Command
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable"
sudo apt update
sudo apt-cache policy docker-ce
sudo apt install docker-ce
docker ps
sudo apt update
sudo apt-get install build-essential tcl wget
cd /tmp
wget -c http://download.redis.io/releases/redis-7.2.5.tar.gz
tar -xvf redis-7.2.5.tar.gz
cd redis-7.2.5
make
sudo make install
cd utils/
sudo ./install_server.sh
Noted: if there are error while you bash this install_server.sh .
This one code can fix.
vi ./install_server.sh
## comment it
#bail if this system is managed by systemd
#_pid_1_exe="$(readlink -f /proc/1/exe)"
#if [ "${_pid_1_exe##*/}" = systemd ]
#then
# echo "This systems seems to use systemd."
# echo "Please take a look at the provided example service unit files in this directory, and adapt and install them. Sorry!"
# exit 1
#fi
sudo systemctl start redis_6379
sudo apt update
sudo apt install nginx
nginx settings sample in php :
server {
listen 80;
listen [::]:80;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/sample_folder_name/projectt-server/public;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
# pass PHP scripts to FastCGI server
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
location ~ \.(php|html|htm)$ {
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
#proxy_buffer_size 128k;
#proxy_buffers 4 256k;
#proxy_busy_buffers_size 256k;
fastcgi_buffers 4 256k;
fastcgi_buffer_size 128k;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
#
#
server {
listen 80;
listen [::]:80;
#client_max_body_size 20M;
# listen 443 ssl;
# SSL configuration
#ssl on;
#listen 80;
#root /var/www/sample_folder_name/admin;
#server_name dnwnshqk-808.com;
#listen [::]:8080 ssl default_server;
#ssl on;
#ssl_certificate /root/ssl/ngnix-ssl.crt;
#ssl_certificate_key /root/ssl/ngnix-ssl.key;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/sample_folder_name/admin;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
#server_name _
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE
"error_log=/var/log/nginx/application_php_errors.log";
fastcgi_buffering on;
fastcgi_buffers 4 256k;
fastcgi_buffer_size 128k;
include fastcgi_params;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
fastcgi_connect_timeout 600s;
fastcgi_send_timeout 600s;
fastcgi_read_timeout 600s;
sendfile on;
tcp_nopush off;
keepalive_requests 0;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
System nginx :
#Vue js build
server {
listen 80;
listen [::]:80;
root /var/www/member;
index index.html index.htm;
server_name _; # if there are domain just change '_' to domain
# Caching for static files (adjust file types and caching duration as needed)
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# Enable Gzip compression for various file types
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml
application/xml application/xml+rss text/javascrip>
# Custom error pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}
}
#end=
#backend laravel
server {
listen 80;
listen [::]:80;
client_max_body_size 20M;
root /opt/offcasino/backend/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name _; # if there are domain just change '_' to domain
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
location ~ \.(php|html|htm)$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 4 256k;
fastcgi_buffer_size 128k;
}
}
_nginx proxy socket: _
server {
listen 80;
server_name offcasino-soketio.com;
location /socket.io/ {
proxy_pass http://172.31.2.4:3000/socket.io/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://172.31.2.4:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
nginx proxy :
server {
listen 80;
server_name _;
location / {
proxy_pass http://192.168.5.2:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
sudo apt update
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt-get install -y nodejs
Install pm2 :
npm install -g pm2@latest
sudo apt-get update
sudo apt -y install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt-get install -y php8.2\
php8.2-cli\
php8.2-fpm\
php8.2-common\
php8.2-zip\
php8.2-gd\
php8.2-xml\
php8.2-bcmath\
php8.2-intl\
php8.2-curl\
php8.2-mbstring\
php8.2-mysqli\
php8.2-redis
cd ~
curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
HASH=`curl -sS https://composer.github.io/installer.sig`
echo $HASH
php -r "if (hash_file('SHA384', '/tmp/composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
sudo php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer
sudo apt install software-properties-common gnupg apt-transport-https ca-certificates -y
curl -fsSL https://pgp.mongodb.com/server-7.0.asc |\
sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" |\
sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list
sudo apt update
sudo apt install mongodb-org -y
sudo systemctl start mongod
sudo systemctl enable mongod
sudo apt update
sudo apt install mariadb-server
sudo mysql_secure_installation
my.cnf :
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mysqld standalone daemon
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /run/mysqld/mysqld.pid
socket = /run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
skip-name-resolve
# Broken reverse DNS slows down connections considerably and name resolve is
# safe to skip if there are no "host by domain name" access grants
#skip-name-resolve
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 0.0.0.0
#
# * Fine Tuning
#
key_buffer_size = 64M
max_allowed_packet = 64M
connect_timeout = 10
wait_timeout = 28800
thread_cache_size = 128
sort_buffer_size = 4M
bulk_insert_buffer_size = 16M
tmp_table_size = 64M
max_heap_table_size = 64M
myisam_recover_options = BACKUP
myisam_sort_buffer_size = 64M
max_connections = 200
table_open_cache = 400
concurrent_insert = 2
read_buffer_size = 2M
read_rnd_buffer_size = 1M
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 32M
#
# * Logging and Replication
#
log_warnings = 2
general_log_file = /var/log/mysql/mysql.log
general_log = 1
log_error = /var/log/mysql/error.log
slow_query_log = 1
slow_query_log_file = /var/log/mysql/mariadb-slow.log
long_query_time = 1
log_slow_verbosity = query_plan
log_bin_trust_function_creators = 1
expire_logs_days = 2
max_binlog_size = 100M
#
# * SSL/TLS
#
# For documentation, please read
# https://mariadb.com/kb/en/securing-connections-for-client-and-server/
#ssl-ca = /etc/mysql/cacert.pem
#ssl-cert = /etc/mysql/server-cert.pem
#ssl-key = /etc/mysql/server-key.pem
#require-secure-transport = on
#
# * Character sets
#
# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
# utf8 4-byte character set. See also client.cnf
character-set-server = utf8
collation-server = utf8_general_ci
init_connect='SET NAMES utf8'
#
# * InnoDB
#
default_storage_engine = InnoDB
innodb_buffer_pool_size = 6G
innodb_log_buffer_size = 16M
innodb_file_per_table = 1
innodb_open_files = 400
innodb_io_capacity = 200
innodb_flush_method = O_DIRECT
innodb_lock_wait_timeout = 50
innodb_log_files_in_group = 2
innodb_log_file_size = 1G
join_buffer_size = 4M
# this is only for embedded server
[embedded]
# This group is only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadb]
# This group is only read by MariaDB-10.6 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-10.6]
sudo systemctl restart mariadb
Create user using mariadb :
mysq -u root -p
mysql> GRANT ALL PRIVILEGES ON *.* TO 'username'@'%' IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES;
sudo apt update
sudo apt install mysql-server-8.0
sudo mysql_secure_installation
my.cnf :
# The MySQL database server configuration file.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 24045
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
lc_messages = en_US
skip-external-locking
skip-name-resolve
sql_mode=STRICT_TRANS_TABLES,NO_ENGINE_SUBSTITUTION
# If MySQL is running as a replication slave, this should be
# changed. Ref https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_tmpdir
# tmpdir = /tmp
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 192.168.100.72
#mysqlx-bind-address = 192.168.100.72
bind-address = 0.0.0.0
mysqlx-bind-address = 0.0.0.0
#
# * Fine Tuning
#
key_buffer_size = 32M
max_connections = 2000
connect_timeout = 10
wait_timeout = 28800
max_allowed_packet = 512M
thread_cache_size = 512
sort_buffer_size = 16M
bulk_insert_buffer_size = 256M
tmp_table_size = 64M
join_buffer_size = 8M
# thread_stack = 256K
# thread_cache_size = -1
#
# * MyISAM
#
myisam-recover-options = BACKUP
# max_connections = 151
# table_open_cache = 4000
# thread_concurrency = 10
#
# * Query Cache Configuration
#
# query_cache_limit = 2M # Removed as this is deprecated
# query_cache_size = 64M # Removed as this is deprecated
#
# * Logging and Replication
#
# Both locations get rotated by the cronjob.
#
# Log all queries
# Be aware that this log type is a performance killer.
general_log_file = /var/log/mysql/query.log
general_log = 1
#
# Error log - should be very few entries.
#
# log_warnings = 2
log_error = /var/log/mysql/error.log
#
# Here you can see queries with especially long duration
slow_query_log = 1
slow_query_log_file = /var/log/mysql/mysql-slow.log
long_query_time = 1
# log_slow_verbosity = query_plan
# log-queries-not-using-indexes
log_bin_trust_function_creators = 1
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
# server-id = 1
log_bin = /var/log/mysql/mysql-bin.log
binlog_expire_logs_seconds = 864000 # Adjusted to use binlog_expire_logs_seconds instead of expire_logs_days
# binlog_do_db = include_database_name
# binlog_ignore_db = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
default_storage_engine = InnoDB
innodb_buffer_pool_size = 15G
innodb_buffer_pool_instances = 64
innodb_flush_log_at_trx_commit = 1
innodb_flush_method = O_DIRECT
innodb_log_files_in_group = 2 # Deprecated, adjusted in innodb_redo_log_capacity
innodb_log_file_size = 4G # Deprecated, adjusted in innodb_redo_log_capacity
innodb_redo_log_capacity = 8G # Adjusted to replace innodb_log_file_size and innodb_log_files_in_group
innodb_log_buffer_size = 512M
innodb_lock_wait_timeout = 50
innodb_thread_concurrency = 0
innodb_write_io_threads = 32
innodb_read_io_threads = 32
innodb_io_capacity = 2000
innodb_file_per_table = 1
innodb_open_files = 4000
innodb_sort_buffer_size = 64M # Adjusted to match max allowed value
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
init_connect='SET collation_connection = utf8_general_ci'
init_connect='SET NAMES utf8'
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci # Adjusted to use utf8mb4
sudo systemctl restart mysql
Create user using mysql :
mysq -u root -p
MariaDB [(none)]> CREATE USER 'username'@'%' IDENTIFIED BY 'password';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'username'@'%';
MariaDB [(none)]> FLUSH PRIVILEGES;
#!/bin/bash
while true
do
clear # Clear the terminal
current_date=$(date +"%d/%m/%Y %H:%M:%S") # Get the current date and time
echo "Running date: $current_date" # Print the current date and time
echo -n "Enter new date and time (DD/MM/YYYY HH:MM:SS), or 'stop' to end: "
read new_datetime
if [[ $new_datetime == "stop" ]]; then
final_date=$(date +"%d/%m/%Y %H:%M:%S")
echo "Stopped. Final date and time: $final_date"
break
elif [[ $new_datetime =~ ^([0-2]?[0-9]|3[0-1])/(0?[1-9]|1[0-2])/([0-9]{4})\s+([01]?[0-9]|2[0-3]):([0-5]?[0-9]):([0-5]?[0-9])$ ]]; then
new_datetime=$(date -d "$new_datetime" +"%Y-%m-%d %H:%M:%S")
sudo date -s "$new_datetime" >/dev/null 2>&1 # Set the new system date and time
if [ $? -eq 0 ]; then
echo "Date and time changed to: $new_datetime"
else
echo "Failed to set the new date and time. Please try again."
fi
else
echo "Invalid date and time format. Please enter in DD/MM/YYYY HH:MM:SS format."
fi
sleep 1 # Wait for 1 second before updating again
done
#!/bin/bash
yymmdd=`date +"%Y%m%d_%H%M%S"`
target_path="/mysql_dump"
user="manager2"
dbname='main'
cd $target_path && rm -rf *
mysqldump --routines --events --single-transaction --comments -h126.249.190.185 -P 24045 -u$user -p'ProjecT 24 #@!'--databases $dbname > $target_path/dump.sql
change bash command :
nano .bashrc
PS1="\[\033[01;31m\]┌── \u 😃 \[\033[01;32m\]\h\n\[\033[01;31m\]├── \[\033[1;36m\]Path location 👉 \[\033[01;33m\]\w\n\[\033[01;31m\]└── \[\033[0;37m\]"
source ~/.bashrc
## Another settings in nginx and php
## NGINX
cd /etc/nginx/sites-enabled
## Edit nginx setting and add this After this restart nginx
fastcgi_read_timeout 300; # This sets the timeout to 300 seconds
## In PHP
nano /etc/php/7.4/fpm/pool.d/www.conf
## Edit this and after this restart fpm
pm.max_children = 50
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 35
For Database ( docker-compose.yml )
version: '2.3'
services:
mysql:
restart: always
image: mariadb:10.3
container_name: groundlink-mysql
ports:
- "3307:3306"
volumes:
- /docker/mysql:/var/lib/mysql
- ./config/my.cnf:/etc/mysql/my.cnf
- /dumps:/dumps
networks:
- mysqlnetwork
environment:
- MYSQL_ROOT_PASSWORD=vG7n4AP9NSCmXNLg
- MYSQL_DATABASE=local
- MYSQL_USER=developer
- MYSQL_PASSWORD=4jyKJfXg2Cwn8ZfR
- PMA_ARBITRARY=1
- PMA_HOST=mysql
- PMA_PORT=3306
- PMA_USER=phpmyadmin
- PMA_PASSWORD=fRPY5Gq4XkMnnvv9
- TZ=Asia/Seoul
mysql-admin:
restart: always
image: phpmyadmin/phpmyadmin
container_name: groundlink-phpmyadmin
ports:
- "1000:80"
networks:
- mysqlnetwork
depends_on:
- mysql
environment:
- PMA_HOST=mysql
- PMA_PORT=3306
- PMA_USER=root
- PMA_PASSWORD=vG7n4AP9NSCmXNLg
- TZ=Asia/Seoul
redis-server:
restart: always
image: redis:4.0
container_name: groundlink-redis
command: /bin/bash -c 'redis-server --appendonly yes'
sysctls:
- net.core.somaxconn=65535
ports:
- "6380:6379"
volumes:
- /docker/redis:/data
networks:
- mysqlnetwork
environment:
- TZ=Asia/Seoul
volumes:
mysql:
driver: local
redis:
driver: local
networks:
mysqlnetwork:
driver: bridge
Dockerfile php :
FROM php:7.3-fpm
RUN apt-get update && apt-get install -y \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
&& docker-php-ext-install -j$(nproc) iconv \
&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j$(nproc) gd
RUN docker-php-ext-install pdo_mysql pdo mysqli
RUN \
curl 'http://pecl.php.net/get/redis-3.1.5.tgz' -o /tmp/redis-3.1.5.tgz \
&& cd /tmp \
&& pecl install redis-3.1.5.tgz \
&& rm -rf redis-3.1.5.tgz \
&& docker-php-ext-enable redis \
for php docker-compose.yml
version: "2"
services:
nginx-kwin:
container_name: 'kwin-nginx'
image: nginx
restart: always
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- /www/kwin:/usr/share/nginx/html
ports:
- "2009:80"
- "3009:81"
links:
- php-kwin:php
environment:
- TZ=Asia/Seoul
php-kwin:
container_name: 'kwin-php'
build: ./php
restart: always
expose:
- "9000"
volumes:
- /www/kwin:/usr/share/nginx/html
- ./php/php.ini:/usr/local/etc/php/php.ini
environment:
- TZ=Asia/Seoul
nginx setting for docker:
–> default.conf :
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
root /usr/share/nginx/html/projectt-server/public;
index index.php index.html index.htm;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 81;
server_name admin-localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
root /usr/share/nginx/html/admin;
index index.php index.html index.htm;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
—> nginx.conf :
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name localhost;
root /var/www/html/projectt-server/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
}
}
ModSecurity for NGINX, also known as ModSecurity-nginx, is a web application firewall module for the NGINX web server. It provides similar functionality to the original ModSecurity module for Apache, but is designed to work specifically with the NGINX web server.
Like the Apache module, ModSecurity-nginx analyzes incoming HTTP traffic and applies a set of predefined security rules to identify and block malicious or suspicious requests. It can also be configured to log request data and perform various other actions, such as blocking specific IP addresses or user agents.
First you need to install NGINX and get version.
sudo apt install nginx
sudo apt-get install libtool\
autoconf\
build-essential\
libpcre3-dev\
zlib1g-dev\
libssl-dev\
libxml2-dev\
libgeoip-dev\
liblmdb-dev\
libyajl-dev\
libcurl4-openssl-dev\
libpcre++-dev\
pkgconf\
libxslt1-dev\
libgd-dev\
automake
cd /opt
git clone --depth 100 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
cd ModSecurity
git submodule init && git submodule update
sh build.sh
./configure
make
make install
cd /opt
git clone https://github.com/SpiderLabs/ModSecurity-nginx
cd ModSecurity-nginx
nginx -v
# output nginx version: nginx/1.14.0 (Ubuntu)
# please remind modsecurity is based in nginx version be carefull to install.
# because you can encounter more errors.
cd /opt
wget https://nginx.org/download/nginx-<you nginx version>.tar.gz
tar -xzvf nginx-<you nginx version>.tar.gz
cd nginx-<you nginx version>
sudo apt-get install libssl-dev\
zlib1g-dev\
libxslt-dev\
libgd-dev\
libgeoip-dev
nginx -V
### Output should like this
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.1 11
Sep 2018 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-YlUNvj/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module
--with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic
--with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
NOTE : Copy value of TLS SNI support enabled configure arguments :
sh configure <configure-argument> --add-dynamic-module="../ModSecurity-nginx"
## should be like this
sh configure --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-YlUNvj/nginx-1.14.0=.
-fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/
log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr
/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/
lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx
/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
--with-http_ssl_module --with-http_stub_status_module --with-http_realip_module
--with-http_auth_request_module --with-http_v2_module --with-http_dav_module
--with-http_slice_module --with-threads --with-http_addition_module
--with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module
--with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic
--with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
--add-dynamic-module="../ModSecurity-nginx"
## Output should be like this
Configuration summary
+ using threads
+ using system PCRE library
+ using system OpenSSL library
+ using system zlib library
nginx path prefix: "/usr/share/nginx"
nginx binary file: "/usr/share/nginx/sbin/nginx"
nginx modules path: "/usr/lib/nginx/modules"
nginx configuration prefix: "/etc/nginx"
nginx configuration file: "/etc/nginx/nginx.conf"
nginx pid file: "/run/nginx.pid"
nginx error log file: "/var/log/nginx/error.log"
nginx http access log file: "/var/log/nginx/access.log"
nginx http client request body temporary files: "/var/lib/nginx/body"
nginx http proxy temporary files: "/var/lib/nginx/proxy"
nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
nginx http uwsgi temporary files: "/var/lib/nginx/uwsgi"
nginx http scgi temporary files: "/var/lib/nginx/scgi"
make modules
ls objs
# Output should like this.
root@server-admin:/opt/nginx-1.14.0# ls objs
addon ngx_http_image_filter_module_modules.o src
autoconf.err ngx_http_image_filter_module.so ngx_stream_module_modules.c
Makefile ngx_http_modsecurity_module_modules.c ngx_http_modsecurity_module.so
ngx_auto_config.h ngx_http_modsecurity_module_modules.o
ngx_auto_headers.h ngx_http_xslt_filter_module_modules.c
ngx_stream_module_modules.o ngx_http_xslt_filter_module_modules.o
ngx_http_geoip_module_modules.c ngx_http_xslt_filter_module.so
ngx_stream_module.so ngx_mail_module_modules.c
ngx_http_geoip_module_modules.o ngx_mail_module_modules.o
ngx_http_geoip_module.so ngx_mail_module.so
ngx_http_image_filter_module_modules.c ngx_modules.c
cd /opt/nginx-1.14.0
# Create a folder inside your nginx called `_modules`.
mkdir /etc/nginx/_modules
# Copy `ngx_https_modsecurity_module.so` to the newly created folder.
cp objs/ngx_http_modsecurity_module.so /etc/nginx/_modules
# The next thing to do is to modify your `nginx.conf` file located on `/etc/nginx/nginx.conf`.
nano /etc/nginx/nginx.conf
## At the beginning you can see the following:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
All you have to to is insert load_module /etc/nginx/_modules/ngx_http_modsecurity_module.so after include /etc/nginx/modules-enabled/*.conf;
The settings will look like this:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
load_module /etc/nginx/_modules/ngx_http_modsecurity_module.so;
events {
worker_connections 768;
# multi_accept on;
}
With this, ModSecurity for NGINX has been loaded.
Let’s go back to our /opt folder to setup a ruleset. Once you are on the folder we will clone another git from https://github.com/coreruleset/coreruleset.
cd /opt
git clone https://github.com/coreruleset/coreruleset modsecurity-crs
cd modsecurity-crs
Inside the folder you can the following folder:
CHANGES.md CONTRIBUTORS.md docs KNOWN_BUGS.md plugins regex-assembly SECURITY.md tests
CONTRIBUTING.md crs-setup.conf.example INSTALL LICENSE README.md rules SPONSORS.md util
You will have to rename crs-setup.conf.example to crs-setup.conf. You can do it by executing the following commands:
mv crs-setup.conf.example crs-setup.conf
mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
This will rename our request exclusion rules.
The next thing to do is to move it to the user local directory. First thing’s first, let’s go back into our /opt.
mv /opt/modsecurity-crs /usr/local
The now have the following folders in your local directory.
/usr/local/modsecurity
/usr/local/modsecurity-crs
Let’s create the folder for ModSecurity Configuration by executing the following commands:
mkdir -p /etc/nginx/modsec
The files that we need for the ModSecurity Configuration are unicode.mapping and mv modsecurity.conf-recommended. We will be replace mv modsecurity.conf-recommended to modsecurity.conf.
cp /opt/ModSecurity/unicode.mapping /etc/nginx/modsec/
mv /opt/ModSecurity/modsecurity.conf-recommended /opt/ModSecurity/modsecurity.conf
cp /opt/ModSecurity/modsecurity.conf /etc/nginx/modsec/
Your /etc/nginx/modsec will not look like this if you use ls.
modsecurity.conf unicode.mapping
Now that we are done with the setup of the files. What you need to understand is that you can configure ModSecurity.
You can see the configuration in /etc/nginx/modsec/modsecurity.conf which is the file that you have created before.
nano /etc/nginx/modsec/modsecurity.conf
The settings thing that you need to change is:
SecRuleEngine DetectionOnly
You have to set this to On therefore it will look like this:
SecRuleEngine On
This enables the security instead of just detecting it.
In addition to ModSecurity File we now need to create a main configuration file. Inside the /etc/nginx/modsec/ create a main configuration file. /etc/nginx/modsec/main.conf.
nano /etc/nginx/modsec/main.conf
Inside this the main configuration file. Add the following:
Include /etc/nginx/modsec/modsecurity.conf
Include /usr/local/modsecurity-crs/crs-setup.conf
Include /usr/local/modsecurity-crs/rules/*.conf
In order to apply ModSecurity to your website, you have to edit the sites-available configuration of your website.
For example we are going to modify our /etc/nginx/sites-available/default.
server {
listen 50 default_server;
listen [::]:50 default_server;
root /var/www/test_bets;
index index.html index.htm index.nginx-debian.html index.php;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
}
In between, the root /var/www/test_bets and index index.html index.htm we must add the following:
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
Therefore it will look like this
server {
listen 50 default_server;
listen [::]:50 default_server;
root /var/www/test_bets;
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
index index.html index.htm index.nginx-debian.html index.php;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
}
The last thing to do is to restart nginx and check if everything is working out correctly.
systemctl reload nginx systemctl restart nginx
You can simple test if it’s working, using a simple CURL command.
curl http://<ip-address>/index.php?exec=/bin/bash
If it’s working correctly, you should get:
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.14.0 (Ubuntu)</center>
</body>
</html>
The module is configured to protect web applications from various attacks. ModSecurity supports flexible rule engine to perform both simple and complex operations. It comes with a Core Rule Set (CRS) which has various rules for:
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 136.158.39.59 -p tcp -m tcp --dport 185 -j ACCEPT
iptables -A INPUT -s 192.168.5.2 -p tcp -m tcp --dport 185 -j ACCEPT
136.158.39.59 and 192.168.5.2.iptables -A INPUT -s 192.168.5.2 -p tcp -m tcp --dport 24045 -j ACCEPT
iptables -A INPUT -s 192.168.5.2 -p tcp -m tcp --dport 37421 -j ACCEPT
iptables -A INPUT -s 192.168.5.2 -p tcp -m tcp --dport 10520 -j ACCEPT
Purpose: These rules allow TCP traffic on ports 24045, 37421, and 10520 from the source IP address 192.168.5.2.
iptables -A INPUT -p tcp -m tcp --dport 37421 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 10520 -j ACCEPT
Purpose: These rules allow any TCP traffic on ports 37421 and 10
iptables -A INPUT -p tcp -m tcp --dport 123 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 37 -j ACCEPT
Purpose: These rules allow TCP traffic on ports 123 (NTP) and 37 (Time Protocol).
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j DROP
In summary, these iptables rules create a firewall configuration that:
To make it fast to set up iptables.
All Combine Code :
cd /opt && mkdir iptables-settings
cd iptables-settings
nano save.sh
### filename save.sh
# Loopback Interface Acceptance:
iptables -A INPUT -i lo -j ACCEPT
# Accept TCP Traffic from Specific IPs on Port 185:
iptables -A INPUT -s 136.158.39.59 -p tcp -m tcp --dport 185 -j ACCEPT
iptables -A INPUT -s 192.168.5.2 -p tcp -m tcp --dport 185 -j ACCEPT
# Accept TCP Traffic from 192.168.5.2 on Specific Ports:
iptables -A INPUT -s 192.168.5.2 -p tcp -m tcp --dport 24045 -j ACCEPT
iptables -A INPUT -s 192.168.5.2 -p tcp -m tcp --dport 37421 -j ACCEPT
iptables -A INPUT -s 192.168.5.2 -p tcp -m tcp --dport 10520 -j ACCEPT
# Accept TCP Traffic on Specific Ports:
iptables -A INPUT -p tcp -m tcp --dport 37421 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 10520 -j ACCEPT
# Accept TCP Traffic on Common Service Ports:
iptables -A INPUT -p tcp -m tcp --dport 123 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 37 -j ACCEPT
# Allow Established and Related Connections:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Drop All Other Traffic:
iptables -A INPUT -j DROP
nano reset.sh
## filename reset.sh
iptables-save > iptables_backup.txt
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
bash reset.sh && bash save.sh
NOTE: PLease becarefull to setting this part.
root@localserver:~# df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 3.2G 1.7M 3.2G 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 98G 30G 64G 32% /
tmpfs 16G 0 16G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 132M 1.7G 8% /boot
/dev/sda1 1.1G 6.1M 1.1G 1% /boot/efi
tmpfs 3.2G 4.0K 3.2G 1% /run/user/1000
tmpfs 3.2G 4.0K 3.2G 1% /run/user/0
sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
sudo resize2fs /dev/ubuntu-vg/ubuntu-lv
df -h
netstatnetstat is a powerful tool for monitoring network connections. Note that netstat is deprecated and replaced by ss, but it is still widely used.
t: Show TCP ports.-u: Show UDP ports.-l: Show only listening ports.-n: Show numerical addresses instead of resolving hostnames.sudo netstat -tuln
ssss is a modern replacement for netstat and provides similar functionality.
-t: Show TCP ports.-u: Show UDP ports.-l: Show only listening ports.-n: Show numerical addresses.sudo ss -tuln
sudo lsof -i :<port_number>
sudo kill -9 <PID>
List running containers:
docker ps
List all containers (including stopped ones):
docker ps -a
Start a stopped container:
docker start <container_id>
Stop a running container:
docker stop <container_id>
Remove a container:
docker rm <container_id>
Remove a stopped container:
docker rm $(docker ps -a -q)
View logs from a container:
docker logs <container_id>
Run a command in a running container:
docker exec -it <container_id> <command>
Open a shell in a running container:
docker exec -it <container_id> /bin/sh
or if using bash
docker exec -it <container_id> /bin/bash
Build an image from a Dockerfile:
docker build -t <image_name>
List all images:
docker images
Remove an image:
docker rmi <image_id>
Start services defined in a docker-compose.yml file:
docker compose up
Start services in the background (detached mode):
docker compose up -d
Stop services:
docker compose down
List running services:
docker compose ps
Execute a command in a running service container:
docker compose exec <service_name> <command>
Open a shell in a running service container:
docker compose exec <service_name> /bin/sh
Or
docker compose exec <service_name> /bin/bash
View logs for all services:
docker compose logs
Build or rebuild services:
docker compose build
Pull service images:
docker compose pull
docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
- `docker rm`: Removes one or more containers.
- `-q` flag: Quiet mode (only outputs container IDs).
docker images -a
- This command lists all Docker images, including intermediate images.
docker rmi $(docker images -a -q)
- `docker rmi`: Removes one or more images.
- `-a` flag: Shows all images (including intermediate images).
- `-q` flag: Quiet mode (only outputs image IDs).
docker volume ls
- This command lists all Docker volumes.
docker volume prune
- This command removes all volumes not used by at least one container.
Force remove all containers and images (use with caution):
bash
Copy code
docker rm -f $(docker ps -aq) docker rmi -f $(docker images -a -q)
-f flag: Forces removal of containers or images. Use this cautiously as it will stop and remove containers forcibly.#
# These groups are read by MySQL server.
# Use it for options that only the server (but not clients) should see
[server]
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /run/mysqld/mysqld.pid
socket = /run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
skip-name-resolve
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 0.0.0.0
#
# * Fine Tuning
#
key_buffer_size = 128M
max_allowed_packet = 512M
connect_timeout = 10
wait_timeout = 28800
thread_cache_size = 128
sort_buffer_size = 32M
bulk_insert_buffer_size = 32M
tmp_table_size = 32M
max_heap_table_size = 8G
myisam_sort_buffer_size = 4G
max_connections = 500
table_open_cache = 400
concurrent_insert = 2
read_buffer_size = 32M
read_rnd_buffer_size = 32M
#
# * Query Cache Configuration
#
query_cache_limit = 128K
query_cache_size = 128M
#
# * Logging and Replication
#
log_warnings = 2
general_log_file = /var/log/mysql/mysql.log
general_log = 1
log_error = /var/log/mysql/error.log
slow_query_log = 1
slow_query_log_file = /var/log/mysql/mysql-slow.log
long_query_time = 1
log_slow_verbosity = query_plan
log_bin_trust_function_creators = 1
expire_logs_days = 2
max_binlog_size = 100M
#
# * SSL/TLS
#
# For documentation, please read
# https://dev.mysql.com/doc/refman/8.0/en/using-encrypted-connections.html
# ssl-ca = /etc/mysql/cacert.pem
# ssl-cert = /etc/mysql/server-cert.pem
# ssl-key = /etc/mysql/server-key.pem
# require-secure-transport = on
#
# * Character sets
#
# MySQL default is Latin1, but in Debian we rather default to the full
# utf8 4-byte character set. See also client.cnf
init_connect = 'SET collation_connection = utf8_general_ci'
init_connect = 'SET NAMES utf8'
character-set-server = utf8
collation-server = utf8_general_ci
join_buffer_size = 32M
#
# * InnoDB
#
default_storage_engine = InnoDB
innodb_buffer_pool_size = 6G
innodb_log_buffer_size = 32M
innodb_file_per_table = 1
innodb_open_files = 2000
innodb_io_capacity = 400
innodb_flush_method = O_DIRECT
innodb_lock_wait_timeout = 3
innodb_sort_buffer_size = 128M
innodb_log_files_in_group = 2
innodb_log_file_size = 1G
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
# Most important is to give InnoDB 80 % of the system RAM for buffer use:
# https://dev.mysql.com/doc/refman/8.0/en/innodb-parameters.html#sysvar_innodb_buffer_pool_size
[embedded]
# This group is only read by MySQL-8.0 servers.
# If you use the same .cnf file for MySQL of different versions,
# use this group for options that older servers don't understand
[mysql-8.0]
Using Debian for Docker containers is a solid choice. Debian offers a good balance between stability, security, and a wide range of available software packages, making it suitable for various Dockerized applications. Here are a few considerations and steps to get started with Debian for your Docker setup:
Debian provides different versions (stable, testing, and unstable). For Docker containers, the stable version (currently Debian 11 “Bullseye”) is recommended for production environments due to its stability and long-term support.
To install Docker on Debian, follow these general steps:
Update the package index:
bash
Copy code
sudo apt update
Install dependencies to allow apt to use a repository over HTTPS:
bash
Copy code
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
Add Docker’s official GPG key:
bash
Copy code
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
Set up the stable Docker repository:
bash
Copy code
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Install Docker Engine:
bash
Copy code
sudo apt update sudo apt install -y docker-ce docker-ce-cli containerd.io
Verify Docker installation by running:
bash
Copy code
sudo docker --version
Docker Compose is a tool for defining and running multi-container Docker applications. Install Docker Compose using these steps:
Download the latest stable release of Docker Compose:
bash
Copy code
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
Apply executable permissions to the binary:
bash
Copy code
sudo chmod +x /usr/local/bin/docker-compose
Verify Docker Compose installation:
bash
Copy code
docker-compose --version
Modify your Dockerfiles or Docker Compose configurations to use Debian-based images. Ensure your Dockerfile for each service specifies Debian as the base image (FROM debian:11 for Debian 11 “Bullseye”, for example).
After configuring your Dockerfiles and Docker Compose YAML file, build your Docker images and start your containers:
bash
Copy code
docker-compose build docker-compose up -d
This setup will leverage Debian’s stability and package availability while providing a reliable environment for running your Docker containers. Adjust configurations and dependencies as per your application’s requirements.
3.5
sudo apt update
sudo apt upgrade -y
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d dacoylomarkemilcajes.site
sudo nginx -t
sudo systemctl reload nginx
This is for renew.
sudo certbot renew --dry-run