网络重装系统
使用moeclub.org的脚本
bash <(wget --no-check-certificate -qO- 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh') -d 11 -v 64 -a -p '密码'
开启BBR
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
sysctl -p
基本工具
apt install vim net-tools htop curl wget -y
fail2ban
apt install fail2ban -y
安装Mariadb
apt-get install software-properties-common dirmngr
apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
add-apt-repository 'deb [arch=amd64] http://mirrors.aliyun.com/mariadb/repo/10.7/debian bullseye main'
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
安装Nginx
apt install nginx -y
nginx配置php
server {
listen 443 ssl;
root /path/to/webroot;
index index.php index.html;
server_name abc.com;
gzip on;
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types application/json text/plain text/javascript application/javascript image/jpeg image/gif image/png application/font-woff application/x-javascript text/css application/xml;
gzip_vary on;
ssl_certificate ssl/abc.com_bundle.crt;
ssl_certificate_key ssl/abc.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/abc.com.access.log;
error_log /var/log/nginx/abc.com.error.log;
client_max_body_size 20m;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass php;
#The following parameter can be also included in fastcgi_params file
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
upstream php {
server unix:/run/php/php7.3-fpm.sock;
}
安装Redis
apt install redis -y
安装Minio
docker run -p 9000:9000 -p 9090:9090 --name minio \
-d --restart=always \
-e MINIO_ACCESS_KEY='账号' \
-e MINIO_SECRET_KEY='密码' \
-v /root/minio/data:/data \
-v /root/minio/config:/root/.minio \
minio/minio server /data --console-address ":9000" --address ":9090"
安装php
apt -y install lsb-release apt-transport-https ca-certificates
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
apt update
apt -y install php7.3
apt install php7.3-cli php7.3-fpm php7.3-json php7.3-pdo php7.3-mysql php7.3-zip php7.3-gd php7.3-mbstring php7.3-curl php7.3-xml php7.3-bcmath php7.3-json php7.3-redis php7.3-opcache -y
apt remove apache
开启opcache,编辑php.ini
opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=2
opcache.fast_shutdown=1
opcache.enable_cli=1
wordpress优化
minio存储媒体文件
-
安装WP Offload Media Lite插件
-
在wp-content目录下新建目录mu-plugins,mu-plugins下新建文件s3.php
-
编辑config.php,在靠近顶部添加
define( 'AS3CF_SETTINGS', serialize( array( 'provider' => 'aws', 'access-key-id' => 'minio用户名', 'secret-access-key' => 'minio密码', ) ) )
redis缓存
- 安装Redis Object Cache插件即可
Comments | NOTHING