de:technische-dokumentationen:installationsanleitungen:installation_rio-dossier_server
Inhaltsverzeichnis
Installationsanleitung Rio-Dossier-Server
| Version | Status | Datum | Author | URL |
|---|---|---|---|---|
| 0.1 | Erster Entwurf | 26.08.2020 | Silvan Dux | |
| 0.2 | Ergänzungen | TT.MM.JJJJ | Vorname Nachname | |
| 1.0 | Review und Freigabe | TT.MM.JJJJ | Vorname Nachname |
1. Kurzfassung
Installationsanleitung für die Module des Rio-Dossier-Servers „dossier-zh-ruga-01“ auf einer Ubunutu 20.054 LTS Standardinstallation.
2. Installation PHP 7.4
Installation PHP 7.4 Installing PHP 7.4 <sudo apt install php7.4> <sudo apt-get install php7.4-mbstring> <sudo apt-get install php5-gd>
3. Installation MongoDB
Installation <sudo apt install -y mongodb>
4. Installation MySQL
Installtion <sudo apt install -y mysql-server>
5.1 Installation Nginx
Installation Nginx
Installing Nginx
<sudo apt install nginx>
Adjusting Firewall
<sudo ufw app list>
<sudo ufw allow 'Nginx HTTP'>
<sudo ufw status>
Checking Webserver
<systemctl status nginx>
In Browser "http://192.168.3.35" aufrufen
Nginx Server Block
<sudo mkdir -p /var/www/dossier.rafisa.net/html>
<sudo chown -R $USER:$USER /var/www/dossier.rafisa.net/html>
<sudo chmod -R 755 /var/www/dossier.rafisa.net>
<sudo nano /var/www/dossier.rafisa.net/html/index.html>
[nano
<html>
<head>
<title>Welcome to dossier.rafisa.net!</title>
</head>
<body>
<h1>Success! The dossier.rafisa.net server block is working!</h1>
</body>
</html>
[
<sudo nano /etc/nginx/sites-available/dossier.rafisa.net>
[nano
server {
listen 80;
listen [::]:80;
root /var/www/dossier.rafisa.net/html;
index index.html index.htm index.nginx-debian.html;
server_name dossier.rafisa.net www.dossier.rafisa.net;
location / {
try_files $uri $uri/ =404;
}
}
]
<sudo ln -s /etc/nginx/sites-available/dossier.rafisa.net /etc/nginx/sites-enabled/>
<sudo nano /etc/nginx/nginx.conf>
[nano
...
http {
...
server_names_hash_bucket_size 64;
...
}
...
]
<sudo nginx -t>
<sudo systemctl restart nginx>
5.2 Installation Nginx SSL
Creating SSL Certificate
<sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt>
<sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096>
<sudo nano /etc/nginx/snippets/self-signed.conf>
[nano
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
]
<sudo nano /etc/nginx/snippets/ssl-params.conf>
[nano
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
]
<sudo cp /etc/nginx/sites-available/dossier.rafisa.net /etc/nginx/sites-available/dossier.rafisa.net.bak>
<sudo nano /etc/nginx/sites-available/dossier.rafisa.net>
[nano
server {
listen 80;
listen [::]:80;
server_name dossier.rafisa.net www.dossier.rafisa.net;
return 302 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name dossier.rafisa.net www.dossier.rafisa.net;
root /var/www/dossier.rafisa.net/html;
index index.html index.htm index.nginx-debian.html;
}
]
<sudo ufw app list>
<sudo ufw allow 'Nginx Full'>
<sudo ufw delete allow 'Nginx HTTP'>
<sudo nginx -t>
<sudo systemctl restart nginx>
<sudo nano /etc/nginx/sites-available/dossier.rafisa.net>
[nano
return 301 https://$server_name$request_uri;
]
<sudo nginx -t>
<sudo systemctl restart nginx>
5.3 Installation Nginx HTTP2
HTTP2 Nginx
Prerequisites
TLS/SSL Certificate für den Server
Adding SSL Certificate
<sudo mkdir /etc/nginx/ssl>
<sudo cp /etc/ssl/certs/nginx-selfsigned.crt /etc/nginx/ssl/dossier.rafisa.net.crt>
<sudo cp /etc/ssl/private/nginx-selfsigned.key /etc/nginx/ssl/dossier.rafisa.net.key>
Config
<sudo nano /etc/nginx/sites-available/dossier.rafisa.net>
[nano
server {
listen 80;
listen [::]:80;
server_name dossier.rafisa.net www.dossier.rafisa.net;
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name dossier.rafisa.net www.dossier.rafisa.net;
root /var/www/dossier.rafisa.net/html;
index index.html index.htm index.nginx-debian.html;
ssl_certificate /etc/nginx/ssl/dossier.rafisa.net.crt;
ssl_certificate_key /etc/nginx/ssl/dossier.rafisa.net.key;
}
]
<sudo nano /etc/nginx/nginx.conf>
[#Add line after ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
]
<sudo nginx -t>
<sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048>
<sudo nano /etc/nginx/sites-available/dossier.rafisa.net>
[nano
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/dossier.rafisa.net/html;
index index.html index.htm index.nginx-debian.html;
server_name 192.168.3.35;
location / {
try_files $uri $uri/ =404;
}
ssl_certificate /etc/nginx/ssl/dossier.rafisa.net.crt;
ssl_certificate_key /etc/nginx/ssl/dossier.rafisa.net.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
}
server {
listen 80;
listen [::]:80;
server_name 192.168.3.35;
return 301 https://$server_name$request_uri;
}
]
<sudo nginx -t>
<sudo nano /etc/nginx/nginx.conf
[#Add to hhtp Block
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 1h;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
]
<sudo nginx -t>
<sudo systemctl restart nginx>
6. Quellenverzeichnis
-Installation Ngnix Ubunutu 20.04 (https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04) -Installation Nginx Self-Signed SSL Ubuntu 18.04(https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-18-04) -Installation Nginx HTTP2 Ubuntu 18.04 (https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-with-http-2-support-on-ubuntu-18-04)
de/technische-dokumentationen/installationsanleitungen/installation_rio-dossier_server.txt · Zuletzt geändert: 2020/08/26 14:04 von s.dux