from—https://www.chenyudong.com/archives/nginx-support-wordpress-and-configure.html

第一步:上传代码

将代码上传到服务器,目录/data/www/chenyudong.com/wwwroot

第二步:设置Nginx.conf

修改nginx.conf文件,它可能在/etc/nginx/nginx.conf或者/usr/local/nginx/conf/nginx.conf下,看你的具体情况。本文假定在/usr/local/nginx/conf/nginx.conf目录下。

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# Generic startup file.
user {user} {group};
#ususally equal to number of CPU's you have. run command "grep processor /proc/cpuinfo | wc -l" to find it
worker_processes  2;
error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;
# Keeps the logs free of messages about not being able to bind().
#daemon     off;
events {
    worker_connections  1024;
}
http {
#   rewrite_log on;
    include mime.types;
    default_type       application/octet-stream;
    access_log         /var/log/nginx/access.log;
    sendfile           on;
#   tcp_nopush         on;
    keepalive_timeout  3;
#   tcp_nodelay        on;
#   gzip               on;
        #php max upload limit cannot be larger than this
    client_max_body_size 13m;
    index              index.php index.html index.htm;
    # Upstream to abstract backend connection(s) for PHP.
    upstream php {
        #this should match value of "listen" directive in php-fpm pool
        #server unix:/tmp/php-fpm.sock;
        server 127.0.0.1:9000;
    }
    include sites-enabled/*;
}

对着你的Nginx.conf的配置,参考一下这个配置

  • 其中33~37行,这个是php-fpm的一些设置,php-fpm是运行php用的一个cgi,一般都用这个;
  • 第39行,这个是为了添加多个站点使用的,以后新增站点就不用修改nginx.conf,直接在sites-enabled目录下添加一个nginx的配置即可

我的机器上,只有监听127.0.0.1:9000端口进行php的处理,没有/tmp/php-fpm.sock这个sock,所以我将上面的一行给注释了。如果没有注意到,这里会出现403 Forbidden的错误。

每个站点的设置

你肯定是有多个站点的吧,不可能装一个nginx就跑一个网站。新建一个文件/usr/local/nginx/conf/sites-enabled/chenyudong.conf。注意文件的位置,是在conf/sites-enabled目录下面。

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
# Redirect everything to the main site. We use a separate server statement and NOT an if statement - see http://wiki.nginx.org/IfIsEvil
server {
        server_name  _;
        rewrite ^ $scheme://mysite.com$request_uri redirect;
}
server {
    server_name www.chenyudong.com;
    root /data/www/chenyudong.com/wwwroot;
    include global/restrictions.conf;
    # Additional rules go here.
    # Only include one of the files below.
    include global/wordpress.conf;
#   include global/wordpress-ms-subdir.conf;
#   include global/wordpress-ms-subdomain.conf;
}

我们注意到11行include了一个文件,17行include了一个文件。这两个文件因为比较具有通用性,所以将其单独提取出来,方便以后多个站点进行include,减少重复的编写。

第三步:编写restrictions.conf

新建一个文件夹/usr/local/nginx/conf/global/,并在这个目录下新建一个文件restrictions.conf,绝对路径为/usr/local/nginx/conf/global/restrictions.conf。

这个配置是给限制一些文件的访问的。

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Global restrictions configuration file.
# Designed to be included in any server {} block.</p>
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
    deny all;
}
# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

文件说明:

  • 比如favicon.ico这个文件,一个网站的icon,就不用访问日志了,打出来也是浪费。robots.txt这个文件是给搜索引擎看得,也没必要打log
  • .开头的隐藏文件也禁止访问,这里面有重要的信息,比如 .htaccess, .htpasswd, .DS_Store (Mac).
  • uploads或者files下的php禁止访问,通常这个目录的意义是用户上传的一些文件,为了保证安全,防止用户上传可运行的脚本,禁止其访问。

通用的WordPress设置,配置文件

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# WordPress single blog rules.
# Designed to be included in any server {} block.
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
    index        index.php index.html index.htm;
    try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off; log_not_found off; expires max;
}
# Uncomment one of the lines below for the appropriate caching plugin (if used).
#include global/wordpress-wp-super-cache.conf;
#include global/wordpress-w3-total-cache.conf;
# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ \.php$ {
    # Zero-day exploit defense.
    # http://forum.nginx.org/read.php?2,88845,page=3
    # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
    # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    include fastcgi_params;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#   fastcgi_intercept_errors on;
    fastcgi_pass php;
}

注意到第7行,指明默认的首页的文件名是什么。我之前没有这一样,在nginx.conf里,也没有为站点做设置,结果访问http://www.chenyudong.com/index.html跳转到了http://www.chenyudong.com/,但是因为没有指定index的文件,导致又一个403 Forbidden错误。

第8行,try_files这个命令相当于做一个url重写,可以利用它来做一个伪静态。try_files $uri $uri/ /index.php?$args,$uri是nginx的一个变量,他的意义是先查看一下uri这个文件是不是存在,存在就返回,不存在就检查uri/这个目录看是否存在,存在返回,不存在查看index.php?$args这个是不是存在,如果不存在就返回默认的错误码,一般是404错误。

确认是否需要更改数据库密码

从其他的地方迁移过来,检查一下是否需要更改数据库的用户名和密码,在文件/wp-config.php,可以更改博客的数据库用户名和密码。

重启nginx

重启一下nginx,准确的说应该是重新读取一下配置。/usr/local/nginx/sbin/nginx -s reload

访问一下http://www.chenyudong.com/就可以了,而且原有的重写规则还是可以用的。

参考文章:http://codex.wordpress.org/Nginx