Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:computer:oracle_cloud [2021/01/22 15:24] – alex | public:computer:oracle_cloud [2022/04/01 11:04] (current) – [Nginx] alex | ||
---|---|---|---|
Line 21: | Line 21: | ||
===== Create SSH Key ===== | ===== Create SSH Key ===== | ||
- | <code> | + | <cli> |
$ ssh-keygen | $ ssh-keygen | ||
$ pbcopy < ~/ | $ pbcopy < ~/ | ||
or | or | ||
$ cat ~/ | $ cat ~/ | ||
- | </code> | + | </cli> |
- | <code> | + | <cli> |
$ vi ~/ | $ vi ~/ | ||
Host {alias for connect} | Host {alias for connect} | ||
Line 34: | Line 34: | ||
User {user for login} | User {user for login} | ||
IdentityFile | IdentityFile | ||
- | </code> | + | </cli> |
In the Oracle Virtual Machine | In the Oracle Virtual Machine | ||
- | <code> | + | <cli> |
$ vi ~/ | $ vi ~/ | ||
{paste generated ssh key} | {paste generated ssh key} | ||
- | </code> | + | </cli> |
===== VM 인스턴스 생성 ===== | ===== VM 인스턴스 생성 ===== | ||
Line 69: | Line 69: | ||
===== Server Settings ===== | ===== Server Settings ===== | ||
==== timezone ==== | ==== timezone ==== | ||
- | <code> | + | <cli> |
$ sudo dpkg-reconfigure tzdata | $ sudo dpkg-reconfigure tzdata | ||
- | </code> | + | </cli> |
==== update and upgrade ==== | ==== update and upgrade ==== | ||
- | <code> | + | <cli> |
$ sudo apt update | $ sudo apt update | ||
$ sudo apt upgrade | $ sudo apt upgrade | ||
- | </code> | + | </cli> |
Line 85: | Line 85: | ||
=== basic installation === | === basic installation === | ||
- | <code> | + | <cli> |
$ sudo apt install apache2 | $ sudo apt install apache2 | ||
$ sudo apt upgrade | $ sudo apt upgrade | ||
Line 92: | Line 92: | ||
ServerName | ServerName | ||
$ sudo systemctl restart apache2 | $ sudo systemctl restart apache2 | ||
- | </code> | + | </cli> |
=== When connection refused === | === When connection refused === | ||
- | <code> | + | <cli> |
$ sudo iptables-save > ~/ | $ sudo iptables-save > ~/ | ||
$ sudo iptables -P INPUT ACCEPT | $ sudo iptables -P INPUT ACCEPT | ||
$ sudo iptables -P OUTPUT ACCEPT | $ sudo iptables -P OUTPUT ACCEPT | ||
$ sudo iptables -P FORWARD ACCEPT | $ sudo iptables -P FORWARD ACCEPT | ||
- | $ sudo iptables -F | + | $ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT |
+ | $ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT | ||
+ | $ sudo iptables -F # 재부팅 시 -F 옵션은 꺼진다. | ||
+ | # $ sudo iptables-save | ||
+ | $ sudo netfilter-persistent save # 이걸로 저장이 되는 것 같다. cf.) sudo netfilter-persistent reload | ||
$ sudo systemctl restart apache2 | $ sudo systemctl restart apache2 | ||
- | </code> | + | </cli> |
=== apply HTTP/2 , HTTPS TLS v1.3 === | === apply HTTP/2 , HTTPS TLS v1.3 === | ||
- | <code> | + | <cli> |
$ sudo add-apt-repository ppa: | $ sudo add-apt-repository ppa: | ||
$ sudo apt update | $ sudo apt update | ||
$ sudo apt upgrade | $ sudo apt upgrade | ||
$ sudo apt install apache2 libapache2-mod-fcgid libapache2-mod-proxy-uwsgi libapache2-mod-xforward openssl | $ sudo apt install apache2 libapache2-mod-fcgid libapache2-mod-proxy-uwsgi libapache2-mod-xforward openssl | ||
- | </code> | + | </cli> |
=== version check === | === version check === | ||
- | <code> | + | <cli> |
$ / | $ / | ||
$ / | $ / | ||
- | </ | + | </cli> |
+ | |||
+ | === set virtual host === | ||
+ | < | ||
+ | $ sudo vi / | ||
+ | < | ||
+ | ServerName | ||
+ | DocumentRoot | ||
+ | |||
+ | < | ||
+ | < | ||
+ | AllowOverride All | ||
+ | Require all denied | ||
+ | </ | ||
+ | < | ||
+ | Order allow, | ||
+ | Deny from all | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ErrorLog | ||
+ | CustomLog | ||
+ | </ | ||
+ | $ sudo a2ensite dokuwiki | ||
+ | $ sudo systemctl restart apache2 | ||
+ | </ | ||
+ | |||
+ | ==== Nginx ==== | ||
+ | === Update apt === | ||
+ | < | ||
+ | # sudo apt update && sudo apt upgrade -y | ||
+ | </ | ||
+ | |||
+ | === Install Nginx === | ||
+ | < | ||
+ | # sudo apt install nginx | ||
+ | </ | ||
+ | |||
+ | === Execute Nginx === | ||
+ | < | ||
+ | # sudo systemctl start nginx | ||
+ | # sudo systemctl status nginx | ||
+ | </ | ||
+ | |||
+ | === Troubleshootings on nginx === | ||
+ | * Job for nginx.service failed because the control process exited with error code | ||
+ | < | ||
+ | # sudo systemctl status nginx.service | ||
+ | </ | ||
+ | |||
+ | * stop apache2 when running | ||
+ | < | ||
+ | # sudo / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # sudo fuser -k 80/tcp | ||
+ | </ | ||
+ | |||
+ | * create .conf file: / | ||
+ | < | ||
+ | server | ||
+ | { | ||
+ | # | ||
+ | root / | ||
+ | index index.php; | ||
+ | |||
+ | location / { try_files $uri $uri/ @dokuwiki; } | ||
+ | |||
+ | location @dokuwiki | ||
+ | { | ||
+ | rewrite ^/ | ||
+ | rewrite ^/ | ||
+ | rewrite ^/ | ||
+ | rewrite ^/(.*) / | ||
+ | } | ||
+ | |||
+ | location ~ \.php$ | ||
+ | { | ||
+ | if (!-f $request_filename) { return 404; } | ||
+ | include fastcgi_params; | ||
+ | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
+ | fastcgi_param REDIRECT_STATUS 200; | ||
+ | fastcgi_pass unix:/ | ||
+ | } | ||
+ | |||
+ | location ~ / | ||
+ | { | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | location ~ /data/ | ||
+ | { | ||
+ | internal; | ||
+ | } | ||
+ | |||
+ | # | ||
+ | } | ||
+ | </ | ||
+ | === etc === | ||
+ | * version | ||
+ | < | ||
+ | # sudo dpkg -l nginx | ||
+ | # nginx -v | ||
+ | </ | ||
+ | * / | ||
+ | < | ||
+ | # sudo find / -name nginx.conf | ||
+ | </ | ||
+ | * test | ||
+ | < | ||
+ | # netstat -lntp | ||
+ | </ | ||
+ | * if netstat doesn' | ||
+ | < | ||
+ | # sudo apt install net-tools | ||
+ | </ | ||
+ | |||
+ | * force ssl | ||
+ | <sxh title:/ | ||
+ | # / | ||
+ | |||
+ | location ^~ / | ||
+ | allow all; | ||
+ | root / | ||
+ | default_type " | ||
+ | try_files $uri =404; | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | <sxh title:/ | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name wiki.theta5912.com; | ||
+ | #root / | ||
+ | |||
+ | include snippets/ | ||
+ | return 301 https:// | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | # listen 80; | ||
+ | listen 443 ssl; | ||
+ | listen [::]:443 ssl; | ||
+ | |||
+ | server_name wiki.theta5912.com; | ||
+ | # ssl on; | ||
+ | |||
+ | ssl_certificate / | ||
+ | ssl_certificate_key / | ||
+ | |||
+ | root / | ||
+ | index index.php index.html index.html; | ||
+ | |||
+ | location / { | ||
+ | try_files $uri $uri/ @dokuwiki; | ||
+ | } | ||
+ | |||
+ | location @dokuwiki { | ||
+ | rewrite ^/ | ||
+ | rewrite ^/ | ||
+ | rewrite ^/ | ||
+ | rewrite ^/(.*) / | ||
+ | } | ||
+ | |||
+ | location ~ \.php$ { | ||
+ | # Caution: be sure the php7.2-fpm.sock matches your version | ||
+ | include snippets/ | ||
+ | fastcgi_pass unix:/ | ||
+ | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
+ | include fastcgi_params; | ||
+ | } | ||
+ | |||
+ | location ~ / | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | } | ||
+ | |||
+ | </sxh> | ||
==== < | ==== < | ||
=== install === | === install === | ||
- | <code> | + | <cli> |
< | < | ||
$ sudo apt install mariadb-server | $ sudo apt install mariadb-server | ||
- | </code> | + | </cli> |
=== change login method to password(optional) === | === change login method to password(optional) === | ||
- | <code> | + | <cli> |
mysql> UPDATE mysql.user SET plugin=' | mysql> UPDATE mysql.user SET plugin=' | ||
mysql> commit; | mysql> commit; | ||
mysql> FLUSH PRIVILEGES; | mysql> FLUSH PRIVILEGES; | ||
mysql> quit | mysql> quit | ||
- | </code> | + | </cli> |
=== settings === | === settings === | ||
- | <code> | + | <cli> |
$ sudo vi / | $ sudo vi / | ||
$ sudo vi / | $ sudo vi / | ||
Line 143: | Line 326: | ||
$ sudo systemctl restart mysql | $ sudo systemctl restart mysql | ||
- | </code> | + | </cli> |
=== add user === | === add user === | ||
- | <code> | + | <cli> |
$ sudo mysql | $ sudo mysql | ||
Line 153: | Line 336: | ||
mysql> grant all privileges on *.* to ' | mysql> grant all privileges on *.* to ' | ||
mysql> flush privileges; | mysql> flush privileges; | ||
- | </code> | + | </cli> |
==== Php ==== | ==== Php ==== | ||
- | <code> | + | <cli> |
$ sudo apt update | $ sudo apt update | ||
$ sudo apt upgrade | $ sudo apt upgrade | ||
- | $ sudo apt install php php-gd php-xml php-json | + | $ sudo apt install php php-gd php-xml php-json |
- | </code> | + | </cli> |
<WRAP center round alert 60%> | <WRAP center round alert 60%> | ||
Line 166: | Line 349: | ||
</ | </ | ||
- | <del> | + | <cli> |
- | <code> | + | |
$ sudo add-apt-repository ppa: | $ sudo add-apt-repository ppa: | ||
$ sudo apt update | $ sudo apt update | ||
$ sudo apt upgrade | $ sudo apt upgrade | ||
$ sudo apt install php8.0-common php8.0-cli php8.0-fpm libapache2-mod-php8.0 php8.0-{bcmath, | $ sudo apt install php8.0-common php8.0-cli php8.0-fpm libapache2-mod-php8.0 php8.0-{bcmath, | ||
- | </code> | + | </cli> |
- | <code> | + | |
- | $ sudo vi /etc/php/8.0/ | + | <cli> |
+ | $ sudo vi /etc/php/{version}/ | ||
date.timezone = Asia/Seoul | date.timezone = Asia/Seoul | ||
cgi.fix_pathinfo=0 | cgi.fix_pathinfo=0 | ||
Line 197: | Line 380: | ||
opcache.jit = tracing | opcache.jit = tracing | ||
- | </code> | + | $ sudo systemctl restart php7.4-fpm.service |
+ | </cli> | ||
- | <code> | + | <cli> |
$ sudo a2enmod proxy_fcgi setenvif | $ sudo a2enmod proxy_fcgi setenvif | ||
$ sudo a2enconf php8.0-fpm | $ sudo a2enconf php8.0-fpm | ||
$ sudo systemctl restart apache2 | $ sudo systemctl restart apache2 | ||
- | </code> | + | </cli> |
- | </del> | + | |
- | <code> | + | |
+ | <cli> | ||
$ sudo usermod -a -G www-data ubuntu | $ sudo usermod -a -G www-data ubuntu | ||
- | </code> | + | </cli> |
+ | <cli> | ||
+ | $ sudo a2enmod proxy_fcgi | ||
+ | $ sudo a2enmod setenvif | ||
+ | $ sudo a2enconf php7.4-fpm | ||
+ | |||
+ | $ sudo a2dismod php7.4 | ||
+ | $ sudo a2dismod mpm_prefork | ||
+ | $ sudo a2dismod mpm_worker | ||
+ | $ sudo a2enmod mpm_event | ||
+ | $ sudo service php7.4-fpm status | ||
+ | $ sudo systemctl restart apache2 | ||
+ | </ | ||
+ | |||
+ | <cli> | ||
+ | $ sudo apt update | ||
+ | $ sudo apt upgrade | ||
+ | $ sudo apt install php7.4-sqlite3 | ||
+ | $ sudo systemctl restart apache2 | ||
+ | </ | ||
==== Let's Encrypt 클라이언트 Certbot 설치 ==== | ==== Let's Encrypt 클라이언트 Certbot 설치 ==== | ||
- | <code> | + | <cli> |
$ sudo apt update | $ sudo apt update | ||
$ sudo apt upgrade | $ sudo apt upgrade | ||
Line 219: | Line 422: | ||
$ sudo apt update | $ sudo apt update | ||
$ sudo apt install certbot python3-certbot-apache | $ sudo apt install certbot python3-certbot-apache | ||
- | </code> | + | </cli> |
- | <code> | + | <cli> |
$ sudo certbot --apache | $ sudo certbot --apache | ||
email; | email; | ||
Line 233: | Line 436: | ||
1: Attempt to reinstall this existing certificate, | 1: Attempt to reinstall this existing certificate, | ||
1: No redirect, 2: Redirect; | 1: No redirect, 2: Redirect; | ||
- | </code> | + | </cli> |
인증서 갱신이 정상인 확인 | 인증서 갱신이 정상인 확인 | ||
- | <code> | + | <cli> |
$ sudo certbot renew --dry-run | $ sudo certbot renew --dry-run | ||
$ sudo systemctl restart apache2 | $ sudo systemctl restart apache2 | ||
- | </code> | + | </cli> |
- | <code> | + | <cli> |
$ certbot renew | $ certbot renew | ||
- | </code> | + | </cli> |
- | <code> | + | <cli> |
$ sudo crontab -e | $ sudo crontab -e | ||
# renew cert; every month 1st day 4 | # renew cert; every month 1st day 4 | ||
0 4 1 * * / | 0 4 1 * * / | ||
- | </code> | + | </cli> |
- | <code> | + | <cli> |
$ sudo certbot delete --cert-name {cert name} | $ sudo certbot delete --cert-name {cert name} | ||
- | </code> | + | </cli> |
+ | |||
+ | * 이미 등록한 체인에 도메인을 추가 또는 삭제 | ||
+ | < | ||
+ | $ sudo certbot --cert-name {domain address} -d {domain address} -d {domain address(sub)}... | ||
+ | </cli> | ||
==== phpMyAdmin ==== | ==== phpMyAdmin ==== | ||
- | <code> | + | <cli> |
$ sudo apt install phpmyadmin | $ sudo apt install phpmyadmin | ||
- | </code> | + | </cli> |
- | <code> | + | <cli> |
$ sudo vi / | $ sudo vi / | ||
Line 266: | Line 474: | ||
$ sudo systemctl restart apache2 | $ sudo systemctl restart apache2 | ||
- | </code> | + | </cli> |
+ | <cli> | ||
+ | $ sudo apt install php-mbstring php7.4-mbstring php7.4-gettext php7.4-mysqlnd | ||
+ | $ sudo systemctl restart apache2 | ||
+ | </ | ||
===== Web Server Settings ===== | ===== Web Server Settings ===== | ||
Line 280: | Line 492: | ||
==== ssl setting ==== | ==== ssl setting ==== | ||
+ | <sxh> | ||
+ | $ sudo vi / | ||
+ | < | ||
+ | ... | ||
+ | ... | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule .* __ BROKEN-LINK: | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
==== automations ==== | ==== automations ==== | ||
=== ssl update === | === ssl update === | ||
Line 293: | Line 517: | ||
* [[https:// | * [[https:// | ||
* [[https:// | * [[https:// | ||
- | * [[https:// | + | * __ BROKEN-LINK: |
* [[https:// | * [[https:// | ||
* [[https:// | * [[https:// | ||
Line 304: | Line 528: | ||
* [[https:// | * [[https:// | ||
* [[https:// | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// |