如何安裝Vanilla論壇並保護我們使用CentOS 8進行加密

如何安裝Vanilla論壇並保護我們使用CentOS 8進行加密

Vanilla是免費,開放源代碼和靈活的社區論壇軟件,您可以使用它來構建自己的論壇站點。輕巧的多語言論壇解決方案,可在數分鐘內啟動在線社區。用PHP編寫,帶有許多附加組件和主題。頂級品牌擠滿了高級功能,以吸引客戶,提高忠誠度並降低支持成本。

在本教程中,您將學習如何在CentOS 8上安裝Venilla論壇並使用Let’s Encrypt SSL對其進行保護。

前提條件

  • 運行CentOS的服務器8。
  • 已經在服務器上設置了root密碼。

安裝LEMP服務器

首先,您需要在系統上安裝Nginx Web服務器,MariaDB數據庫服務器,PHP以及任何其他必需的PHP擴展。您可以通過運行以下命令來安裝它們:

dnf install nginx mariadb-server php php php-mysqlnd php-opcache php-xml php-xmlrpc php-gd php-mbstring php-json php-fpm php-curl php-pear php-openssl php-intl unzip -y

安裝所有軟件包後,啟動Nginx,PHP-FPM和MariaDB服務,以便您可以在系統重新啟動後使用以下命令啟動它們:

systemctl start nginx systemctl start php-fpm systemctl start mariadb systemctl enable nginx systemctl enable php-fpm systemctl enable mariadb

配置MariaDB數據庫

在開始之前,我們建議您保護MariaDB。您可以使用以下腳本保護它:

mysql_secure_installation

回答所有問題,如下所示。

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

保護MariaDB之後,使用以下命令登錄MariaDB shell:

mysql -u root -p

輸入MariaDB root密碼,並使用以下命令創建Vanilla數據庫和用戶:

MariaDB [(none)]> CREATE DATABASE vanilladb CHARACTER SET utf8 COLLATE utf8_general_ci; MariaDB [(none)]> CREATE USER 'vanilla'@'localhost' IDENTIFIED BY 'password';

接下來,使用以下命令將所有特權授予Vanilla數據庫:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON vanilladb.* TO 'vanilla'@'localhost';

接下來,刷新特權並使用以下命令退出MariaDB shell:

MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> EXIT;

下載香草論壇

您可以使用以下命令從官方網站下載Vanilla論壇的最新穩定版本:

wget https://open.vanillaforums.com/get/vanilla-core-3.3.zip

下載後,使用以下命令解壓縮下載的文件:

unzip vanilla-core-3.3.zip

接下來,使用以下命令將提取的目錄移動到Nginx Web根目錄:

mv package /var/www/html/vanilla

接下來,將vanilla目錄的所有權更改為Nginx。

chown -R nginx:nginx /var/www/html/vanilla

完成後,您可以繼續下一步。

PHP-FPM池的配置

默認情況下,PHP-FPM為Apache配置。在這裡,我們使用Nginx作為Web服務器。因此,您需要為Nginx配置PHP-FPM。您可以通過編輯文件/etc/php-fpm.d/www.conf來實現:

nano /etc/php-fpm.d/www.conf

更改以下行:

user = nginx
group = nginx

完成後,保存並關閉文件。接下來,創建一個PHP會話目錄並更改其所有權。

mkdir -p /var/lib/php/session chown -R nginx:nginx /var/lib/php/session

接下來,重新啟動PHP-FPM服務以應用更改。

systemctl restart php-fpm

為Vanilla配置Nginx

接下來,創建一個新的Nginx虛擬主機文件,該文件提供Vanilla論壇。

nano /etc/nginx/conf.d/vanilla.conf

添加以下行:

server {

  listen 80;
  server_name vanilla.linuxbuz.com;
  root /var/www/html/vanilla;
  index index.php;

  location ~* /.git { deny all; return 403; }
  location /build/ { deny all; return 403; }
  location /cache/ { deny all; return 403; }
  location /cgi-bin/ { deny all; return 403; }
  location /uploads/import/ { deny all; return 403; }
  location /conf/ { deny all; return 403; }
  location /tests/ { deny all; return 403; }
  location /vendor/ { deny all; return 403; }

  location ~* ^/index.php(/|$) {
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    try_files $fastcgi_script_name =404;
    set $path_info $fastcgi_path_info;
    fastcgi_param PATH_INFO $path_info;
    fastcgi_index index.php;
    include fastcgi.conf;
    fastcgi_param SCRIPT_NAME /index.php;
    fastcgi_param SCRIPT_FILENAME $realpath_root/index.php;
    fastcgi_param X_REWRITE 1;
    fastcgi_pass unix:/var/run/php-fpm/www.sock;
  }

  location ~* .php(/|$) {
    rewrite ^ /index.php$uri last;
  }
  location / {
    try_files $uri $uri/ @vanilla;
  }

  location @vanilla {
    rewrite ^ /index.php$uri last;
  }

}

完成後,保存並關閉文件。接下來,重新啟動Nginx服務以應用更改。

systemctl restart nginx

讓我們加密SSL保護香草

接下來,您需要在系統上安裝Certbot實用程序,並下載並安裝香草網站的Let’s Encrypt SSL。

您可以使用以下命令安裝Certbot客戶端:

wget https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/bin/certbot-auto chown root /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto

然後,使用以下命令獲取並安裝Vanilla網站的SSL證書:

certbot-auto --nginx -d vanilla.linuxbuz.com

上面的命令將首先在服務器上安裝所有必需的依賴項。安裝完成後,將提示您輸入電子郵件地址並接受條款和條件,如下所示。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to

cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vanilla.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/vanilla.conf

選擇是否將HTTP通信重定向到HTTPS,如下所示。

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

型式 兩個 並擊中 進入 繼續吧如果安裝成功完成,您將看到以下輸出:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/vanilla.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://vanilla.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=vanilla.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/vanilla.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/vanilla.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-06-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

配置SELinux和防火牆

CentOS 8默認情況下啟用了SELinux,並且必須為Vanilla論壇網站進行配置。

您可以使用以下命令配置SELinux:

setsebool httpd_can_network_connect on -P chcon -R -u system_u -t httpd_sys_rw_content_t -r object_r /var/www/html/vanilla

然後使用以下命令允許端口80和443通過防火牆:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https firewall-cmd --reload

完成後,您可以繼續下一步。

參觀香草論壇

打開Web瀏覽器並訪問URL https://vanilla.linuxbuz.com。您將被重定向到下一頁。

應用程式設定

輸入數據庫詳細信息,應用程序標題,電子郵件,管理員用戶名和密碼, 繼續 按鈕安裝完成後,下一頁將顯示Vanilla儀錶板。

CentOS香草論壇

結論

恭喜你!您已使用“讓我們加密SSL”在CentOS 8上成功安裝了Vanilla論壇。您現在可以輕鬆地託管自己的社區論壇網站。如有任何疑問,請隨時與我們聯繫。

Sidebar