# 查看防火墙状态
sudo ufw status

# 关闭防火墙
sudo ufw disable

# 更新软件包
sudo apt update

1. Nginx

# 安装 nginx
sudo apt install nginx

# 查看版本
nginx -v

# 配置 nginx
sudo vim /etc/nginx/sites-enabled/default

# 启动 nginx
sudo systemctl restart nginx.service

配置内容如下：

server {
        # listen 80 default_server;
        # listen [::]:80 default_server;

        listen 443 ssl;

        ssl_certificate /etc/nginx/oursclass.cn_bundle.crt;
        ssl_certificate_key /etc/nginx/oursclass.cn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        #请按照以下套件配置，配置加密套件，写法遵循 openssl 标准。
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;



        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                # try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php?$args;
        }

        # pass PHP scripts to FastCGI server

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one

        location ~ /\.ht {
                deny all;
        }
}

2. MySQL

# 安装 mysql
sudo apt install mysql-server

# 查看版本
mysql -V

# 进入 mysql
sudo mysql

# 修改 root 密码
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'mynewpassword';

# 安全配置
sudo mysql_secure_installation

# 登录 mysql
sudo mysql -uroot -p

3. PHP

# 安装 php
sudo apt install php-fpm

# 查看版本
php -v

# 安装其他包
sudo apt install php-dom
sudo apt install php-mysqli 

修改文件所有者

# nginx
chown www-data:www-data html/

# apache
chown apache:apache html/

允许指定用户远程登录

# 用户设置密码
sudo passwd www-data
sudo passwd apache

# ssh 配置
sudo vim /etc/ssh/sshd_config
*****************************
Subsystem sftp internal-sftp
Match User www-data
    ChrootDirectory /var/www
    ForceCommand internal-sftp
    AllowTCPForwarding no
    X11Forwarding no
*****************************

# 重启 ssh
sudo systemctl restart sshd