Debian 9 安裝 Nginx PHP7 Mariadb…

Debian 9 安裝 Nginx PHP7 Mariadb…

1.更改時區

timedatectl set-timezone Asia/Taipei

2.Update && Upgrade
apt-get -y update && apt-get upgrade -y

3.安裝基本套件
apt-get install -y openssl ssl-cert php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli
php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip php7.0-mysql php7.0-mcrypt bzip2 nginx mariadb-server mariadb-client

sed -i ‘s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/’ /etc/php/7.0/fpm/php.ini

4.設定並驗證 Mariadb
mysql_secure_installation

mysql -u root -p
show databases; #檢查目前的資料庫項目
exit #離開

5.新增資料庫
CREATE DATABASE wordpress;

6.資料庫權限
GRANT ALL PRIVILEGES ON wordpress.* TO root@localhost IDENTIFIED BY ‘password’;

7.資料庫設定生效
FLUSH PRIVILEGES;

8.建立 SSL
mkdir -p /var/www/html/ssl
cd /var/www/html/ssl
openssl req -new -x509 -days 365 -nodes -out /var/www/html/ssl/xxx.crt -keyout /var/www/html/ssl/xxx.key
chmod 600 xxx.crt
chmod 600 xxx.key

9.設定站點權限為www-date;
chown -R www-data:www-data /var/www

10.建立站點

nano /etc/nginx/conf.d/xxx.conf

server {
listen 80;
server_name xxx.com;
rewrite ^(.*) https://$server_name$1 permanent;
}

server {
listen 443;
server_name xxx.com;
ssl on;

#SSL Certificate you created
ssl_certificate /var/www/html/ssl/xxx.crt;
ssl_certificate_key /var/www/html/ssl/xxx.key;

location / {
root /var/www/html/xxx.com;
index index.php index.html index.htm;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

location ~ \.php$ {
root /var/www/html/xxx.com;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

11.Install vsftpd
apt-get install -y vsftpd

nano /etc/vsftpd.conf
anonymous_enable=No
local_enable=YES
write_enable=YES

nano /etc/ftpusers
#root

12.iptables 設定
nano /etc/firewall.server #建立規則

##############################################################
# http port 80
iptables -A INPUT -i venet0 -p tcp –dport 80 -j ACCEPT

# https port 443
iptables -A INPUT -i venet0 -p tcp –dport 443 -j ACCEPT

# vsftpd port 21
iptables -A INPUT -i venet0 -p tcp –dport 21 -j ACCEPT

# pptpd prot 1723
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
# NAT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT –to-source x.x.x.x
iptables -A FORWARD -i ppp+ -j ACCEPT
iptables -A FORWARD -o ppp+ -j ACCEPT
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

##############################################################
chmod 700 /etc/firewall.server #更改權限
sed -i ‘/^exit 0/i\sh /etc/firewall.server’ /etc/rc.local #在 /etc/rc.local 最後一行 exit 0 之前加入 sh /etc/firewall.server

13.安裝PPTPD
apt-get install pptpd

nano /etc/pptpd.conf
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
#logwtmp

nano /etc/ppp/options
ms-dns 8.8.8.8
ms-dns 8.8.4.4
ms-dns 168.95.1.1
#require-mppe-128

nano /etc/ppp/chap-secrets
name pptpd password *

nano /etc/sysctl.conf
net.ipv4.ip_forward=1

sysctl -p

14.安裝fail2ban
yum -y install fail2ban

15.啟用rc.local
nano /etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will “exit 0” on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0
EOF

chmod +x /etc/rc.local

systemctl start rc-local

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *