第一步 买 VPS
https://securedragon.net/clients/cart.php?a=add&pid=299
发工单让客服改成 32MB
第二步 配置基础环境
换系统,换成Alpine,这个真的很省资源
wget https://www.moerats.com/usr/shell/alpine.sh && bash alpine.sh
安装 Dropbear
apk update
apk add dropbear
修改 Dropbear 端口
vi /etc/init.d/dropbear
把
DROPBEAR_OPTS=""
改成
DROPBEAR_OPTS="-p 你想要的 SSH 端口(不要与 OpenSSH端口冲突)"
启动 Dropbear
service dropbear start
rc-update add dropbear default
重新通过 Dropbear 端口登录 SSH
卸载 OpenSSH
service sshd stop
apk del openssh
因为 Dropbear 不支持 SFTP,所以安装 lrzsz 替代,这个可以在 Xshell 终端直接拖拽文件进去
apk add wget gcc g++ make
wget https://ohse.de/uwe/releases/lrzsz-0.12.20.tar.gz
tar -xf lrzsz-0.12.20.tar.gz
cd lrzsz-0.12.20/
./configure
make; make install
ln -s /usr/local/bin/lrz /usr/local/bin/rz
ln -s /usr/local/bin/lsz /usr/local/bin/sz
安装 Lighttpd,别试 Caddy 了,虽然 Caddy 配置 SSL 方便,但是实际没有 Lighttpd 省资源
apk add lighttpd
rc-update add lighttpd default
rc-service lighttpd restart
安装 PHP,这个年头了,当然要 PHP 7啦,毕竟 Typecho 都迁移到 PHP 7.2 + 了
apk add php7 php7-ctype php7-curl php7-dom php7-fpm php7-iconv php7-gd php7-json php7-openssl php7-pdo php7-pdo_sqlite php7-sqlite3 php7-xml php7-xmlreader php7-phar php7-posix php7-ftp php7-session php7-bcmath php7-mcrypt php7-sockets php7-mbstring php7-tokenizer
# 修改 PHP 配置
sed -i 's@^;date.timezone.*@date.timezone = Asia/Shanghai@' /etc/php7/php.ini
sed -i "s@^memory_limit.*@memory_limit = 12M@" /etc/php7/php.ini
sed -i "s|;*cgi.fix_pathinfo=.*|cgi.fix_pathinfo=1|i" /etc/php7/php.ini
# 修改 Lighttpd 配置,启用 FastCGI、SSL、rewrite、redirect
sed -i 's/# include "mod_fastcgi.conf"/ include "mod_fastcgi.conf\ninclude "mod_ssl.conf""/g' /etc/lighttpd/lighttpd.conf
sed -i 's/# "mod_rewrite","/ "mod_rewrite","/g' /etc/lighttpd/lighttpd.conf
sed -i 's/# "mod_redirect","/ "mod_redirect","/g' /etc/lighttpd/lighttpd.conf
rc-service lighttpd restart
cat > /etc/lighttpd/mod_ssl.conf <<EOF
server.modules += ("mod_openssl")
server.modules += ("mod_setenv")
$HTTP["scheme"] == "https" {
setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=63072000; includeSubdomains; ")
}
第三步 配置虚拟主机
先使用acme.sh
申请SSL证书,Lighttpd要求SSL证书和私钥放在一个文件里
mkdir -p /web/32mb.cc
chown -R lighttpd.lighttpd /web/32mb.cc
export DP_Id=xxx
export DP_Key=xxx
acme.sh --issue --dns dns_dp -d 32mb.cc -d *.32mb.cc
acme.sh --install-cert -d 32mb.cc \
--key-file /web/32mb.cc.key \
--fullchain-file /web/32mb.cc.crt \
--reloadcmd "cat /web/32mb.cc.key /web/32mb.cc.crt > /web/32mb.cc.pem; service lighttpd restart"
新增虚拟主机,修改/etc/lighttpd/lighttpd.conf
,在最后一行之前加入
# virtual host
$HTTP["host"] =~ "^(www.)?32mb.cc" {
server.document-root = "/web/32mb.cc"
accesslog.filename = "/web/32mb.cc.log"
$HTTP["scheme"] == "http" {
# redirect to https, port 443:
url.redirect = (".*" => "https://%0$0")
}
}
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/web/32mb.cc.pem"
$HTTP["host"] =~ "(^|www\.)32mb.cc" {
ssl.pemfile = "/web/32mb.cc.pem"
# 这是 typecho 的伪静态规则,其他程序自行修改
url.rewrite-if-not-file = (
"^/(admin|usr)/(.*)" => "/$1/$2",
"^/(.*)$" => "/index.php/$1"
)
}
}
然后就是安装 Typecho 啦