* Github
https://github.com/RestyaPlatform/board
* 인스톨 스크립트 다운로드 후 설치
[code]
$ sudo su
$ wget https://github.com/RestyaPlatform/board/raw/master/restyaboard.sh –no-check-certificate
$ chmod +x restyaboard.sh
$ ./restyaboard.sh
[/code]
* nginx 가상호스트 설정
[code]
$ cp /usr/share/nginx/html/restyaboard.conf /etc/nginx/sites-available/도메인명
$ $sudo ln -s /etc/nginx/sites-available/도메인 /etc/nginx/sites-enabled/도메인명
[/code]
* nginx 서버설정
[code]
server {
listen 80;
server_name 도메인명;
root /usr/share/nginx/html;
index index.html index.php;
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
# gzip_comp_level 9;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
# gzip_http_version 1.1;
gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
client_max_body_size 300M;
rewrite ^/oauth/authorize$ /server/php/authorize.php last;
rewrite ^/oauth_callback/([a-zA-Z0-9_\.]*)/([a-zA-Z0-9_\.]*)$ /server/php/oauth_callback.php?plugin=$1&code=$2 last;
rewrite ^/download/([0-9]*)/([a-zA-Z0-9_\.]*)$ /server/php/download.php?id=$1&hash=$2 last;
rewrite ^/ical/([0-9]*)/([0-9]*)/([a-z0-9]*).ics$ /server/php/ical.php?board_id=$1&user_id=$2&hash=$3 last;
rewrite ^/api/(.*)$ /server/php/R/r.php?_url=$1&$args last;
rewrite ^/api_explorer/api-docs/$ /client/api_explorer/api-docs/index.php last;
location / {
root /usr/share/nginx/html/client;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M";
}
location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) {
root /usr/share/nginx/html/client;
if (-f $request_filename) {
break;
}
rewrite ^/img/([a-zA-Z_]*)/([a-zA-Z_]*)/([a-zA-Z0-9_\.]*)$ /server/php/image.php?size=$1&model=$2&filename=$3 last;
add_header Cache-Control public;
add_header Cache-Control must-revalidate;
expires 7d;
}
}
[/code]
* SSL 인증서 발행
[code]
$sudo systemctl stop nginx
$sudo certbot certonly --standalone -d 도메인
$sudo systemctl start nginx
[/code]
* nginx SSL 설정
[code]
server {
listen 80;
server_name 도메인명;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 도메인명;
ssl_certificate /etc/letsencrypt/live/도메인명/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/도메인명/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 15m;
# Set system wide SSL settings
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
#Forward Secrecy
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
if ($scheme = 'http') {
rewrite ^/(.*)$ https://도메인명/$1 permanent;
}
root /usr/share/nginx/html;
index index.html index.php;
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
# gzip_comp_level 9;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
# gzip_http_version 1.1;
gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
client_max_body_size 300M;
rewrite ^/oauth/authorize$ /server/php/authorize.php last;
rewrite ^/oauth_callback/([a-zA-Z0-9_\.]*)/([a-zA-Z0-9_\.]*)$ /server/php/oauth_callback.php?plugin=$1&code=$2 last;
rewrite ^/download/([0-9]*)/([a-zA-Z0-9_\.]*)$ /server/php/download.php?id=$1&hash=$2 last;
rewrite ^/ical/([0-9]*)/([0-9]*)/([a-z0-9]*).ics$ /server/php/ical.php?board_id=$1&user_id=$2&hash=$3 last;
rewrite ^/api/(.*)$ /server/php/R/r.php?_url=$1&$args last;
rewrite ^/api_explorer/api-docs/$ /client/api_explorer/api-docs/index.php last;
location / {
root /usr/share/nginx/html/client;
}
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M";
}
location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) {
root /usr/share/nginx/html/client;
if (-f $request_filename) {
break;
}
rewrite ^/img/([a-zA-Z_]*)/([a-zA-Z_]*)/([a-zA-Z0-9_\.]*)$ /server/php/image.php?size=$1&model=$2&filename=$3 last;
add_header Cache-Control public;
add_header Cache-Control must-revalidate;
expires 7d;
}
}
[/code]
- Posted
- Filed under 개발/Linux
