우분투 서버 nginx, php 7.2.x, mariadb 10.3.x 설치 스크립트

by 편리

우분투 서버에 nginx 최신 안정버전, php 7.2.x, mariadb 10.3.x 버전 설치를 위한 스크립트이다. 아래 스크립트트를 server.sh 등으로 저장한 후 실행 권한을 준 후 실행한다. 사용자명, 비밀번호, 도메인을 입력받아 설치를 진행하며 DB 생성을 위해 DB root 비밀번호 입력이 필요하다. 스크립트는 우분투 서버 16.04 LTS(64비트)에서 테스트 했다.

#!/bin/bash
# ================================================================== #
# nginx, php 7.2.x, mariadb 10.3.x install shell script for Ubuntu
# ================================================================== #
# Copyright (c) 2018 Seongho Jang https://chicpro.dev
# This script is licensed under MIT
# ================================================================== #

# Input username, password, domain
while [[ $username == '' ]]
do
    read -p "Enter Username: " username
done

while [[ $password == '' ]]
do
    read -s -p "Enter Password: " password
    echo -e ""
done

while [[ $domain == '' ]]
do
    read -p "Enter domain: " domain
done

# Update package
sudo apt-get update
sudo apt-get -y upgrade

# Set locale
#sudo dpkg-reconfigure locales
sudo apt-get -y install language-pack-ko-base language-pack-ko
sudo locale-gen ko_KR.UTF-8
sudo locale-gen en_US.UTF-8
sudo localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"
sudo source /etc/default/locale

# Install mail
sudo apt-get -y install sendmail
sudo apt-get -y install mailutils

# Create user
sudo groupadd "$username"
sudo useradd -g "$username" -s /bin/bash -m "$username"
echo -e "$password\n$password\n" | sudo passwd "$username"

# Make directory
sudo mkdir -p /home/"$username"/www
sudo chown "$username"."$username" /home/"$username"/www

# Set timezone
sudo timedatectl set-timezone Asia/Seoul
sudo apt-get install -y rdate
sudo /usr/bin/rdate -s time.bora.net; /sbin/hwclock --systohc

# Install MariaDB 10.3.x
sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,arm64,i386,ppc64el] http://ftp.kaist.ac.kr/mariadb/repo/10.3/ubuntu '$(lsb_release -cs)' main'
sudo apt-get update
sudo apt-get -y install mariadb-server

# Install nginx latest stable version
sudo sh -c "echo 'deb http://nginx.org/packages/ubuntu/ `lsb_release -cs` nginx' >> /etc/apt/sources.list"
sudo sh -c "echo 'deb-src http://nginx.org/packages/ubuntu/ `lsb_release -cs` nginx' >> /etc/apt/sources.list"
curl http://nginx.org/keys/nginx_signing.key | apt-key add -
sudo apt-get update
sudo apt-get install -y nginx

# Install PHP 7.2.x
sudo apt-get -y install python-software-properties
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt-get install -y php7.2-cli php7.2-fpm php7.2-bcmath php7.2-bz2 php7.2-common php7.2-curl php7.2-dba php7.2-gd php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-readline php7.2-soap php7.2-xml php7.2-xmlrpc php7.2-zip

# nginx configure
sudo service nginx stop

sudo cat > /etc/nginx/conf.d/"$domain".conf <<WEBCONF
server {
    listen 80 default_server ;
    server_name $domain www.$domain ;
    root /home/$username/www ;

    access_log /var/log/nginx/$domain.access.log ;
    error_log  /var/log/nginx/$domain.error.log warn ;

    location / {
        index index.php index.html index.htm ;
    }
    
    include /etc/nginx/php.conf ;
    
}
WEBCONF

# Create database
sudo service mysql restart
while [[ $dbpassword == '' ]]
do
    read -s -p "Enter DB Root Password: " dbpassword
    echo -e ""
done

while ! mysql -u root -p$dbpassword  -e ";" ; do
     read -s -p "Can't connect, Enter DB Root Password: " dbpassword
     echo -e ""
done
mysql -uroot -p${dbpassword} -e "CREATE DATABASE ${username} DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -uroot -p${dbpassword} -e "CREATE USER ${username}@localhost IDENTIFIED BY '${password}';"
mysql -uroot -p${dbpassword} -e "GRANT ALL PRIVILEGES ON ${username}.* TO '${username}'@'localhost';"
mysql -uroot -p${dbpassword} -e "FLUSH PRIVILEGES;"

# Daemon start
echo -e ""
sudo nginx -t
sudo php-fpm7.2 -t
sudo service php7.2-fpm restart
sudo service nginx restart

echo "Complete!"

/etc/nginx/php.conf 파일의 내용은 아래와 같다.

# Block dot file (.htaccess .htpasswd .svn .git .env and so on.)
location ~ /\. {
    deny all;
}

# Block (log file, binary, certificate, shell script, sql dump file) access.
location ~* \.(log|binary|pem|enc|crt|conf|cnf|sql|sh|key)$ {
    deny all;
}

# Block access
location ~* (composer\.json|contributing\.md|license\.txt|readme\.rst|readme\.md|readme\.txt|copyright|artisan|gulpfile\.js|package\.json|phpunit\.xml)$ {
    deny all;
}

location = /favicon.ico {
    log_not_found off;
    access_log off;
}

location = /robots.txt {
    log_not_found off;
    access_log off;
}

# Block .php file inside upload folder. uploads(wp), files(drupal), data(gnuboard).
location ~* /(?:uploads|default/files|data)/.*\.php$ {
    deny all;
}


location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
        return 404;
    }

    # flush
    fastcgi_keep_conn on;
    gzip off;
    proxy_buffering off;
    include fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    fastcgi_read_timeout 3600;
    fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    fastcgi_index index.php;       
}

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.