Debian11 + PHP 7.4 FPM (fastcgi_cache) + Nginx + Mariadb 10.5 (작성중...)
작성자 정보
- 양부장 작성
- 작성일
컨텐츠 정보
- 928 조회
- 0 추천
- 목록
본문
OS설치
15. 아래와 같이 /와 swap영역 설정, 파티션설정 종료
22. SSH server와 standard system utilities만 석택
23. Grub부트로더 첫번째 디스크에 설치한건가? Yes선택
지금부터 root 사용자 기준으로 설명
기본 설치
레포지토리 정보 업데이트 및 시스템 업그레이드
root@www:~# apt update && apt full-upgrade
vim, net-tools, sudo 설치
root@www:~# apt -y install vim net-tools sudo
root의 ssh 직접접속 허용
root@www:~# sed -i 's/#PermitRootLogin\ prohibit-password/PermitRootLogin\ yes/' /etc/ssh/sshd_config
vim에서 마우스기능 사용안함
/etc/vim/vimrc.local 파일 아래 내용으로 작성
——————————————————————————————————————————————————
source $VIMRUNTIME/defaults.vim
let skip_defaults_vim=1
if has('mouse')
set mouse=r
endif
——————————————————————————————————————————————————
PHP 설치 및 설정
설치
root@www:~# apt -y install dirmngr ca-certificates software-properties-common gnupg gnupg2 apt-transport-https curl
root@www:~# curl -sSL https://packages.sury.org/php/README.txt | bash -x
root@www:~# apt update
root@www:~# apt -y install php7.4 php7.4-curl php7.4-dev php7.4-fpm php7.4-gd php7.4-mbstring php7.4-mcrypt php7.4-mysql php7.4-opcache php7.4-xml
root@www:~# apt -y install php7.4-imagick php7.4-zip php7.4-intl
php.ini파일 수정 (/etc/php/7.4/fpm/php.ini)
max_execution_time = 30 ⇒ max_execution_time = 3600
max_input_time = 60 ⇒ max_input_time = 3600
memory_limit = 128M ⇒ memory_limit = 1G
post_max_size = 8M ⇒ post_max_size = 1G
upload_max_filesize = 2M ⇒ upload_max_filesize = 512M
;opcache.enable=1 ⇒ opcache.enable=1
;opcache.enable_cli=0 ⇒ opcache.enable_cli=1
php-fpm pool 설정
(서버 메모리와 php-fpm의 메모리 사용율을 계산해서 입력해야 함, 모르면 생략)
root@www:~# rm -f /etc/php/7.4/fpm/pool.d/www.conf
/etc/php/7.4/fpm/pool.d/somang.conf 파일 아래 내용으로 작성
——————————————————————————————————————————————————
[somang]
pm = static
pm.process_idle_timeout = 120s
pm.max_children = 128
pm.start_servers = 32
pm.min_spare_servers = 32
pm.max_spare_servers = 96
request_terminate_timeout = 3600s
listen = /run/php/fpm-somang.sock
listen.owner = www-data
listen.group = www-data
user = www-data
group = www-data
——————————————————————————————————————————————————
Nginx 설치 및 설정
fastcgi_cache를 위한 메모리영역 할당
root@www:~# mkdir -p /var/cache/somang.net
root@www:~# cd /var/cache/
root@www:/var/cache# chown -R www-data:www-data somang.net/
root@www:/var/cache# cd ~
/etc/fstab에 아래 추가
——————————————————————————————————————————————————
tmpfs /var/cache/somang.net tmpfs defaults,size=1G 0 0
——————————————————————————————————————————————————
nginx 설치
root@www:~# apt -y install nginx-extras
root@www:~# usermod -a -G www-data somang
root@www:~# cd /etc/nginx/
nginx.conf 파일 수정
——————————————————————————————————————————————————
user www-data;
worker_processes auto;
worker_rlimit_nofile 4096;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 4096;
multi_accept on;
use epoll;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 2;
types_hash_max_size 2048;
server_tokens off;
fastcgi_cache_path /var/cache/somang.net levels=1:2 keys_zone=somang.net:1024m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
open_file_cache max=5000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log off;
error_log /var/log/nginx/error.log crit;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
——————————————————————————————————————————————————
root@www:/etc/nginx# cd sites-available/
somang.net 파일 아래 내용으로 작성
(ssl인증서 /home/certificates/scfQM0ZLs 이라고 가정)
——————————————————————————————————————————————————
server {
listen 111.111.111.111:443 default_server ssl http2;
ssl_certificate /home/certificates/scfQM0ZLs;
ssl_certificate_key /home/certificates/scfQM0ZLs;
root /home/somang/somang.net/www;
access_log /var/log/nginx/somang_access.log;
error_log /var/log/nginx/somang_error.log;
index index.html index.htm index.php;
server_name somang.net;
server_name www.somang.net;
client_max_body_size 5368709120;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 32k;
set $skip_cache 0;
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/fpm-somang.sock;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache somang.net;
fastcgi_cache_valid 60m;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* ^.+.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt { access_log off; log_not_found off; }
location ~ /\. { deny all; access_log off; log_not_found off; }
underscores_in_headers on;
}
server {
if ($host = somang.net) {
return 301 https://$host$request_uri;
}
listen 183.111.197.139:80 default_server;
server_name somang.net;
return 404;
}
server {
if ($host = www.somang.net) {
return 301 https://$host$request_uri;
}
listen 111.111.111.111:80;
server_name www.somang.net;
return 404;
}
——————————————————————————————————————————————————
root@www:/etc/nginx/sites-available# cd ../sites-enabled/
root@www:/etc/nginx/sites-enabled# ln -s /etc/nginx/sites-available/somang.net .
Mariadb(MySQL) 설치 및 설정
mariadb 설치
root@www:/etc/nginx/sites-enabled# apt -y install mariadb-server
my.cnf 수정
/etc/mysql/mariadb.conf.d/50-server.cnf 파일 수정
——————————————————————————————————————————————————
[server]
[mysqld]
user = mysql
pid-file = /run/mysqld/mysqld.pid
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
lc-messages = en_US
bind-address = 127.0.0.1
query_cache_size = 16M
expire_logs_days = 10
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
[embedded]
[mariadb]
[mariadb-10.5]
——————————————————————————————————————————————————
MySQL DB생성 및 DB계정 생성
root@www:/etc/nginx/sites-enabled# mysql -u root
MariaDB [(none)]> create database somang_db;
MariaDB [(none)]> use mysql;
MariaDB [mysql]> create user 'somang_master'@'%' identified by 'DB계정패스워드';
MariaDB [mysql]> grant all privileges on somang_db.* to somang_master@'%' identified by 'DB계정패스워드';
MariaDB [mysql]> quit;
Proftpd(FTP Server) 설치 및 설정
proftpd 설치
root@www:/etc/nginx/sites-enabled# apt -y install proftpd
proftpd.conf 수정
/etc/proftpd/proftpd.conf 파일 수정
——————————————————————————————————————————————————
Include /etc/proftpd/tls.conf
<IfModule mod_vroot.c>
VRootEngine on
VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf
</IfModule>
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
UseReverseDNS off
User proftpd
Group nogroup
MaxInstances 20
UseSendfile off
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
ListOptions -a
RequireValidShell off
PassivePorts 12000 12100
<Directory /home/somang/somang.net/www/>
UserOwner soamng
GroupOwner www-data
</Directory>
<Global>
Umask 002
#IdentLookups off
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
——————————————————————————————————————————————————