本文以域名 imagehub.cc 为例,详细介绍如何在 Ubuntu 18.04 手动安装 Chevereto 并实现根域名 WWW 跳转。以下步骤基于 LNMP ,如果服务器未安装 LNMP ,请参考文章“Ubuntu 18.04 手动搭建 LNMP 环境”配置服务器环境。以下操作是在 root 账号下进行的,非 root 账号需提升到 root 权限。

imagehub3.png

创建数据库

使用如下命令为 Chevereto 创建数据库:

mysql -u root -p
create database imagehub; 
create user 'imagehub'@'localhost' identified by 'imagehub.cc'; 
grant all privileges on imagehub.* to 'imagehub'@'localhost' identified by 'imagehub.cc'; 
flush privileges;  
quit

通过以上步骤便为 Chevereto 创建了一个名为 imagehub 数据库,数据库用户名为 imagehub ,登录密码为 imagehub.cc ,实际操作时请根据需要修改数据库名称、数据库用户名及密码,自行修改以上命令即可。

安装 Chevereto

获取源码:

cd /var/www && mkdir imagehub && cd imagehub && git clone https://github.com/Chevereto/installer.git && mv ./installer/installer.php ./installer.php && rm -rf installer

创建虚拟主机

使用如下命令创建 imagehub 的配置文件:

vim /etc/nginx/sites-available/imagehub  

复制以下内容并粘贴保存。注意,请将 imagehub.cc 修改为自己的实际域名:

server {
    listen 80;
    server_name imagehub.cc;
    return 301 http://www.imagehub.cc$request_uri;
}

server {
    listen 80;
    index index.php;   
    server_name  www.imagehub.cc;
    root   /var/www/imagehub;

    # individual nginx logs for this gitlab vhost
    access_log  /var/log/nginx/www.imagehub.cc_access.log;
    error_log   /var/log/nginx/www.imagehub.cc_error.log;

    #imagehub: Disable access to sensitive files
    location ~* /(app|content|lib)/.*\.(po|php|lock|sql)$ {
    deny all;
    }
    #imagehub: CORS headers
    location ~* /.*\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js) {
    add_header Access-Control-Allow-Origin "*";
    }
    #imagehub: Upload path for image content only and set 404 replacement
    location ^~ /images/ {
    location ~* (jpe?g|png|gif) {
        log_not_found off;
        error_page 404  /content/images/system/default/404.jpg;
    }
    return 403;
    }
    #imagehub: Pretty URLs
    location / {
    index index.php;
    try_files $uri $uri/ /index.php?$query_string;
    }
        
    location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
        return 404;
    }

    fastcgi_param HTTP_PROXY "";

    #fastcgi_pass 127.0.0.1:9000;
    fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    fastcgi_index index.php;

    include fastcgi_params;

    fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
    fastcgi_param  PATH_INFO         $fastcgi_path_info;
    } 
    
    client_max_body_size 20m;  # 定义最大上传文件大小
}

接入 nginx

使用如下命令将虚拟主机接入 nginx :

ln -s /etc/nginx/sites-available/imagehub /etc/nginx/sites-enabled/imagehub && chown -R www-data:www-data /var/www/imagehub && systemctl reload nginx

浏览器访问 http://imagehub.cc/installer.php ,根据提示,完成 Chevereto 的安装。

启用 ssl 并实现 www 二级域名 301 跳转

使用 certbot 分别对 imagehub.ccwww.imagehub.cc 签发证书,签发前请确保已经安装 certbot 且域名 A 记录已经生效。如果未安装 certbot ,请参考文章“Ubuntu 18.04 手动安装 certbot 并为网站添加 SSL 证书以启用 https”安装certbot:

certbot  # 根据提示完成相关操作

证书签发完之后修改配置文件,实现 imagehub.ccwww.imagehub.cchttps://www.imagehub.cc 的 301 跳转:

rm /etc/nginx/sites-available/imagehub && vim /etc/nginx/sites-available/imagehub

复制以下内容并粘贴保存。注意,请将 imagehub.cc 修改为自己的实际域名:

server {
    listen 80;
    server_name imagehub.cc www.imagehub.cc;
    return 301 https://www.imagehub.cc$request_uri;
}

server {
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/imagehub.cc/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/imagehub.cc/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    server_name imagehub.cc;
    return 301 https://www.imagehub.cc$request_uri;
}

server {
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.imagehub.cc/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.imagehub.cc/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    index index.php;   
    server_name  www.imagehub.cc;
    root /var/www/imagehub;

    # individual nginx logs for this gitlab vhost
    access_log  /var/log/nginx/www.imagehub.cc_access.log;
    error_log   /var/log/nginx/www.imagehub.cc_error.log;

    #imagehub: Disable access to sensitive files
    location ~* /(app|content|lib)/.*\.(po|php|lock|sql)$ {
    deny all;
    }
    #imagehub: CORS headers
    location ~* /.*\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js) {
    add_header Access-Control-Allow-Origin "*";
    }
    #imagehub: Upload path for image content only and set 404 replacement
    location ^~ /images/ {
    location ~* (jpe?g|png|gif) {
        log_not_found off;
        error_page 404 /content/images/system/default/404.jpg;
    }
    return 403;
    }
    #imagehub: Pretty URLs
    location / {
    index index.php;
    try_files $uri $uri/ /index.php?$query_string;
    }
        
    location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
        return 404;
    }

    fastcgi_param HTTP_PROXY "";

    #fastcgi_pass 127.0.0.1:9000;
    fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    fastcgi_index index.php;

    include fastcgi_params;

    fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
    fastcgi_param  PATH_INFO         $fastcgi_path_info;
    } 

    client_max_body_size 20m;  # 定义最大上传文件大小
}

重载 nginx 生效:

service nginx reload

通过以上步骤,浏览器访问 http://imagehub.cchttp://www.imagehub.cchttps://imagehub.cc 均会自动 301 跳转到 https://www.imagehub.cc

禁止 IP 及非配置域名访问

按 nginx 官方建议删除 /etc/nginx/sites-enabled 下的 default 配置文件并创建新的 default_server 。注意,请将 imagehub.cc 修改为自己的实际域名:

rm /etc/nginx/sites-enabled/default && cat > /etc/nginx/sites-available/default_server << EOF
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return    500;  
}

server {
   listen 443 ssl default_server;
   listen [::]:443 ssl default_server;
   ssl_certificate /etc/letsencrypt/live/www.imagehub.cc/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/www.imagehub.cc/privkey.pem; 
   server_name _;
   return    500;
}
EOF

default_server 接入 nginx 并重载 nginx 生效:

ln -s /etc/nginx/sites-available/default_server /etc/nginx/sites-enabled/default_server && systemctl restart nginx

通过以上步骤便可在 Ubuntu 18.04 手动安装 Chevereto 并实现根域名 WWW 跳转,本文结束。

文章目录