这是关于wordpress的安装文档,分为docker compose方式安装和kubernetes方式安装两种。
docker compose 方式安装#
1 openssl私签发正式#
1.1 生成ca证书的私钥#
1
2
| openssl genrsa -out ca.key 4096
openssl rand -writerand .rnd
|
1.2 生成ca证书#
1
| openssl req -x509 -new -nodes -sha512 -days 36500 -subj "/C=CN/ST=JiangSU/L=Nanjing/O=jscn/OU=Personal/CN=example.com" -key ca.key -out ca.crt
|
1.3 生成域名证书的私钥#
1
| openssl genrsa -out example.com.key 4096
|
1.4 生成证书请求文件#
1
2
3
4
| openssl req -sha512 -new \
-subj "/C=CN/ST=JiangSU/L=Nanjing/O=jscn/OU=Personal/CN=example.com" \
-key example.com.key \
-out example.com.csr
|
1.5 添加其他可信域名或IP配置文件#
1
2
3
4
5
6
7
8
9
10
11
| cat >v3.ext<<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=example.com
DNS.1=www.example.com
IP.1=127.0.0.1
EOF
|
1.6 生成域名证书#
1
2
3
4
5
| openssl x509 -req -sha512 -days 36500 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in example.com.csr \
-out example.com.crt
|
2 安装 apache-wordpress#
2.1 创建目录#
1
2
| mkdir -p ~/Codes/docker/aidp
cd ~/Codes/docker/aidp
|
2.2 创建数据库密码文件#
1
2
3
4
5
6
7
| cat <<EOF | tee db_root_password.txt
DBRootPassword
EOF
cat <<EOF | tee db_password.txt
DBPassword
EOF
|
2.3 创建php配置文件#
1
2
3
4
| cat <<EOF | tee custom.ini
upload_max_filesize = 100M
post_max_size = 100M
EOF
|
2.4 创建compose文件#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
| cat <<EOF | tee docker-compose.yml
version: "3.9"
services:
db:
image: mysql:8.3.0
command:
- --default-authentication-plugin=caching_sha2_password
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
- --max-connections=699
- --max-connect-errors=599
- --lower-case-table-names=1
- --host-cache-size=0
- --log-timestamps=SYSTEM
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
TZ: Asia/Shanghai
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD_FILE: /run/secrets/db_password
expose:
- 3306
- 33060
secrets:
- db_root_password
- db_password
networks:
- wordpress
wordpress:
depends_on:
- db
image: wordpress:6.5.2-php8.2-apache
volumes:
- wp_data:/var/www/html
- ./custom.ini:/usr/local/etc/php/conf.d/custom.ini
ports:
- 80:80
restart: always
environment:
TZ: Asia/Shanghai
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
WORDPRESS_DB_NAME: wordpress
secrets:
- db_password
networks:
- wordpress
secrets:
db_root_password:
file: db_root_password.txt
db_password:
file: db_password.txt
networks:
wordpress:
volumes:
db_data:
wp_data:
EOF
|
2.5 启动服务#
2.6 关闭服务#
2.7 重启单个服务#
1
2
| docker compose stop wordpress
docker compose start wordpress
|
2.8 删除服务#
3 安装 nginx-wordpress#
3.1 创建目录#
1
2
| mkdir -p ~/Codes/docker/wordpress
cd ~/Codes/docker/wordpress
|
3.2 创建数据库密码文件#
1
2
3
4
5
6
7
| cat <<EOF | tee db_root_password.txt
DBRootPassword
EOF
cat <<EOF | tee db_password.txt
DBPassword
EOF
|
3.3 创建php配置文件#
1
2
3
4
| cat <<EOF | tee custom.ini
upload_max_filesize = 100M
post_max_size = 100M
EOF
|
3.4 创建nginx配置文件#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
| cat <<EOF | tee example.com.conf
server {
listen 80;
server_name example.com;
return 301 https://www.example.com\$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/conf.d/example.com.crt;
ssl_certificate_key /etc/nginx/conf.d/example.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
return 301 https://www.example.com\$request_uri;
}
server {
listen 80;
server_name www.example.com;
client_max_body_size 1024M;
sendfile on;
location / {
return 301 https://\$host\$request_uri;
}
}
server {
listen 443 ssl;
server_tokens off;
keepalive_timeout 50;
root /var/www/html;
index index.php;
server_name www.example.com;
ssl_certificate /etc/nginx/conf.d/example.com.crt;
ssl_certificate_key /etc/nginx/conf.d/example.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
client_max_body_size 1024M;
sendfile on;
# access_log /var/log/nginx/www.example.com-access.log;
# error_log /var/log/nginx/www.example.com-error.log;
location / {
try_files \$uri \$uri/ /index.php?\$args;
}
location ~ \.php\$ {
try_files \$uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)\$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_param PATH_INFO \$fastcgi_path_info;
}
}
EOF
|
3.5 创建compose文件#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
| cat <<EOF | tee docker-compose.yaml
version: "3.9"
services:
db:
image: mysql:8.2.0
command:
- --default-authentication-plugin=caching_sha2_password
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
- --max-connections=699
- --max-connect-errors=599
- --lower-case-table-names=1
- --host-cache-size=0
- --log-timestamps=SYSTEM
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
TZ: Asia/Shanghai
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD_FILE: /run/secrets/db_password
expose:
- 3306
- 33060
secrets:
- db_root_password
- db_password
networks:
- wordpress
wordpress:
depends_on:
- db
image: wordpress:6.3.2-php8.2-fpm
volumes:
- wp_data:/var/www/html
- ./custom.ini:/usr/local/etc/php/conf.d/custom.ini
restart: always
environment:
TZ: Asia/Shanghai
WORDPRESS_DB_HOST: db
WORDPRESS_DB_NAME: wordpress
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_password
networks:
- wordpress
nginx:
depends_on:
- wordpress
image: nginx:1.24.0
volumes:
- wp_data:/var/www/html
- ./example.com.crt:/etc/nginx/conf.d/example.com.crt
- ./example.com.key:/etc/nginx/conf.d/example.com.key
- ./example.com.conf:/etc/nginx/conf.d/example.com.conf
links:
- wordpress
ports:
- "80:80"
- "443:443"
restart: always
environment:
TZ: Asia/Shanghai
networks:
- wordpress
secrets:
db_root_password:
file: db_root_password.txt
db_password:
file: db_password.txt
networks:
wordpress:
volumes:
db_data:
wp_data:
EOF
|
3.6 查看服务#
3.7 启动服务#
3.8 查看日志#
1
| docker compose logs -f wordpress
|
3.9 重启具体的服务#
1
| docker compose restart wordpress
|
3.10 进入容器#
1
| docker compose exec wordpress /bin/bash
|
3.11 关闭服务#
3.12 关闭指定服务#
1
2
| docker compose stop wordpress
docker compose start wordpress
|
3.13 卸载服务#
kubernetes 方式安装#
1 创建目录#
1
2
| mkdir /root/kubernetes-1.24.0/wordpress/wordpress
cd /root/kubernetes-1.24.0/wordpress/wordpress
|
2 创建mysql部署文件#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
| cat <<EOF > mysql-deployment.yaml
apiVersion: v1
kind: Service
metadata:
name: wordpress-mysql
labels:
app: wordpress
spec:
ports:
- port: 3306
selector:
app: wordpress
tier: mysql
clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
labels:
app: wordpress
spec:
storageClassName: rook-cephfs
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress-mysql
labels:
app: wordpress
spec:
selector:
matchLabels:
app: wordpress
tier: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
tier: mysql
spec:
containers:
- image: library/mysql:8.3.0
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: rootpassword
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: userpassword
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: mysql-info
key: MYSQL_DATABASE
- name: MYSQL_USER
valueFrom:
configMapKeyRef:
name: mysql-info
key: MYSQL_USER
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pv-claim
EOF
|
3 创建wordpress部署文件#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
| cat <<EOF > wordpress-deployment.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: custom-config
data:
custom.ini: |-
upload_max_filesize = 100M
post_max_size = 100M
max_execution_time = 1200
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
labels:
app: wordpress
spec:
ports:
- port: 80
selector:
app: wordpress
tier: frontend
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wordpress-ingress
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
kubernetes.io/tls-acme: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- wordpress.example.com
secretName: wordpress-example-com-tls
rules:
- host: wordpress.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress
port:
number: 80
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wp-pv-claim
labels:
app: wordpress
spec:
storageClassName: rook-cephfs
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
labels:
app: wordpress
spec:
selector:
matchLabels:
app: wordpress
tier: frontend
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
tier: frontend
spec:
containers:
- image: library/wordpress:6.5.2-php8.2-apache
name: wordpress
env:
- name: WORDPRESS_DB_HOST
value: wordpress-mysql
- name: WORDPRESS_DB_NAME
valueFrom:
configMapKeyRef:
name: mysql-info
key: MYSQL_DATABASE
- name: WORDPRESS_DB_USER
valueFrom:
configMapKeyRef:
name: mysql-info
key: MYSQL_USER
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: userpassword
ports:
- containerPort: 80
name: wordpress
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
- name: config
mountPath: /usr/local/etc/php/conf.d/custom.ini
subPath: custom.ini
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: wp-pv-claim
- name: config
configMap:
name: custom-config
EOF
|
4 创建kustomize部署文件#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| cat <<EOF > kustomization.yaml
configMapGenerator:
- name: mysql-info
literals:
- MYSQL_DATABASE=exampledb
- MYSQL_USER=exampleuser
secretGenerator:
- name: mysql-pass
literals:
- rootpassword=RootPassword
- userpassword=UserPassword
resources:
- mysql-deployment.yaml
- wordpress-deployment.yaml
EOF
|
5 创建服务#
1
2
3
| kubectl create namespace wordpress
kubectl -n wordpress apply -k ./
watch kubectl -n wordpress get pod
|
6 查看服务#
1
| kubectl -n wordpress describe -k ./
|
7 重启服务#
1
| kubectl -n wordpress rollout restart deployment wordpress
|
8 删除服务#
1
| kubectl -n wordpress delete -k ./
|