环境
Typecho 1.1 (17.10.30)
Ubuntu 22.04 LTS
Nginx 1.18
MariaDB 5.5.64
Php 7.2.34
Docker 27.2.1
Docker Compose v2.29.7
Typecho 主题:Handsome
步骤
目录结构
/www/typecho(如果为其他名称,请注意更改后续 typecho 前缀)/
—data(目录,原来的整个 typehco 文件夹)
—php-fpm(目录,构建带有 mysql 驱动的 php 镜像)
——Dockerfile
—ssl(证书目录)
—网站域名.conf(nginx 配置文件)
—fastcgi.conf(nginx 配置文件引用文件)
—数据库备份文件.sql
MariaDB 数据库存放位置:/var/lib/docker/volumes/typecho_typecho-db/_data/
操作
以下操作均使用 root 用户进行
mkdir -p /www/typecho
# 将所有文件按上方目录结构放好
chown -R data-www:data-www /www
chmod -R 545 /www/typecho/data
chmod -R 777 /www/typecho/data/usr/plugins/Handsome/cache # 如果使用 Handsome,请注意修改缓存权限
chmod -R 444 $(find /www/typecho/data/ -type f -not -name '*.php')
cd /www/typecho/ssl
openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
cd /www/typecho
docker compose up -d
cp 数据库备份文件.sql /var/lib/docker/volumes/typecho_typecho-db/_data/backup.sql
docker exec -it typecho-db-1 bash
mysql -uroot -proot
## 以下操作在数据库中执行
create database 数据库名称 DEFAULT CHARSET utf8mb4 COLLATE utf8mb4_unicode_ci; # 注意编码字符集,如果不清楚请查看文章末尾参考
GRANT ALL privileges ON 数据库名称.* TO '数据库帐号'@'%' IDENTIFIED BY '数据库密码' WITH GRANT OPTION;
flush privileges;
exit;
## 结束数据库内执行
cd /var/lib/mysql
mysql -uroot -proot 数据库名称 < backup.sql
exit
docker compose down
docker compose up -d设置证书自动更新
wget -O - https://get.acme.sh | sh
acme.sh --upgrade --auto-upgrade
acme.sh --set-default-ca --server letsencrypt
acme.sh --issue -d www.yudelei.com -d yudelei.com -w /www/typecho/data/ --keylength ec-256 --force
acme.sh --install-cert -d www.yudelei.com --key-file /www/typecho/ssl/www.yudelei.com.key --fullchain-file /www/typecho/ssl/fullchain.cer --reloadcmd "docker exec -it typecho-web-1 service nginx force-reload"相关文件
docker-compose.yml
version: "3.8"
services:
db:
image: mariadb:5.5.64
restart: always
volumes:
- /etc/localtime:/etc/localtime
- typecho-db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: root
TZ: Asia/Shanghai
php-fpm:
build: ./php-fpm/
#image: php:7.2.34-fpm
restart: always
environment:
- TZ=Asia/Shanghai
volumes:
- ./data:/var/www/html
depends_on:
- db
web:
image: nginx:1.18
restart: always
ports:
- 80:80
- 443:443
environment:
- TZ=Asia/Shanghai
volumes:
- ./网站域名.conf:/etc/nginx/conf.d/网站域名.conf
- ./fastcgi.conf:/etc/nginx/fastcgi.conf
- ./ssl:/etc/nginx/ssl
- ./data:/var/www/html
volumes:
typecho-db:网站域名.conf
请注意更改网站域名,证书,私钥等!
server
{
listen 80;
#listen [::]:80;
server_name www.yudelei.com yudelei.com; # 需更改
#return 301 https://$server_name$request_uri;
return 301 https://www.yudelei.com$request_uri; # 需更改
}
server
{
listen 443 ssl http2;
server_name yudelei.com; # 需更改
ssl_certificate /etc/nginx/ssl/证书.cer; # 需更改
ssl_certificate_key /etc/nginx/ssl/私钥.key; # 需更改
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
return 301 https://www.yudelei.com$request_uri; # 需更改
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name www.yudelei.com; # 需更改
index index.html index.htm index.php default.html default.htm default.php;
root /var/www/html;
ssl_certificate /etc/nginx/ssl/证书.cer; # 需更改
ssl_certificate_key /etc/nginx/ssl/私钥.key; # 需更改
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
#openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# 如果后台未启用永久链接,请注释该模块
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php$1 last;
}
location ~ [^/]\.php(/|$)
{
fastcgi_pass php-fpm:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /var/log/nginx/access.log main;
}fastcgi.conf
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/";Dockerfile
FROM php:7.2.34-fpm
RUN docker-php-ext-install pdo_mysql