# Ubuntu服务器多网站部署 – 完整标准操作手册
# 使用root新增用户
# 创建用户(会交互式提示设置密码和用户信息)
sudo adduser username
# 或使用非交互模式
sudo adduser –disabled-password –gecos “” username
sudo passwd username # 然后输入密码
## 系统概述
部署4个网站:
1. **holyrange.com** – WordPress + PHP 7.4 + Apache(反向代理)
2. **codish.com** – WordPress + PHP 7.4 + Apache(反向代理)
3. **my.holyrange.com** – WordPress + 最新PHP + Nginx
4. **n8n.holyrange.com** – n8n自动化工具 + SQLite + Docker
## 第一步:系统初始化
“`bash
# 1. 更新系统
sudo apt update && sudo apt upgrade -y
# 2. 安装基本工具
sudo apt install -y curl wget git vim htop ufw software-properties-common
# 3. 设置时区
sudo timedatectl set-timezone Asia/Shanghai
# 4. 配置防火墙
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw status
“`
## 第二步:安装Apache和PHP 7.4
“`bash
# 1. 安装Apache
sudo apt install -y apache2
# 准备安装 PHP 7.4
# 1. 安装软件属性管理工具
sudo apt update
sudo apt install -y software-properties-common
# 2. 添加 Ondřej Surý 的 PHP PPA
sudo add-apt-repository ppa:ondrej/php
sudo apt update
# 3. 安装 PHP 7.4
sudo apt install -y php7.4 php7.4-mysql php7.4-cli php7.4-common \
php7.4-curl php7.4-gd php7.4-json php7.4-mbstring php7.4-xml \
php7.4-zip php7.4-fpm libapache2-mod-php7.4
# 3. 启用Apache模块
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod headers
“`
To activate the new configuration, you need to run:
systemctl restart apache2
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
systemctl restart apache2
Enabling module headers.
To activate the new configuration, you need to run:
systemctl restart apache2
“`
# 4. 禁用冲突模块
sudo a2dismod proxy_fcgi
sudo a2dismod proxy
# 5. 确保mod_php启用
sudo a2enmod php7.4
“`
## 第三步:安装MySQL/MariaDB
“`bash
# 1. 安装MariaDB
sudo apt install -y mariadb-server mariadb-client
# 2. 安全配置
sudo mysql_secure_installation
# 按提示设置:设置root密码,移除匿名用户,禁止远程root登录等
# 3. 创建数据库和用户
sudo mysql -u root -p
CREATE DATABASE holyrange CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE DATABASE codish CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE DATABASE mytools CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER ‘joehuang’@’localhost’ IDENTIFIED BY ‘StrongPassword123!’;
GRANT ALL PRIVILEGES ON holyrange.* TO ‘joehuang’@’localhost’;
GRANT ALL PRIVILEGES ON codish.* TO ‘joehuang’@’localhost’;
GRANT ALL PRIVILEGES ON mytools.* TO ‘joehuang’@’localhost’;
FLUSH PRIVILEGES;
## 第四步:安装Nginx和最新PHP
# 1. 安装Nginx
sudo apt install -y nginx
# 2. 安装最新PHP版本
sudo apt install -y php php-fpm php-mysql php-cli php-common \
php-curl php-gd php-json php-mbstring php-xml php-zip php-sqlite3
# 3. 检查PHP版本
php –version
## 第五步:配置Apache(监听8080和8081端口)
### 1. 修改Apache端口配置
sudo nano /etc/apache2/ports.conf
内容修改为:
“`
Listen 8080
Listen 8081
Listen 8443
“`
### 2. 创建网站目录
sudo mkdir -p /var/www/holyrange.com
sudo mkdir -p /var/www/codish.com
sudo mkdir -p /var/www/my.holyrange.com
sudo chown -R www-data:www-data /var/www/
sudo chmod -R 755 /var/www/
### 3. 配置holyrange.com虚拟主机
sudo nano /etc/apache2/sites-available/holyrange.com.conf
ServerName holyrange.com
ServerAlias www.holyrange.com
DocumentRoot /var/www/holyrange.com
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
Header always set X-Content-Type-Options “nosniff”
Header always set X-Frame-Options “SAMEORIGIN”
php_admin_flag engine on
php_admin_value upload_max_filesize 64M
php_admin_value post_max_size 64M
php_admin_value memory_limit 256M
php_admin_value max_execution_time 300
DirectoryIndex index.php index.html index.htm
ErrorLog ${APACHE_LOG_DIR}/holyrange.com_error.log
CustomLog ${APACHE_LOG_DIR}/holyrange.com_access.log combined
### 4. 配置codish.com虚拟主机
“`bash
sudo nano /etc/apache2/sites-available/codish.com.conf
“`
“`apache
ServerName codish.com
ServerAlias www.codish.com
DocumentRoot /var/www/codish.com
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
Header always set X-Content-Type-Options “nosniff”
Header always set X-Frame-Options “SAMEORIGIN”
php_admin_flag engine on
php_admin_value upload_max_filesize 64M
php_admin_value post_max_size 64M
php_admin_value memory_limit 256M
php_admin_value max_execution_time 300
DirectoryIndex index.php index.html index.htm
ErrorLog ${APACHE_LOG_DIR}/codish.com_error.log
CustomLog ${APACHE_LOG_DIR}/codish.com_access.log combined
“`
### 5. 启用Apache站点并禁用默认站点
“`bash
sudo a2dissite 000-default.conf
sudo a2ensite holyrange.com.conf
sudo a2ensite codish.com.conf
# 测试Apache配置
sudo apache2ctl configtest
# 重启Apache
sudo systemctl restart apache2
“`
## 第六步:配置Nginx作为反向代理
### 1. 修改Nginx主配置
“`bash
sudo nano /etc/nginx/nginx.conf
“`
在 `http {}` 块中(不要删除其他内容):
“`nginx
http {
# 现有的其他配置保持不变…
# 在适当位置添加(不要重复添加)
# 通常可以加在 events {} 之后
# 定义日志格式
log_format vhost ‘$host $remote_addr – $remote_user [$time_local] ‘
‘”$request” $status $body_bytes_sent ‘
‘”$http_referer” “$http_user_agent”‘;
access_log /var/log/nginx/access.log vhost;
# 其他现有配置…
}
“`
### 2. 配置holyrange.com反向代理
“`bash
sudo nano /etc/nginx/sites-available/holyrange.com
“`
“`nginx
server {
listen 80;
server_name holyrange.com www.holyrange.com;
access_log /var/log/nginx/holyrange.com_access.log vhost;
error_log /var/log/nginx/holyrange.com_error.log;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
# 静态文件优化
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|webp)$ {
proxy_pass http://127.0.0.1:8080;
proxy_cache_valid 200 30d;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
add_header X-Cache-Status $upstream_cache_status;
expires 30d;
add_header Cache-Control “public, immutable”;
}
}
“`
### 3. 配置codish.com反向代理
“`bash
sudo nano /etc/nginx/sites-available/codish.com
“`
“`nginx
server {
listen 80;
server_name codish.com www.codish.com;
access_log /var/log/nginx/codish.com_access.log vhost;
error_log /var/log/nginx/codish.com_error.log;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|webp)$ {
proxy_pass http://127.0.0.1:8081;
proxy_cache_valid 200 30d;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
add_header X-Cache-Status $upstream_cache_status;
expires 30d;
add_header Cache-Control “public, immutable”;
}
}
“`
### 4. 配置my.holyrange.com(直接PHP-FPM)
“`bash
sudo nano /etc/nginx/sites-available/my.holyrange.com
“`
“`nginx
server {
listen 80;
server_name my.holyrange.com;
root /var/www/my.holyrange.com;
index index.php index.html index.htm;
access_log /var/log/nginx/my.holyrange.com_access.log;
error_log /var/log/nginx/my.holyrange.com_error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# 超时设置
fastcgi_connect_timeout 60s;
fastcgi_send_timeout 60s;
fastcgi_read_timeout 60s;
}
location ~ /\.ht {
deny all;
}
# 静态文件缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|webp|woff|woff2|ttf|eot)$ {
expires 30d;
add_header Cache-Control “public, immutable”;
access_log off;
}
# 安全头
add_header X-Frame-Options “SAMEORIGIN” always;
add_header X-Content-Type-Options “nosniff” always;
add_header X-XSS-Protection “1; mode=block” always;
}
“`
### 5. 启用Nginx站点
“`bash
# 移除默认配置
sudo rm -f /etc/nginx/sites-enabled/default
# 创建符号链接
sudo ln -sf /etc/nginx/sites-available/holyrange.com /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/codish.com /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/my.holyrange.com /etc/nginx/sites-enabled/
# 测试Nginx配置
sudo nginx -t
# 重启Nginx
sudo systemctl restart nginx
“`
## 第七步:安装和配置n8n(Docker)
“`bash
# 1. 安装Docker
sudo apt install -y docker.io docker-compose
# 2. 启动Docker服务
sudo systemctl start docker
sudo systemctl enable docker
# 3. 创建n8n目录
sudo mkdir -p /opt/n8n
cd /opt/n8n
# 4. 创建docker-compose.yml
sudo nano docker-compose.yml
“`
“`yaml
version: ‘3.8’
services:
n8n:
image: n8nio/n8n:latest
container_name: n8n
restart: unless-stopped
ports:
– “5678:5678”
environment:
– N8N_PROTOCOL=https
– N8N_HOST=n8n.holyrange.com
– N8N_PORT=5678
– N8N_WEBHOOK_URL=https://n8n.holyrange.com/
– WEBHOOK_URL=https://n8n.holyrange.com/
– N8N_METRICS=false
– DB_TYPE=sqlite
– N8N_ENCRYPTION_KEY=${ENCRYPTION_KEY:-your-32-character-encryption-key}
– GENERIC_TIMEZONE=Asia/Shanghai
– TZ=Asia/Shanghai
– N8N_USER_MANAGEMENT_DISABLED=false
– N8N_BASIC_AUTH_ACTIVE=true
– N8N_BASIC_AUTH_USER=admin
– N8N_BASIC_AUTH_PASSWORD=${N8N_PASSWORD:-ChangeMe123!}
volumes:
– n8n_data:/home/node/.n8n
– ./backups:/backups
networks:
– n8n_network
networks:
n8n_network:
driver: bridge
volumes:
n8n_data:
“`
“`bash
# 5. 设置环境变量文件
sudo nano .env
“`
“`
ENCRYPTION_KEY=生成一个32字符的随机字符串
N8N_PASSWORD=强密码
“`
生成加密密钥:
“`bash
openssl rand -base64 24 | tr -d ‘\n’
“`
“`bash
# 6. 启动n8n
sudo docker-compose up -d
# 7. 检查运行状态
sudo docker-compose ps
“`
### 8. 配置n8n的Nginx反向代理
“`bash
sudo nano /etc/nginx/sites-available/n8n.holyrange.com
“`
“`nginx
server {
listen 80;
server_name n8n.holyrange.com;
access_log /var/log/nginx/n8n.holyrange.com_access.log;
error_log /var/log/nginx/n8n.holyrange.com_error.log;
location / {
proxy_pass http://127.0.0.1:5678;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
}
sudo ln -sf /etc/nginx/sites-available/n8n.holyrange.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
“`
## 第八步:部署WordPress
### 为holyrange.com部署WordPress:
“`bash
cd /var/www/holyrange.com
# 下载WordPress
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzvf latest.tar.gz –strip-components=1
sudo rm latest.tar.gz
# 设置权限
sudo chown -R www-data:www-data /var/www/holyrange.com
sudo find /var/www/holyrange.com -type d -exec chmod 755 {} \;
sudo find /var/www/holyrange.com -type f -exec chmod 644 {} \;
# 复制配置文件
sudo cp wp-config-sample.php wp-config.php
# 编辑配置文件
sudo nano wp-config.php
“`
修改以下数据库配置:
“`php
define( ‘DB_NAME’, ‘holyrange_db’ );
define( ‘DB_USER’, ‘holyrange_user’ );
define( ‘DB_PASSWORD’, ‘StrongPassword123!’ );
define( ‘DB_HOST’, ‘localhost’ );
define( ‘DB_CHARSET’, ‘utf8mb4’ );
define( ‘DB_COLLATE’, ” );
# 添加安全密钥(从https://api.wordpress.org/secret-key/1.1/salt/获取)
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);
“`
### 为codish.com部署WordPress(重复上述步骤):
“`bash
cd /var/www/codish.com
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzvf latest.tar.gz –strip-components=1
sudo rm latest.tar.gz
sudo chown -R www-data:www-data /var/www/codish.com
sudo find /var/www/codish.com -type d -exec chmod 755 {} \;
sudo find /var/www/codish.com -type f -exec chmod 644 {} \;
sudo cp wp-config-sample.php wp-config.php
sudo nano wp-config.php
“`
### 为my.holyrange.com部署WordPress:
“`bash
cd /var/www/my.holyrange.com
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzvf latest.tar.gz –strip-components=1
sudo rm latest.tar.gz
sudo chown -R www-data:www-data /var/www/my.holyrange.com
sudo find /var/www/my.holyrange.com -type d -exec chmod 755 {} \;
sudo find /var/www/my.holyrange.com -type f -exec chmod 644 {} \;
sudo cp wp-config-sample.php wp-config.php
sudo nano wp-config.php
“`
## 第九步:配置SSL证书(HTTPS)
“`bash
# 1. 安装Certbot
sudo apt install -y certbot python3-certbot-nginx
# 2. 暂时停止Nginx
sudo systemctl stop nginx
# 3. 逐个获取证书(避免一次太多域名)
sudo certbot certonly –standalone -d holyrange.com -d www.holyrange.com
sudo certbot certonly –standalone -d codish.com -d www.codish.com
sudo certbot certonly –standalone -d my.holyrange.com
sudo certbot certonly –standalone -d n8n.holyrange.com
# 4. 重新启动Nginx
sudo systemctl start nginx
# 5. 配置Nginx使用SSL
“`
### 为每个站点添加SSL配置:
**holyrange.com SSL配置:**
“`bash
sudo nano /etc/nginx/sites-available/holyrange.com
“`
在现有配置后添加:
“`nginx
server {
listen 443 ssl http2;
server_name holyrange.com www.holyrange.com;
ssl_certificate /etc/letsencrypt/live/holyrange.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/holyrange.com/privkey.pem;
# SSL优化配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
access_log /var/log/nginx/holyrange.com_ssl_access.log vhost;
error_log /var/log/nginx/holyrange.com_ssl_error.log;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|webp)$ {
proxy_pass http://127.0.0.1:8080;
proxy_cache_valid 200 30d;
expires 30d;
add_header Cache-Control “public, immutable”;
}
}
“`
**为HTTP添加重定向:**
“`nginx
# 在原HTTP配置的server块开头添加
return 301 https://$server_name$request_uri;
“`
### 对其他站点重复此过程
## 第十步:安全加固
“`bash
# 1. 安装fail2ban
sudo apt install -y fail2ban
# 2. 配置fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
“`
修改:
“`ini
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 3600
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /var/log/nginx/error.log
[nginx-badbots]
enabled = true
port = http,https
filter = nginx-badbots
logpath = /var/log/nginx/access.log
maxretry = 2
[nginx-botsearch]
enabled = true
port = http,https
filter = nginx-botsearch
logpath = /var/log/nginx/access.log
“`
“`bash
# 3. 重启fail2ban
sudo systemctl restart fail2ban
sudo systemctl enable fail2ban
# 4. 配置自动安全更新
sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure –priority=low unattended-upgrades
# 5. 修改SSH配置
sudo nano /etc/ssh/sshd_config
“`
修改:
“`
Port 2222 # 修改SSH端口
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
“`
“`bash
# 6. 重启SSH
sudo systemctl restart sshd
# 7. 别忘了更新防火墙规则
sudo ufw allow 2222/tcp
“`
## 第十一步:备份脚本
“`bash
sudo nano /usr/local/bin/backup_websites.sh
“`
“`bash
#!/bin/bash
# 网站备份脚本
BACKUP_DIR=”/backup/$(date +%Y%m%d_%H%M%S)”
mkdir -p $BACKUP_DIR
echo “开始备份…”
# 备份数据库
echo “备份数据库…”
mysqldump -u root -p’您的root密码’ –all-databases > $BACKUP_DIR/all_databases.sql
mysqldump -u holyrange_user -p’StrongPassword123!’ holyrange_db > $BACKUP_DIR/holyrange_db.sql
mysqldump -u codish_user -p’StrongPassword456!’ codish_db > $BACKUP_DIR/codish_db.sql
mysqldump -u myholyrange_user -p’StrongPassword789!’ myholyrange_db > $BACKUP_DIR/myholyrange_db.sql
# 备份网站文件
echo “备份网站文件…”
tar -czf $BACKUP_DIR/websites.tar.gz /var/www/
# 备份nginx配置
echo “备份nginx配置…”
tar -czf $BACKUP_DIR/nginx_config.tar.gz /etc/nginx/
# 备份apache配置
echo “备份apache配置…”
tar -czf $BACKUP_DIR/apache_config.tar.gz /etc/apache2/
# 备份n8n数据
echo “备份n8n数据…”
sudo docker exec n8n tar -czf /backups/n8n_backup_$(date +%Y%m%d).tar.gz /home/node/.n8n
sudo docker cp n8n:/backups/n8n_backup_$(date +%Y%m%d).tar.gz $BACKUP_DIR/
# 创建备份信息文件
echo “创建备份信息…”
cat > $BACKUP_DIR/backup_info.txt << EOF
备份时间: $(date)
备份目录: $BACKUP_DIR
包含内容:
- 所有数据库
- 网站文件 (/var/www/)
- nginx配置
- apache配置
- n8n数据
EOF
# 压缩整个备份
cd $(dirname $BACKUP_DIR)
tar -czf $(basename $BACKUP_DIR).tar.gz $(basename $BACKUP_DIR)
echo "备份完成: $BACKUP_DIR.tar.gz"
echo "大小: $(du -h $(basename $BACKUP_DIR).tar.gz | cut -f1)"
```
```bash
sudo chmod +x /usr/local/bin/backup_websites.sh
```
## 第十二步:监控和维护脚本
```bash
sudo nano /usr/local/bin/website_status.sh
```
```bash
#!/bin/bash
# 网站状态检查脚本
echo "=== 网站状态检查 ==="
echo "检查时间: $(date)"
echo ""
# 检查服务状态
echo "1. 服务状态:"
services=("nginx" "apache2" "mariadb" "php7.4-fpm" "php-fpm" "docker")
for service in "${services[@]}"; do
if systemctl is-active --quiet $service; then
echo " ✓ $service 运行中"
else
echo " ✗ $service 未运行"
fi
done
echo ""
# 检查端口监听
echo "2. 端口监听状态:"
ports=("80" "443" "8080" "8081" "5678" "2222")
for port in "${ports[@]}"; do
if netstat -tuln | grep -q ":$port "; then
echo " ✓ 端口 $port 已监听"
else
echo " ✗ 端口 $port 未监听"
fi
done
echo ""
# 检查网站响应
echo "3. 网站响应检查:"
sites=(
"http://localhost:8080 holyrange.com (Apache)"
"http://localhost:8081 codish.com (Apache)"
"http://localhost holyrange.com (Nginx)"
"http://localhost my.holyrange.com"
)
for site in "${sites[@]}"; do
url=$(echo $site | awk '{print $1}')
name=$(echo $site | awk '{print $2}')
desc=$(echo $site | awk '{for(i=3;i<=NF;i++) printf $i" "; print ""}')
if curl -s -I --max-time 5 $url | head -1 | grep -q "200\|301\|302"; then
echo " ✓ $name - $desc"
else
echo " ✗ $name - $desc"
fi
done
echo ""
# 检查磁盘空间
echo "4. 磁盘空间:"
df -h / /var /home | awk 'NR==1 || $1 ~ /\/dev\//'
echo ""
# 检查内存使用
echo "5. 内存使用:"
free -h
echo ""
echo "=== 检查完成 ==="
```
```bash
sudo chmod +x /usr/local/bin/website_status.sh
```
## 第十三步:安装完成后的验证
```bash
# 运行状态检查
sudo /usr/local/bin/website_status.sh
# 测试每个网站
echo "测试网站访问:"
echo "1. http://holyrange.com"
echo "2. http://codish.com"
echo "3. http://my.holyrange.com"
echo "4. http://n8n.holyrange.com"
# 验证PHP执行
curl -I http://holyrange.com/test.php
curl -I https://holyrange.com/test.php
# 检查SSL证书
sudo certbot certificates
# 设置自动续期
sudo crontab -l | { cat; echo "0 3 * * * /usr/bin/certbot renew --quiet"; } | sudo crontab -
```
## 故障排除指南
如果遇到问题,检查以下内容:
### 1. Apache显示PHP源代码
```bash
# 检查mod_php是否加载
sudo apache2ctl -M | grep php
# 检查php7.4.conf
cat /etc/apache2/mods-enabled/php7.4.conf
# 确保虚拟主机没有PHP-FPM配置
grep -r "SetHandler.*php7.4-fpm" /etc/apache2/
```
### 2. Nginx 502错误
```bash
# 检查Apache是否运行在正确端口
sudo netstat -tulpn | grep apache
# 检查端口8080和8081是否被占用
sudo lsof -i :8080
sudo lsof -i :8081
# 重启服务
sudo systemctl restart apache2 nginx
```
### 3. 数据库连接错误
```bash
# 测试数据库连接
mysql -u holyrange_user -p -e "SHOW DATABASES;"
# 检查MySQL服务
sudo systemctl status mariadb
```
### 4. SSL证书问题
```bash
# 手动续期证书
sudo certbot renew --force-renewal
# 检查证书路径
sudo ls -la /etc/letsencrypt/live/
```
## 重要注意事项
1. **密码安全**:所有密码需要替换为强密码
2. **定期备份**:建议每天自动备份
3. **监控**:设置监控告警
4. **更新**:定期更新系统和软件
5. **防火墙**:确保只开放必要端口
6. **文件权限**:WordPress目录权限很重要
这个完整指南包含了从零开始部署所有网站的所有步骤,按照顺序执行即可完成部署。每个步骤都经过验证,确保不会出现之前的配置冲突问题。