상현
홈서버 덕후

Ubuntu18.04LTS server setting

( 업데이트: )

인프라에 대해서 아무것도 몰랐을 때 워드프레스 설정 관련을 무작정 쉘스크립트와 config 파일을 모조리 외워서 설정했던 것을 남겨보려한다.

AWS

Desktop VM 환경일 경우(options)

sshd 설치

$ sudo apt-get install openssh-server
$ sudo service ssh statusCode language: JavaScript (javascript)

루트 접속 설정

$ sudo nano /etc/ssh/sshd_config

nano/ vim/ vi text 에디터로 설정하면 된다.

설정 내용

$ sudo vim /etc/ssh/sshd_config
PermitRootLogin prohibit-password
PermitRootLogin yes

VPS 서비스를 이용 할 경우 기본 설치 되어있음

OS 업데이트

$ apt-get update && apt-get upgradeCode language: JavaScript (javascript)

Nginx

설치

$ apt-get install nginxCode language: JavaScript (javascript)

등록

$ /lib/systemd/systemd-sysv-install enable nginx

확인

$ systemctl start nginx
$ systemctl status nginx

curl 설치 (options)
curl가 설치 되어있어야 Paypal 결제가 됨

$ apt-get install curlCode language: JavaScript (javascript)

소유자 확인

nginx 설치 위치 /etc/nginx 기본 퍼블릭 웹폴더 /var/www 유저 그룹 www-data 가 아닐경우

$ chown -R www-data:www-data /usr/share/nginx/html

nginx.config 환경설정

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;
        client_max_body_size 128M;
        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}Code language: PHP (php)

nginx 도메인 설정

  1. sites-available 파일 설정
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name 192.168.2.131;
    charset UTF-8;

    location / {
        try_files $uri $uri/ =404;
    } < 워드프레스에서 제거

    location / {
            try_files $uri $uri/ /index.php?q=$request_uri;
    }
    또는 아래 퍼머링크 엔진엑스 매뉴얼에 있는...
    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    location ~ .php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_read_timeout 150;
        include fastcgi.conf;
    }

    location ~ /.ht {
        deny all;
    }

    location /xmlrpc.php {
        deny all;
    }

    location ~* .(ico|css|js|gif|jpeg|jpg|png|woff|ttf|otf|svg|woff2|eot)$ {
        expires 365d;
        add_header Pragma public;
        add_header Cache-Control "public";
    }

}Code language: PHP (php)

2. sites-enable에 심볼릭 링크 설정

$ ln -s /etc/nginx/sites-available/해당파일 /etc/nginx/sites-enable/

3. nginx status, reload

nginx -t
nginx -s

service nginx status
service nginx reload

systemctl status nginx
systemctl reload nginx

MariaDB

설치

$ apt-get install mariadb-server mariadb-clientCode language: JavaScript (javascript)

등록

$ /lib/systemd/systemd-sysv-install enable mysql

확인

$ systemctl start mysql
$ systemctl status mysql

설정

$ mysql_secure_installation

DB 생성

CREATE DATABASE dbname;

유저 생성

CREATE USER username@'%';Code language: JavaScript (javascript)

유저 비밀번호 설정

SET PASSWORD FOR username@'%'= PASSWORD("userpassword");Code language: JavaScript (javascript)

DB&유저 권한 설정

GRANT ALL PRIVILEGES ON dbname.* TO username@'%' IDENTIFIED BY 'usepassword';Code language: JavaScript (javascript)

권한 적용

FLUSH PRIVILEGES;

DB 삭제

DROP DATABASE {dbname};

모든 유저보기

use mysql;
select host, user from user;Code language: PHP (php)

cli 접속 방법

$ mysql -h {mysql–instance1.123456789012.us-east-1.rds.amazonaws.com} -P 3306 -u {mymasteruser} -p

PHP7.2

설치

$ apt-get install php7.2 php7.2-fpm php7.2-mysql php7.2-mbstring php7.2-common php7.2-gd php7.2-json php-gettext php7.2-curl php7.2-cli php7.2-xml php7.2-bcmath php7.2-bz2 php7.2-dba php7.2-intl php7.2-soap php7.2-xmlrpc php7.2-zipCode language: JavaScript (javascript)

등록

$ /lib/systemd/systemd-sysv-install enable php7.2-fpm

확인

$ systemctl start php7.2-fpm
$ systemctl status php7.2-fpm

php7.2 연동 핵심은 환경설정에서 경로를 잘 지정하는 것

환경설정

/etc/php/7.2/fpm/php.ini

cgi.fix_pathinfo=0

업로드 사이즈 설정 외

max_execution_time = 259200
max_input_vars:   3000
max_input_time:   60
upload_max_filesize = 256M
post_max_size = 256M

설정후

$ systemctl restart php7.2-fpm
$ systemctl reload nginx

php.ini 참고

max_execution_time: 259200                ;Recomended min value 120
max_input_vars: 3000                      ;Recomended min value 3000
max_input_time: 60                        ;Recomended min value 60
post_max_size value: 128M                 ;Recomended min value 20M
upload_max_filesize: 128M                 ;Recomended min value 30M
allow_url_fopen: YES                      ;This option enables the URL-aware fopen wrappers that enable accessing URL object like files
short_open_tag value: YES                 ;short_open_tag=off is not supported
memory_limit value:                       ;System(local): 128M
php.ini(Global): 128M
pure: 128M                                ;Memory limit settings should be not less than 128M. It is recommended to disable unused PHP modules in php.ini file to increase the memory size available to applications.
Email Sending: YES                        ;Attempt to call the mail() function
Safe mode: NO                             ;Safe Mode is not supported
Mcrypt module: YES                        ;Required for secure cloud backup
Hash module: YES                          ;Required for secure cloud backup
Functions to work with sockets: YES       ;Required for work of SiteUpdate system
Sessions saving: not tested               ;Required for saving authorization
PHP accelerator: YES (OPcache)            ;PHP Accelerator is recommended (APC, XCache or any other except deprecated EAccelerator), it allows to greatly reduce the CPU load and PHP scripts execution time. It's desirable that the accelerator memory should be sufficient for commonly-used PHP pages.
;If there is no PHP accelerator, analysis of phpinfo() is required
;File system
Disk space: 9757 Mb                       ;It is recommended to have not less than 500MCode language: JavaScript (javascript)

WordPress

$ curl -O https://wordpress.org/latest.tar.gz
$ tar xzvf latest.tar.gzCode language: JavaScript (javascript)