如何安装Vanilla论坛并保护我们使用CentOS 8进行加密

如何安装Vanilla论坛并保护我们使用CentOS 8进行加密

Vanilla是免费,开放源代码和灵活的社区论坛软件,您可以使用它来构建自己的论坛站点。轻巧的多语言论坛解决方案,可在数分钟内启动在线社区。用PHP编写,带有许多附加组件和主题。顶级品牌挤满了高级功能,以吸引客户,提高忠诚度并降低支持成本。

在本教程中,您将学习如何在CentOS 8上安装Venilla论坛并使用Let’s Encrypt SSL对其进行保护。

前提条件

  • 运行CentOS的服务器8。
  • 已经在服务器上设置了root密码。

安装LEMP服务器

首先,您需要在系统上安装Nginx Web服务器,MariaDB数据库服务器,PHP以及任何其他必需的PHP扩展。您可以通过运行以下命令来安装它们:

dnf install nginx mariadb-server php php php-mysqlnd php-opcache php-xml php-xmlrpc php-gd php-mbstring php-json php-fpm php-curl php-pear php-openssl php-intl unzip -y

安装所有软件包后,启动Nginx,PHP-FPM和MariaDB服务,以便您可以在系统重新启动后使用以下命令启动它们:

systemctl start nginx systemctl start php-fpm systemctl start mariadb systemctl enable nginx systemctl enable php-fpm systemctl enable mariadb

配置MariaDB数据库

在开始之前,我们建议您保护MariaDB。您可以使用以下脚本保护它:

mysql_secure_installation

回答所有问题,如下所示。

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

保护MariaDB之后,使用以下命令登录MariaDB shell:

mysql -u root -p

输入MariaDB root密码,并使用以下命令创建Vanilla数据库和用户:

MariaDB [(none)]> CREATE DATABASE vanilladb CHARACTER SET utf8 COLLATE utf8_general_ci; MariaDB [(none)]> CREATE USER 'vanilla'@'localhost' IDENTIFIED BY 'password';

接下来,使用以下命令将所有特权授予Vanilla数据库:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON vanilladb.* TO 'vanilla'@'localhost';

接下来,刷新特权并使用以下命令退出MariaDB shell:

MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> EXIT;

下载香草论坛

您可以使用以下命令从官方网站下载Vanilla论坛的最新稳定版本:

wget https://open.vanillaforums.com/get/vanilla-core-3.3.zip

下载后,使用以下命令解压缩下载的文件:

unzip vanilla-core-3.3.zip

接下来,使用以下命令将提取的目录移动到Nginx Web根目录:

mv package /var/www/html/vanilla

接下来,将vanilla目录的所有权更改为Nginx。

chown -R nginx:nginx /var/www/html/vanilla

完成后,您可以继续下一步。

PHP-FPM池的配置

默认情况下,PHP-FPM为Apache配置。在这里,我们使用Nginx作为Web服务器。因此,您需要为Nginx配置PHP-FPM。您可以通过编辑文件/etc/php-fpm.d/www.conf来实现:

nano /etc/php-fpm.d/www.conf

更改以下行:

user = nginx
group = nginx

完成后,保存并关闭文件。接下来,创建一个PHP会话目录并更改其所有权。

mkdir -p /var/lib/php/session chown -R nginx:nginx /var/lib/php/session

接下来,重新启动PHP-FPM服务以应用更改。

systemctl restart php-fpm

为Vanilla配置Nginx

接下来,创建一个新的Nginx虚拟主机文件,该文件提供Vanilla论坛。

nano /etc/nginx/conf.d/vanilla.conf

添加以下行:

server {

  listen 80;
  server_name vanilla.linuxbuz.com;
  root /var/www/html/vanilla;
  index index.php;

  location ~* /.git { deny all; return 403; }
  location /build/ { deny all; return 403; }
  location /cache/ { deny all; return 403; }
  location /cgi-bin/ { deny all; return 403; }
  location /uploads/import/ { deny all; return 403; }
  location /conf/ { deny all; return 403; }
  location /tests/ { deny all; return 403; }
  location /vendor/ { deny all; return 403; }

  location ~* ^/index.php(/|$) {
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    try_files $fastcgi_script_name =404;
    set $path_info $fastcgi_path_info;
    fastcgi_param PATH_INFO $path_info;
    fastcgi_index index.php;
    include fastcgi.conf;
    fastcgi_param SCRIPT_NAME /index.php;
    fastcgi_param SCRIPT_FILENAME $realpath_root/index.php;
    fastcgi_param X_REWRITE 1;
    fastcgi_pass unix:/var/run/php-fpm/www.sock;
  }

  location ~* .php(/|$) {
    rewrite ^ /index.php$uri last;
  }
  location / {
    try_files $uri $uri/ @vanilla;
  }

  location @vanilla {
    rewrite ^ /index.php$uri last;
  }

}

完成后,保存并关闭文件。接下来,重新启动Nginx服务以应用更改。

systemctl restart nginx

让我们加密SSL保护香草

接下来,您需要在系统上安装Certbot实用程序,并下载并安装香草网站的Let’s Encrypt SSL。

您可以使用以下命令安装Certbot客户端:

wget https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/bin/certbot-auto chown root /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto

然后,使用以下命令获取并安装Vanilla网站的SSL证书:

certbot-auto --nginx -d vanilla.linuxbuz.com

上面的命令将首先在服务器上安装所有必需的依赖项。安装完成后,将提示您输入电子邮件地址并接受条款和条件,如下所示。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to

cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vanilla.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/vanilla.conf

选择是否将HTTP通信重定向到HTTPS,如下所示。

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

型式 两个 并击中 进入 继续吧如果安装成功完成,您将看到以下输出:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/vanilla.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://vanilla.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=vanilla.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/vanilla.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/vanilla.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-06-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

配置SELinux和防火墙

CentOS 8默认情况下启用了SELinux,并且必须为Vanilla论坛网站进行配置。

您可以使用以下命令配置SELinux:

setsebool httpd_can_network_connect on -P chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/vanilla

然后使用以下命令允许端口80和443通过防火墙:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https firewall-cmd --reload

完成后,您可以继续下一步。

参观香草论坛

打开Web浏览器并访问URL https://vanilla.linuxbuz.com。您将被重定向到下一页。

应用程式设定

输入数据库详细信息,应用程序标题,电子邮件,管理员用户名和密码, 继续 按钮安装完成后,下一页将显示Vanilla仪表板。

CentOS香草论坛

结论

恭喜你!您已使用“让我们加密SSL”在CentOS 8上成功安装了Vanilla论坛。您现在可以轻松地托管自己的社区论坛网站。如有任何疑问,请随时与我们联系。

Sidebar