LogoDevleo's Blog
6

홈서버 및 Oracle 서버 세팅

Server#server#linux#rocky#debian
홈서버 및 Oracle 서버 세팅

홈서버와 Oracle cloud 서버를 초기화 하고 다시 세팅할 때 내 환경에 맞춰 쉽게 세팅할 수 있도록 기록한다. 쉘 명령은 한 줄 씩 실행하면 되고, docker-compose.yml 파일은 서버 환경에 맞춰 알아서 작성하면 된다.

홈서버 (Debian 13)

첫 설치 시

  • lvm + luks2 설정하기
  • root 로그인 금지
  • 공유기에서 필수 포트만 열기
1# 사용자 관리자 권한 주기
2sudo -i
3usermod -aG sudo <username>
4exit
5# 노트북 덮개 닫아도 절전되지 않게
6sudo sed -i 's/^#\?HandleLidSwitch=.*/HandleLidSwitch=ignore/' /etc/systemd/logind.conf && sudo systemctl restart systemd-logind

패키지 설치

1# 업데이트
2sudo apt update -y
3sudo apt upgrade -y
4
5# 패키지 설치
6sudo apt install nala -y
7sudo nala install zsh git curl wget htop btop net-tools nano vim -y
8
9# Python 설치
10sudo nala install python3 python3-pip python3-venv build-essential -y
11python3 --version
12
13# Node.js 설치
14curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh | bash
15export NVM_DIR="$HOME/.nvm"
16[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
17[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"
18source ~/.bashrc
19nvm install node
20node -v; npm -v
21
22# 터미널 설정
23sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
24git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ~/.powerlevel10k
25echo 'source ~/.powerlevel10k/powerlevel10k.zsh-theme' >>~/.zshrc
26source ~/.zshrc # p10k 초기 설정
27sed -i 's/POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_TEMPLATE=.*/POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_TEMPLATE="%n"/' ~/.p10k.zsh && sed -i 's/POWERLEVEL9K_TIME_FORMAT=.*/POWERLEVEL9K_TIME_FORMAT="%D{%H:%M}"/' ~/.p10k.zsh && source ~/.p10k.zsh
28git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions 2>/dev/null || true; grep -q "zsh-autosuggestions" ~/.zshrc || echo -e "\n# zsh-autosuggestions\nsource ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh" >> ~/.zshrc; source ~/.zshrc
29git clone https://github.com/zsh-users/zsh-syntax-highlighting ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting 2>/dev/null || true; grep -q "zsh-syntax-highlighting" ~/.zshrc || echo -e "\n# zsh-syntax-highlighting\nsource ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" >> ~/.zshrc; source ~/.zshrc
30sudo nala install eza autojump -y
31grep -q "plugins=.*autojump" ~/.zshrc || sed -i -E 's/^plugins=\(([^)]*)\)/plugins=(\1 autojump)/' ~/.zshrc && source ~/.zshrc
32grep -q "alias ls='eza --icons --group-directories-first'" ~/.zshrc || echo -e "\n# eza aliases\nalias ls='eza --icons --group-directories-first'\nalias ll='eza -lah --icons --group-directories-first --no-user'\nalias lt='eza -T --icons'" >> ~/.zshrc; source ~/.zshrc
33
34# Docker 설치
35sudo apt remove $(dpkg --get-selections docker.io docker-compose docker-doc podman-docker containerd runc | cut -f1)
36sudo nala update
37sudo nala install ca-certificates -y
38sudo install -m 0755 -d /etc/apt/keyrings
39sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
40sudo chmod a+r /etc/apt/keyrings/docker.asc
41printf "Types: deb\nURIs: https://download.docker.com/linux/debian\nSuites: $(. /etc/os-release && echo "$VERSION_CODENAME")\nComponents: stable\nSigned-By: /etc/apt/keyrings/docker.asc\n" | sudo tee /etc/apt/sources.list.d/docker.sources > /dev/null
42sudo nala update
43sudo nala install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
44sudo usermod -aG docker $USER && newgrp docker

보안 설정

1# NEW_PORT에 원하는 ssh 포트 입력
2NEW_PORT=2222; sudo sed -i "s/^#\?Port [0-9]*/Port $NEW_PORT/" /etc/ssh/sshd_config && sudo systemctl restart sshd
3
4# ssh key 설정
5ssh-keygen -b 4096 # 로컬에서 실행
6ssh-copy-id -p <port> -i <key> <username>@<host> # 로컬에서 실행
7sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config && sudo sed -i 's/^#\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config && sudo sed -i 's/^#\?UsePAM.*/UsePAM no/' /etc/ssh/sshd_config && sudo systemctl restart sshd
8
9# ssh 방화벽 설정
10sudo nala install fail2ban -y
11sudo systemctl enable fail2ban --now
12sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
13# PORT에 ssh 포트 입력
14PORT=2222; sudo awk -v p="$PORT" 'BEGIN{in=0} /^\[sshd\]/{print "[sshd]\nenabled = true\nport = " p "\nfilter = sshd\nlogpath = /var/log/auth.log\nbackend = systemd\nmaxretry = 3\nfindtime = 10m\nbantime = 1h"; in=1; next} /^\[.*\]/{in=0} !in{print}' /etc/fail2ban/jail.local 2>/dev/null | sudo tee /etc/fail2ban/jail.local >/dev/null
15sudo systemctl restart fail2ban
16sudo fail2ban-client status sshd

서비스 배포

Nginx Proxy Manager

1services:
2  app:
3    image: "jc21/nginx-proxy-manager:latest"
4    restart: unless-stopped
5    environment:
6      TZ: "Asia/Seoul"
7    ports:
8      - "80:80"
9      - "81:81"
10      - "443:443"
11    volumes:
12      - ./data:/data
13      - ./letsencrypt:/etc/letsencrypt
14    networks:
15      - proxy
16
17networks:
18  proxy:
19    external: true

portainer

1docker volume create portainer_data
2docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:lts

nextcloud

1docker network create proxy
1services:
2  db:
3    image: mariadb:10.11
4    container_name: nextcloud-db
5    restart: unless-stopped
6    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
7    volumes:
8      - db:/var/lib/mysql
9    environment:
10      MYSQL_ROOT_PASSWORD: <password>
11      MYSQL_DATABASE: nextcloud
12      MYSQL_USER: nextcloud
13      MYSQL_PASSWORD: <password>
14    networks:
15      - internal
16
17  redis:
18    image: redis:alpine
19    container_name: nextcloud-redis
20    restart: unless-stopped
21    networks:
22      - internal
23
24  app:
25    image: nextcloud:27-apache
26    container_name: nextcloud-app
27    restart: unless-stopped
28    depends_on:
29      - db
30      - redis
31    volumes:
32      - nextcloud:/var/www/html
33    environment:
34      MYSQL_HOST: db
35      MYSQL_DATABASE: nextcloud
36      MYSQL_USER: nextcloud
37      MYSQL_PASSWORD: <password>
38      REDIS_HOST: redis
39      PHP_MEMORY_LIMIT: 1G
40      PHP_UPLOAD_LIMIT: 20G
41    networks:
42      - internal
43      - proxy
44
45volumes:
46  db:
47  nextcloud:
48
49networks:
50  internal:
51    internal: true
52  proxy:
53    external: true

Nginx Proxy Manager에서 아래와 같이 nextcloud reverse proxy를 설정한다.

  • Scheme: http
  • Forward Hostname/IP: nextcloud-app
  • Forward Port: 80
  • Websocket Support: ON
  • Block Common Exploits: ON
  • Force SSL
  • HTTP/2
  • HSTS

Custom Nginx Configuration

1client_max_body_size 20G;
2
3proxy_connect_timeout 3600;
4proxy_send_timeout 3600;
5proxy_read_timeout 3600;
6send_timeout 3600;

웹에 접속하여 admin 세팅한다.

1docker exec -it nextcloud-app bash
2apt update; apt install vim
3vi /var/www/html/config/config.php

nextcloud 컨테이너에 접속하여 아래의 내용이 포함되도록 config/config.php 를 수정한다.

1'trusted_domains' =>
2  array (
3    0 => '<domain>',
4  ),
5
6'trusted_proxies' =>
7  array (
8    0 => 'nginx-proxy-manager',
9  ),
10
11'overwritehost' => '<domain>',
12'overwriteprotocol' => 'https',
13'overwrite.cli.url' => 'https://<domain>',
14
15'forwarded_for_headers' =>
16  array (
17    0 => 'HTTP_X_FORWARDED_FOR',
18  ),
19
20'filelocking.enabled' => true,
21'memcache.local' => '\\OC\\Memcache\\Redis',
22'memcache.locking' => '\\OC\\Memcache\\Redis',
23'redis' =>
24  array (
25    'host' => 'redis',
26    'port' => 6379,
27  ),

⚠️ 만약 php 에러나 .htaccess 관련 에러가 떴다면 db 삭제 후 재배포한다.

1docker compose down
2docker volume rm nextcloud_db
3docker volume rm nextcloud_nextcloud
4docker compose up -d

{{< protector payload="eyJ2IjoxLCJhbGciOiJBRVMtMjU2LUdDTSIsIml0ZXIiOjMxMDAwMCwic2FsdCI6Ikg3S2tIL1ZUK2JqSXV6UVJ6ZXI3NXc9PSIsIml2IjoicGVFMVJWVFBkT09kR2QzSyIsImN0IjoiaGxBWmgyekx2SlVZOE1XR0kyb1VHWE44dWxsQzExY2lENmNnRG9HUFpOc0plZy9kdHliODBQWE55U3BGdHdHVS9CTkhLV3FlWGpJemJTMDlQNDdoREVSakRFdWZJTHBxSkxFOW1UcDhPQnludEtyWEtYTDNaTWN2TjJKRW1BcndUWnE4aEhGZERPR1F2NUcxOXdDSjhHMFE4eklNamUvSzRPSFV4WFpmWGw1WjhheUgxQmM2MEg1aTRJZnNEbTZMazlBOUJPMStSZVRHa3IvT1B5V3JGcU45and0YWxnRy9nbGRFMFNOQjNjQi8vc0VZZ2F1MU1SZjM4bFB0YWNMcGx1OGFTMzMvWlB6Wmt5YldPM0M3QjlrVkNUV2dWcnJZZTNyVDU2eHZtOVhlWkFzSEt2M2lGM3R6K3VKY3hPZVcybldianc9PSIsInRhZyI6InF5VVNtVWJmUG9MQ1Jjb3didzJVR0E9PSJ9" format="markdown" >}}

Oracle Cloud 서버 (Rocky Linux 9)

첫 설치 시

  • 서브넷 설정에서 필수 포트만 열기
  • Oracle Cloud 계정 2fa 활성화

패키지 설치

1sudo dnf update -y
2sudo dnf upgrade -y
3sudo dnf install neofetch htop btop zsh curl wget git nano vim -y
4
5# Python 3.14.3 설치
6sudo dnf groupinstall "Development Tools" -y
7sudo dnf install tar curl gcc openssl-devel bzip2-devel libffi-devel zlib-devel wget make findutils ncurses-devel xz-devel sqlite-devel readline-devel openssl-devel libuuid-devel -y
8cd ~
9wget https://www.python.org/ftp/python/3.14.3/Python-3.14.3.tar.xz
10tar -xf Python-3.14.3.tar.xz
11cd ~/Python-3.14.3
12./configure --prefix=/usr/local --enable-shared LDFLAGS="-Wl,-rpath /usr/local/lib"
13make -j $(nproc)
14sudo make altinstall
15python3.14 --version
16
17# Node.js 설치 (Debian 과정과 동일)
18curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh | bash
19export NVM_DIR="$HOME/.nvm"
20[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
21[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"
22source ~/.bashrc
23nvm install node
24node -v; npm -v
25
26# 터미널 설정
27sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
28git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ~/.powerlevel10k
29echo 'source ~/.powerlevel10k/powerlevel10k.zsh-theme' >>~/.zshrc
30source ~/.zshrc # p10k 초기 설정
31sed -i 's/POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_TEMPLATE=.*/POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_TEMPLATE="%n"/' ~/.p10k.zsh && sed -i 's/POWERLEVEL9K_TIME_FORMAT=.*/POWERLEVEL9K_TIME_FORMAT="%D{%H:%M}"/' ~/.p10k.zsh && source ~/.p10k.zsh
32git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions 2>/dev/null || true; grep -q "zsh-autosuggestions" ~/.zshrc || echo -e "\n# zsh-autosuggestions\nsource ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh" >> ~/.zshrc; source ~/.zshrc
33git clone https://github.com/zsh-users/zsh-syntax-highlighting ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting 2>/dev/null || true; grep -q "zsh-syntax-highlighting" ~/.zshrc || echo -e "\n# zsh-syntax-highlighting\nsource ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" >> ~/.zshrc; source ~/.zshrc
34wget -c https://github.com/eza-community/eza/releases/latest/download/eza_x86_64-unknown-linux-gnu.tar.gz -O - | tar xz
35sudo chmod +x eza
36sudo chown root:root eza
37sudo mv eza /usr/local/bin/eza
38sudo dnf install epel-release zoxide -y
39sudo dnf install -y zoxide && grep -qxF 'eval "$(zoxide init zsh)"' ~/.zshrc || echo 'eval "$(zoxide init zsh)"' >> ~/.zshrc && source ~/.zshrc
40grep -q "alias ls='eza --icons --group-directories-first'" ~/.zshrc || echo -e "\n# eza aliases\nalias ls='eza --icons --group-directories-first'\nalias ll='eza -lah --icons --group-directories-first --no-user'\nalias lt='eza -T --icons'" >> ~/.zshrc; source ~/.zshrc
이전 게시물Rocky Linux 9에서 Python 3.14 설치다음 게시물GitHub 잘못된 커밋 이메일 복구하기 (잔디 복구) 🌿

Comments