[nginx] nginx 설치 (feat. ubuntu 18.04 & 20.04)

http://nginx.org/en/linux_packages.html#Ubuntu

nginx: Linux packages

사전 필요한 package install

Install the prerequisites

Nginx Package 설치에 필요한 Signing Key package를 설치

sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring

설치시 추가 package install "Y"

testw@ubuntu:~$ sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
[sudo] password for test:
Reading package lists... Done
Building dependency tree
Reading state information... Done
lsb-release is already the newest version (11.1.0ubuntu2).
lsb-release set to manually installed.
ca-certificates is already the newest version (20211016~20.04.1).
curl is already the newest version (7.68.0-1ubuntu2.12).
ubuntu-keyring is already the newest version (2020.02.11.4).
ubuntu-keyring set to manually installed.
The following packages were automatically installed and are no longer required:
  galera-4 libcgi-fast-perl libcgi-pm-perl libconfig-inifiles-perl libdbd-mariadb-perl libdbi-perl libencode-locale-perl libfcgi-perl libfwupdplugin1 libhtml-parser-perl libhtml-tagset-perl
  libhtml-template-perl libhttp-date-perl libhttp-message-perl libio-html-perl liblwp-mediatypes-perl libpmem1 libterm-readkey-perl libtimedate-perl liburi-perl socat
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
  gnupg2
0 upgraded, 1 newly installed, 0 to remove and 16 not upgraded.
Need to get 5,316 B of archives.
After this operation, 51.2 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://kr.archive.ubuntu.com/ubuntu focal-updates/universe amd64 gnupg2 all 2.2.19-3ubuntu2.2 [5,316 B]
Fetched 5,316 B in 1s (5,617 B/s)
Selecting previously unselected package gnupg2.
(Reading database ... 99897 files and directories currently installed.)
Preparing to unpack .../gnupg2_2.2.19-3ubuntu2.2_all.deb ...
Unpacking gnupg2 (2.2.19-3ubuntu2.2) ...
Setting up gnupg2 (2.2.19-3ubuntu2.2) ...
Processing triggers for man-db (2.9.1-1) ...

 

NginX Signing Key 가져오기

서명키 가져오기

Import an official nginx signing key so apt could verify the packages authenticity. Fetch the key

apt가 패키지 진위를 확인할 수 있도록 공식 nginx 서명 키를 가져오기

curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

 

Verify that the downloaded file contains the proper key:

키 진위 여부 확인

gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

 

The output should contain the full fingerprint 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 as follows:

위 결과값에 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62가 포함되어야 합니다.

pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
      573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid                      nginx signing key <signing-key@nginx.com>

 

If the fingerprint is different, remove the file.

지문이 다른 경우 파일을 제거하십시오.

 

참조

gpg: keyblock resource '/home/username/.gnupg/pubring.kbx': No such file or directory

위 문구가 나와도 딱히 문제되는건 없는것 같다..

https://itecnote.com/tecnote/git-gpg-keyblock-resource-pubring-kbx-not-found-because-the-repo-path-is-prefixed-to-the-gnupg-home/

Git – gpg: keyblock resource pubring.kbx not found because the repo path is prefixed to the gnupg home – iTecNote

https://askubuntu.com/questions/1135088/why-does-gpg-list-secret-keys-show-keys-in-pubring-kbx

why does gpg --list-secret-keys show keys in pubring.kbx

https://gnupg.org/faq/whats-new-in-2.1.html#nosecring

GnuPG - What’s new in 2.1

https://stackoverflow.com/questions/34212230/using-bouncycastle-with-gnupg-2-1s-pubring-kbx-file

Using BouncyCastle with GnuPG 2.1's `pubring.kbx` file

 

 

gnupg/pubring.kbx 란?

https://www.gnupg.org/documentation/manuals/gnupg/kbxutil.html

kbxutil (Using the GNU Privacy Guard)

 

apt저장소에 nginx package 등록 (택1)

안전적인 버전

To set up the apt repository for stable nginx packages, run the following command

안정적인 nginx 패키지에 대한 apt 저장소를 설정하려면 다음 명령을 실행하십시오.

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

메인라인 버전

If you would like to use mainline nginx packages, run the following command instead:

메인라인 nginx 패키지를 사용하려면 대신 다음 명령을 실행하세요.

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

nginx  에서 제공하는  버전 고정

Set up repository pinning to prefer our packages over distribution-provided ones

gpg에 배포된 버전이 아닌 nginx repository package 버전 고정

echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx

 

nginx 설치

To install nginx, run the following commands:

sudo apt update
sudo apt install nginx

 

참조

시작

sudo service nginx start

http로 접속할 경우 아래 페이지 확인되면 잘 설치된것.

안될 경우

1. 아래 명령어로 상태가 active인지 확인

sudo service nginx start

2. 방화벽이 뚫려있는지 확인