更新索引

apt-get update

安装docker

apt-get install docker-ce docker-ce-cli containerd.io

安装docker-compose

最新版链接: https://github.com/docker/compose/releases 

curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

编写 docker-compose.yml

mkdir blog
cd blog
vim docker-compose.yml

docker-compose.yml内容如下

version: '3'

services:
   db:
     image: mysql:5.7
     volumes: # 数据卷,映射本地文件夹
       - db_data:/var/lib/mysql                                                                                         
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: xxx
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: wordpress

   wordpress:
     depends_on: # 依赖上方的 db service
       - db
     image: wordpress:latest
     volumes:
        - wp_site:/var/www/html
     ports:
        - "8000:80" #自己定义端口,等会需要对接nginx
     restart: always
     privileged: true
     environment:
       # 可以直接使用 上方 service 名 + 端口来获得链接 
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: wordpress
volumes:
    db_data:
    wp_site:

运行容器

docker-compose up -d #后台启动
docker-compose down #关闭容器

此时wp应该可以正常运行,若不能 请自行检查上方步骤是否有误。

编译安装Nginx并启用brotil压缩

apt install build-essential git tree
adduser --system --home /nonexistent --shell /bin/false --no-create-home --gecos "nginx user" --group --disabled-login --disabled-password nginx

下载源码

cd ~
wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz && tar xzvf pcre-8.43.tar.gz
wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz && tar xzvf openssl-1.1.1d.tar.gz
wget https://nginx.org/download/nginx-1.17.8.tar.gz && tar xzvf nginx-1.17.8.tar.gz
#下载brotli
git clone https://github.com/google/ngx_brotli.git
cd ngx_brotli
#更新brotli
git submodule update --init
cd nginx-1.17.8
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-pcre=../pcre-8.43 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-1.1.1d --with-openssl-opt=no-nextprotoneg --with-debug --add-module=../ngx_brotli
make
make install
#创建连接/usr/lib/nginx/modules /etc/nginx/modules
ln -s /usr/lib/nginx/modules /etc/nginx/modules
mkdir /var/cache/nginx -p
mkdir /etc/nginx/vhost -p

添加服务

vim /lib/systemd/system/nginx.service

内容

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target

让新的service生效: 

systemctl enable nginx.service
systemctl start nginx.service

添加vhost配置并开启gzip brotoli

修改/etc/nginx/nginx.conf,在http{}内添加 include vhost/*.conf;(此处位置自定)

添加

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    #gzip_http_version 1.0;
    gzip_comp_level 8;
    gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
    gzip_vary off;
    gzip_disable "MSIE [1-6]\.";
    brotli on;              #启用
    brotli_comp_level 6;    #压缩等级,默认6,最高11,太高的压缩水平可能需要更多的CPU
    brotli_buffers 16 8k;   #请求缓冲区的数量和大小
    brotli_min_length 20;   #指定压缩数据的最小长度,只有大于或等于最小长度才会对其压缩。这里指定20字节
    brotli_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml text/html application/json image/svg application/font-woff application/vnd.ms-fontobject application/vnd.apple.mpegurl image/x-icon image/jpeg image/gif image/png image/bmp;   #指定允许进行压缩类型
    brotli_static always;   #是否允许查找预处理好的、以.br结尾的压缩文件,可选值为on、off、always
    brotli_window 512k;     #窗口值,默认值为512k

*.conf

server {
    listen 80;
    server_name 网站域名;
    return 301 https://$host$request_uri;                                                              
}
upstream wordpress-workhorse {
    server 127.0.0.1:设置的端口 fail_timeout=10s;
}
server {  
    server_name 域名;
    listen 443 ssl;
    ssl_certificate 证书地址;
    ssl_certificate_key 证书地址;
    access_log /var/log/nginx/access.log main;
   # 主机中 WordPress 数据卷位置
    root /var/lib/docker/volumes/blog_wp_site/_data;


    location / {
        proxy_pass http://wordpress-workhorse;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
    }
    
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires 7d;
        access_log off;                                                    
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root html;
    }
}

重新读取配置文件即可

错误1:

上传的文件尺寸超过php.ini中定义的upload_max_filesize值

在blog目录新建一个uploads.ini,写入以下内容

file_uploads = On
memory_limit = 500M
upload_max_filesize = 30M
post_max_size = 30M
max_execution_time = 600

修改docker-compose.yml,在wordpress容器配置的volumes新增下面的配置 

wordpress:
    volumes:
      - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini

重启docker即可

错误2:

nginx error Permission denied

"/var/lib/docker/volumes/myblog_wp_site/_data/wp-includes/css/dashicons.min.css" failed (13: Permission denied)

nginx user 使用的是默认的 nobody 无法读取 docker 中 wp 的 www-data 这个用户组数据,所以直接将 nginx 用户提到 root即可

没有标签
首页      学习记录      Nginx + Docker WordPress Mysql搭建

发表评论

textsms
account_circle
email

arrow_back 上一篇
Moveit!增加Planner
arrow_forward 下一篇
Jellyfin+Xteve+Pureftpd+Transmisson+Aira2 基于PVE LXC虚拟化的家庭媒体中心搭建

Jay

Nginx + Docker WordPress Mysql搭建
博客挂了好久,正好最近在家闲着 尝试着回复博客。也想过替换掉wordpress,遂尝试了vuepress,过于麻烦,舍弃。也想过hexo,那玩意要vps干啥。。。。几经周折,还是装回了wp。 这次用dock…
扫描二维码继续阅读
2020-02-06