Setup Typecho under CentOS 8.2 (ECS hosted on Alibaba Cloud), Nginx, PHP and MySQL 8 (RDS, the database service provided by Alibaba Cloud)
install Nginx (https://nginx.org/en/docs/install.html)
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
sudo dnf install nginx
comment below configuration item
#include /etc/nginx/conf.d/*.conf;
add server block
server {
listen 80;
server_name liiuzy.com www.liiuzy.com;
return 301 https://www.liiuzy.com$request_uri;
}
server {
listen 443 ssl;
server_name www.liiuzy.com;
ssl_certificate /etc/letsencrypt/live/liiuzy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/liiuzy.com/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/dhparams.pem;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/liiuzy.com/fullchain.pem;
add_header Strict-Transport-Security max-age=60;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
index index.html index.htm index.php;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
if (!-e $request_filename) {
rewrite ^/ /index.php last;
}
location ~ .*\.php(\/.*)*$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
set $path_info "";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
include fastcgi_params;
}
}
add below configuration item
include servers/*;
comment all the things of /etc/nginx/conf.d
install PHP 8
sudo dnf install http://rpms.remirepo.net/enterprise/remi-release-8.rpm
sudo dnf module reset php
#sudo dnf module install php:remi-8.0
sudo dnf module enable php:remi-7.4
sudo dnf module install php:remi-7.3
#sudo dnf install php
sudo dnf install php-{common,mysql,xml,xmlrpc,curl,gd,imagick,cli,fpm,mbstring,opcache,zip}
#sudo dnf install php80-php-mysqlnd.x86_64
sudo dnf install php-mysqlnd
set php-fpm, update the configuration of php-fpm under etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000
user = nginx
install snap & certbot (https://letsencrypt.org/getting-started)
apply wildcard certificate
sudo certbot certonly -d liiuzy.com -d *.liiuzy.com -d liiuzy.cn -d *.liiuzy.cn -d lzy129.com -d *.lzy129.com -d lzy129.cn -d *.lzy129.cn --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
openssl dhparam -out /etc/letsencrypt/live/dhparams.pem 2048
enable InnoDB as the engine to create table /install/Mysal.sql
ENGINE = InnoDB
enable ssl for admin site of typecho /config.inc.php
define('__TYPECHO_SECURE__',true);
allow to upload the attachment > 30M, /etc/php.ini & /etc/nginx.conf
upload_max_filesize = 30M;
post_max_size = 30M;
max_execution_time = 600;
client_max_body_size 30m;