public:computer:oracle_cloud

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
public:computer:oracle_cloud [2021/01/22 15:24] alexpublic:computer:oracle_cloud [2022/04/01 11:04] (current) – [Nginx] alex
Line 21: Line 21:
  
 ===== Create SSH Key ===== ===== Create SSH Key =====
-<code>+<cli>
 $ ssh-keygen $ ssh-keygen
 $ pbcopy < ~/.ssh/id_rsa.pub $ pbcopy < ~/.ssh/id_rsa.pub
 or or
 $ cat ~/.ssh/id_rsa.pub $ cat ~/.ssh/id_rsa.pub
-</code>+</cli>
  
-<code>+<cli>
 $ vi ~/.ssh/config $ vi ~/.ssh/config
 Host  {alias for connect} Host  {alias for connect}
Line 34: Line 34:
 User  {user for login} User  {user for login}
 IdentityFile  ~/.ssh/id_rsa IdentityFile  ~/.ssh/id_rsa
-</code>+</cli>
  
 In the Oracle Virtual Machine In the Oracle Virtual Machine
-<code>+<cli>
 $ vi ~/.ssh/authorized_key $ vi ~/.ssh/authorized_key
 {paste generated ssh key} {paste generated ssh key}
-</code>+</cli>
  
 ===== VM 인스턴스 생성 ===== ===== VM 인스턴스 생성 =====
Line 69: Line 69:
 ===== Server Settings ===== ===== Server Settings =====
 ==== timezone ==== ==== timezone ====
-<code>+<cli>
 $ sudo dpkg-reconfigure tzdata $ sudo dpkg-reconfigure tzdata
-</code>+</cli>
  
 ==== update and upgrade ==== ==== update and upgrade ====
-<code>+<cli>
 $ sudo apt update $ sudo apt update
 $ sudo apt upgrade $ sudo apt upgrade
-</code>+</cli>
  
  
Line 85: Line 85:
  
 === basic installation === === basic installation ===
-<code>+<cli>
 $ sudo apt install apache2 $ sudo apt install apache2
 $ sudo apt upgrade $ sudo apt upgrade
Line 92: Line 92:
 ServerName  {IP or domain} ServerName  {IP or domain}
 $ sudo systemctl restart apache2 $ sudo systemctl restart apache2
-</code>+</cli>
  
 === When connection refused === === When connection refused ===
-<code>+<cli>
 $ sudo iptables-save > ~/iptables-rules $ sudo iptables-save > ~/iptables-rules
 $ sudo iptables -P INPUT ACCEPT $ sudo iptables -P INPUT ACCEPT
 $ sudo iptables -P OUTPUT ACCEPT $ sudo iptables -P OUTPUT ACCEPT
 $ sudo iptables -P FORWARD ACCEPT $ sudo iptables -P FORWARD ACCEPT
-$ sudo iptables -F+$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT 
 +$ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT 
 +$ sudo iptables -F # 재부팅 시 -F 옵션은 꺼진다. 
 +# $ sudo iptables-save  # 안되는 것 같다 
 +$ sudo netfilter-persistent save  # 이걸로 저장이 되는 것 같다. cf.) sudo netfilter-persistent reload
 $ sudo systemctl restart apache2 $ sudo systemctl restart apache2
-</code>+</cli>
  
 === apply HTTP/2 , HTTPS TLS v1.3 === === apply HTTP/2 , HTTPS TLS v1.3 ===
-<code>+<cli>
 $ sudo add-apt-repository ppa:ondrej/apache2 $ sudo add-apt-repository ppa:ondrej/apache2
 $ sudo apt update $ sudo apt update
 $ sudo apt upgrade $ sudo apt upgrade
 $ sudo apt install apache2 libapache2-mod-fcgid libapache2-mod-proxy-uwsgi libapache2-mod-xforward openssl $ sudo apt install apache2 libapache2-mod-fcgid libapache2-mod-proxy-uwsgi libapache2-mod-xforward openssl
-</code>+</cli>
  
 === version check === === version check ===
-<code>+<cli>
 $ /usr/sbin/apache2 -v or -V $ /usr/sbin/apache2 -v or -V
 $ /usr/bin/openssl version $ /usr/bin/openssl version
-</code>+</cli> 
 + 
 +=== set virtual host === 
 +<cli> 
 +$ sudo vi /etc/apache2/sites-available 
 +<VirtualHost *:80> 
 +        ServerName      localhost 
 +        DocumentRoot    /var/www/dokuwiki 
 + 
 +        <Directory ~ "/var/www/dokuwiki/(bin/|conf/|data/|inc/)"> 
 +                <IfModule mode_authz_core.c> 
 +                        AllowOverride All 
 +                        Require all denied 
 +                </IfModule> 
 +                <IfModule !mod_authz_core.c> 
 +                        Order allow,deny 
 +                        Deny from all 
 +                </IfModule> 
 +        </Directory> 
 + 
 +        ErrorLog        /var/log/apache2/dokuwiki_error.log 
 +        CustomLog       /var/log/apache2/dokuwiki_access.log combined 
 +</VirtualHost> 
 +$ sudo a2ensite dokuwiki 
 +$ sudo systemctl restart apache2 
 +</cli> 
 + 
 +==== Nginx ==== 
 +=== Update apt === 
 +<cli> 
 +# sudo apt update && sudo apt upgrade -y 
 +</cli> 
 + 
 +=== Install Nginx === 
 +<cli> 
 +# sudo apt install nginx 
 +</cli> 
 + 
 +=== Execute Nginx === 
 +<cli> 
 +# sudo systemctl start nginx 
 +# sudo systemctl status nginx 
 +</cli> 
 + 
 +=== Troubleshootings on nginx === 
 +  * Job for nginx.service failed because the control process exited with error code 
 +<cli> 
 +# sudo systemctl status nginx.service 
 +</cli> 
 + 
 +  * stop apache2 when running 
 +<cli> 
 +# sudo /etc/init.d/apache2 stop 
 +</cli> 
 + 
 +<cli> 
 +# sudo fuser -k 80/tcp 
 +</cli> 
 + 
 +  * create .conf file: /etc/nginx/conf.d/xxx.xxx.xxx.conf 
 +<sxh> 
 +server  
 +
 +  #server_name example.com;  
 +  root /var/www/dokuwiki;  
 +  index index.php;  
 + 
 +  location / { try_files $uri $uri/ @dokuwiki; }  
 + 
 +  location @dokuwiki  
 +  {  
 +    rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;  
 +    rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;  
 +    rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;  
 +    rewrite ^/(.*) /doku.php?id=$1&$args last;  
 +  }  
 + 
 +  location ~ \.php$  
 +  {  
 +    if (!-f $request_filename) { return 404; }  
 +    include fastcgi_params;  
 +    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;  
 +    fastcgi_param REDIRECT_STATUS 200;  
 +    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;  
 +  }  
 + 
 +  location ~ /(conf|bin|inc|vendor)/  
 +  {  
 +    deny all;  
 +  }  
 + 
 +  location ~ /data/  
 +  {  
 +    internal;  
 +  }  
 + 
 +  #fastcgi_param HTTPS on;  
 +
 +</sxh> 
 +=== etc === 
 +  * version 
 +<cli> 
 +# sudo dpkg -l nginx 
 +# nginx -v 
 +</cli> 
 +  * /etc/nginx/ 
 +<cli> 
 +# sudo find / -name nginx.conf 
 +</cli> 
 +  * test 
 +<cli> 
 +# netstat -lntp 
 +</cli> 
 +  * if netstat doesn't exist 
 +<cli> 
 +# sudo apt install net-tools 
 +</cli> 
 + 
 +  * force ssl 
 +<sxh title:/etc/nginx/snippets/letsencrypt.conf> 
 +# /etc/nginx/snippets/letsencrypt.conf 
 + 
 +location ^~ /.well-known/acme-challenge/
 +  allow all; 
 +  root /var/lib/letsencrypt/; 
 +  default_type "text/plain"; 
 +  try_files $uri =404; 
 +
 +</sxh> 
 + 
 +<sxh title:/etc/nginx/sites-availabe/default> 
 +server { 
 +    listen 80; 
 +    server_name wiki.theta5912.com; 
 +    #root /var/www/dokuwiki; 
 + 
 +    include snippets/letsencrypt.conf; 
 +    return 301 https://$host$request_uri; 
 +
 + 
 +server { 
 +#    listen 80; 
 +    listen 443 ssl; 
 +    listen [::]:443 ssl; 
 + 
 +    server_name wiki.theta5912.com; 
 +#    ssl on; 
 + 
 +    ssl_certificate /etc/letsencrypt/live/wiki.theta5912.com/fullchain.pem; 
 +    ssl_certificate_key /etc/letsencrypt/live/wiki.theta5912.com/privkey.pem; 
 + 
 +    root /var/www/dokuwiki; 
 +    index index.php index.html index.html; 
 + 
 +    location / { 
 +        try_files $uri $uri/ @dokuwiki; 
 +    } 
 + 
 +    location @dokuwiki { 
 +        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; 
 +        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; 
 +        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; 
 +        rewrite ^/(.*) /doku.php?id=$1&$args last; 
 +    } 
 + 
 +    location ~ \.php$ { 
 +        # Caution: be sure the php7.2-fpm.sock matches your version 
 +        include snippets/fastcgi-php.conf; 
 +        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 
 +        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
 +        include fastcgi_params; 
 +    } 
 + 
 +    location ~ /(data|conf|bin|inc|vender)/
 +        deny all; 
 +    } 
 + 
 +
 +                         
 +</sxh>
  
 ==== <del>MySQL</del> mariaDB ==== ==== <del>MySQL</del> mariaDB ====
  
 === install === === install ===
-<code>+<cli>
 <del>$ sudo apt install mysql-server mysql-client</del> <del>$ sudo apt install mysql-server mysql-client</del>
 $ sudo apt install mariadb-server $ sudo apt install mariadb-server
-</code>+</cli>
  
 === change login method to password(optional) === === change login method to password(optional) ===
  
-<code>+<cli>
 mysql> UPDATE mysql.user SET plugin='mysql_native_password', authentication_string=PASSWORD('{password}') WHERE User='root'; mysql> UPDATE mysql.user SET plugin='mysql_native_password', authentication_string=PASSWORD('{password}') WHERE User='root';
 mysql> commit; mysql> commit;
 mysql> FLUSH PRIVILEGES; mysql> FLUSH PRIVILEGES;
 mysql> quit mysql> quit
-</code>+</cli>
  
 === settings === === settings ===
-<code>+<cli>
 $ sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf $ sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf
 $ sudo vi /etc/mysql/mariadb.conf.d/50-server.cnf $ sudo vi /etc/mysql/mariadb.conf.d/50-server.cnf
Line 143: Line 326:
  
 $ sudo systemctl restart mysql $ sudo systemctl restart mysql
-</code>+</cli>
  
 === add user === === add user ===
-<code>+<cli>
 $ sudo mysql $ sudo mysql
  
Line 153: Line 336:
 mysql> grant all privileges on *.* to '{id}'@'%'; mysql> grant all privileges on *.* to '{id}'@'%';
 mysql> flush privileges; mysql> flush privileges;
-</code>+</cli>
 ==== Php ==== ==== Php ====
  
-<code>+<cli>
 $ sudo apt update $ sudo apt update
 $ sudo apt upgrade $ sudo apt upgrade
-$ sudo apt install php php-gd php-xml php-json +$ sudo apt install php php-gd php-xml php-json php7.4-sqlite3 
-</code>+</cli>
  
 <WRAP center round alert 60%> <WRAP center round alert 60%>
Line 166: Line 349:
 </WRAP> </WRAP>
  
-<del> +<cli>
-<code>+
 $ sudo add-apt-repository ppa:ondrej/php $ sudo add-apt-repository ppa:ondrej/php
 $ sudo apt update $ sudo apt update
 $ sudo apt upgrade $ sudo apt upgrade
 $ sudo apt install php8.0-common php8.0-cli php8.0-fpm libapache2-mod-php8.0 php8.0-{bcmath,bz2,cgi,cli,curl,dba,dev,enchant,fpm,gd,gmp,imap,interbase,intl,ldap,mbstring,mysql,odbc,opcache,pgsql,phpdbg,pspell,readline,snmp,soap,sqlite3,sybase,tidy,xml,xmlrpc,zip,,xsl} php-imagick $ sudo apt install php8.0-common php8.0-cli php8.0-fpm libapache2-mod-php8.0 php8.0-{bcmath,bz2,cgi,cli,curl,dba,dev,enchant,fpm,gd,gmp,imap,interbase,intl,ldap,mbstring,mysql,odbc,opcache,pgsql,phpdbg,pspell,readline,snmp,soap,sqlite3,sybase,tidy,xml,xmlrpc,zip,,xsl} php-imagick
-</code>+</cli>
  
-<code+ 
-$ sudo vi /etc/php/8.0/fpm/php.ini+<cli
 +$ sudo vi /etc/php/{version}/fpm/php.ini
 date.timezone = Asia/Seoul date.timezone = Asia/Seoul
 cgi.fix_pathinfo=0 cgi.fix_pathinfo=0
Line 197: Line 380:
 opcache.jit = tracing opcache.jit = tracing
  
-</code>+$ sudo systemctl restart php7.4-fpm.service 
 +</cli>
  
-<code>+<cli>
 $ sudo a2enmod proxy_fcgi setenvif $ sudo a2enmod proxy_fcgi setenvif
 $ sudo a2enconf php8.0-fpm $ sudo a2enconf php8.0-fpm
 $ sudo systemctl restart apache2 $ sudo systemctl restart apache2
-</code> +</cli>
-</del>+
  
-<code>+ 
 +<cli>
 $ sudo usermod -a -G www-data ubuntu $ sudo usermod -a -G www-data ubuntu
-</code>+</cli>
  
 +<cli>
 +$ sudo a2enmod proxy_fcgi
 +$ sudo a2enmod setenvif
 +$ sudo a2enconf php7.4-fpm
 +
 +$ sudo a2dismod php7.4
 +$ sudo a2dismod mpm_prefork
 +$ sudo a2dismod mpm_worker
 +$ sudo a2enmod mpm_event
 +$ sudo service php7.4-fpm status
 +$ sudo systemctl restart apache2
 +</cli>
 +
 +<cli>
 +$ sudo apt update
 +$ sudo apt upgrade
 +$ sudo apt install php7.4-sqlite3
 +$ sudo systemctl restart apache2
 +</cli>
 ==== Let's Encrypt 클라이언트 Certbot 설치 ==== ==== Let's Encrypt 클라이언트 Certbot 설치 ====
  
-<code>+<cli>
 $ sudo apt update $ sudo apt update
 $ sudo apt upgrade $ sudo apt upgrade
Line 219: Line 422:
 $ sudo apt update $ sudo apt update
 $ sudo apt install certbot python3-certbot-apache $ sudo apt install certbot python3-certbot-apache
-</code>+</cli>
  
-<code>+<cli>
 $ sudo certbot --apache $ sudo certbot --apache
 email; email;
Line 233: Line 436:
 1: Attempt to reinstall this existing certificate, 2: Renew & replace the cert (limit ~5 per 7 days); 1: Attempt to reinstall this existing certificate, 2: Renew & replace the cert (limit ~5 per 7 days);
 1: No redirect, 2: Redirect;  1: No redirect, 2: Redirect; 
-</code>+</cli>
  
 인증서 갱신이 정상인 확인 인증서 갱신이 정상인 확인
-<code>+<cli>
 $ sudo certbot renew --dry-run $ sudo certbot renew --dry-run
 $ sudo systemctl restart apache2 $ sudo systemctl restart apache2
-</code>+</cli>
  
-<code>+<cli>
 $ certbot renew $ certbot renew
-</code>+</cli>
  
-<code>+<cli>
 $ sudo crontab -e $ sudo crontab -e
 # renew cert; every month 1st day 4  # renew cert; every month 1st day 4 
 0 4 1 * * /usr/bin/certbot renew --renew-hook="sudo systemctl restart apache2" 0 4 1 * * /usr/bin/certbot renew --renew-hook="sudo systemctl restart apache2"
-</code>+</cli>
  
-<code>+<cli>
 $ sudo certbot delete --cert-name {cert name} $ sudo certbot delete --cert-name {cert name}
-</code>+</cli> 
 + 
 +  * 이미 등록한 체인에 도메인을 추가 또는 삭제 
 +<cli> 
 +$ sudo certbot --cert-name {domain address} -d {domain address} -d {domain address(sub)}... 
 +</cli>
  
 ==== phpMyAdmin ==== ==== phpMyAdmin ====
-<code>+<cli>
 $ sudo apt install phpmyadmin $ sudo apt install phpmyadmin
-</code>+</cli>
  
-<code>+<cli>
 $ sudo vi /etc/apache2/apache2.conf $ sudo vi /etc/apache2/apache2.conf
  
Line 266: Line 474:
  
 $ sudo systemctl restart apache2 $ sudo systemctl restart apache2
-</code>+</cli>
  
 +<cli>
 +$ sudo apt install php-mbstring php7.4-mbstring php7.4-gettext php7.4-mysqlnd
 +$ sudo systemctl restart apache2
 +</cli>
  
 ===== Web Server Settings ===== ===== Web Server Settings =====
Line 280: Line 492:
  
 ==== ssl setting ==== ==== ssl setting ====
 +<sxh>
 +$ sudo vi /etc/apache2/sites-available/000-default.conf
  
 +<VirtualHost *:80>
 +...
 +...
 +  <IfModule mod_rewrite.c>
 +    RewriteEngine On
 +    RewriteCond %{HTTPS} off
 +    RewriteRule .* __ BROKEN-LINK:https://%{SERVER_NAME}%{REQUEST_URI}LINK-BROKEN__ [R,L]
 +  </IfModule>
 +</VirtualHost>
 +</sxh>
 ==== automations ==== ==== automations ====
 === ssl update === === ssl update ===
Line 293: Line 517:
   * [[https://xho95.github.io/macos/security/openssh/ssh/gitlab/2017/02/22/Using-SSH-on-Mac.html|macOS: 맥에서 SSH 키 생성하고 사용하기]]   * [[https://xho95.github.io/macos/security/openssh/ssh/gitlab/2017/02/22/Using-SSH-on-Mac.html|macOS: 맥에서 SSH 키 생성하고 사용하기]]
   * [[https://blog.djjproject.com/647|오라클 프리티어 계정 생성 및 인스턴스 생성하기]]   * [[https://blog.djjproject.com/647|오라클 프리티어 계정 생성 및 인스턴스 생성하기]]
-  * [[https://oraclesean.com/blog/connecting-to-oracle-cloud-with-ssh-and-vnc|Connect to Oracle Cloud with SSH and VNC]]+  * __ BROKEN-LINK:[[https://oraclesean.com/blog/connecting-to-oracle-cloud-with-ssh-and-vnc|Connect to Oracle Cloud with SSH and VNC]]LINK-BROKEN__
   * [[https://kibua20.tistory.com/125|Oracle Cloud SSH Key 여러 개 등록하기 (여러 PC에서 Cloud Access)]]   * [[https://kibua20.tistory.com/125|Oracle Cloud SSH Key 여러 개 등록하기 (여러 PC에서 Cloud Access)]]
   * [[https://jimnong.tistory.com/1125|오라클 클라우드 VM 인스턴스 2개 생성할 때 깔끔하게 구조화하는 방법]]   * [[https://jimnong.tistory.com/1125|오라클 클라우드 VM 인스턴스 2개 생성할 때 깔끔하게 구조화하는 방법]]
Line 304: Line 528:
   * [[https://omty.tistory.com/24|[Ubuntu] 쉽게 따라할 수 있는 Apache2, Mysql, PHP 설치 하기]]   * [[https://omty.tistory.com/24|[Ubuntu] 쉽게 따라할 수 있는 Apache2, Mysql, PHP 설치 하기]]
   * [[https://velog.io/@devyang97/MySQL-%EC%82%AC%EC%9A%A9%EC%9E%90-%EC%B6%94%EA%B0%80-%EB%B0%8F-%EA%B6%8C%ED%95%9C-%EC%84%A4%EC%A0%95|[MySQL] 사용자 추가 및 권한 설정]]   * [[https://velog.io/@devyang97/MySQL-%EC%82%AC%EC%9A%A9%EC%9E%90-%EC%B6%94%EA%B0%80-%EB%B0%8F-%EA%B6%8C%ED%95%9C-%EC%84%A4%EC%A0%95|[MySQL] 사용자 추가 및 권한 설정]]
 +  * [[https://milkye.tistory.com/338|리눅스 Apache HTTP를 강제로 HTTPS로 바꿔 연결하는 방법]]
 +  * [[https://techexpert.tips/ko/%EC%95%84%ED%8C%8C%EC%B9%98/%EC%95%84%ED%8C%8C%EC%B9%98-%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%A6%AC%EB%88%85%EC%8A%A4%EC%97%90-php-fpm-%EC%84%A4%EC%B9%98/|아파치 - 우분투 리눅스에 PHP-FPM 설치]]
 +  * [[https://happist.com/573574/%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%B0%A9%ED%99%94%EB%B2%BD-%EA%B0%95%ED%99%94%EB%A5%BC-%EC%9C%84%ED%95%9C-%EC%9A%B0%EB%B6%84%ED%88%AC-iptables-%EC%84%A4%EC%A0%95%EB%B2%95-ddos-%EB%B0%A9%EC%96%B4|우분투 방화벽 강화를 위한 우분투 IPtables 설정법 – DDoS 방어 포함]]
  • public/computer/oracle_cloud.1611296665.txt.gz
  • Last modified: 2021/01/22 15:24
  • by alex