OracleCloud | 塞翁失馬 https://hbirds.mydns.jp 禍福は糾える縄の如し Mon, 26 Dec 2022 10:48:38 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://hbirds.mydns.jp/wp-content/uploads/2022/12/cropped-akaza-32x32.png OracleCloud | 塞翁失馬 https://hbirds.mydns.jp 32 32 OCIでWordPressサイト構築 https://hbirds.mydns.jp/oci%e3%81%a7wordpress%e3%82%b5%e3%82%a4%e3%83%88%e6%a7%8b%e7%af%89/ Wed, 21 Dec 2022 20:39:49 +0000 http://hbirds.mydns.jp/?p=46 Create compute instance

以上の画面からEditをクリック

次のパブリックIPが設定された 168.138.40.123

usernameは、ubuntuになっている。

秘密鍵をノートPCのhomeディレクトリにコピーしてchmod 0600でパーミッション変更して次のコマンドでアクセス

hbirds@hbirds-Lenovo-G580:~$ ssh -p 22 ubuntu@168.138.40.123 -i ssh-key-2022-12-20.key

/etc/hostname と /etc/hosts の確認

ubuntu@instance-20221221-0718:~$ cat /etc/hostname
instance-20221221-0718

ubuntu@instance-20221221-0718:~$ cat /etc/hosts
127.0.0.1 localhost

#The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
127.0.1.1 instance-20221221-0431 instance-20221221-0431

UFWは使ってはいけない。

iptables と管理画面からConpute>instances>instance-20221221-0718>Virtual cloud network: vcn-20221221-0719>Security Lists(1)>subnet-20221221-0719>Default Security List for vcn-20221221-0719>Add Ingress Rulesで、以下のようにIngress Ruleを追加する。

/etc/nginx/sites-available/defaut は、以下の通り。とりあえずSSLは後回しにした。

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or WordPress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/run/php/php7.4-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

server {
    server_name hbirds.ddns.net;
    root /var/www/html/wordpress;
    index  index.php index.html index.htm;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    client_max_body_size 100M;
    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php-fpm.sock;
#         fastcgi_pass unix:/run/php/php8.1-fpm.sock 
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }
#    listen [::]:443 ssl ipv6only=on; # managed by Certbot
#    listen 443 ssl; # managed by Certbot
#    ssl_certificate /etc/letsencrypt/live/techlog.mydns.jp/fullchain.pem; # managed by Certbot
#    ssl_certificate_key /etc/letsencrypt/live/techlog.mydns.jp/privkey.pem; # managed by Certbot
#    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

#server {
#    if ($host = hbirds.ddns.net) {
#        return 301 https://$host$request_uri;
#    } # managed by Certbot
#        listen 80 ;
#        listen [::]:80 ;
#    server_name hbirds.ddns.net;
#    return 404; # managed by Certbot
#}

ブラウザでhttp://168.138.40.123にアクセスすると

sudo apt install -y mariadb-server mariadb-client
sudo systemctl start mariadb
sudo systemctl enable mariadb

ubuntu@instance-20221221-0718:~$ sudo mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 31
Server version: 10.6.11-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE wordpress;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> CREATE USER ‘wordpress’ IDENTIFIED BY ‘ZQAHLLOL’;
Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> GRANT ALL ON wordpress.* TO ‘wordpress’ WITH GRANT OPTION;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> EXIT
Bye

  • DATABASE:wordpress
  • USER:wordpress
  • PASSWORD:ZQAHLLOL

sudo apt install -y php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-exif php-ftp php-gd php-iconv php-imagick php-json php-mbstring php-posix php-sockets php-tokenizer php-fpm php-mysql php-gmp php-intl php-cli

sudo nano /etc/php/8.1/fpm/php.ini
upload_max_filesize = 100M←変更
memory_limit = 256M←変更
max_execution_time = 360 ←変更
date.timezone = Asia/Tokyo←変更
sudo systemctl restart php*-fpm.service

sudo nano /etc/nginx/sites-available/default

http://hbirds.ddns.net/wp-admin/setup-config.php にアクセスして以下のようにwordpressのインストール画面が表示できた。

ブラウザで http://hbirds.ddns.net にアクセスすると以下のようにサンプルページが表示できた。

次にSSL化に取り組みます。

sudo apt install certbot python3-certbot-nginx
ubuntu@instance-20221221-0718:~$ sudo certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): hbirds1104@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at


404 Page not found -  Let's Encrypt
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit I...
letsencrypt.org
 You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: hbirds.ddns.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Requesting a certificate for hbirds.ddns.net

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/hbirds.ddns.net/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/hbirds.ddns.net/privkey.pem
This certificate expires on 2023-03-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for hbirds.ddns.net to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on https://hbirds.ddns.net

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
]]>