手动安装 Blesta

为了安全没有使用任何可疑脚本。

# 前言

好久没有纯手搓了。

这次就来没事找事做。

# 环境配置

这是 Blesta 官网的推荐要求:

The following requirements are recommended, and if met will provide a better experience and more full use of available features.

  • PHP version 7.2 through 7.4
  • PDO, pdo_mysql, curl (version 7.10.5 or later), openssl (version 1.1.1a or later), gmp, imap, json, ldap, libxml, mailparse, iconv, mbstring, simplexml, soap, gd, and zlib PHP extensions
  • MySQL version 5.7.7, or MariaDB version 10.2.2 or later with max_allowed_packet = 128M or higher, and wait_timeout = 3600
  • Apache, IIS, or LiteSpeed Web Server
  • ionCube PHP loader
  • memory_limit set to 256 MB or greater
  • max_input_vars set to 10000 or greater (Config options with many options/prices can exceed the default 1000)

以下都默认在系统 Debian 11. root用户下进行。

安装 LAMP 部分基本参考的 【Debian 11 / Ubuntu 22.04 使用源安装 LAMP 教程】1

更新并安装必要软件

1
2
apt update && apt upgrade -y
apt install vim curl wget gnupg dpkg apt-transport-https lsb-release ca-certificates zip

# 安装 php 7.4

添加大神做好的源

1
2
wget -O /usr/share/keyrings/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb [signed-by=/usr/share/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list

更新

1
apt update && apt upgrade -y

安装 PHP 7.4 和 相应的扩展

1
apt install php7.4-fpm php7.4-cli php7.4-mysql php7.4-curl php7.4-gmp php7.4-imap php7.4-json php7.4-ldap php7.4-mailparse php7.4-mbstring php7.4-soap php7.4-gd php7.4-xml php7.4-xmlrpc php7.4-zip php7.4-opcache  php7.4-bcmath -y

设置 php.ini

1
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php/7.4/fpm/php.ini

修改上传大小

1
2
sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 10M/' /etc/php/7.4/fpm/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 10M/' /etc/php/7.4/fpm/php.ini

# 安装 Apache2

安装 Apache2 ,依然是通过大佬的包。

1
2
wget -O /usr/share/keyrings/apache2.gpg https://packages.sury.org/apache2/apt.gpg
echo "deb [signed-by=/usr/share/keyrings/apache2.gpg] https://packages.sury.org/apache2/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/apache2.list

更新

1
2
apt update && apt upgrade -y
apt install apache2 -y

查看是否安装成功

1
2
3
root@hostname:~# apache2 -v
Server version: Apache/2.4.57 (Debian)
Server built:   2023-04-08T12:55:36

开启 Apache2 相关模块

1
2
3
4
5
6
7
8
a2enconf php7.4-fpm
a2enmod proxy_fcgi
a2enmod headers
a2enmod http2
a2enmod remoteip
a2enmod ssl
a2enmod rewrite
a2enmod expires

重启 Apache2 和 PHP 7.4 FPM

1
2
systemctl restart apache2
systemctl restart php7.4-fpm

# 安装 MariaDB

导入 GPG Key

1
curl -sSL https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor > /usr/share/keyrings/mariadb.gpg

使用 xTom 镜像源。

1
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/mariadb.gpg] https://mirror-cdn.xtom.com/mariadb/repo/10.6/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/mariadb.list

你也可以在 这儿 找到更多的 MariaDB 源,包括清华源。

安装最新版,并进行安全设置。

1
2
3
apt install mariadb-server -y

mysql_secure_installation

# 配置环境

# 创建数据库以及用户

1
2
3
CREATE DATABASE db_blesta DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

GRANT ALL ON db_blesta.* TO 'blesta'@'localhost' IDENTIFIED BY 'Y0ur-P455word_Here';

# 设置 Blesta

下载并解压

1
2
3
4
5
cd /var/www
mkdir your.domain
cd your.domain
wget https://account.blesta.com/client/plugin/download_manager/client_main/download/227/blesta-5.7.1.zip
unzip blesta-5.7.1.zip

解压完,目录应当如此

1
blesta	blesta-5.7.1.zip  hotfix-php8  LICENSE	README.md  uploads

# 设置 Apache2

新建 /etc/apache2/sites-available/your.domain.conf 文件,写入如下内容

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
<VirtualHost *:80>
	ServerName your.domain
	DocumentRoot /var/www/your.domain
	DirectoryIndex index.php index.html index.htm
	
	ErrorLog ${APACHE_LOG_DIR}/your.domain.error.log
	CustomLog ${APACHE_LOG_DIR}/your.domain.access.log combined

	<Directory /var/www/your.domain>
		Options FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>
</VirtualHost>

可以通过如下命令一次性完成

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
cat >> /etc/apache2/sites-available/your.domain.conf << EOF
<VirtualHost *:80>
	ServerName your.domain
	DocumentRoot /var/www/your.domain
	DirectoryIndex index.php index.html index.htm
	
	ErrorLog ${APACHE_LOG_DIR}/your.domain.error.log
	CustomLog ${APACHE_LOG_DIR}/your.domain.access.log combined

	<Directory /var/www/your.domain>
		Options FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>
</VirtualHost>
EOF

检查并上线

1
2
3
a2ensite your.domain		// 启用该 vhost
apache2ctl configtest		// 测试配置文件
systemctl reload apache2	// 重启 Apache2

# 配置 ioncube

下载loader-wizard

1
wget http://www.ioncube.com/loader-wizard/loader-wizard.zip

最好是在网站根目录下载并解压,然后就能直接访问 your.domain/loader-wizard.php 查看安装提示。,例如:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
Download one of the following archives of Loaders for Linux x86-64:
tar.gz
zip
Put the Loader files in /usr/lib/php/20190902
Save this 00-ioncube.ini file and put it in your ini files directory, /etc/php/7.4/fpm/conf.d
Restart PHP-FPM.
When the server software has restarted, click here to test the Loader.
If the Loader installation failed, check the PHP-FPM error log file for errors.

/etc/php/7.4/fpm/php.ini
/etc/php/7.4/cli/php.ini
zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so

如果发现有文件权限不对,那就执行 chown

1
chown -R www-data:www-data /var/www/your.domain

# 配置 SSL

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
<VirtualHost *:443>
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf

	#   SSL Engine Switch:
	#   Enable/Disable SSL for this virtual host.
	SSLEngine on

	#   A self-signed (snakeoil) certificate can be created by installing
	#   the ssl-cert package. See
	#   /usr/share/doc/apache2/README.Debian.gz for more info.
	#   If both key and certificate are stored in the same file, only the
	#   SSLCertificateFile directive is needed.
	SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
	SSLCertificateKeyFile   /etc/ssl/private/ssl-cert-snakeoil.key

	#   Server Certificate Chain:
	#   Point SSLCertificateChainFile at a file containing the
	#   concatenation of PEM encoded CA certificates which form the
	#   certificate chain for the server certificate. Alternatively
	#   the referenced file can be the same as SSLCertificateFile
	#   when the CA certificates are directly appended to the server
	#   certificate for convinience.
	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

	#   Certificate Authority (CA):
	#   Set the CA certificate verification path where to find CA
	#   certificates for client authentication or alternatively one
	#   huge file containing all of them (file must be PEM encoded)
	#   Note: Inside SSLCACertificatePath you need hash symlinks
	#         to point to the certificate files. Use the provided
	#         Makefile to update the hash symlinks after changes.
	#SSLCACertificatePath /etc/ssl/certs/
	#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

	#   Certificate Revocation Lists (CRL):
	#   Set the CA revocation path where to find CA CRLs for client
	#   authentication or alternatively one huge file containing all
	#   of them (file must be PEM encoded)
	#   Note: Inside SSLCARevocationPath you need hash symlinks
	#         to point to the certificate files. Use the provided
	#         Makefile to update the hash symlinks after changes.
	#SSLCARevocationPath /etc/apache2/ssl.crl/
	#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

	#   Client Authentication (Type):
	#   Client certificate verification type and depth.  Types are
	#   none, optional, require and optional_no_ca.  Depth is a
	#   number which specifies how deeply to verify the certificate
	#   issuer chain before deciding the certificate is not valid.
	#SSLVerifyClient require
	#SSLVerifyDepth  10

	#   SSL Engine Options:
	#   Set various options for the SSL engine.
	#   o FakeBasicAuth:
	#    Translate the client X.509 into a Basic Authorisation.  This means that
	#    the standard Auth/DBMAuth methods can be used for access control.  The
	#    user name is the `one line' version of the client's X.509 certificate.
	#    Note that no password is obtained from the user. Every entry in the user
	#    file needs this password: `xxj31ZMTZzkVA'.
	#   o ExportCertData:
	#    This exports two additional environment variables: SSL_CLIENT_CERT and
	#    SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
	#    server (always existing) and the client (only existing when client
	#    authentication is used). This can be used to import the certificates
	#    into CGI scripts.
	#   o StdEnvVars:
	#    This exports the standard SSL/TLS related `SSL_*' environment variables.
	#    Per default this exportation is switched off for performance reasons,
	#    because the extraction step is an expensive operation and is usually
	#    useless for serving static content. So one usually enables the
	#    exportation for CGI and SSI requests only.
	#   o OptRenegotiate:
	#    This enables optimized SSL connection renegotiation handling when SSL
	#    directives are used in per-directory context.
	#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
	<FilesMatch "\.(?:cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
		SSLOptions +StdEnvVars
	</Directory>
</VirtualHost>

这是精简版:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
<VirtualHost *:443>
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/html

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	SSLEngine on

	SSLCertificateFile      /var/ssl/your.domain/your.domain.crt
	SSLCertificateKeyFile   /var/ssl/your.domain/your.domain.key
    SSLCertificateChainFile /var/ssl/your.domain/origin_ca_ecc_root.pem

	<FilesMatch "\.(?:cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
		SSLOptions +StdEnvVars
	</Directory>
</VirtualHost>

没记错的接下来直接访问域名就可以跟着 Blesta 的 GUI 引导安装了。

Licensed under CC BY-NC-SA 4.0
最后更新于 Oct 05, 2022 00:00 UTC
使用 Hugo 构建
主题 StackJimmy 设计