1核762M内存跑5000IP/天的WordPress？Debian 11 安装 Nginx + PHP7.4 + MariaDB + Memcached 全记录（附 Cloudflare 15 年 SSL 优化）

先说人话：这是一台1核762M内存的小鸡，域名 mgrei.com，日流量 5000IP+。
别笑，穷人也有穷人的玩法，今天就把踩过的坑一次性掏出来，手把手教你在 Debian 11.11 上装 Nginx + PHP7.4 + MariaDB10.5 + Memcached，再挂上Cloudflare 15 年 SSL证书，最后把伪静态、301、缓存全配好。目录统一改到 /www/mgrei，强迫症表示极度舒适。

1. 系统起手式

apt update && apt upgrade -y
apt install curl wget gnupg2 lsb-release -y

2. 安装 Nginx（轻量加速版）

apt install nginx -y

然后直接换成下面这份极简 nginx.conf，不要手抖复制到别的文件里：

/etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 1024;
    use epoll;
    multi_accept on;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    access_log /var/log/nginx/access.log;
    error_log  /var/log/nginx/error.log;

    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss image/svg+xml;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

3. 装 PHP7.4-FPM

apt install php7.4-fpm php7.4-mysql php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl php7.4-zip php7.4-opcache php-memcached -y

如果启动报错，99% 是 pool 目录空了：

Job for php7.4-fpm.service failed...

一键治百病：

sudo tee /etc/php/7.4/fpm/pool.d/www.conf >/dev/null <<'EOF'
[www]
user = www-data
group = www-data
listen = /run/php/php7.4-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = ondemand
pm.max_children = 5
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
pm.max_requests = 200
EOF

sudo systemctl daemon-reload
sudo systemctl restart php7.4-fpm
sudo systemctl status php7.4-fpm --no-pager -l

4. 装 MariaDB10.5

apt install mariadb-server-10.5 -y
mysql_secure_installation

小内存优化：

/etc/mysql/mariadb.conf.d/50-server.cnf

[mysqld]
innodb_buffer_pool_size = 128M
query_cache_type = 0
query_cache_size = 0
max_connections = 30
thread_cache_size = 4
key_buffer_size = 16M
innodb_log_file_size = 32M

systemctl restart mariadb

5. Memcached 64M 封顶

apt install memcached -y

/etc/memcached.conf

-m 64
-c 128
-l 127.0.0.1

systemctl restart memcached

6. 创建网站目录 & 权限

mkdir -p /www/mgrei
chown -R www-data:www-data /www/mgrei

7. Cloudflare 15 年 SSL 证书 + 全站 301 + 缓存 + WordPress 伪静态

把Cloudflare Origin CA 证书（mgrei.com.pem & mgrei.com.key）丢进：

/etc/ssl/certs/mgrei.com.pem
/etc/ssl/private/mgrei.com.key

站点配置文件：

/etc/nginx/sites-available/mgrei.com

server {
    listen 80;
    server_name mgrei.com www.mgrei.com;
    return 301 https://www.mgrei.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name mgrei.com;
    ssl_certificate     /etc/ssl/certs/mgrei.com.pem;
    ssl_certificate_key /etc/ssl/private/mgrei.com.key;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    return 301 https://www.mgrei.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name www.mgrei.com;

    root /www/mgrei;
    index index.php index.html;

    ssl_certificate     /etc/ssl/certs/mgrei.com.pem;
    ssl_certificate_key /etc/ssl/private/mgrei.com.key;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

    # 静态缓存
    location ~* \.(css|js)$ {
        expires 1d;
        add_header Cache-Control "public, immutable";
        access_log off;
    }
    location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|woff|woff2|ttf|eot)$ {
        expires 365d;
        add_header Cache-Control "public, immutable";
        access_log off;
    }

    # WordPress 伪静态
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location ~ /\. { deny all; }
}

启用并检查：

sudo ln -sf /etc/nginx/sites-available/mgrei.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx

8. 防火墙 & 开机自启

apt install ufw -y
ufw allow 22
ufw allow 80
ufw allow 443
ufw --force enable

systemctl enable nginx php7.4-fpm mariadb memcached

9. 一键申请 Let’s Encrypt（可选备用）

apt install certbot python3-certbot-nginx -y
certbot --nginx -d mgrei.com -d www.mgrei.com

10. 总结一句话

1 核 762M 的机子也能扛 5000IP/天，秘诀就四个字：能省就省。把本文抄完，mgrei.com 就能跑得像模像样。祝少掉线、多赚钱！