ubuntu server install 후 설정
ubuntu ufw(uncomplicated firewall) 설정
- 우분투 서버 - 방화벽 UFW 설정
- UFW - 우분투 방화벽
- FireWall Ubuntu Desktop
- UFW Allowing IP range
- ufw allow proto tcp from xxx.xxx.0.0/xxx.xxx.255.255 to any port 22
- The /24 at the end of the address is the network mask, in CIDR notation. You can look up netmask calculators to figure out what it means, but basically /24 means a netmask of 255.255.255.0 - Install Nginx, PHP5, PHP-FPM nad MySQL on Ubunt 11.04
- Nginx 1.0.0, PHP-FPM
- php nginx php-fpm eaccelerator
- How do I install latest PHP in supported Ubuntu versions (like 5.4.x in Ubuntu 12.04)? 2013.10.17
- Ubuntu 12.04 + nginx + php5-fpm 가상호스트 설정
- Nginx - Reverse Proxy, Cache
- Nginx PHP연동
- [linux] Ram disk mechnism: tmpfs /dev/shm
- HowTo: Remote Root Access to MySql
- Install Apache MySQL PHP phpmyadmin (LAMP) on Ubuntu 10.04 or Mint Linux 9
- Dotdeb 사용 최신 deb 설치
- PHP 가속 APC(Alternative PHP Cache), XCache 환경 구축
- 리눅스파워강좌. useradd -D편
- Nginx + PHP-FPM + MySQL + phpMyAdmin on Ubuntu 12.04
- How To Install Linux, nginx, MySQL, PHP (LEMP) stack on Ubuntu 12.04
- Installation WNMP ( Nginx, MySQL, PHP ) on Microsoft Windows
Root 원격 로그인 금지
vi /etc/ssh/sshd_confg PermitRoogLogin no /etc/init.d/ssh restart
* 사용자 추가
sudo useradd -b /home -s /bin/bash -m -p 비밀번호 사용자아이디
* Sudoers
1. 새로운 sudo 사용자 추가sudo useradd -n -d /home/userid -G admin userid sudo passwd userid -n : 새로운 계정 추가 옵션 -d : 계정의 디렉토리 설정 -G : 계정이 속하는 그룹 옵션 userid : 계정 아이디2. /etc/group 에서 userid를 admin 그룹에 추가
sudo vi /etc/group ... admin:x:115:admin1,userid3. CentOS Sudores 추가
vi /etc/sudoers ## Allow root to run any commands anywhere root ALL=(ALL) ALL userid ALL=(ALL) ALL # 사용자 추가 # 패스워드 물어보지 않게 하기 ## Same thing without a password %wheel ALL=(ALL) NOPASSWD: ALL # 주석 제거 :wq # 저장 # wheel 그룹에 sudo 사용자 추가 vi /etc/group ... wheel:x:10:root,userid # sudo 사용할 userid 추가 ... userid:500: :wq # 저장
* Dotdeb 저장수 추가 // 2013.01.22
sudo vi /etc/apt/sources.list deb http://packages.dotdeb.org squeeze all deb-src http://packages.dotdeb.org squeeze all // apt-key add wget http://www.dotdeb.org/dotdeb.gpg sudo cat dotdeb.gpg | sudo apt-key add - // update sudo apt-get update && sudo apt-get upgrade
* dotdeb를 이용해 php를 업그레이드시에 문제가 생길 수 있음.
# 2013.10.17 sudo add-apt-repository ppa:ondrej/php5 sudo apt-get update sudo apt-get upgrade # If you don't have add-apt-repository binary do the following: sudo apt-get install python-software-properties
* ufw 설치 설정
sudo ufw allow in 80,443/tcp sudo ufw allow in 3690/tcp # sudo ufw delete allow 80,443/tcp # 삭제 # sudo ufw delete allow out 80,443/tcp # 삭제 # sudo ufw allow in http # sudo ufw allow in https sudo ufw allow from xxx.xxx.xxx.xxx to any port 22 sudo ufw allow from xxx.xxx.xxx.1/24 to any port 22 sudo ufw allow out 53,137,138/udp sudo ufw allow out 3690/tcp sudo ufw delete allow out 3690/tcp # 삭제 sudo ufw allow out 22,80,443,5900,8001/tcp sudo ufw allow out ntp sudo ufw delete deny out to any sudo ufw deny out any # sudo ufw deny out any 가 항상 마지막에 있도록 설정
sudo ufw status numbered
* 수정
sudo ufw delete allow out 53,137,138/udp sudo ufw allow out 53,123,137,138/udp
* 숫자 라벨링으로 삭제
sudo ufw status numbered [ 1] 80,443/tcp ALLOW IN Anywhere [ 2] 3690/tcp ALLOW IN Anywhere [ 3] 22,80,443,5900,8001/tcp ALLOW OUT Anywhere (out) [ 4] 123 ALLOW OUT Anywhere (out) [ 5] 53,123,137,138/udp ALLOW OUT Anywhere (out) [ 6] 22 ALLOW IN 61.xx.xxx.xxx [ 7] 22 ALLOW IN 115.xx.xxx.xxx [ 8] 3306/tcp ALLOW IN Anywhere [ 9] 22 ALLOW IN 61.xx.xxx.xxx/24 [10] 22 ALLOW IN 1.xx.xxx.xxx [11] 22 ALLOW IN 49.xx.xxx.xxx [12] 80,443/tcp ALLOW IN Anywhere (v6) [13] 3690/tcp ALLOW IN Anywhere (v6) [14] 22,80,443,5900,8001/tcp ALLOW OUT Anywhere (v6) (out) [15] 123 ALLOW OUT Anywhere (v6) (out) [16] 53,123,137,138/udp ALLOW OUT Anywhere (v6) (out) [17] 3306/tcp ALLOW IN Anywhere (v6) sudo ufw delete 6
route 이용할 경우
등록
route add -host 도메인(IP) reject
Ex) route add -host 61.147.74.223 reject
해제
route del -host 도메인(IP) reject
목록보기
route
Networking 설정
- /etc/hosts
- /etc/resolv.conf
- /etc/network/interface
auto eth0 iface eth0 inet static address xxx.xxx.xxx.xxx netmask 255.255.255.248 network xxx.xxx.xxx.xxx broadcast xxx.xxx.xxx.xxx geteway xxx.xxx.xxx.xxx dns-nameservers 8.8.8.8 8.8.4.4 168.126.63.1 164.124.101.2 mtu 9000
sudo /etc/init.d/networking restart wget www.google.com # Resolving www.google.com (www.google.com)... 접속 실패: name resolution에서 일시적인 실패. wget: unable to resolve host address `www.google.com'
sudo vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi=off pci=noacpi"
sudo reboot now
server time 설정
$ sudo ntpdate time.nuri.net
서비스 설정
- Node.js 프로그래맹
- Ubunt 12.04 LTS Server 셋업
- Node.js (Express Framework) 앞단에 Nginx 사용하기
"아직 발경되지 않는 버퍼 오버플로우 취약점데 의해서 해킹 당할 수 있습니다. Nginx를 압단에 둠으로써 이런 취약점에 의해서 해킹을 완전히 막아주지는 않지만, 저는 Nginx를 Proxy서버로써 앞단에 두는 것이 좋다고 생각합니다." - Running a Node.js Server as a Service Using Forever
- Setting Up Node Forever
* node 설치
sudo apt-get install python-software-properties sudo add-apt-repository ppa:chris-lea/node.js sudo apt-get update sudo apt-get install nodejs npm sudo npm install nodemon -g # # auto deploy # nodemon app.js sudo npm install forever -g # forever start app.js sudo npm install express -g sudo npm install node-schedule -g sudo npm install node-inspector -g npm install mysql npm install mongolian npm install clog npm install consolidate
** axconfig: port 1 not active axconfig: port 2 not active 에러
$ vi .bash_profile
PATH=/usr/bin:$PATH #추가
PATH=/usr/bin:$PATH #추가
$ source .bash_profile
* nginx
$ sudo apt-get install nginx
$ /etc/init.d/nginx start
* nginx config
$ vi /etc/nginx/nginx.conf
http {
##
# Log Format
##
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_types_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" ';
##
# Server blocks
##
index index.html;
server {
server_name xxx.kr;
#access_log /home/username/xxx.kr.access.log main;
root /home/username/www;
}
server {
server_name dev.xxx.kr;
#access_log /home/username/dev.xxx.kr.access.log main;
root /home/xxx/dev;
}
##
# Basic Settings
##
}
$ sudo /etc/init.d/nginx restart
* PHP
$ sudo apt-cache search php5
원하는 모듈만 설치
nginx 설정변경
- 기존 설정 삭제 > Clean 설정 상태
- /etc/nginx/sites-enabled/default 설정 수정
- PHP 서비스용 서버 블럭 추가
server {
server_name xx.xxx.kr;
#access_log /home/username/xx.xxx.access.log main;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ @rewrites;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ! \.php$ {
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should hava "cgi.fix_pathinfo = 0;" in php.ini
# With php5-cgi alone;
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root # 아파치에서 사용하는 .htaccess 무력화
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
}
$ sudo /etc/init.d/nginx restart
* MySQL 설치
$ sudo apt-get install mysql-server mysql-client
# 2012.01.24 기본 5.5로 업그레이드 됨.
mysql> SET PASSWORD FOR 'ROOT'@'LOCALHOST"=PASSWORD('비밀번호');
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '비밀번호' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
$ sudo vim /etc/mysql/my.cnf
# bind-address = 127.0.0.1 # 주석처리, 내부시스템 제한 해제
$ sudo /etc/init.d/mysql restart
* PHP5, PHP-FPM 2013.01.17
# php와 그 외 패키지 제거 sudo apt-get -y purge php.* sudo mkdir /var/www # sudo apt-get install php5-cgi php5-mysql php5-fpm php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl #sudo apt-get install php5-cgi php5-mysql php5-fpm php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php-apc sudo apt-get install php5-cgi php5-mysql php5-fpm php5-common php5-curl php5-gd php5-intl php-pear php5-imagick php5-ming php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php-apc
# Dotdeb 저장소에서 설정할 경우 의존성 문제가 발생할 수 있슴.
$ sudo vim /etc/php5/fpm/php.ini
#cgi.fix_pathinfo=1
cgi.fix_pathinfo=0
$ sudo vi /etc/php5/fpm/pool.d/www.conf
listen = /dev/shm/php5-fpm.sock
$ sudo /etc/init.d/php5-fpm restart
# /dev/shm/php5-fpm.sock= 파일이 생성된다.
# [linux] Ram disk mechnism: tmpfs /dev/shm 참고
# /dev/shm -> /run/shm/
# 공유메모리 사용
// 설정 변경
$ sudo vi /etc/nginx/sites-available/default
server {
listen [::]:80 default ipv6only=on;
listen 80;
server_name localhost;
root /var/www/;
#access_log /var/www/log/xxx-access.log;
#error_log /var/www/logs/xxx-error.log;
location / {
index index.php index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /var/www/nginx-default;
#}
location ~ \.php$ {
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/dev/shm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
$ sudo vi /etc/nginx/fastcgi_params
# 아래 내용 추가
fastcgi_param HTTP_X_REQUESTED_WITH $http_x_requested_with;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
$ sudo /etc/init.d/nginx restart
$ sudo /etc/init.d/php5-fpm reload
반응형
'os > Ubuntu' 카테고리의 다른 글
| ubuntu mysql remove error (0) | 2013.07.23 |
|---|---|
| 우분투 원격접속 (0) | 2013.07.12 |
| ubuntu myunity (0) | 2012.04.12 |
| 우분투 데일리 ppa 업데이트 (0) | 2011.06.06 |
| ubuntu 한글폰트 모음 페이지 (0) | 2011.03.29 |