우분투 18.04 서버 환경에 nginx, php 7.2.x, mariadb 10.3.x 의 최신 버전 설치 스크립트이다. ufw 기본 방화벽설정 및 redis 서버도 추가 설치한다.
#!/bin/bash
# ======================================================================= #
# nginx, php 7.2.x, mariadb 10.3.x install shell script for Ubuntu 18.04
# ======================================================================= #
# Copyright (c) 2018 Seongho Jang https://ncube.net
# This script is licensed under MIT
# ======================================================================= #
# Input username, password, domain
while [[ $username == '' ]]
do
read -p "Enter Username: " username
done
while [[ $password == '' ]]
do
read -s -p "Enter Password: " password
echo -e ""
done
while [[ $domain == '' ]]
do
read -p "Enter domain: " domain
done
# Update package
sudo apt-get update
sudo apt-get -y dist-upgrade
# Set locale
#sudo dpkg-reconfigure locales
sudo apt-get -y install language-pack-ko-base language-pack-ko
sudo locale-gen ko_KR.UTF-8
sudo locale-gen en_US.UTF-8
sudo localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"
source /etc/default/locale
# Install mail
sudo apt-get -y install sendmail
sudo apt-get -y install mailutils
# Create user
sudo groupadd "$username"
sudo useradd -g "$username" -s /bin/bash -m "$username"
echo -e "$password\n$password\n" | sudo passwd "$username"
# Make directory
sudo mkdir -p /home/"$username"/www
sudo chown "$username"."$username" /home/"$username"/www
# Set timezone
sudo timedatectl set-timezone Asia/Seoul
sudo apt-get install -y rdate
sudo /usr/bin/rdate -s time.bora.net; /sbin/hwclock --systohc
# Set time cron
sudo cat > /etc/cron.d/time <<TIMECRON
# set time
14 3 * * 1 root /usr/bin/rdate -s time.bora.net; /sbin/hwclock --systohc
TIMECRON
# Install MariaDB 10.3.x
sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://ftp.harukasan.org/mariadb/repo/10.3/ubuntu bionic main'
sudo apt-get -y install mariadb-server
# Install nginx latest stable version
sudo sh -c "echo 'deb http://nginx.org/packages/ubuntu/ `lsb_release -cs` nginx' >> /etc/apt/sources.list"
#sudo sh -c "echo 'deb-src http://nginx.org/packages/ubuntu/ `lsb_release -cs` nginx' >> /etc/apt/sources.list"
curl http://nginx.org/keys/nginx_signing.key | sudo apt-key add -
sudo apt-get update
sudo apt-get install -y nginx
# Configure nginx.conf
sudo sed -i 's/user nginx;/user www-data;/' /etc/nginx/nginx.conf
sudo sed -i 's/worker_processes 1;/worker_processes auto;/' /etc/nginx/nginx.conf
# Install PHP 7.2.x
sudo apt-get update
sudo apt-get install -y php7.2-cli php7.2-fpm php7.2-bcmath php7.2-bz2 php7.2-common php7.2-curl php7.2-dba php7.2-gd php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-readline php7.2-soap php7.2-xml php7.2-xmlrpc php7.2-zip php7.2-pdo
# Configure php.ini
sudo sed -i 's/;date.timezone =/date.timezone = Asia\/Seoul/' /etc/php/7.2/fpm/php.ini
sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 10M/' /etc/php/7.2/fpm/php.ini
sudo sed -i 's/post_max_size = 8M/post_max_size = 20M/' /etc/php/7.2/fpm/php.ini
sudo sed -i 's/;date.timezone =/date.timezone = Asia\/Seoul/' /etc/php/7.2/cli/php.ini
# nginx configure
sudo service nginx stop
sudo cat > /etc/nginx/php.conf <<PHPCONF
# Block dot file (.htaccess .htpasswd .svn .git .env and so on.)
location ~ /\. {
deny all;
}
# Block (log file, binary, certificate, shell script, sql dump file) access.
location ~* \.(log|binary|pem|enc|crt|conf|cnf|sql|sh|key)\$ {
deny all;
}
# Block access
location ~* (composer\.json|contributing\.md|license\.txt|readme\.rst|readme\.md|readme\.txt|copyright|artisan|gulpfile\.js|package\.json|phpunit\.xml)\$ {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
}
# Block .php file inside upload folder. uploads(wp), files(drupal), data(gnuboard).
location ~* /(?:uploads|default/files|data)/.*\.php\$ {
deny all;
}
location ~ [^/]\.php(/|\$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
if (!-f \$document_root\$fastcgi_script_name) {
return 404;
}
# flush
fastcgi_keep_conn on;
gzip off;
proxy_buffering off;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
fastcgi_read_timeout 3600;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
}
PHPCONF
sudo cat > /etc/nginx/conf.d/"$domain".conf <<WEBCONF
server {
listen 80 default_server ;
server_name $domain www.$domain;
root /home/$username/www;
access_log /var/log/nginx/$domain.access.log;
error_log /var/log/nginx/$domain.error.log warn;
location / {
index index.php index.html index.htm;
try_files \$uri \$uri/ /index.php?\$args;
}
include /etc/nginx/php.conf ;
}
WEBCONF
# Create database
sudo service mysql restart
while [[ $dbpassword == '' ]]
do
read -s -p "Enter DB Root Password: " dbpassword
echo -e ""
done
while ! mysql -u root -p$dbpassword -e ";" ; do
read -s -p "Can't connect, Enter DB Root Password: " dbpassword
echo -e ""
done
mysql -uroot -p${dbpassword} -e "CREATE DATABASE ${username} DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -uroot -p${dbpassword} -e "CREATE USER ${username}@localhost IDENTIFIED BY '${password}';"
mysql -uroot -p${dbpassword} -e "GRANT ALL PRIVILEGES ON ${username}.* TO '${username}'@'localhost';"
mysql -uroot -p${dbpassword} -e "FLUSH PRIVILEGES;"
# DB root login information
sudo cat > ./.my.cnf <<MYCNF
[client]
user=root
password="$dbpassword"
MYCNF
# Install redis
sudo apt -y install redis-server
sudo apt -y install php-redis
# Install composer
sudo apt -y install unzip
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin/
sudo ln -s /usr/local/bin/composer.phar /usr/local/bin/composer
# Setup ufw
sudo systemctl disable netfilter-persistent
sudo ufw default deny
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
sudo ufw status
# Daemon start
echo -e ""
sudo nginx -t
sudo php-fpm7.2 -t
sudo service php7.2-fpm restart
sudo service nginx restart
echo "Complete!"
메일 서버가 필요없는 경우 sudo apt-get -y install sendmail 코드를 주석처리 한다.
