2020年VPS筆記( Ubuntu 18.04 LTS)
VPS 啟用Ubuntu 18.04後的安裝步驟 PS.我的VPS預設的角色為root
01.啟用ufw
ufw enable
ufw allow from xxx.xxx.xxx.xxx (填上自己連入的IP)
02.系統升級
aptitude update
aptitude dist-upgrade
03.修改主機名稱(通常預設為IP,我會習慣改成方便管理的名稱)
vi /etc/hostname
04.加入不同版本的php來源
add-apt-repository ppa:ondrej/php
aptitude update
05.安裝nginx、mysql、php
aptitude install nginx mysql-server mysql-client php7.2-fpm php7.2-mysql php7.2-gd php7.2-xml php7.2-mbstring php7.2-zip php7.2-curl php7.2-apcu unzip vim
PS.由於我是用drupal 7.x,所以才會用步驟4,如果把版次拿掉,預設會使用php7.4
PS.如果有不同版本要抽換,可執行 update-alternatives --set php /usr/bin/php7.2
php7.3-fpm php7.3-mysql php7.3-gd php7.3-xml php7.3-mbstring php7.3-zip php7.3-curl php7.3-apcu
06.開通ufw連線
ufw allow 80/tcp
ufw allow 'Nginx HTTP'
ufw allow 'Nginx HTTPS'
07.設定mysql密碼 ( yourpassword 要換成自己的密碼 )
mysql -u root
DROP USER 'root'@'localhost';
CREATE USER 'root'@'localhost' IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION;
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yourpassword');
FLUSH PRIVILEGES;
08.安裝drush
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
composer global require drush/drush:8.3.5
alias drush='/usr/bin/php ~/.composer/vendor/drush/drush/drush.php'
drush init
PS.由於我是要用Drupal 7.x所以才在global選用8.3.5版 ( 版次可 參考 )
PS.alias drush='/usr/bin/php ~/.config/composer/vendor/drush/drush/drush.php' <= 這段也有可能是這樣,就依照當時安裝的路徑找一下
9.設定nginx (drupal 7.x)
vi /etc/nginx/sites-enabled/sitename
sitename 值可參考
server {
server_name www.sitename.com;
root /var/www/sitename; ## <-- Your only path reference.
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /ads.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
# try_files $uri @rewrite; # For Drupal <= 6
try_files $uri /index.php?$query_string; # For Drupal >= 7
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
# In Drupal 8, we must also match new paths where the '.php' appears in
# the middle, such as update.php/selection. The rule we use is strict,
# and only allows this pattern with the update.php front controller.
# This allows legacy path aliases in the form of
# blog/index.php/legacy-path to continue to route to Drupal nodes. If
# you do not have any paths like that, then you might prefer to use a
# laxer rule, such as:
# location ~ \.php(/|$) {
# The laxer rule will continue to work if Drupal uses this new URL
# pattern with front controllers other than update.php in a future
# release.
location ~ '\.php$|^/update.php' {
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
# Security note: If you're running a version of PHP older than the
# latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
# See http://serverfault.com/q/627903/94922 for details.
include fastcgi_params;
# Block httpoxy attacks. See https://httpoxy.org/.
fastcgi_param HTTP_PROXY "";
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
# PHP 5 socket location.
#fastcgi_pass unix:/var/run/php5-fpm.sock;
# PHP 7 socket location.
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
# Fighting with Styles? This little gem is amazing.
# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
# Handle private files through Drupal. Private file's path can come
# with a language prefix.
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
}10.安裝drupal7
mysqladmin -u root create sitename
cd /var/www/
drush dl drupal-7
mv drupal-7.71 sitename
chown -R www-data:www-data /var/www/sitename
11.安裝SSL使用 certbot
add-apt-repository ppa:certbot/certbot
aptitude install python-certbot-nginx
certbot -d sitename.com -d www.sitename.com
12.更改時區
dpkg-reconfigure tzdata
留言