環境

構築時の最新バージョンを利用します。

phpインストールと設定

php7.1系をインストールするのでepelとremiのリポジトリを追加してインストールします。

# yum install epel-release
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
# yum install --enablerepo=remi,remi-php71 php php-devel php-fpm php-mysql

php-fpmの設定ファイル書き換えます。
実行ユーザをapachからnginxに変更。
tcpからunixドメインソケットを使用するように変更。

# sed -i "s/user = apache/user = nginx/" /etc/php-fpm.d/www.conf
# sed -i "s/group = apache/group = nginx/" /etc/php-fpm.d/www.conf
# sed -i "s/listen = 127.0.0.1:9000/listen = /var/run/php-fpm/php-fpm.sock" /etc/php-fpm.d/www.conf

systemdのファイルを書き換えて、ソケットファイル用のディレクトリのオーナーも変更します。

# vi /usr/lib/systemd/system/php-fpm.service
User = nginx
Group = nginx
上の２行を追記 [Service] セクションに追記します。

# chown -R nginx:nginx /var/run/php-fpm

php-fpmを起動しておきます。

# systemctl start php-fpm

Nginxインストールと設定

nginx用のリポジトリを追加してインストールします。

# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

$ yum install nginx

nginx.confを適当に設定します。/etc/nginx/nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format ltsv "local_time:$time_local"
"\thost:$remote_addr"
"\tforwardedfor:$http_x_forwarded_for"
"\tforwardedforproto:$http_x_forwarded_proto"
"\treq:$request"
"\tstatus:$status"
"\tsize:$body_bytes_sent"
"\treferer:$http_referer"
"\tua:$http_user_agent"
"\treqtime:$request_time"
"\tcache:$upstream_http_x_cache"
"\truntime:$upstream_http_x_runtime"
"\tvhost:$host"
"\tmethod:$request_method"
"\turi:$request_uri";

access_log /var/log/nginx/access.log ltsv;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
client_max_body_size 13m;

server_tokens off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

include /etc/nginx/conf.d/*.conf;
}

バーチャルホスト用のファイルを作成します。/etc/nginx/conf.d/hoge.conf

upstream php {
server unix:/run/php-fpm/php-fpm.sock;
}

server {
listen 80 default_server;
server_name hoge.example.com;

access_log /var/log/nginx/hoge.example.com/access.log ltsv;
error_log /var/log/nginx/hoge.example.com/error.log notice;

etag off;
autoindex off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
client_header_buffer_size 1k;
large_client_header_buffers 4 8k;

root /usr/share/nginx/hoge.example.com/html;
index index.html index.htm index.php;

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location / {
try_files $uri $uri/ /index.php?$args;
}

rewrite /wp-admin$ $scheme://$host$uri/ permanent;

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}

location ~* /wp-config.php {
deny all;
return 404;
}

location ~* /xmlrpc.php {
deny all;
return 404;
}

location /wp-admin {
allow xxx.xxx.xxx.xxx;
deny all;
}

location = /wp-login.php {
allow xxx.xxx.xxx.xxx;
deny all;

fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}

location ~ \.php$ {
try_files $uri =404;

fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}
}

とりあえずnginx起動しておきます。

# nginx -t
# systemctl start nginx

MariaDBインストールと設定

mariadbのリポジトリを追加してインストールします。

# vi /etc/yum.repos.d/mariadb.repo

# MariaDB 10.2 CentOS repository list - created 2018-01-06 07:26 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

# yum install MariaDB-server MariaDB-client

起動してmysqlの初期設定を行います。

# systemctl start mysql
# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

ログインしてwordpress用のDBとユーザ作成します。

# mysql -uroot -p
CREATE DATABASE databasename;
GRANT ALL PRIVILEGES ON databasename.* TO "username"@"localhost" IDENTIFIED BY "password";
FLUSH PRIVILEGES;

wordpress設置

wordpressダウンロードしてドキュメントルートへ配置します。

# cd /usr/local/src/
# wget https://ja.wordpress.org/latest-ja.tar.gz
# tar zxf latest-ja.tar.gz

# cp -ipr /usr/local/src/wordpress/* /usr/share/nginx/hoge.example.com/html/
# chown -R nginx:nginx /usr/share/nginx/hoge.example.com/html/

wordpressの設定ファイルを編集します。
DB_NAME DB_USER DB_PASSWORD DB_HOST を環境に合わせて編集します。
* 認証用ユニークキー を ジェネレーター を使って修正します。

# cd /usr/share/nginx/hoge.example.com/html
# mv wp-config-sample.php wp-config.php
# vi wp-config.php

ブラウザからインストールスクリプト実行します。
http://hoge.example.com/wp-admin/install.php