Docker安装wordpress
创建docker容器
创建工作目录
mkdir -p ~/opt/wordpress
编写docker-compose.yml文件
cd ~/opt/wordpress
编写docker-compose.yml
vim docker-compose.yml
version: "3.9"
services:
wordpress_db:
image: mysql:8.1
container_name: wordpress_db
environment:
# root用户密码
MYSQL_ROOT_PASSWORD: 123qaz@Admin
# wordpress所要使用的数据库
MYSQL_DATABASE: wordpress
# wordpress所要使用的用户
MYSQL_USER: wordpress_user
MYSQL_PASSWORD: 123qaz@Wordpress_user
ports:
- "13306:3306"
volumes:
- ./volumes/mysql:/var/lib/mysql
restart: always
wordpress:
depends_on:
- wordpress_db
# wordpress:6.3.1-php8.2-apache
image: wordpress
container_name: wordpress
environment:
# wordpress连接的容器
WORDPRESS_DB_HOST: wordpress_db
# wordpress所要使用的数据库
WORDPRESS_DB_NAME: wordpress
# wordpress所要使用的用户
WORDPRESS_DB_USER: wordpress_user
WORDPRESS_DB_PASSWORD: 123qaz@Wordpress_user
ports:
- 8080:80
volumes:
- ./volumes/wordpress/html:/var/www/html
restart: always
nginx:
depends_on:
- wordpress
image: nginx
container_name: wordpress_nginx
volumes:
- ./volumes/nginx/html:/usr/share/nginx/html
- ./volumes/nginx/conf.d:/etc/nginx/conf.d
- ./volumes/nginx/logs:/var/log/nginx
links:
- wordpress
ports:
- "80:80"
- "443:443"
restart: always
创建容器
后台启动容器
# wordpress_container是容器名称公共前缀
docker-compose -p wordpress_container up -d
查看容器进程
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a5aee2a31104 wordpress "docker-entrypoint.s…" 15 seconds ago Up 14 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp wordpress
1fc79d23ec2e mysql:8.1 "docker-entrypoint.s…" 15 seconds ago Up 14 seconds 33060/tcp, 0.0.0.0:13306->3306/tcp, :::13306->3306/tcp wordpress_db
访问页面
# 这里是虚拟机的内网之地
http://10.211.55.3:8080/
容器删除
docker-compose -p wordpress_container down
wordpress配置
上传大小限制
默认是2M
vim ./volumes/wordpress/html/.htaccess
在# END WordPress之前加上以下内容:
php_value upload_max_filesize 512M
php_value post_max_size 512M
php_value memory_limit 512M
刷新页面,程序会动态加载该配置
nginx 配置
证书生成
- 创建证书目录
mkdir -p ./volumes/nginx/conf.d/ssl
- 编写opssl conf文件
vim ./volumes/nginx/conf.d/ssl/openssl.cnf
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
req_extensions = req_ext
x509_extensions = cert_ext
[ dn ]
CN = mqycs.cn
[ req_ext ]
subjectAltName = @alt_names
[ cert_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = mqycs.cn
DNS.2 = www.mqycs.cn
- 生成自签名 SSL 证书的私钥:
openssl req -x509 \
-nodes \
-newkey rsa:2048 \
-keyout ./volumes/nginx/conf.d/ssl/mqycs.cn.key \
-out ./volumes/nginx/conf.d/ssl/mqycs.cn.crt \
-config ./volumes/nginx/conf.d/ssl/openssl.cnf \
-days 1825
- 查看生成的证书
$ tree ./volumes/nginx/conf.d/ssl/
./volumes/nginx/conf.d/ssl/
├── mqycs.cn.crt
├── mqycs.cn.key
└── openssl.cnf
编写配置文件
cd ../
vim nginx.conf
server {
listen 80;
server_name mqycs.cn www.mqycs.cn;
# 将HTTP请求重定向到HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name mqycs.cn www.mqycs.cn;
ssl_certificate /etc/nginx/conf.d/ssl/mqycs.cn.crt; # SSL证书文件路径
ssl_certificate_key /etc/nginx/conf.d/ssl/mqycs.cn.key; # SSL私钥文件路径
location / {
proxy_pass http://wordpress:80; # 这里的wordpress是WordPress容器的服务名称,将其替换为实际的服务名称
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#允许跨域请求的域,* 代表所有
add_header 'Access-Control-Allow-Origin' '*';
#允许带上cookie请求
add_header 'Access-Control-Allow-Credentials' 'true';
#允许请求的方法,比如 GET/POST/PUT/DELETE
add_header 'Access-Control-Allow-Methods' '*';
#允许请求的header
add_header 'Access-Control-Allow-Headers' '*';
#这里不能少,否则导致JSON请求跨域失败
if ($request_method = 'OPTIONS') {
return 204;
}
}
# 设置请求体大小限制为1024MB
client_max_body_size 1024M;
# 添加其他SSL相关配置,如SSL协议版本和加密套件
ssl_protocols TLSv1.2 TLSv1.3; # 仅启用TLS 1.2和TLS 1.3,建议不再使用旧的TLS版本
ssl_prefer_server_ciphers on;
# 使用较安全的加密套件,这是一些常见的推荐配置
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
# 启用OCSP Stapling以提高安全性和性能
ssl_stapling on;
# 配置SSL会话缓存以提高性能
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m;
}
navicate连接mysql报错
以管理员身份打开dos窗口,连接mysql数据库
查看当前用户加密方式:
use mysql
select user,plugin from user;
mysql> select user,plugin from user;
+------------------+-----------------------+
| user | plugin |
+------------------+-----------------------+
| root | caching_sha2_password |
| wordpress_user | caching_sha2_password |
| mysql.infoschema | caching_sha2_password |
| mysql.session | caching_sha2_password |
| mysql.sys | caching_sha2_password |
| root | caching_sha2_password |
+------------------+-----------------------+
将用户的加密方式改为mysql_native_password。
# 修改加密规则
ALTER USER 'root'@'%' IDENTIFIED BY '123qaz@Admin' PASSWORD EXPIRE NEVER;
# 重置密码
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123qaz@Admin';
# 修改加密规则
ALTER USER 'root'@'localhost' IDENTIFIED BY '123qaz@Admin' PASSWORD EXPIRE NEVER;
# 重置密码
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '123qaz@Admin';
#刷新权限
FLUSH PRIVILEGES;
再次查看
mysql> select user,plugin from user;
+------------------+-----------------------+
| user | plugin |
+------------------+-----------------------+
| root | mysql_native_password |
| wordpress_user | caching_sha2_password |
| mysql.infoschema | caching_sha2_password |
| mysql.session | caching_sha2_password |
| mysql.sys | caching_sha2_password |
| root | mysql_native_password |
+------------------+-----------------------+