如何在Apache上安装WonderCMS并在CentOS 8上加密SSL

如何在Apache上安装WonderCMS并在CentOS 8上加密SSL

WonderCMS是一个免费,开源,简单轻便的内容管理系统,可让您构建简单的网站和博客。它是平面文件CMS,不需要数据库。安装过程非常简单,不需要任何初始配置。提供丰富的功能集,包括所见即所得支持,灵活的CSS框架和SEO友好。

本教程显示如何在CentOS 8上安装WonderCMS并使用“让我们加密SSL”保护它的安全。

前提条件

  • 运行CentOS的服务器8。
  • 已经在服务器上设置了root密码。

安装Apache和PHP

首先,使用以下命令安装Apache Web服务器,PHP和其他PHP扩展:

dnf install httpd php php-mysqlnd php-curl php-opcache php-xml php-xmlrpc php-gd php-mbstring php-zip php-json wget unzip git -y

安装完成后,打开php.ini文件并更改一些设置。

nano /etc/php.ini

根据您的要求更改值。

memory_limit = 128M
post_max_size = 32M
upload_max_filesize = 16M
max_execution_time = 300
date.timezone = Asia/Kolkata

完成后,保存并关闭文件。然后启动并重新启动Apache服务,并在系统重新启动后,使用以下命令启动它:

systemctl start httpd systemctl enable httpd

下载WonderCMS

首先,从Git存储库下载最新版本的WonderCMS。

cd /var/www/html git clone https://github.com/robiso/wondercms.git

下载完成后,使用以下命令为下载的目录授予适当的权限:

chown -R apache:apache /var/www/html/wondercms chmod -R 775 /var/www/html/wondercms

为WonderCMS配置Apache

首先,使用以下命令为WonderCMS创建新的Apache虚拟主机配置文件:

nano /etc/httpd/conf.d/wondercms.conf

添加以下行:


  ServerName wonder.linuxbuz.com
  DirectoryIndex index.php
  DocumentRoot /var/www/html/wondercms  
  Redirect /wondercms/loginURL /loginURL

  ErrorLog /var/log/httpd/linuxbuz.com-error.log
  CustomLog /var/log/httpd/linuxbuz.com-access.log combined

  
      Options FollowSymLinks
      AllowOverride All
      Require all granted
  


保存并关闭文件。接下来,使用以下命令重新启动Apache服务:

systemctl restart httpd

您还可以使用以下命令检查Apache服务的状态:

systemctl status httpd

您将看到以下输出:

? httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           ??php-fpm.conf
   Active: active (running) since Wed 2020-02-19 08:51:34 EST; 1min 25s ago
     Docs: man:httpd.service(8)
 Main PID: 4716 (httpd)
   Status: "Total requests: 6; Idle/Busy workers 100/0;Requests/sec: 0.0759; Bytes served/sec: 812 B/sec"
    Tasks: 278 (limit: 12558)
   Memory: 43.1M
   CGroup: /system.slice/httpd.service
           ??4716 /usr/sbin/httpd -DFOREGROUND
           ??4718 /usr/sbin/httpd -DFOREGROUND
           ??4719 /usr/sbin/httpd -DFOREGROUND
           ??4720 /usr/sbin/httpd -DFOREGROUND
           ??4721 /usr/sbin/httpd -DFOREGROUND
           ??4935 /usr/sbin/httpd -DFOREGROUND

Feb 19 08:51:34 centos8 systemd[1]: Starting The Apache HTTP Server...

让我们加密SSL保护WonderCMS

接下来,使用以下命令安装Certbot Let’s Encrypt客户端:

wget https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/bin/certbot-auto chown root /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto

接下来,运行以下命令以获取并安装WonderCMS网站的SSL证书:

certbot-auto --apache -d wonder.linuxbuz.com

上面的命令将首先在服务器上安装所有必需的依赖项。安装完成后,将提示您输入电子邮件地址并接受条款和条件,如下所示。

注意事项 :如果发生与SSL证书相关的错误,请重新启动Apache服务并再次执行上述命令。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y 


Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wonder.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/wondercms.conf

接下来,您需要选择是否将HTTP流量重定向到HTTPS,如下所示。

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

型式 两个 并击中 进入 继续吧安装完成后,您将看到以下输出:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/wondercms.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://wonder.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=wonder.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/wonder.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/wonder.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-03-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

配置防火墙和SELinux

接下来,您需要创建防火墙规则,以允许来自外部网络的HTTP和HTTPS服务。您可以使用以下命令允许它:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https firewall-cmd --reload

接下来,您需要为WonderCMS配置SELinux。您可以使用以下命令配置SELinux:

setsebool httpd_can_network_connect on -P chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/wondercms

最后,重新启动Apache服务以应用更改。

systemctl restart httpd

访问WonderCMS

接下来,打开Web浏览器并输入URL https://wonder.linuxbuz.com。您将被重定向到WonderCMS主页。

在这里,复制上一页的密码,然后单击C登录并舔 按钮显示以下页面。

WonderCMS登录

粘贴密码, 登入 按钮显示以下页面。

WonderCMS管理模式

然后 设定值 => 安全性。显示以下页面。

WonderCMS仪表板

更改登录URL和密码, 改变 密码 按钮

结论

恭喜你!使用“让我们加密SSL”在CentOS 8上成功安装并保护了WonderCMS。您现在可以使用WonderCMS轻松托管自己的博客和网站。

Sidebar