public:computer:oracle_cloud

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
public:computer:oracle_cloud [2021/02/26 18:58] alexpublic:computer:oracle_cloud [2022/04/01 11:04] (current) – [Nginx] alex
Line 100: Line 100:
 $ sudo iptables -P OUTPUT ACCEPT $ sudo iptables -P OUTPUT ACCEPT
 $ sudo iptables -P FORWARD ACCEPT $ sudo iptables -P FORWARD ACCEPT
-$ sudo iptables -F +$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT 
-$ sudo iptables-save+$ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT 
 +$ sudo iptables -F # 재부팅 시 -F 옵션은 꺼진다. 
 +$ sudo iptables-save  # 안되는 것 같다 
 +$ sudo netfilter-persistent save  # 이걸로 저장이 되는 것 같다. cf.) sudo netfilter-persistent reload
 $ sudo systemctl restart apache2 $ sudo systemctl restart apache2
 </cli> </cli>
Line 118: Line 121:
 $ /usr/bin/openssl version $ /usr/bin/openssl version
 </cli> </cli>
 +
 +=== set virtual host ===
 +<cli>
 +$ sudo vi /etc/apache2/sites-available
 +<VirtualHost *:80>
 +        ServerName      localhost
 +        DocumentRoot    /var/www/dokuwiki
 +
 +        <Directory ~ "/var/www/dokuwiki/(bin/|conf/|data/|inc/)">
 +                <IfModule mode_authz_core.c>
 +                        AllowOverride All
 +                        Require all denied
 +                </IfModule>
 +                <IfModule !mod_authz_core.c>
 +                        Order allow,deny
 +                        Deny from all
 +                </IfModule>
 +        </Directory>
 +
 +        ErrorLog        /var/log/apache2/dokuwiki_error.log
 +        CustomLog       /var/log/apache2/dokuwiki_access.log combined
 +</VirtualHost>
 +$ sudo a2ensite dokuwiki
 +$ sudo systemctl restart apache2
 +</cli>
 +
 +==== Nginx ====
 +=== Update apt ===
 +<cli>
 +# sudo apt update && sudo apt upgrade -y
 +</cli>
 +
 +=== Install Nginx ===
 +<cli>
 +# sudo apt install nginx
 +</cli>
 +
 +=== Execute Nginx ===
 +<cli>
 +# sudo systemctl start nginx
 +# sudo systemctl status nginx
 +</cli>
 +
 +=== Troubleshootings on nginx ===
 +  * Job for nginx.service failed because the control process exited with error code
 +<cli>
 +# sudo systemctl status nginx.service
 +</cli>
 +
 +  * stop apache2 when running
 +<cli>
 +# sudo /etc/init.d/apache2 stop
 +</cli>
 +
 +<cli>
 +# sudo fuser -k 80/tcp
 +</cli>
 +
 +  * create .conf file: /etc/nginx/conf.d/xxx.xxx.xxx.conf
 +<sxh>
 +server 
 +{
 +  #server_name example.com; 
 +  root /var/www/dokuwiki; 
 +  index index.php; 
 +
 +  location / { try_files $uri $uri/ @dokuwiki; } 
 +
 +  location @dokuwiki 
 +  { 
 +    rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; 
 +    rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; 
 +    rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; 
 +    rewrite ^/(.*) /doku.php?id=$1&$args last; 
 +  } 
 +
 +  location ~ \.php$ 
 +  { 
 +    if (!-f $request_filename) { return 404; } 
 +    include fastcgi_params; 
 +    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
 +    fastcgi_param REDIRECT_STATUS 200; 
 +    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 
 +  } 
 +
 +  location ~ /(conf|bin|inc|vendor)/ 
 +  { 
 +    deny all; 
 +  } 
 +
 +  location ~ /data/ 
 +  { 
 +    internal; 
 +  } 
 +
 +  #fastcgi_param HTTPS on; 
 +}
 +</sxh>
 +=== etc ===
 +  * version
 +<cli>
 +# sudo dpkg -l nginx
 +# nginx -v
 +</cli>
 +  * /etc/nginx/
 +<cli>
 +# sudo find / -name nginx.conf
 +</cli>
 +  * test
 +<cli>
 +# netstat -lntp
 +</cli>
 +  * if netstat doesn't exist
 +<cli>
 +# sudo apt install net-tools
 +</cli>
 +
 +  * force ssl
 +<sxh title:/etc/nginx/snippets/letsencrypt.conf>
 +# /etc/nginx/snippets/letsencrypt.conf
 +
 +location ^~ /.well-known/acme-challenge/ {
 +  allow all;
 +  root /var/lib/letsencrypt/;
 +  default_type "text/plain";
 +  try_files $uri =404;
 +}
 +</sxh>
 +
 +<sxh title:/etc/nginx/sites-availabe/default>
 +server {
 +    listen 80;
 +    server_name wiki.theta5912.com;
 +    #root /var/www/dokuwiki;
 +
 +    include snippets/letsencrypt.conf;
 +    return 301 https://$host$request_uri;
 +}
 +
 +server {
 +#    listen 80;
 +    listen 443 ssl;
 +    listen [::]:443 ssl;
 +
 +    server_name wiki.theta5912.com;
 +#    ssl on;
 +
 +    ssl_certificate /etc/letsencrypt/live/wiki.theta5912.com/fullchain.pem;
 +    ssl_certificate_key /etc/letsencrypt/live/wiki.theta5912.com/privkey.pem;
 +
 +    root /var/www/dokuwiki;
 +    index index.php index.html index.html;
 +
 +    location / {
 +        try_files $uri $uri/ @dokuwiki;
 +    }
 +
 +    location @dokuwiki {
 +        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
 +        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
 +        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
 +        rewrite ^/(.*) /doku.php?id=$1&$args last;
 +    }
 +
 +    location ~ \.php$ {
 +        # Caution: be sure the php7.2-fpm.sock matches your version
 +        include snippets/fastcgi-php.conf;
 +        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 +        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 +        include fastcgi_params;
 +    }
 +
 +    location ~ /(data|conf|bin|inc|vender)/ {
 +        deny all;
 +    }
 +
 +}
 +                        
 +</sxh>
  
 ==== <del>MySQL</del> mariaDB ==== ==== <del>MySQL</del> mariaDB ====
Line 274: Line 456:
 <cli> <cli>
 $ sudo certbot delete --cert-name {cert name} $ sudo certbot delete --cert-name {cert name}
 +</cli>
 +
 +  * 이미 등록한 체인에 도메인을 추가 또는 삭제
 +<cli>
 +$ sudo certbot --cert-name {domain address} -d {domain address} -d {domain address(sub)}...
 </cli> </cli>
  
Line 314: Line 501:
     RewriteEngine On     RewriteEngine On
     RewriteCond %{HTTPS} off     RewriteCond %{HTTPS} off
-    RewriteRult .* __ BROKEN-LINK:https://%{SERVER_NAME}%{REQUEST_URI} LINK-BROKEN __ [R,L]+    RewriteRule .* __ BROKEN-LINK:https://%{SERVER_NAME}%{REQUEST_URI}LINK-BROKEN__ [R,L]
   </IfModule>   </IfModule>
 </VirtualHost> </VirtualHost>
Line 330: Line 517:
   * [[https://xho95.github.io/macos/security/openssh/ssh/gitlab/2017/02/22/Using-SSH-on-Mac.html|macOS: 맥에서 SSH 키 생성하고 사용하기]]   * [[https://xho95.github.io/macos/security/openssh/ssh/gitlab/2017/02/22/Using-SSH-on-Mac.html|macOS: 맥에서 SSH 키 생성하고 사용하기]]
   * [[https://blog.djjproject.com/647|오라클 프리티어 계정 생성 및 인스턴스 생성하기]]   * [[https://blog.djjproject.com/647|오라클 프리티어 계정 생성 및 인스턴스 생성하기]]
-  * __ BROKEN-LINK:[[https://oraclesean.com/blog/connecting-to-oracle-cloud-with-ssh-and-vnc|Connect to Oracle Cloud with SSH and VNC]] LINK-BROKEN __+  * __ BROKEN-LINK:[[https://oraclesean.com/blog/connecting-to-oracle-cloud-with-ssh-and-vnc|Connect to Oracle Cloud with SSH and VNC]]LINK-BROKEN__
   * [[https://kibua20.tistory.com/125|Oracle Cloud SSH Key 여러 개 등록하기 (여러 PC에서 Cloud Access)]]   * [[https://kibua20.tistory.com/125|Oracle Cloud SSH Key 여러 개 등록하기 (여러 PC에서 Cloud Access)]]
   * [[https://jimnong.tistory.com/1125|오라클 클라우드 VM 인스턴스 2개 생성할 때 깔끔하게 구조화하는 방법]]   * [[https://jimnong.tistory.com/1125|오라클 클라우드 VM 인스턴스 2개 생성할 때 깔끔하게 구조화하는 방법]]
Line 343: Line 530:
   * [[https://milkye.tistory.com/338|리눅스 Apache HTTP를 강제로 HTTPS로 바꿔 연결하는 방법]]   * [[https://milkye.tistory.com/338|리눅스 Apache HTTP를 강제로 HTTPS로 바꿔 연결하는 방법]]
   * [[https://techexpert.tips/ko/%EC%95%84%ED%8C%8C%EC%B9%98/%EC%95%84%ED%8C%8C%EC%B9%98-%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%A6%AC%EB%88%85%EC%8A%A4%EC%97%90-php-fpm-%EC%84%A4%EC%B9%98/|아파치 - 우분투 리눅스에 PHP-FPM 설치]]   * [[https://techexpert.tips/ko/%EC%95%84%ED%8C%8C%EC%B9%98/%EC%95%84%ED%8C%8C%EC%B9%98-%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%A6%AC%EB%88%85%EC%8A%A4%EC%97%90-php-fpm-%EC%84%A4%EC%B9%98/|아파치 - 우분투 리눅스에 PHP-FPM 설치]]
 +  * [[https://happist.com/573574/%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%B0%A9%ED%99%94%EB%B2%BD-%EA%B0%95%ED%99%94%EB%A5%BC-%EC%9C%84%ED%95%9C-%EC%9A%B0%EB%B6%84%ED%88%AC-iptables-%EC%84%A4%EC%A0%95%EB%B2%95-ddos-%EB%B0%A9%EC%96%B4|우분투 방화벽 강화를 위한 우분투 IPtables 설정법 – DDoS 방어 포함]]
  • public/computer/oracle_cloud.1614333530.txt.gz
  • Last modified: 2021/02/26 18:58
  • by alex