本文主要从seoimo.com收集整理,感谢原作者的无私奉献
CentOS7系统
1. 密码,BBR和冲浪
重装系统后重启下机器,不然下面的yum会报错
# passwd
保持SSH长时间在线,下面两项前#去掉并修改参数,没有就在末尾添加# vi /etc/ssh/sshd_config
ClientAliveInterval 30
ClientAliveCountMax 5# service sshd restart
# yum -y update
查询是KVM后安装BBR# virt-what
可能需要# yum -y install virt-what
# wget --no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh && chmod +x bbr.sh && ./bbr.sh
可能要安装# yum -y install wget
查看BBR是否安装成功# sysctl net.ipv4.tcp_congestion_control
是否出现
net.ipv4.tcp_available_congestion_control = bbr
2. 安装LNMP及其他
# yum -y install screen
# screen -S lnmp
# wget -c http://soft.vpser.net/lnmp/lnmp1.9-full.tar.gz && tar -zxf lnmp1.9-full.tar.gz && cd lnmp1.9-full && ./install.sh lnmp
不装InnoDB Storage Engine,安装PHP7.2,其它默认
把phpmyadmin移到其他目录# cd /home/wwwroot/default
# mv phpmyadmin 其他目录
# rm -rf index.html
安装OPchche# cd /root/lnmp1.9-full
# ./addons.sh install opcache
安装Memcached# ./addons.sh install memcached
删除压缩包# rm -rf /root/lnmp1.9-full.tar.gz
安装imageMagick# ./addons.sh install imagemagick
3. 防火墙和修改端口
# systemctl start firewalld
# systemctl stop firewalld
# systemctl restart firewalld
# systemctl status firewalld
# systemctl enable firewalld
# systemctl disable firewalld
# firewall-cmd --permanent --zone=public --add-port=80/tcp
# firewall-cmd --permanent --zone=public --add-port=443/tcp
# firewall-cmd --permanent --zone=public --add-port=23729/tcp
# firewall-cmd --permanent --zone=public --remove-port=23729/tcp
# firewall-cmd --reload
# firewall-cmd --zone=public --list-ports
# firewall-cmd --list-ports
# vi /etc/firewalld/firewalld.conf
AllowZoneDrifting=yes 改成 no
# systemctl restart firewalld
编辑器命令模式输入 /AllowZoneDrifting进行搜索(注意有空格)
# vi /etc/ssh/sshd_config
修改SSH端口# service sshd restart
4. 添加域名并安装WP
# lnmp vhost add
不启用PHP Pathinfo,不启用access log,其他默认
注意,添加SSL之前要提前做好域名解析
# cd /home/wwwroot/XXX.com
# wget https://wordpress.org/latest.tar.gz
# tar -zxvf latest.tar.gz
# mv wordpress/* .
# rm -rf wordpress latest.tar.gz
# chattr -i /home/wwwroot/XXX.com/.user.ini
# chattr -i /home/wwwroot/default/.user.ini && lnmp restart
# chmod -R 755 /home/wwwroot && chown -R www /home/wwwroot
或者# lnmp stop && lnmp start
https进入网址开始安装wordpress
5. WP插件
推荐插件:
WP Fastest Cache
Autoptimize
A3 Lazy Load
MemcacheD Is Your Friend
Yoast SEO
UpdraftPlus WordPress Backup Plugin
Smart Slider 3 / MetaSlider
Shortcode Table of Contents
Wordfence Security
6. 定时清理和禁用日志
定期清理VPS日志
# cd /home/wwwroot/ && wget https://www.XXX.com/shells/wwwlogs_cleaner.sh
# echo -e "10 0 */5 * * bash /home/wwwroot/wwwlogs_cleaner.sh" >> /var/spool/cron/root
清理需用到crontab
查询# crontab -l
如果没有安装,就执行# yum -y install vixie-cron crontabs
禁用MySQL日志,优化MySQL
# cp /etc/my.cnf /etc/my.cnf.old
# vi /etc/my.cnf
下面两项加#号
#log-bin=mysql-bin
#binlog_format=mixed
优化MySQL
query_cache_size = 16M
max_connections = 100
重启# /etc/init.d/mysql restart
7. SSL相关
可直接导入备份文件(对比后再导入)
# vi /usr/local/nginx/conf/vhost/XXX.com.conf
在sever{433}里面添加add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
禁用TLS 1.0和TLS 1.1
删除ssl_protocols项下的TLSv1.0和TLSv1.1即可
# service nginx restart
或者# lnmp restart
或者重新加载# nginx -s reload