* Github
https://github.com/RestyaPlatform/board


* 인스톨 스크립트 다운로드 후 설치
$ sudo su
$ wget https://github.com/RestyaPlatform/board/raw/master/restyaboard.sh –no-check-certificate
$ chmod +x restyaboard.sh
$ ./restyaboard.sh



* nginx 가상호스트 설정
$ cp /usr/share/nginx/html/restyaboard.conf /etc/nginx/sites-available/도메인명
$ $sudo ln -s /etc/nginx/sites-available/도메인 /etc/nginx/sites-enabled/도메인명



* nginx 서버설정
server {
    listen 80;
    server_name 도메인명;

    root /usr/share/nginx/html;
    index  index.html index.php;

    gzip on;
    gzip_disable "msie6";

    gzip_comp_level 6;
    # gzip_comp_level 9;
    gzip_min_length  1100;
    gzip_buffers 16 8k;
    gzip_proxied any;
    # gzip_http_version 1.1;
    gzip_types       text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;

    client_max_body_size 300M;

    rewrite ^/oauth/authorize$ /server/php/authorize.php last;
    rewrite ^/oauth_callback/([a-zA-Z0-9_\.]*)/([a-zA-Z0-9_\.]*)$ /server/php/oauth_callback.php?plugin=$1&code=$2 last;
    rewrite ^/download/([0-9]*)/([a-zA-Z0-9_\.]*)$ /server/php/download.php?id=$1&hash=$2 last;
    rewrite ^/ical/([0-9]*)/([0-9]*)/([a-z0-9]*).ics$ /server/php/ical.php?board_id=$1&user_id=$2&hash=$3 last;
    rewrite ^/api/(.*)$ /server/php/R/r.php?_url=$1&$args last;
    rewrite ^/api_explorer/api-docs/$ /client/api_explorer/api-docs/index.php last;
        
    location / {
        root /usr/share/nginx/html/client;
    }

    location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass    unix:/run/php/php7.2-fpm.sock;
        fastcgi_index   index.php;
        fastcgi_param    SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M";
    }

    location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) {
        root /usr/share/nginx/html/client;
        if (-f $request_filename) {
            break;
        }
        rewrite ^/img/([a-zA-Z_]*)/([a-zA-Z_]*)/([a-zA-Z0-9_\.]*)$ /server/php/image.php?size=$1&model=$2&filename=$3 last;
        add_header        Cache-Control public;
        add_header        Cache-Control must-revalidate;
        expires           7d;
    }
}



* SSL 인증서 발행
$sudo systemctl stop nginx
$sudo certbot certonly --standalone -d 도메인
$sudo systemctl start nginx



* nginx SSL 설정
server {
    listen 80;
    server_name 도메인명;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name 도메인명;

    ssl_certificate      /etc/letsencrypt/live/도메인명/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/도메인명/privkey.pem;

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  15m;

    # Set system wide SSL settings
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

    #Forward Secrecy
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

    if ($scheme = 'http') {
        rewrite  ^/(.*)$  https://도메인명/$1 permanent;
    }


    root /usr/share/nginx/html;
    index  index.html index.php;

    gzip on;
    gzip_disable "msie6";

    gzip_comp_level 6;
    # gzip_comp_level 9;
    gzip_min_length  1100;
    gzip_buffers 16 8k;
    gzip_proxied any;
    # gzip_http_version 1.1;
    gzip_types       text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;

    client_max_body_size 300M;

    rewrite ^/oauth/authorize$ /server/php/authorize.php last;
    rewrite ^/oauth_callback/([a-zA-Z0-9_\.]*)/([a-zA-Z0-9_\.]*)$ /server/php/oauth_callback.php?plugin=$1&code=$2 last;
    rewrite ^/download/([0-9]*)/([a-zA-Z0-9_\.]*)$ /server/php/download.php?id=$1&hash=$2 last;
    rewrite ^/ical/([0-9]*)/([0-9]*)/([a-z0-9]*).ics$ /server/php/ical.php?board_id=$1&user_id=$2&hash=$3 last;
    rewrite ^/api/(.*)$ /server/php/R/r.php?_url=$1&$args last;
    rewrite ^/api_explorer/api-docs/$ /client/api_explorer/api-docs/index.php last;
        
    location / {
        root /usr/share/nginx/html/client;
    }

    location ~ \.php$ {
        try_files $uri =404;
        include fastcgi_params;
        fastcgi_pass    unix:/run/php/php7.2-fpm.sock;
        fastcgi_index   index.php;
        fastcgi_param    SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PHP_VALUE "upload_max_filesize=9G \n post_max_size=9G \n max_execution_time=200 \n max_input_time=200 \n memory_limit=256M";
    }

    location ~* \.(css|js|less|html|ttf|woff|jpg|jpeg|gif|png|bmp|ico|pdf|doc|docx|xls|xlx|txt|ppt|pptx|mp4|webm|mkv|wmv|avi|mp3) {
        root /usr/share/nginx/html/client;
        if (-f $request_filename) {
            break;
        }
        rewrite ^/img/([a-zA-Z_]*)/([a-zA-Z_]*)/([a-zA-Z0-9_\.]*)$ /server/php/image.php?size=$1&model=$2&filename=$3 last;
        add_header        Cache-Control public;
        add_header        Cache-Control must-revalidate;
        expires           7d;
    }
}
2020/03/15 18:50 2020/03/15 18:50

Comment on this post!