这是关于wordpress的安装文档,分为docker compose方式安装和kubernetes方式安装两种。

docker compose 方式安装

1 openssl私签发正式

1.1 生成ca证书的私钥

1
2
openssl genrsa -out ca.key 4096
openssl rand -writerand .rnd

1.2 生成ca证书

1
openssl req -x509 -new -nodes -sha512 -days 36500  -subj "/C=CN/ST=JiangSU/L=Nanjing/O=jscn/OU=Personal/CN=example.com"  -key ca.key  -out ca.crt

1.3 生成域名证书的私钥

1
openssl genrsa -out example.com.key 4096

1.4 生成证书请求文件

1
2
3
4
openssl req -sha512 -new \
    -subj "/C=CN/ST=JiangSU/L=Nanjing/O=jscn/OU=Personal/CN=example.com" \
    -key example.com.key \
    -out example.com.csr

1.5 添加其他可信域名或IP配置文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
cat >v3.ext<<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=example.com
DNS.1=www.example.com
IP.1=127.0.0.1
EOF

1.6 生成域名证书

1
2
3
4
5
openssl x509 -req -sha512 -days 36500 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in example.com.csr \
    -out example.com.crt

2 安装 apache-wordpress

2.1 创建目录

1
2
mkdir -p ~/Codes/docker/aidp
cd ~/Codes/docker/aidp

2.2 创建数据库密码文件

1
2
3
4
5
6
7
cat <<EOF | tee db_root_password.txt
DBRootPassword
EOF

cat <<EOF | tee db_password.txt
DBPassword
EOF

2.3 创建php配置文件

1
2
3
4
cat <<EOF | tee custom.ini
upload_max_filesize = 100M
post_max_size = 100M
EOF

2.4 创建compose文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
cat <<EOF | tee docker-compose.yml
version: "3.9"

services:
  
  db:
    image: mysql:8.3.0
    command: 
      - --default-authentication-plugin=caching_sha2_password
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_unicode_ci
      - --max-connections=699
      - --max-connect-errors=599
      - --lower-case-table-names=1
      - --host-cache-size=0
      - --log-timestamps=SYSTEM
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    environment:
      TZ: Asia/Shanghai
      MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD_FILE: /run/secrets/db_password
    expose:
      - 3306
      - 33060
    secrets:
      - db_root_password
      - db_password
    networks:
      - wordpress

  wordpress:
    depends_on:
      - db
    image: wordpress:6.5.2-php8.2-apache
    volumes:
      - wp_data:/var/www/html
      - ./custom.ini:/usr/local/etc/php/conf.d/custom.ini
    ports:
      - 80:80
    restart: always
    environment:
      TZ: Asia/Shanghai
      WORDPRESS_DB_HOST: db
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
      WORDPRESS_DB_NAME: wordpress
    secrets:
      - db_password
    networks:
      - wordpress

secrets:
  db_root_password:
    file: db_root_password.txt
  db_password:
    file: db_password.txt

networks:
  wordpress:

volumes:
  db_data:
  wp_data:
EOF

2.5 启动服务

1
docker compose up -d

2.6 关闭服务

1
docker compose down

2.7 重启单个服务

1
2
docker compose stop wordpress
docker compose start wordpress

2.8 删除服务

1
docker compose down -v

3 安装 nginx-wordpress

3.1 创建目录

1
2
mkdir -p ~/Codes/docker/wordpress
cd ~/Codes/docker/wordpress

3.2 创建数据库密码文件

1
2
3
4
5
6
7
cat <<EOF | tee db_root_password.txt
DBRootPassword
EOF

cat <<EOF | tee db_password.txt
DBPassword
EOF

3.3 创建php配置文件

1
2
3
4
cat <<EOF | tee custom.ini
upload_max_filesize = 100M
post_max_size = 100M
EOF

3.4 创建nginx配置文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
cat <<EOF | tee example.com.conf
server {
    listen       80;
    server_name  example.com;
    return 301  https://www.example.com\$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/nginx/conf.d/example.com.crt;
    ssl_certificate_key /etc/nginx/conf.d/example.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    return 301  https://www.example.com\$request_uri;
}

server {
    listen       80;
    server_name  www.example.com;
    client_max_body_size 1024M;
    sendfile on;
    location / {
        return 301 https://\$host\$request_uri;
    }
}
server {
    listen 443 ssl;
    server_tokens off;
    keepalive_timeout 50;
    root /var/www/html;
    index index.php;
    server_name www.example.com;
    ssl_certificate /etc/nginx/conf.d/example.com.crt;
    ssl_certificate_key /etc/nginx/conf.d/example.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    client_max_body_size 1024M;
    sendfile on;
 
    # access_log /var/log/nginx/www.example.com-access.log;
    # error_log /var/log/nginx/www.example.com-error.log;
 
    location / {
        try_files \$uri \$uri/ /index.php?\$args;
    }
 
    location ~ \.php\$ {
        try_files \$uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)\$;
        fastcgi_pass wordpress:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
        fastcgi_param PATH_INFO \$fastcgi_path_info;
    }
}
EOF

3.5 创建compose文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
cat <<EOF | tee docker-compose.yaml
version: "3.9"

services:
  
  db:
    image: mysql:8.2.0
    command: 
      - --default-authentication-plugin=caching_sha2_password
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_unicode_ci
      - --max-connections=699
      - --max-connect-errors=599
      - --lower-case-table-names=1
      - --host-cache-size=0
      - --log-timestamps=SYSTEM
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    environment:
      TZ: Asia/Shanghai
      MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress
      MYSQL_PASSWORD_FILE: /run/secrets/db_password
    expose:
      - 3306
      - 33060
    secrets:
      - db_root_password
      - db_password
    networks:
      - wordpress

  wordpress:
    depends_on:
      - db
    image: wordpress:6.3.2-php8.2-fpm
    volumes:
      - wp_data:/var/www/html
      - ./custom.ini:/usr/local/etc/php/conf.d/custom.ini
    restart: always
    environment:
      TZ: Asia/Shanghai
      WORDPRESS_DB_HOST: db
      WORDPRESS_DB_NAME: wordpress
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
    secrets:
      - db_password
    networks:
      - wordpress

  nginx:
    depends_on:
      - wordpress
    image: nginx:1.24.0
    volumes:
      - wp_data:/var/www/html
      - ./example.com.crt:/etc/nginx/conf.d/example.com.crt
      - ./example.com.key:/etc/nginx/conf.d/example.com.key
      - ./example.com.conf:/etc/nginx/conf.d/example.com.conf
    links:
      - wordpress
    ports:
      - "80:80"
      - "443:443"
    restart: always
    environment:
      TZ: Asia/Shanghai
    networks:
      - wordpress

secrets:
  db_root_password:
    file: db_root_password.txt
  db_password:
    file: db_password.txt

networks:
  wordpress:

volumes:
  db_data:
  wp_data:
EOF

3.6 查看服务

1
docker compose ps

3.7 启动服务

1
docker compose up -d

3.8 查看日志

1
docker compose logs -f wordpress

3.9 重启具体的服务

1
docker compose restart wordpress

3.10 进入容器

1
docker compose exec wordpress /bin/bash

3.11 关闭服务

1
docker compose down

3.12 关闭指定服务

1
2
docker compose stop wordpress
docker compose start wordpress

3.13 卸载服务

1
docker compose down -v

kubernetes 方式安装

1 创建目录

1
2
mkdir /root/kubernetes-1.24.0/wordpress/wordpress
cd /root/kubernetes-1.24.0/wordpress/wordpress

2 创建mysql部署文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
cat <<EOF > mysql-deployment.yaml
apiVersion: v1
kind: Service
metadata:
  name: wordpress-mysql
  labels:
    app: wordpress
spec:
  ports:
    - port: 3306
  selector:
    app: wordpress
    tier: mysql
  clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-pv-claim
  labels:
    app: wordpress
spec:
  storageClassName: rook-cephfs
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wordpress-mysql
  labels:
    app: wordpress
spec:
  selector:
    matchLabels:
      app: wordpress
      tier: mysql
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: wordpress
        tier: mysql
    spec:
      containers:
      - image: library/mysql:8.3.0
        name: mysql
        env:
        - name: MYSQL_ROOT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-pass
              key: rootpassword
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-pass
              key: userpassword
        - name: MYSQL_DATABASE
          valueFrom:
            configMapKeyRef:
              name: mysql-info
              key: MYSQL_DATABASE
        - name: MYSQL_USER
          valueFrom:
            configMapKeyRef:
              name: mysql-info
              key: MYSQL_USER
        ports:
        - containerPort: 3306
          name: mysql
        volumeMounts:
        - name: mysql-persistent-storage
          mountPath: /var/lib/mysql
      volumes:
      - name: mysql-persistent-storage
        persistentVolumeClaim:
          claimName: mysql-pv-claim
EOF

3 创建wordpress部署文件

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
cat <<EOF > wordpress-deployment.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: custom-config
data:
  custom.ini: |-
    upload_max_filesize = 100M
    post_max_size = 100M
    max_execution_time = 1200
---
apiVersion: v1
kind: Service
metadata:
  name: wordpress
  labels:
    app: wordpress
spec:
  ports:
    - port: 80
  selector:
    app: wordpress
    tier: frontend
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: wordpress-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    kubernetes.io/tls-acme: "true"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - wordpress.example.com
      secretName: wordpress-example-com-tls
  rules:
    - host: wordpress.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: wordpress
                port: 
                  number: 80
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: wp-pv-claim
  labels:
    app: wordpress
spec:
  storageClassName: rook-cephfs
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wordpress
  labels:
    app: wordpress
spec:
  selector:
    matchLabels:
      app: wordpress
      tier: frontend
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: wordpress
        tier: frontend
    spec:
      containers:
      - image: library/wordpress:6.5.2-php8.2-apache
        name: wordpress
        env:
        - name: WORDPRESS_DB_HOST
          value: wordpress-mysql
        - name: WORDPRESS_DB_NAME
          valueFrom:
            configMapKeyRef:
              name: mysql-info
              key: MYSQL_DATABASE
        - name: WORDPRESS_DB_USER
          valueFrom:
            configMapKeyRef:
              name: mysql-info
              key: MYSQL_USER
        - name: WORDPRESS_DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql-pass
              key: userpassword
        ports:
        - containerPort: 80
          name: wordpress
        volumeMounts:
        - name: wordpress-persistent-storage
          mountPath: /var/www/html
        - name: config
          mountPath: /usr/local/etc/php/conf.d/custom.ini
          subPath: custom.ini
      volumes:
      - name: wordpress-persistent-storage
        persistentVolumeClaim:
          claimName: wp-pv-claim
      - name: config
        configMap:
          name: custom-config
EOF

4 创建kustomize部署文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
cat <<EOF > kustomization.yaml
configMapGenerator:
- name: mysql-info
  literals:
  - MYSQL_DATABASE=exampledb
  - MYSQL_USER=exampleuser
secretGenerator:
- name: mysql-pass
  literals:
  - rootpassword=RootPassword
  - userpassword=UserPassword
resources:
  - mysql-deployment.yaml
  - wordpress-deployment.yaml
EOF

5 创建服务

1
2
3
kubectl create namespace wordpress
kubectl -n wordpress apply -k ./
watch kubectl -n wordpress get pod

6 查看服务

1
kubectl -n wordpress describe -k ./

7 重启服务

1
kubectl -n wordpress rollout restart deployment wordpress

8 删除服务

1
kubectl -n wordpress delete -k ./