우분투 18.04 서버 nginx, php 7.2.x, mariadb 10.3.x 설치 스크립트

by 편리

우분투 18.04 서버 환경에 nginx, php 7.2.x, mariadb 10.3.x 의 최신 버전 설치 스크립트이다. ufw 기본 방화벽설정 및 redis 서버도 추가 설치한다.

#!/bin/bash
# ======================================================================= #
# nginx, php 7.2.x, mariadb 10.3.x install shell script for Ubuntu 18.04
# ======================================================================= #
# Copyright (c) 2018 Seongho Jang https://chicpro.dev
# This script is licensed under MIT
# ======================================================================= #

# Input username, password, domain
while [[ $username == '' ]]
do
    read -p "Enter Username: " username
done

while [[ $password == '' ]]
do
    read -s -p "Enter Password: " password
    echo -e ""
done

while [[ $domain == '' ]]
do
    read -p "Enter domain: " domain
done

# Update package
sudo apt-get update
sudo apt-get -y dist-upgrade

# Set locale
#sudo dpkg-reconfigure locales
sudo apt-get -y install language-pack-ko-base language-pack-ko
sudo locale-gen ko_KR.UTF-8
sudo locale-gen en_US.UTF-8
sudo localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"
source /etc/default/locale

# Install mail
sudo apt-get -y install sendmail
sudo apt-get -y install mailutils

# Create user
sudo groupadd "$username"
sudo useradd -g "$username" -s /bin/bash -m "$username"
echo -e "$password\n$password\n" | sudo passwd "$username"

# Make directory
sudo mkdir -p /home/"$username"/www
sudo chown "$username"."$username" /home/"$username"/www

# Set timezone
sudo timedatectl set-timezone Asia/Seoul
sudo apt-get install -y rdate
sudo /usr/bin/rdate -s time.bora.net; /sbin/hwclock --systohc

# Set time cron
sudo cat > /etc/cron.d/time <<TIMECRON
# set time
14 3 * * 1 root /usr/bin/rdate -s time.bora.net; /sbin/hwclock --systohc
TIMECRON

# Install MariaDB 10.3.x
sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://ftp.harukasan.org/mariadb/repo/10.3/ubuntu bionic main'
sudo apt-get -y install mariadb-server

# Install nginx latest stable version
sudo sh -c "echo 'deb http://nginx.org/packages/ubuntu/ `lsb_release -cs` nginx' >> /etc/apt/sources.list"
#sudo sh -c "echo 'deb-src http://nginx.org/packages/ubuntu/ `lsb_release -cs` nginx' >> /etc/apt/sources.list"
curl http://nginx.org/keys/nginx_signing.key | sudo apt-key add -
sudo apt-get update
sudo apt-get install -y nginx

# Configure nginx.conf
sudo sed -i 's/user  nginx;/user  www-data;/' /etc/nginx/nginx.conf
sudo sed -i 's/worker_processes  1;/worker_processes  auto;/' /etc/nginx/nginx.conf

# Install PHP 7.2.x
sudo apt-get update
sudo apt-get install -y php7.2-cli php7.2-fpm php7.2-bcmath php7.2-bz2 php7.2-common php7.2-curl php7.2-dba php7.2-gd php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-readline php7.2-soap php7.2-xml php7.2-xmlrpc php7.2-zip php7.2-pdo

# Configure php.ini
sudo sed -i 's/;date.timezone =/date.timezone = Asia\/Seoul/' /etc/php/7.2/fpm/php.ini
sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 20M/' /etc/php/7.2/fpm/php.ini
sudo sed -i 's/post_max_size = 8M/post_max_size = 30M/' /etc/php/7.2/fpm/php.ini
sudo sed -i 's/;date.timezone =/date.timezone = Asia\/Seoul/' /etc/php/7.2/cli/php.ini

# nginx configure
sudo service nginx stop

sudo cat > /etc/nginx/php.conf <<PHPCONF
# Block dot file (.htaccess .htpasswd .svn .git .env and so on.)
location ~ /\. {
    deny all;
}

# Block (log file, binary, certificate, shell script, sql dump file) access.
location ~* \.(log|binary|pem|enc|crt|conf|cnf|sql|sh|key)\$ {
    deny all;
}

# Block access
location ~* (composer\.json|contributing\.md|license\.txt|readme\.rst|readme\.md|readme\.txt|copyright|artisan|gulpfile\.js|package\.json|phpunit\.xml)\$ {
    deny all;
}

location = /favicon.ico {
    log_not_found off;
    access_log off;
}

location = /robots.txt {
    log_not_found off;
    access_log off;
}

# Block .php file inside upload folder. uploads(wp), files(drupal), data(gnuboard).
location ~* /(?:uploads|default/files|data)/.*\.php\$ {
    deny all;
}


location ~ [^/]\.php(/|\$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)\$;
    if (!-f \$document_root\$fastcgi_script_name) {
        return 404;
    }

    # flush
    fastcgi_keep_conn on;
    gzip off;
    proxy_buffering off;
    include fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME    \$document_root\$fastcgi_script_name;
    fastcgi_read_timeout 3600;
    fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    fastcgi_index index.php;
}
PHPCONF

sudo cat > /etc/nginx/conf.d/"$domain".conf <<WEBCONF
server {
    listen 80 default_server ;
    server_name $domain www.$domain;
    root /home/$username/www;

    client_max_body_size 30M;

    access_log /var/log/nginx/$domain.access.log;
    error_log  /var/log/nginx/$domain.error.log warn;

    location / {
        index index.php index.html index.htm;
        try_files \$uri \$uri/ /index.php?\$args;
    }

    include /etc/nginx/php.conf ;

}
WEBCONF

# Create database
sudo service mysql restart
while [[ $dbpassword == '' ]]
do
    read -s -p "Enter DB Root Password: " dbpassword
    echo -e ""
done

while ! mysql -u root -p$dbpassword  -e ";" ; do
     read -s -p "Can't connect, Enter DB Root Password: " dbpassword
     echo -e ""
done
mysql -uroot -p${dbpassword} -e "CREATE DATABASE ${username} DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -uroot -p${dbpassword} -e "CREATE USER ${username}@localhost IDENTIFIED BY '${password}';"
mysql -uroot -p${dbpassword} -e "GRANT ALL PRIVILEGES ON ${username}.* TO '${username}'@'localhost';"
mysql -uroot -p${dbpassword} -e "FLUSH PRIVILEGES;"

# DB root login information
sudo cat > ./.my.cnf <<MYCNF
[client]
user=root
password="$dbpassword"
MYCNF

# Install redis
sudo apt -y install redis-server
sudo apt -y install php-redis

# Install composer
sudo apt -y install unzip
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin/
sudo ln -s /usr/local/bin/composer.phar /usr/local/bin/composer

# Setup ufw
sudo systemctl disable netfilter-persistent
sudo ufw default deny
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
sudo ufw status

# Daemon start
echo -e ""
sudo nginx -t
sudo php-fpm7.2 -t
sudo service php7.2-fpm restart
sudo service nginx restart

echo "Complete!"

메일 서버가 필요없는 경우 sudo apt-get -y install sendmail 코드를 주석처리 한다.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.