Differences

This shows you the differences between two versions of the page.

--- public:computer:oracle_cloud [2021/02/27 02:05] – [Apache] alex
+++ public:computer:oracle_cloud [2022/04/01 11:04] (current) – [Nginx] alex
@@ Line 100: / Line 100: @@
 $ sudo iptables -P OUTPUT ACCEPT
 $ sudo iptables -P FORWARD ACCEPT
-$ sudo iptables -F
+$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
-$ sudo iptables-save
+$ sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
+$ sudo iptables -F # 재부팅 시 -F 옵션은 꺼진다.
+# $ sudo iptables-save  # 안되는 것 같다
+$ sudo netfilter-persistent save  # 이걸로 저장이 되는 것 같다. cf.) sudo netfilter-persistent reload
 $ sudo systemctl restart apache2
 </cli>
@@ Line 143: / Line 146: @@
 $ sudo systemctl restart apache2
 </cli>
+==== Nginx ====
+=== Update apt ===
+<cli>
+# sudo apt update && sudo apt upgrade -y
+</cli>
+=== Install Nginx ===
+<cli>
+# sudo apt install nginx
+</cli>
+=== Execute Nginx ===
+<cli>
+# sudo systemctl start nginx
+# sudo systemctl status nginx
+</cli>
+=== Troubleshootings on nginx ===
+  * Job for nginx.service failed because the control process exited with error code
+<cli>
+# sudo systemctl status nginx.service
+</cli>
+  * stop apache2 when running
+<cli>
+# sudo /etc/init.d/apache2 stop
+</cli>
+<cli>
+# sudo fuser -k 80/tcp
+</cli>
+  * create .conf file: /etc/nginx/conf.d/xxx.xxx.xxx.conf
+<sxh>
+server
+{
+  #server_name example.com;
+  root /var/www/dokuwiki;
+  index index.php;
+  location / { try_files $uri $uri/ @dokuwiki; }
+  location @dokuwiki
+  {
+    rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
+    rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
+    rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
+    rewrite ^/(.*) /doku.php?id=$1&$args last;
+  }
+  location ~ \.php$
+  {
+    if (!-f $request_filename) { return 404; }
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param REDIRECT_STATUS 200;
+    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
+  }
+  location ~ /(conf|bin|inc|vendor)/
+  {
+    deny all;
+  }
+  location ~ /data/
+  {
+    internal;
+  }
+  #fastcgi_param HTTPS on;
+}
+</sxh>
+=== etc ===
+  * version
+<cli>
+# sudo dpkg -l nginx
+# nginx -v
+</cli>
+  * /etc/nginx/
+<cli>
+# sudo find / -name nginx.conf
+</cli>
+  * test
+<cli>
+# netstat -lntp
+</cli>
+  * if netstat doesn't exist
+<cli>
+# sudo apt install net-tools
+</cli>
+  * force ssl
+<sxh title:/etc/nginx/snippets/letsencrypt.conf>
+# /etc/nginx/snippets/letsencrypt.conf
+location ^~ /.well-known/acme-challenge/ {
+  allow all;
+  root /var/lib/letsencrypt/;
+  default_type "text/plain";
+  try_files $uri =404;
+}
+</sxh>
+<sxh title:/etc/nginx/sites-availabe/default>
+server {
+    listen 80;
+    server_name wiki.theta5912.com;
+    #root /var/www/dokuwiki;
+    include snippets/letsencrypt.conf;
+    return 301 https://$host$request_uri;
+}
+server {
+#    listen 80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name wiki.theta5912.com;
+#    ssl on;
+    ssl_certificate /etc/letsencrypt/live/wiki.theta5912.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/wiki.theta5912.com/privkey.pem;
+    root /var/www/dokuwiki;
+    index index.php index.html index.html;
+    location / {
+        try_files $uri $uri/ @dokuwiki;
+    }
+    location @dokuwiki {
+        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
+        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
+        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
+        rewrite ^/(.*) /doku.php?id=$1&$args last;
+    }
+    location ~ \.php$ {
+        # Caution: be sure the php7.2-fpm.sock matches your version
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+    location ~ /(data|conf|bin|inc|vender)/ {
+        deny all;
+    }
+}
+</sxh>
 ==== <del>MySQL</del> mariaDB ====
@@ Line 298: / Line 456: @@
 <cli>
 $ sudo certbot delete --cert-name {cert name}
+</cli>
+  * 이미 등록한 체인에 도메인을 추가 또는 삭제
+<cli>
+$ sudo certbot --cert-name {domain address} -d {domain address} -d {domain address(sub)}...
 </cli>
@@ Line 338: / Line 501: @@
     RewriteEngine On
     RewriteCond %{HTTPS} off
-    RewriteRult .* __ BROKEN-LINK:https://%{SERVER_NAME}%{REQUEST_URI}LINK-BROKEN__ [R,L]
+    RewriteRule .* __ BROKEN-LINK:https://%{SERVER_NAME}%{REQUEST_URI}LINK-BROKEN__ [R,L]
   </IfModule>
 </VirtualHost>
@@ Line 367: / Line 530: @@
   * [[https://milkye.tistory.com/338|리눅스 Apache HTTP를 강제로 HTTPS로 바꿔 연결하는 방법]]
   * [[https://techexpert.tips/ko/%EC%95%84%ED%8C%8C%EC%B9%98/%EC%95%84%ED%8C%8C%EC%B9%98-%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%A6%AC%EB%88%85%EC%8A%A4%EC%97%90-php-fpm-%EC%84%A4%EC%B9%98/|아파치 - 우분투 리눅스에 PHP-FPM 설치]]
+  * [[https://happist.com/573574/%EC%9A%B0%EB%B6%84%ED%88%AC-%EB%B0%A9%ED%99%94%EB%B2%BD-%EA%B0%95%ED%99%94%EB%A5%BC-%EC%9C%84%ED%95%9C-%EC%9A%B0%EB%B6%84%ED%88%AC-iptables-%EC%84%A4%EC%A0%95%EB%B2%95-ddos-%EB%B0%A9%EC%96%B4|우분투 방화벽 강화를 위한 우분투 IPtables 설정법 – DDoS 방어 포함]]