우분투 18.04 서버 환경에 nginx, php 7.2.x, mariadb 10.3.x 의 최신 버전 설치 스크립트이다. ufw 기본 방화벽설정 및 redis 서버도 추가 설치한다.
#!/bin/bash # ======================================================================= # # nginx, php 7.2.x, mariadb 10.3.x install shell script for Ubuntu 18.04 # ======================================================================= # # Copyright (c) 2018 Seongho Jang https://ncube.net # This script is licensed under MIT # ======================================================================= # # Input username, password, domain while [[ $username == '' ]] do read -p "Enter Username: " username done while [[ $password == '' ]] do read -s -p "Enter Password: " password echo -e "" done while [[ $domain == '' ]] do read -p "Enter domain: " domain done # Update package sudo apt-get update sudo apt-get -y dist-upgrade # Set locale #sudo dpkg-reconfigure locales sudo apt-get -y install language-pack-ko-base language-pack-ko sudo locale-gen ko_KR.UTF-8 sudo locale-gen en_US.UTF-8 sudo localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en" source /etc/default/locale # Install mail sudo apt-get -y install sendmail sudo apt-get -y install mailutils # Create user sudo groupadd "$username" sudo useradd -g "$username" -s /bin/bash -m "$username" echo -e "$password\n$password\n" | sudo passwd "$username" # Make directory sudo mkdir -p /home/"$username"/www sudo chown "$username"."$username" /home/"$username"/www # Set timezone sudo timedatectl set-timezone Asia/Seoul sudo apt-get install -y rdate sudo /usr/bin/rdate -s time.bora.net; /sbin/hwclock --systohc # Set time cron sudo cat > /etc/cron.d/time <<TIMECRON # set time 14 3 * * 1 root /usr/bin/rdate -s time.bora.net; /sbin/hwclock --systohc TIMECRON # Install MariaDB 10.3.x sudo apt-get install software-properties-common sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://ftp.harukasan.org/mariadb/repo/10.3/ubuntu bionic main' sudo apt-get -y install mariadb-server # Install nginx latest stable version sudo sh -c "echo 'deb http://nginx.org/packages/ubuntu/ `lsb_release -cs` nginx' >> /etc/apt/sources.list" #sudo sh -c "echo 'deb-src http://nginx.org/packages/ubuntu/ `lsb_release -cs` nginx' >> /etc/apt/sources.list" curl http://nginx.org/keys/nginx_signing.key | sudo apt-key add - sudo apt-get update sudo apt-get install -y nginx # Configure nginx.conf sudo sed -i 's/user nginx;/user www-data;/' /etc/nginx/nginx.conf sudo sed -i 's/worker_processes 1;/worker_processes auto;/' /etc/nginx/nginx.conf # Install PHP 7.2.x sudo apt-get update sudo apt-get install -y php7.2-cli php7.2-fpm php7.2-bcmath php7.2-bz2 php7.2-common php7.2-curl php7.2-dba php7.2-gd php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-readline php7.2-soap php7.2-xml php7.2-xmlrpc php7.2-zip php7.2-pdo # Configure php.ini sudo sed -i 's/;date.timezone =/date.timezone = Asia\/Seoul/' /etc/php/7.2/fpm/php.ini sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 10M/' /etc/php/7.2/fpm/php.ini sudo sed -i 's/post_max_size = 8M/post_max_size = 20M/' /etc/php/7.2/fpm/php.ini sudo sed -i 's/;date.timezone =/date.timezone = Asia\/Seoul/' /etc/php/7.2/cli/php.ini # nginx configure sudo service nginx stop sudo cat > /etc/nginx/php.conf <<PHPCONF # Block dot file (.htaccess .htpasswd .svn .git .env and so on.) location ~ /\. { deny all; } # Block (log file, binary, certificate, shell script, sql dump file) access. location ~* \.(log|binary|pem|enc|crt|conf|cnf|sql|sh|key)\$ { deny all; } # Block access location ~* (composer\.json|contributing\.md|license\.txt|readme\.rst|readme\.md|readme\.txt|copyright|artisan|gulpfile\.js|package\.json|phpunit\.xml)\$ { deny all; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; } # Block .php file inside upload folder. uploads(wp), files(drupal), data(gnuboard). location ~* /(?:uploads|default/files|data)/.*\.php\$ { deny all; } location ~ [^/]\.php(/|\$) { fastcgi_split_path_info ^(.+?\.php)(/.*)\$; if (!-f \$document_root\$fastcgi_script_name) { return 404; } # flush fastcgi_keep_conn on; gzip off; proxy_buffering off; include fastcgi_params; fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; fastcgi_read_timeout 3600; fastcgi_pass unix:/run/php/php7.2-fpm.sock; fastcgi_index index.php; } PHPCONF sudo cat > /etc/nginx/conf.d/"$domain".conf <<WEBCONF server { listen 80 default_server ; server_name $domain www.$domain; root /home/$username/www; access_log /var/log/nginx/$domain.access.log; error_log /var/log/nginx/$domain.error.log warn; location / { index index.php index.html index.htm; try_files \$uri \$uri/ /index.php?\$args; } include /etc/nginx/php.conf ; } WEBCONF # Create database sudo service mysql restart while [[ $dbpassword == '' ]] do read -s -p "Enter DB Root Password: " dbpassword echo -e "" done while ! mysql -u root -p$dbpassword -e ";" ; do read -s -p "Can't connect, Enter DB Root Password: " dbpassword echo -e "" done mysql -uroot -p${dbpassword} -e "CREATE DATABASE ${username} DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" mysql -uroot -p${dbpassword} -e "CREATE USER ${username}@localhost IDENTIFIED BY '${password}';" mysql -uroot -p${dbpassword} -e "GRANT ALL PRIVILEGES ON ${username}.* TO '${username}'@'localhost';" mysql -uroot -p${dbpassword} -e "FLUSH PRIVILEGES;" # DB root login information sudo cat > ./.my.cnf <<MYCNF [client] user=root password="$dbpassword" MYCNF # Install redis sudo apt -y install redis-server sudo apt -y install php-redis # Install composer sudo apt -y install unzip curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin/ sudo ln -s /usr/local/bin/composer.phar /usr/local/bin/composer # Setup ufw sudo systemctl disable netfilter-persistent sudo ufw default deny sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw enable sudo ufw status # Daemon start echo -e "" sudo nginx -t sudo php-fpm7.2 -t sudo service php7.2-fpm restart sudo service nginx restart echo "Complete!"
메일 서버가 필요없는 경우 sudo apt-get -y install sendmail
코드를 주석처리 한다.