CMS Made Simple的Caddy配置

这篇文章介绍了通过Caddy使用CMS Made Simple的配置。

CMS Made Simple 需要满足这样一些最低要求

本示例使用如下架构:

  • Ubuntu 16.04 Server
  • PHP version 7.0
  • MariaDB

安装Caddy

安装caddy,更换用户名。

给caddy创建一个专用目录:

mkdir ~/caddy

下载Caddyfile并且更换为你的域名。

下载caddy@.service,更换为PHP文件使用的用户名,邮箱地址也换成你的,并且添加到/etc/systemd/system/caddy@.service

安装caddy。如果有需要,也可以选择hugo或者git等插件,把~/caddy目录切换成你的用户名。

curl https://getcaddy.com | bash -s ipfilter,ratelimit
sudo setcap cap_net_bind_service=+ep /usr/local/bin/caddy
sudo systemctl daemon-reload
sudo systemctl stop caddy@username
sudo systemctl start caddy@username
sudo systemctl enable caddy@username

安装PHP和MariaDB

在Ubuntu系统,我们可以使用下面的命令来安装:

sudo apt update

sudo apt install php7.0-common php7.0-cli php7.0-curl php7.0-fpm php7.0-gd \
php7.0-gd php7.0-json php7.0-mbstring php7.0-mysql php7.0-mysql \
php7.0-opcache php7.0-readline php7.0-xml mariadb-server

安装MariaDB并且创建数据库。

# 1) sudo to root
sudo su

# 2) Go through steps securing your database. Add root password for your database.
mysql_secure_installation

# 3) Start MariaDB database CLI, use root password you created at previous step
mysql -hlocalhost -uroot -p

# 4) Set your whole database to use UTF-8.
SET character_set_server = 'utf8';

# 5) Set database result ordering. Yours could be different.
SET collation_server = 'utf8_swedish_ci';

# 6) Create database for CMS Made Simple. You could name differently.
CREATE DATABASE simple;

# 7) Create user for that database, and add password. Change to your own.
CREATE USER 'simple'@'localhost' IDENTIFIED BY 'password';

# 8) Give previously created user access to datatabase
GRANT ALL PRIVILEGES ON simple.* to 'simple'@'localhost';

# 9) Take these new settings to be used immediately, and exit.
FLUSH PRIVILEGES;
exit

更换/etc/php/7.0/fpm/php.ini的配置为你需要的参数:

; Maximum upload filesize
upload_max_filesize = 2G
; Maximum post size, may contain multiple files
post_max_size = 4G
max_file_uploads = 20
max_execution_time = 120
max_input_time = 60
memory_limit = 128M
; Disable showing errors
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED

这个php.ini文件禁用了pnctl功能,因为安全原因,在Ubuntu系统下是默认被禁用的。所以虽然有的扩展需要它,我也没有启用它。

disable_functions = pcntl...

更换/etc/php/7.0/fpm/pool.d/www.conf的用户为你的CMS Made Simple文件对应的用户:

user = username
group = username
listen.owner = username
listen.group = username

安装CMS Made Simple

下载最新的CMS Made Simple的PHP安装文件

添加到~/caddy/example.com/public/cmsms-[VERSION]-install.php

https://example.com/cmsms-[VERSION]-install.php使用安装向导安装它。

在配置中加入URL转发功能:

cd ~/caddy/example.com/public/
sudo nano config.php
# Add this line to bottom:
$config['url_rewriting'] = 'mod_rewrite';

你可以将下面的内容保存成reload-caddy.sh脚本,将域名改成你自己的,将caddy@username中的username改成php文件对应的用户:

#!/bin/bash
sudo systemctl daemon-reload
sudo systemctl stop caddy@username
sudo systemctl stop php7.0-fpm
sudo systemctl start php7.0-fpm
sudo systemctl start caddy@username
# Delete CMS Made Simple cache files
rm ~/caddy/example.com/public/tmp/cache/*
rm ~/caddy/example.com/public/tmp/templates_c/*
And make it executeable:

chmod +x ./reload-caddy.sh

在需要的时候就可以运行了:

./reload-caddy.sh

Caddyfile

example.com {
	root /home/username/caddy/example.com/public
	fastcgi / /var/run/php/php7.0-fpm.sock php

	rewrite {
		to {path} {path}/ /index.php?page={uri_escaped}
	}
}

caddy@service脚本

; see `man systemd.unit` for configuration details
; the man section also explains *specifiers* `%x`

[Unit]
Description=Caddy HTTP/2 web server %I
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target
Wants=systemd-networkd-wait-online.service

[Service]
; run user and group for caddy
User=username
Group=username
ExecStart=/usr/local/bin/caddy -conf=/home/username/caddy/Caddyfile -agree -email="firstname.lastname@example.com"
Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5
RestartSec=10
ExecReload=/bin/kill -USR1 $MAINPID
; limit the number of file descriptors, see `man systemd.exec` for more limit settings
LimitNOFILE=1048576
LimitNPROC=64
; create a private temp folder that is not shared with other processes
PrivateTmp=true
PrivateDevices=true
ProtectSystem=full
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target