Debian 9 \u5b89\u88dd Nginx PHP7 Mariadb…<\/p>\n
<\/p>\n
1.\u66f4\u6539\u6642\u5340<\/p>\n
timedatectl set-timezone Asia\/Taipei<\/p>\n
2.Update && Upgrade
\napt-get -y update && apt-get upgrade -y<\/p>\n
3.\u5b89\u88dd\u57fa\u672c\u5957\u4ef6
\napt-get install -y openssl ssl-cert php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli
\nphp7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip php7.0-mysql php7.0-mcrypt bzip2 nginx mariadb-server mariadb-client<\/p>\n
sed -i ‘s\/;cgi.fix_pathinfo=1\/cgi.fix_pathinfo=0\/’ \/etc\/php\/7.0\/fpm\/php.ini<\/p>\n
4.\u8a2d\u5b9a\u4e26\u9a57\u8b49 Mariadb
\nmysql_secure_installation<\/p>\n
mysql -u root -p
\nshow databases; #\u6aa2\u67e5\u76ee\u524d\u7684\u8cc7\u6599\u5eab\u9805\u76ee
\nexit #\u96e2\u958b<\/p>\n
5.\u65b0\u589e\u8cc7\u6599\u5eab
\nCREATE DATABASE wordpress;<\/p>\n
6.\u8cc7\u6599\u5eab\u6b0a\u9650
\nGRANT ALL PRIVILEGES ON wordpress.* TO root@localhost IDENTIFIED BY ‘password’;<\/p>\n
7.\u8cc7\u6599\u5eab\u8a2d\u5b9a\u751f\u6548
\nFLUSH PRIVILEGES;<\/p>\n
8.\u5efa\u7acb SSL
\nmkdir -p \/var\/www\/html\/ssl
\ncd \/var\/www\/html\/ssl
\nopenssl req -new -x509 -days 365 -nodes -out \/var\/www\/html\/ssl\/xxx.crt -keyout \/var\/www\/html\/ssl\/xxx.key
\nchmod 600 xxx.crt
\nchmod 600 xxx.key<\/p>\n
9.\u8a2d\u5b9a\u7ad9\u9ede\u6b0a\u9650\u70bawww-date;
\nchown -R www-data:www-data \/var\/www<\/p>\n
10.\u5efa\u7acb\u7ad9\u9ede<\/p>\n
nano \/etc\/nginx\/conf.d\/xxx.conf<\/p>\n
server {
\nlisten 80;
\nserver_name xxx.com;
\nrewrite ^(.*) https:\/\/$server_name$1 permanent;
\n}<\/p>\n
server {
\nlisten 443;
\nserver_name xxx.com;
\nssl on;<\/p>\n
#SSL Certificate you created
\nssl_certificate \/var\/www\/html\/ssl\/xxx.crt;
\nssl_certificate_key \/var\/www\/html\/ssl\/xxx.key;<\/p>\n
location \/ {
\nroot \/var\/www\/html\/xxx.com;
\nindex index.php index.html index.htm;
\n}<\/p>\n
error_page 500 502 503 504 \/50x.html;
\nlocation = \/50x.html {
\nroot html;
\n}<\/p>\n
location ~ \\.php$ {
\nroot \/var\/www\/html\/xxx.com;
\ntry_files $uri =404;
\nfastcgi_split_path_info ^(.+\\.php)(\/.+)$;
\nfastcgi_pass unix:\/var\/run\/php\/php7.0-fpm.sock;
\nfastcgi_index index.php;
\nfastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
\ninclude fastcgi_params;
\n}
\n}<\/p>\n
11.Install vsftpd
\napt-get install -y vsftpd<\/p>\n
nano \/etc\/vsftpd.conf
\nanonymous_enable=No
\nlocal_enable=YES
\nwrite_enable=YES<\/p>\n
nano \/etc\/ftpusers
\n#root<\/p>\n
12.iptables \u8a2d\u5b9a
\nnano \/etc\/firewall.server #\u5efa\u7acb\u898f\u5247<\/p>\n
##############################################################
\n# http port 80
\niptables -A INPUT -i venet0 -p tcp –dport 80 -j ACCEPT<\/p>\n
# https port 443
\niptables -A INPUT -i venet0 -p tcp –dport 443 -j ACCEPT<\/p>\n
# vsftpd port 21
\niptables -A INPUT -i venet0 -p tcp –dport 21 -j ACCEPT<\/p>\n
# pptpd prot 1723
\niptables -A INPUT -p tcp –dport 1723 -j ACCEPT
\niptables -A OUTPUT -p tcp –sport 1723 -j ACCEPT
\niptables -A INPUT -p gre -j ACCEPT
\niptables -A OUTPUT -p gre -j ACCEPT
\n# NAT
\niptables -t nat -A POSTROUTING -s 192.168.0.0\/24 -o eth0 -j SNAT –to-source x.x.x.x
\niptables -A FORWARD -i ppp+ -j ACCEPT
\niptables -A FORWARD -o ppp+ -j ACCEPT
\niptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE<\/p>\n
##############################################################
\nchmod 700 \/etc\/firewall.server #\u66f4\u6539\u6b0a\u9650
\nsed -i ‘\/^exit 0\/i\\sh \/etc\/firewall.server’ \/etc\/rc.local #\u5728 \/etc\/rc.local \u6700\u5f8c\u4e00\u884c exit 0 \u4e4b\u524d\u52a0\u5165 sh \/etc\/firewall.server<\/p>\n
13.\u5b89\u88ddPPTPD
\napt-get install pptpd<\/p>\n
nano \/etc\/pptpd.conf
\nlocalip 192.168.0.1
\nremoteip 192.168.0.234-238,192.168.0.245
\n#logwtmp<\/p>\n
nano \/etc\/ppp\/options
\nms-dns 8.8.8.8
\nms-dns 8.8.4.4
\nms-dns 168.95.1.1
\n#require-mppe-128<\/p>\n
nano \/etc\/ppp\/chap-secrets
\nname pptpd password *<\/p>\n
nano \/etc\/sysctl.conf
\nnet.ipv4.ip_forward=1<\/p>\n
sysctl -p<\/p>\n
14.\u5b89\u88ddfail2ban
\nyum -y install fail2ban<\/p>\n
15.\u555f\u7528rc.local
\nnano \/etc\/rc.local<\/p>\n
#!\/bin\/sh -e
\n#
\n# rc.local
\n#
\n# This script is executed at the end of each multiuser runlevel.
\n# Make sure that the script will “exit 0” on success or any other
\n# value on error.
\n#
\n# In order to enable or disable this script just change the execution
\n# bits.
\n#
\n# By default this script does nothing.<\/p>\n
exit 0
\nEOF<\/p>\n
chmod +x \/etc\/rc.local<\/p>\n
systemctl start rc-local<\/p>\n","protected":false},"excerpt":{"rendered":"
Debian 9 \u5b89\u88dd Nginx PHP7 Mariadb…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-94","post","type-post","status-publish","format-standard","hentry","category-debian"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/posts\/94","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/twmis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=94"}],"version-history":[{"count":0,"href":"https:\/\/twmis.com\/index.php?rest_route=\/wp\/v2\/posts\/94\/revisions"}],"wp:attachment":[{"href":"https:\/\/twmis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=94"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/twmis.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=94"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/twmis.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=94"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}