public:computer:oracle_cloud

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
public:computer:oracle_cloud [2021/02/27 02:05] – [Apache] alexpublic:computer:oracle_cloud [2022/04/01 11:04] (current) – [Nginx] alex
Line 100: Line 100:
 $ sudo iptables -P OUTPUT ACCEPT $ sudo iptables -P OUTPUT ACCEPT
 $ sudo iptables -P FORWARD ACCEPT $ sudo iptables -P FORWARD ACCEPT
-$ sudo iptables -F +$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT 
-$ sudo iptables-save+$ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT 
 +$ sudo iptables -F # 재부팅 시 -F 옵션은 꺼진다. 
 +$ sudo iptables-save  # 안되는 것 같다 
 +$ sudo netfilter-persistent save  # 이걸로 저장이 되는 것 같다. cf.) sudo netfilter-persistent reload
 $ sudo systemctl restart apache2 $ sudo systemctl restart apache2
 </cli> </cli>
Line 143: Line 146:
 $ sudo systemctl restart apache2 $ sudo systemctl restart apache2
 </cli> </cli>
 +
 +==== Nginx ====
 +=== Update apt ===
 +<cli>
 +# sudo apt update && sudo apt upgrade -y
 +</cli>
 +
 +=== Install Nginx ===
 +<cli>
 +# sudo apt install nginx
 +</cli>
 +
 +=== Execute Nginx ===
 +<cli>
 +# sudo systemctl start nginx
 +# sudo systemctl status nginx
 +</cli>
 +
 +=== Troubleshootings on nginx ===
 +  * Job for nginx.service failed because the control process exited with error code
 +<cli>
 +# sudo systemctl status nginx.service
 +</cli>
 +
 +  * stop apache2 when running
 +<cli>
 +# sudo /etc/init.d/apache2 stop
 +</cli>
 +
 +<cli>
 +# sudo fuser -k 80/tcp
 +</cli>
 +
 +  * create .conf file: /etc/nginx/conf.d/xxx.xxx.xxx.conf
 +<sxh>
 +server 
 +{
 +  #server_name example.com; 
 +  root /var/www/dokuwiki; 
 +  index index.php; 
 +
 +  location / { try_files $uri $uri/ @dokuwiki; } 
 +
 +  location @dokuwiki 
 +  { 
 +    rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; 
 +    rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; 
 +    rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; 
 +    rewrite ^/(.*) /doku.php?id=$1&$args last; 
 +  } 
 +
 +  location ~ \.php$ 
 +  { 
 +    if (!-f $request_filename) { return 404; } 
 +    include fastcgi_params; 
 +    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
 +    fastcgi_param REDIRECT_STATUS 200; 
 +    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 
 +  } 
 +
 +  location ~ /(conf|bin|inc|vendor)/ 
 +  { 
 +    deny all; 
 +  } 
 +
 +  location ~ /data/ 
 +  { 
 +    internal; 
 +  } 
 +
 +  #fastcgi_param HTTPS on; 
 +}
 +</sxh>
 +=== etc ===
 +  * version
 +<cli>
 +# sudo dpkg -l nginx
 +# nginx -v
 +</cli>
 +  * /etc/nginx/
 +<cli>
 +# sudo find / -name nginx.conf
 +</cli>
 +  * test
 +<cli>
 +# netstat -lntp
 +</cli>
 +  * if netstat doesn't exist
 +<cli>
 +# sudo apt install net-tools
 +</cli>
 +
 +  * force ssl
 +<sxh title:/etc/nginx/snippets/letsencrypt.conf>
 +# /etc/nginx/snippets/letsencrypt.conf
 +
 +location ^~ /.well-known/acme-challenge/ {
 +  allow all;
 +  root /var/lib/letsencrypt/;
 +  default_type "text/plain";
 +  try_files $uri =404;
 +}
 +</sxh>
 +
 +<sxh title:/etc/nginx/sites-availabe/default>
 +server {
 +    listen 80;
 +    server_name wiki.theta5912.com;
 +    #root /var/www/dokuwiki;
 +
 +    include snippets/letsencrypt.conf;
 +    return 301 https://$host$request_uri;
 +}
 +
 +server {
 +#    listen 80;
 +    listen 443 ssl;
 +    listen [::]:443 ssl;
 +
 +    server_name wiki.theta5912.com;
 +#    ssl on;
 +
 +    ssl_certificate /etc/letsencrypt/live/wiki.theta5912.com/fullchain.pem;
 +    ssl_certificate_key /etc/letsencrypt/live/wiki.theta5912.com/privkey.pem;
 +
 +    root /var/www/dokuwiki;
 +    index index.php index.html index.html;
 +
 +    location / {
 +        try_files $uri $uri/ @dokuwiki;
 +    }
 +
 +    location @dokuwiki {
 +        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
 +        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
 +        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
 +        rewrite ^/(.*) /doku.php?id=$1&$args last;
 +    }
 +
 +    location ~ \.php$ {
 +        # Caution: be sure the php7.2-fpm.sock matches your version
 +        include snippets/fastcgi-php.conf;
 +        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 +        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 +        include fastcgi_params;
 +    }
 +
 +    location ~ /(data|conf|bin|inc|vender)/ {
 +        deny all;
 +    }
 +
 +}
 +                        
 +</sxh>
 +
 ==== <del>MySQL</del> mariaDB ==== ==== <del>MySQL</del> mariaDB ====
  
Line 298: Line 456:
 <cli> <cli>
 $ sudo certbot delete --cert-name {cert name} $ sudo certbot delete --cert-name {cert name}
 +</cli>
 +
 +  * 이미 등록한 체인에 도메인을 추가 또는 삭제
 +<cli>
 +$ sudo certbot --cert-name {domain address} -d {domain address} -d {domain address(sub)}...
 </cli> </cli>
  
Line 338: Line 501:
     RewriteEngine On     RewriteEngine On
     RewriteCond %{HTTPS} off     RewriteCond %{HTTPS} off
-    RewriteRult .* __ BROKEN-LINK:https://%{SERVER_NAME}%{REQUEST_URI}LINK-BROKEN__ [R,L]+    RewriteRule .* __ BROKEN-LINK:https://%{SERVER_NAME}%{REQUEST_URI}LINK-BROKEN__ [R,L]
   </IfModule>   </IfModule>
 </VirtualHost> </VirtualHost>
Line 367: Line 530:
   * [[https://milkye.tistory.com/338|리눅스 Apache HTTP를 강제로 HTTPS로 바꿔 연결하는 방법]]   * [[https://milkye.tistory.com/338|리눅스 Apache HTTP를 강제로 HTTPS로 바꿔 연결하는 방법]]
   * [[https://techexpert.tips/ko/%EC%95%84%ED%8C%8C%EC%B9%98/%EC%95%84%ED%8C%8C%EC%B9%98-%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%A6%AC%EB%88%85%EC%8A%A4%EC%97%90-php-fpm-%EC%84%A4%EC%B9%98/|아파치 - 우분투 리눅스에 PHP-FPM 설치]]   * [[https://techexpert.tips/ko/%EC%95%84%ED%8C%8C%EC%B9%98/%EC%95%84%ED%8C%8C%EC%B9%98-%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%A6%AC%EB%88%85%EC%8A%A4%EC%97%90-php-fpm-%EC%84%A4%EC%B9%98/|아파치 - 우분투 리눅스에 PHP-FPM 설치]]
 +  * [[https://happist.com/573574/%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%B0%A9%ED%99%94%EB%B2%BD-%EA%B0%95%ED%99%94%EB%A5%BC-%EC%9C%84%ED%95%9C-%EC%9A%B0%EB%B6%84%ED%88%AC-iptables-%EC%84%A4%EC%A0%95%EB%B2%95-ddos-%EB%B0%A9%EC%96%B4|우분투 방화벽 강화를 위한 우분투 IPtables 설정법 – DDoS 방어 포함]]
  • public/computer/oracle_cloud.1614359104.txt.gz
  • Last modified: 2021/02/27 02:05
  • by alex