1. 安装Nginx并配置访问
  2. 安装PHP并输出脚本结果
  3. 配置typecho

Nginx安装并验证

apt install nginx
systemctl start nginx

Nginx访问.png

正常情况应该可以看到Nginx的欢迎页面了,如果看不到就是防火墙的问题,设置下防火墙放通即可。

安装PHP并使用Nginx代理

apt install php-fpm php-curl php-gd php-mbstring php-xml php-sqlite3

修改Nginx配置以支持php脚本

index index.php index.html index.htm index.nginx-debian.html;

if (!-e $request_filename) {
    rewrite ^(.*)$ /index.php$1 last;
}
location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
}

# pass PHP scripts to FastCGI server
#
location ~ .*\.php(\/.*)*$ {
        include snippets/fastcgi-php.conf;
        set $path_info "";
        set $real_script_name $fastcgi_script_name;
        if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
                set $real_script_name $1;
                set $path_info $2;
        }

        # With php-fpm (or other unix sockets):
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_param SCRIPT_NAME $real_script_name;
        fastcgi_param PATH_INFO $path_info;
        # With php-cgi (or other tcp sockets):
#       fastcgi_pass 127.0.0.1:9000;
}

测试截图
输出PHP信息.png

安装最新Typecho代码

下载源代码

wget https://github.com/typecho/typecho/releases/latest/download/typecho.zip

解压到网页根目录安装

unzip typecho.zip

访问网站进行安装,发现没有/usr/uploads的权限,需要修改下。
Typecho没有权限.png
查看php-fpm的运行用户是www-data所以更改目录所有者为www-data

chown -R www-data:www-data typecho

然后刷新页面就可以正确安装了
正确安装宣传界面.png

安全加固,仅放通必要端口(80,443,21)

查看防火墙的状态,发现默认一个没开

root@web:~# ufw status
Status: inactive
root@web:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

使用ufw配置规则

ufw default allow outgoing
ufw default deny incoming
ufw allow ssh
ufw allow "Nginx Full"

启用ufw

ufw enable
systemctl start ufw