前言
好久没有纯手搓了。
这次就来没事找事做。
环境配置
这是 Blesta 官网的推荐要求:
The following requirements are recommended, and if met will provide a better experience and more full use of available features.
- PHP version 7.2 through 7.4
- PDO, pdo_mysql, curl (version 7.10.5 or later), openssl (version 1.1.1a or later), gmp, imap, json, ldap, libxml, mailparse, iconv, mbstring, simplexml, soap, gd, and zlib PHP extensions
- MySQL version 5.7.7, or MariaDB version 10.2.2 or later with max_allowed_packet = 128M or higher, and wait_timeout = 3600
- Apache, IIS, or LiteSpeed Web Server
- ionCube PHP loader
- memory_limit set to 256 MB or greater
- max_input_vars set to 10000 or greater (Config options with many options/prices can exceed the default 1000)
以下都默认在系统 Debian 11. root用户下进行。
安装 LAMP 部分基本参考的 【Debian 11 / Ubuntu 22.04 使用源安装 LAMP 教程】
更新并安装必要软件
1
2
| apt update && apt upgrade -y
apt install vim curl wget gnupg dpkg apt-transport-https lsb-release ca-certificates zip
|
安装 php 7.4
添加大神做好的源
1
2
| wget -O /usr/share/keyrings/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb [signed-by=/usr/share/keyrings/php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
|
更新
1
| apt update && apt upgrade -y
|
安装 PHP 7.4 和 相应的扩展
1
| apt install php7.4-fpm php7.4-cli php7.4-mysql php7.4-curl php7.4-gmp php7.4-imap php7.4-json php7.4-ldap php7.4-mailparse php7.4-mbstring php7.4-soap php7.4-gd php7.4-xml php7.4-xmlrpc php7.4-zip php7.4-opcache php7.4-bcmath -y
|
设置 php.ini
1
| sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/' /etc/php/7.4/fpm/php.ini
|
修改上传大小
1
2
| sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 10M/' /etc/php/7.4/fpm/php.ini
sed -i 's/post_max_size = 8M/post_max_size = 10M/' /etc/php/7.4/fpm/php.ini
|
安装 Apache2
安装 Apache2 ,依然是通过大佬的包。
1
2
| wget -O /usr/share/keyrings/apache2.gpg https://packages.sury.org/apache2/apt.gpg
echo "deb [signed-by=/usr/share/keyrings/apache2.gpg] https://packages.sury.org/apache2/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/apache2.list
|
更新
1
2
| apt update && apt upgrade -y
apt install apache2 -y
|
查看是否安装成功
1
2
3
| root@hostname:~# apache2 -v
Server version: Apache/2.4.57 (Debian)
Server built: 2023-04-08T12:55:36
|
开启 Apache2 相关模块
1
2
3
4
5
6
7
8
| a2enconf php7.4-fpm
a2enmod proxy_fcgi
a2enmod headers
a2enmod http2
a2enmod remoteip
a2enmod ssl
a2enmod rewrite
a2enmod expires
|
重启 Apache2 和 PHP 7.4 FPM
1
2
| systemctl restart apache2
systemctl restart php7.4-fpm
|
安装 MariaDB
导入 GPG Key
1
| curl -sSL https://mariadb.org/mariadb_release_signing_key.asc | gpg --dearmor > /usr/share/keyrings/mariadb.gpg
|
使用 xTom 镜像源。
1
| echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/mariadb.gpg] https://mirror-cdn.xtom.com/mariadb/repo/10.6/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/mariadb.list
|
你也可以在 这儿 找到更多的 MariaDB 源,包括清华源。
安装最新版,并进行安全设置。
1
2
3
| apt install mariadb-server -y
mysql_secure_installation
|
配置环境
创建数据库以及用户
1
2
3
| CREATE DATABASE db_blesta DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL ON db_blesta.* TO 'blesta'@'localhost' IDENTIFIED BY 'Y0ur-P455word_Here';
|
设置 Blesta
下载并解压
1
2
3
4
5
| cd /var/www
mkdir your.domain
cd your.domain
wget https://account.blesta.com/client/plugin/download_manager/client_main/download/227/blesta-5.7.1.zip
unzip blesta-5.7.1.zip
|
解压完,目录应当如此
1
| blesta blesta-5.7.1.zip hotfix-php8 LICENSE README.md uploads
|
设置 Apache2
新建 /etc/apache2/sites-available/your.domain.conf
文件,写入如下内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| <VirtualHost *:80>
ServerName your.domain
DocumentRoot /var/www/your.domain
DirectoryIndex index.php index.html index.htm
ErrorLog ${APACHE_LOG_DIR}/your.domain.error.log
CustomLog ${APACHE_LOG_DIR}/your.domain.access.log combined
<Directory /var/www/your.domain>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
|
可以通过如下命令一次性完成
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| cat >> /etc/apache2/sites-available/your.domain.conf << EOF
<VirtualHost *:80>
ServerName your.domain
DocumentRoot /var/www/your.domain
DirectoryIndex index.php index.html index.htm
ErrorLog ${APACHE_LOG_DIR}/your.domain.error.log
CustomLog ${APACHE_LOG_DIR}/your.domain.access.log combined
<Directory /var/www/your.domain>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
EOF
|
检查并上线
1
2
3
| a2ensite your.domain // 启用该 vhost
apache2ctl configtest // 测试配置文件
systemctl reload apache2 // 重启 Apache2
|
配置 ioncube
下载loader-wizard
1
| wget http://www.ioncube.com/loader-wizard/loader-wizard.zip
|
最好是在网站根目录下载并解压,然后就能直接访问 your.domain/loader-wizard.php
查看安装提示。,例如:
1
2
3
4
5
6
7
8
9
10
11
12
| Download one of the following archives of Loaders for Linux x86-64:
tar.gz
zip
Put the Loader files in /usr/lib/php/20190902
Save this 00-ioncube.ini file and put it in your ini files directory, /etc/php/7.4/fpm/conf.d
Restart PHP-FPM.
When the server software has restarted, click here to test the Loader.
If the Loader installation failed, check the PHP-FPM error log file for errors.
/etc/php/7.4/fpm/php.ini
/etc/php/7.4/cli/php.ini
zend_extension = /usr/lib/php/20190902/ioncube_loader_lin_7.4.so
|
如果发现有文件权限不对,那就执行 chown
1
| chown -R www-data:www-data /var/www/your.domain
|
配置 SSL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
| <VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(?:cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
|
这是精简版:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| <VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/ssl/your.domain/your.domain.crt
SSLCertificateKeyFile /var/ssl/your.domain/your.domain.key
SSLCertificateChainFile /var/ssl/your.domain/origin_ca_ecc_root.pem
<FilesMatch "\.(?:cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
|
没记错的接下来直接访问域名就可以跟着 Blesta 的 GUI 引导安装了。