Ubuntu apache使用Let’s Encrypt的免费SSL证书

首先还是需要安装git
sudo apt-get install git
接着克隆项目
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto
下面按照提示完成生成就可以了
注意,子域名
如果要手动修改配置文件可修改apache的ssl配置文件添加下面的
SSLCertificateFile /etc/letsencrypt/live/exvs.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/exvs.org/privkey.pem
SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off

SSLOptions +StrictRequire
ServerName exvs.org
SSLCertificateChainFile /etc/letsencrypt/live/exvs.org/chain.pem

Ubuntu_14.04.04_LTS安装WordPress

首先安装Apache
sudo apt-get install apache2
接着安装PHP
sudo apt-get install php5
//安装PHP5
#sudo apt-get install libapache2-mod-php5
#//配置APACHE+PHP
安装mysql
sudo apt-get install mysql-server mysql-client
sudo apt-get install libapache2-mod-auth-mysql
sudo apt-get install php5-mysql php5-curl
重启apache2
sudo /etc/init.d/apache2 restart
或者
service apache2 restart
为了方便后续管理,安装phpmyadmin
sudo apt-get install phpmyadmin
sudo ln -s /usr/share/phpmyadmin /var/www
apt-get方式安装的phpmyadmin,后续更改配置在/etc/phpmyadmin

下面配置SSL
开启SSL模块
sudo a2enmod ssl
sudo a2enmod rewrite
使用openssl生成自签pem证书
openssl req -x509 -newkey rsa:2048 -keyout apache.pem -out apache.pem -nodes -days 36500
创建目录存放证书方便后续使用
mkdir /etc/apache2/sslcert
cp ./apache.pem /etc/apache2/sslcert

复制ssl配置文件
cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/001-ssl.conf
修改/etc/apache2/sites-enabled/001-ssl.conf中
SSLCertificateFile /etc/apache2/sslcert/apache.pem
SSLCertificateKeyFile /etc/apache2/sslcert/apache.pem
重启apache2后可访问https://服务器ip检查工作是否正常

下面安装wordpress
访问官方wordpress官网下载安装包

Home


使用wget下载安装包
wget https://cn.wordpress.org/wordpress-4.4.2-zh_CN.zip
安装unzip
sudo apt-get install unzip
解压wordpress安装包到默认目录
unzip wordpress-4.4.2-zh_CN.zip -d /var/www
为了方便访问移动了一下目录
mv /var/www/wordpress/* /var/www
删除多余的文件夹
rmdir /var/www/wordpress
修改/etc/apache2/sites-enabled/000-default.conf和001-ssl.conf中
DocumentRoot /var/www
chown -R www-data /var/www
重启apache2
接着可以使用phpmyadmin创建数据库和用户
最后可以访问
http://服务器IP/wordpress/wp-admin/install.php
http://localhost/wordpress/wp-admin/install.php
完成安装

安装ftp
sudo apt-get install vsftpd
创建新用户
sudo useradd -g ftp -d /var/www -M wordpressftp
sudo useradd -d /var/www -s /usr/sbin/nologin wordpressftp
chown -R wordpressftp:wordpressftp /var/www
修改密码
passwd wordpressftp
修改shell配置
编辑/etc/shells
如果该文件里没有/usr/sbin/nologin或者/sbin/nologin(具体看当前系统配置)则追加进去

编辑/etc/vsftpd.conf
write_enable=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
#把wordpressftp加入chroot_list
#echo “wordpressftp” >> /etc/vsftpd.chroot_list
chmod a-w /var/www
重启vsftpd
service vsftpd restart

Ubuntu常见配置

拿到新VPS自然要配置一番,记录下常修改的配置以防以后忘记了

首先当然SSH
更改端口号和key长度
/etc/ssh/sshd_config
Port *
ServerKeyBits 2048

更新key
rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
或者
ssh-keygen -q -N “” -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -q -N “” -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -q -N “” -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
#如果权限不是600也会造成SSH无法登陆
chmod 600 /etc/ssh/ssh_host_*
service ssh restart
或者
/etc/init.d/ssh restart
接着是apt
修改源list
/etc/apt/sources.list

iptables
拒绝21端口传入
iptables -A INPUT -p tcp –dport 21 -j DORP
iptables保存
apt-get install iptables-persistent
service iptables-persistent save