tar czvf ~/wordpress.tar.gz ./wordpress/*

sudo mysqldump -uroot --databases wp_site > ~/db.sql

curl https://getcaddy.com | bash -s personal http.webdav,tls.dns.cloudflare,http.filter,http.cors,tls.dns.godaddy

sudo useradd -s /sbin/nologin -M caddy
sudo groupmems -a caddy -g caddy

sudo vim /etc/systemd/system/caddy.service

[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
; Do not allow the process to be restarted in a tight loop. If the
; process fails to start, something critical needs to be fixed.
StartLimitIntervalSec=14400
StartLimitBurst=20
[Service]
Restart=on-abnormal
; User and group the process will run as.
User=caddy
Group=caddy
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy
Environment=CLOUDFLARE_EMAIL=xxx
Environment=CLOUDFLARE_API_KEY=xxx
Environment=GODADDY_API_KEY=xxx
Environment=GODADDY_API_SECRET=xxx
; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -log-timestamps=false -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
; Use graceful shutdown with a reasonable timeout
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
LimitNPROC=512
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.)
PrivateDevices=false
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=false
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
ReadWritePaths=/etc/ssl/caddy
ReadWriteDirectories=/etc/ssl/caddy
; The following additional security directives only work with systemd v229 or later.
; They further restrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
;AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true
[Install]
WantedBy=multi-user.target

sudo systemctl start caddy
sudo systemctl enable caddy

sudo dnf -y install dnf-utils
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo yum -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
sudo dnf module install php:remi-7.4

sudo vim /etc/php-fpm.d/www.conf

listen.acl_users = apache,nginx

listen.acl_users = apache,nginx,caddy

sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service

sudo dnf install mariadb-server

sudo mysql

CREATE DATABASE 数据库名;
CREATE USER 用户名@localhost;
SET PASSWORD FOR inorin@localhost= PASSWORD("密码");
GRANT ALL PRIVILEGES ON 数据库名.* TO 用户名@localhost IDENTIFIED BY '密码';
FLUSH PRIVILEGES;
exit

tar -zxvf ./wordpress.tar.gz ./wordpress/

sudo mysql
# 在 mysql 中
source db.sql

# Blog
https://blog.mmf.moe {
  tls {
   dns godaddy
  }
  gzip
  root /var/www/wordpress
  fastcgi / /run/php-fpm/www.sock php
  rewrite {
    if {path} not_match ^\/wp-admin|log
    to {path} {path}/ /index.php?{query}
  }
}

sudo systemctl reload caddy

sudo systemctl start firewalld # 开启防火墙
sudo systemctl enable firewalld # 开机自启防火墙
sudo firewall-cmd --set-default-zone=drop # 默认全部 drop
sudo firewall-cmd --add-service=http --permanent # 放行 http
sudo firewall-cmd --add-service=https --permanent # 放行 https
sudo firewall-cmd --add-service=ssh --permanent # 放行 ssh
sudo firewall-cmd --reload # 重载以应用配置