OS : CentOS 7.x
APM INSTALL : Apache 2.4.29 / PHP 7.2.3 / Mariadb 10.2.13
LAPM ( Linux Apache PHE Mysql Mariadb comfile install )
APM을 간단하게 YUM으로 설치할 수 있지만 추후 관리 부분으로 인해서 COMFILE해서 설치하는것으로 포스팅 시작
1. 기본 라이브러리 설치 / 기본 설치 후 myssql-libs가 설치될수 있으니 remove
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@localhost ~]# yum -y install net-tools setuptool wget vim-enhanced lrzsz xinetd gcc gcc-c++ ncurses ncurses-devel cmake [root@localhost ~]# yum -y install cmake openssl openssl-devel \ libtermcap libtermcap-devel gdbm-devel \ zlib* libxml* freetype* libpng* libjpeg* gd gd-dev \ libmcrypt libmcrypt-devel mhash mhash-devel apr apr-* libxml2 \ iconv unixODBC readline-devel \ qpixman qpixman-devel netpbm* libxslt* gmp gmp-devel \ bzip2-devel openssl-devel pcre-devel curl curl-devel \ libmcrypt libmcrypt-devel mhash mhash-devel enchant-devel enchant \ libicu libicu-devel [root@localhost ~]# yum remove mariadb-libs mysql-libs |
2. Mariadb 10.1.31 ( 최신 버전인 10.2.13 버전이 존재하지만 PHP 라이브러리 에러로 인해 한단계 낮은 버전으로 INSTALL )
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
[root@localhost ~]# wget mirror.koreaidc.com/mariadb/mariadb-10.1.31.tar.gz [root@localhost ~]# tar xvfz mariadb-10.1.31.tar.gz [root@localhost ~]# cd mariadb-10.1.31 [root@localhost mariadb-10.1.31]# cmake \ -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \ -DWITH_EXTRA_CHARSETS=all \ -DMYSQL_DATADIR=/free1/mysql_data \ -DENABLED_LOCAL_INFILE=1 \ -DDOWNLOAD_BOOST=1 \ -DWITH_BOOST=../boost_1_59_0 \ -DWITH_PARTITION_STORAGE_ENGINE=1 \ -DWITH_FEDERATED_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_MYISAM_STORAGE_ENGINE=1 \ -DENABLED_LOCAL_INFILE=1 \ -DMYSQL_UNIX_ADDR=/tmp/mysql.sock \ -DSYSCONFDIR=/etc \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci \ -DWITH_EXTRA_CHARSETS=all [root@localhost mariadb-10.1.31]# make -j `grep processor /proc/cpuinfo' | wc -l` [root@localhost mariadb-10.1.31]# make install |
Mariadb install 이 되었다면 환경 설정 및 파일 등록
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@localhost mariadb-10.1.31]# useradd -M mysql -u 27 >& /dev/null [root@localhost mariadb-10.1.31]# chown -R root:mysql /usr/local/mysql [root@localhost mariadb-10.1.31]# cd /usr/local/mysql [root@localhost mysql]# chmod 700 support-files/mysql.server [root@localhost mysql]# cp support-files/mysql.server /etc/rc.d/init.d/mysql [root@localhost mysql]# ln -s /etc/rc.d/init.d/mysql /etc/rc.d/rc3.d/S97mysql [root@localhost mysql]# cp support-files/mysql.server /usr/bin/ |
mysql의 환경 설정 파일인 my.cnf 파일 등록 ( 기본 엔진 myisam )
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
[root@localhost mysql]# vi /etc/my.cnf [client] default-character-set = utf8 port = 3306 socket = /tmp/mysql.sock default-character-set = utf8 # [mysqld] socket=/tmp/mysql.sock datadir=/free/mysql_data [client] default-character-set = utf8 port = 3306 socket = /tmp/mysql.sock default-character-set = utf8 # [mysqld] socket=/tmp/mysql.sock datadir=/free/mysql_data basedir = /usr/local/mysql #user = mysql #bind-address = 0.0.0.0 # skip-external-locking key_buffer_size = 384M max_allowed_packet = 1M table_open_cache = 512 sort_buffer_size = 2M read_buffer_size = 2M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M thread_cache_size = 8 query_cache_size = 32M # #dns query skip-name-resolve # #connection max_connections = 1000 max_connect_errors = 1000 wait_timeout= 60 # #slow-queries #slow_query_log = /free/mysql_data/slow-queries.log #long_query_time = 3 #log-slow-queries = /free/mysql_data/mysql-slow-queries.log # ##timestamp explicit_defaults_for_timestamp symbolic-links=0 # ### log log-error=/free/mysql_data/mysqld.log pid-file=/tmp/mysqld.pid # ###chracter character-set-client-handshake=FALSE init_connect = SET collation_connection = utf8_general_ci init_connect = SET NAMES utf8 character-set-server = utf8 collation-server = utf8_general_ci # symbolic-links=0 # ##Password Policy #validate_password_policy=LOW #validate_password_policy=MEDIUM # ### MyISAM Spectific options default-storage-engine = myisam key_buffer_size = 32M bulk_insert_buffer_size = 64M myisam_sort_buffer_size = 128M myisam_max_sort_file_size = 10G myisam_repair_threads = 1 # ### INNODB Spectific options #default-storage-engine = InnoDB #skip-innodb #innodb_additional_mem_pool_size = 16M #innodb_buffer_pool_size = 1024MB #innodb_data_file_path = ibdata1:10M:autoextend #innodb_write_io_threads = 8 #innodb_read_io_threads = 8 #innodb_thread_concurrency = 16 #innodb_flush_log_at_trx_commit = 1 #innodb_log_buffer_size = 8M #innodb_log_file_size = 128M #innodb_log_files_in_group = 3 #innodb_max_dirty_pages_pct = 90 #innodb_lock_wait_timeout = 120 # [mysqldump] default-character-set = utf8 max_allowed_packet = 16M # [mysql] no-auto-rehash default-character-set = utf8 # [myisamchk] key_buffer_size = 256M sort_buffer_size = 256M read_buffer = 2M write_buffer = 2M |
기본 엔진을 InnoDB로 설정하려면 아래 cnf 파일을 사용
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
[root@localhost mysql]# vi /etc/my.cnf [client] default-character-set = utf8 port = 3306 socket = /tmp/mysql.sock default-character-set = utf8 # [mysqld] socket=/tmp/mysql.sock datadir=/free/mysql_data basedir = /usr/local/mysql #user = mysql #bind-address = 0.0.0.0 # skip-external-locking key_buffer_size = 384M max_allowed_packet = 1M table_open_cache = 512 sort_buffer_size = 2M read_buffer_size = 2M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M thread_cache_size = 8 query_cache_size = 32M # #dns query skip-name-resolve # #connection max_connections = 1000 max_connect_errors = 1000 wait_timeout= 60 # #slow-queries #slow_query_log = /free/mysql_data/slow-queries.log #long_query_time = 3 #log-slow-queries = /free/mysql_data/mysql-slow-queries.log # ##timestamp explicit_defaults_for_timestamp symbolic-links=0 # ### log log-error=/free/mysql_data/mysqld.log pid-file=/tmp/mysqld.pid # ###chracter character-set-client-handshake=FALSE init_connect = SET collation_connection = utf8_general_ci init_connect = SET NAMES utf8 character-set-server = utf8 collation-server = utf8_general_ci # symbolic-links=0 # ##Password Policy #validate_password_policy=LOW #validate_password_policy=MEDIUM # ### MyISAM Spectific options #default-storage-engine = myisam key_buffer_size = 32M bulk_insert_buffer_size = 64M myisam_sort_buffer_size = 128M myisam_max_sort_file_size = 10G myisam_repair_threads = 1 # ### INNODB Spectific options default-storage-engine = InnoDB skip-innodb #innodb_additional_mem_pool_size = 16M #innodb_buffer_pool_size = 1024MB #innodb_data_file_path = ibdata1:10M:autoextend #innodb_write_io_threads = 8 #innodb_read_io_threads = 8 #innodb_thread_concurrency = 16 #innodb_flush_log_at_trx_commit = 1 #innodb_log_buffer_size = 8M #innodb_log_file_size = 128M #innodb_log_files_in_group = 3 #innodb_max_dirty_pages_pct = 90 #innodb_lock_wait_timeout = 120 # [mysqldump] default-character-set = utf8 max_allowed_packet = 16M # [mysql] no-auto-rehash default-character-set = utf8 # [myisamchk] key_buffer_size = 256M sort_buffer_size = 256M read_buffer = 2M write_buffer = 2M |
Database install ( 사전에 /free 라는 파티션이 존재해야함 없으면 생성 mkdir /free )
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[root@localhost mysql]# cd /usr/local/mysql [root@localhost mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/free/mysql_data [root@localhost mysql]# chown -R mysql /free/mysql_data/ [root@localhost mysql]# ll /free/mysql_data/ -rw-rw----. 1 mysql mysql 16384 3월 14 14:14 aria_log.00000001 -rw-rw----. 1 mysql mysql 52 3월 14 14:14 aria_log_control -rw-rw----. 1 mysql mysql 2795 3월 14 14:14 ib_buffer_pool -rw-rw----. 1 mysql mysql 50331648 3월 14 14:14 ib_logfile0 -rw-rw----. 1 mysql mysql 50331648 3월 14 14:14 ib_logfile1 -rw-rw----. 1 mysql mysql 12582912 3월 14 14:14 ibdata1 drwx------. 2 mysql root 4096 3월 14 14:14 mysql drwx------. 2 mysql mysql 20 3월 14 14:14 performance_schema drwx------. 2 mysql root 6 3월 14 14:14 test |
Mariadb (mysql ) 서비스 시작
|
1 |
[root@localhost mysql]# mysql.server start |
서비스 시작 스크립트 생성
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@localhost ~]# vi /usr/lib/systemd/system/mariadb.service [Unit] Description=MySQL Server After=network.target [Service] Type= forking ExecStart = /etc/rc.d/init.d/mysql start ExecStop = /etc/rc.d/init.d/mysql stop [Install] WantedBy=multi-user.target |
서비스 등록 및 start stop
|
1 2 3 4 5 6 7 |
[root@localhost ~]# systemctl daemon-reload [root@localhost ~]# systemctl enable mariadb.service [root@localhost ~]# systemctl stop mariadb [root@localhost ~]# systemctl start mariadb |
3. Apache install ( worker 방식으로 설치 -> prefork 방식으로 설치하는 경우 HTTP/2 를 지원하지 않음 )
먼저 nghttp2를 설치 진행
|
1 2 3 |
[root@localhost ~]# /usr/bin/yum -y install epel-release [root@localhost ~]# yum -y install nghttp2 libnghttp2-devel |
다운로드 및 install
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[root@localhost ~]# wget http://apache.mirror.cdnetworks.com//httpd/httpd-2.4.29.tar.gz [root@localhost ~]# tar xvfz httpd-2.4.29.tar.gz [root@localhost ~]# cd httpd-2.4.29 [root@localhost httpd-2.4.29]# perl -pi -e "s/LIMIT 16/LIMIT 128/g" server/mpm/worker/worker.c [root@localhost httpd-2.4.29]# ./configure --prefix=/usr/local/apache --with-mpm=worker \ --enable-cache --enable-mem-cache --enable-deflate --enable-expires --enable-ssl \ --enable-cgi --enable-vhost-alias --enable-rewrite --enable-so \ --enable-mods-shared=all --enable-module=shared --enable-mime-magic --enable-http2 [root@localhost httpd-2.4.29]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost httpd-2.4.29]# make install |
아파치 모듈설치 mod_url
|
1 2 3 4 5 6 7 |
[root@xinet ~]# wget http://jini.kldp.net/modurl/release/2186-mod_url-apache2-1.6.2.6.tar.bz2 [root@xinet ~]# tar xvfj 2186-mod_url-apache2-1.6.2.6.tar.bz2 [root@xinet ~]# cd mod_url-apache2 [root@xinet mod_url-apache2]# /usr/local/apache/bin/apxs -iac mod_url.c |
apache 환경설정 구성
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
[root@localhost httpd-2.4.29]# vi /usr/local/apache/conf/httpd.conf 주석해제 LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule userdir_module modules/mod_userdir.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule cgi_module modules/mod_cgi.so <IfModule dir_module> DirectoryIndex index.html index.htm index.php </IfModule> <IfModule unixd_module> User nobody Group nobody </IfModule> DocumentRoot "/usr/local/apache/htdocs" <Directory "/usr/local/apache/htdocs"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> LogLevel warn http2:info <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{GEOIP_COUNTRY_CODE}e" vcommon #CustomLog "logs/access_log" common </IfModule> <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-gzip .tgz AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php4 .php .html .htm .inc AddType application/x-httpd-php-source .phps AddHandler cgi-script .cgi AddHandler type-map var AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> ##주석해제 Include conf/extra/httpd-mpm.conf Include conf/extra/httpd-languages.conf Include conf/extra/httpd-userdir.conf Include conf/extra/httpd-default.conf ### http 2 <IfModule http2_module> ProtocolsHonorOrder On Protocols h2 http/1.1 Protocols h2c http/1.1 </IfModule> ### mod_url <IfModule mod_url.c> CheckURL On ServerEncoding EUC-KR ClientEncoding UTF-8 </IfModule> |
기본 extra 폴더에 있는 내용들 수정
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
[root@localhost httpd-2.4.29]# vi /usr/local/apache/conf/extra/httpd-languages.conf ##추가 AddLanguage ko .ko [root@localhost httpd-2.4.29]# vi /usr/local/apache/conf/extra/httpd-default.conf Timeout 60 KeepAlive On MaxKeepAliveRequests 300 KeepAliveTimeout 2 UseCanonicalName Off AccessFileName .htaccess ServerTokens Prod ServerSignature Off HostnameLookups Off <IfModule reqtimeout_module> RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 </IfModule> [root@localhost httpd-2.4.29]# vi /usr/local/apache/conf/extra/httpd-userdir.conf UserDir html <Directory "/free/home/*/html"> AllowOverride FileInfo AuthConfig Limit Options Require method GET POST Options MultiViews SymLinksIfOwnerMatch IncludesNoExec </Directory> |
시작스크립트 작성 및 서비스 등록
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@localhost ~]# vi /usr/lib/systemd/system/httpd.service [Unit] Description=Apache HTTP Server After=network.target [Service] Type= forking ExecStart = /usr/local/apache/bin/apachectl start ExecStop = /usr/local/apache/bin/apachectl stop [Install] WantedBy=multi-user.target [root@localhost ~]# systemctl daemon-reload [root@localhost ~]# systemctl enable httpd.service |
4. PHP 7.2.3 INSTALL ( 해당 버전에서는 보안상으로 이유로 mcrypt가 설치가 불가능하다 / openssl 또는 libsodium 사용을 권장 )
mariadb 인식하기 위해서 ld.so.conf 에 등록
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
[root@localhost ~]# vi /etc/ld.so.conf # 추가 /usr/local/mysql/lib64 [root@localhost ~]# wget mirror.koreaidc.com/php/php-7.2.3.tar.gz [root@localhost ~]# tar xvfz php-7.2.3.tar.gz [root@localhost ~]# cd php-7.2.3 [root@localhost php-7.2.3]# ./configure \ --prefix=/usr/local/php \ --with-apxs2=/usr/local/apache/bin/apxs \ --with-config-file-path=/usr/local/apache/conf \ --with-config-file-scan-dir=/usr/local/apache/conf \ --with-mysqli=/usr/local/mysql/bin/mysql_config \ --with-pdo-mysql=/usr/local/mysql \ --with-libdir=lib64 \ --with-enchant \ --with-gettext \ --with-gd \ --with-jpeg-dir \ --with-png-dir \ --with-freetype-dir \ --with-zlib \ --with-gmp \ --with-iconv \ --with-gdbm \ --with-pcre-regex \ --with-bz2 \ --with-curl \ --with-mhash \ --with-xsl \ --with-openssl \ --with-readline \ --with-curl \ --with-pear \ --with-gettext \ --with-xmlrpc \ --with-ldap \ --enable-mysqlnd \ --enable-bcmath \ --enable-sockets \ --enable-pcntl \ --enable-ftp \ --enable-zip \ --enable-bcmath \ --enable-mbstring \ --enable-calendar \ --enable-simplexml \ --enable-json \ --enable-hash \ --enable-session \ --enable-soap \ --enable-xml \ --enable-wddx \ --enable-opcache \ --enable-intl \ --enable-cli \ --enable-maintainer-zts \ --enable-debug \ --enable-mbregex \ --enable-libxml \ --enable-dba \ --enable-wddx \ --enable-shmop \ --enable-sysvsem \ --enable-sysvshm \ --enable-sysvmsg \ --enable-exif [root@localhost php-7.2.3]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost php-7.2.3]# make install [root@localhost php-7.2.3]# cp -a php.ini-development /usr/local/apache/conf/php.ini |
php.ini 환경설정 수정 opchache가 자동으로 설치되므로 환경설정만 등록
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
[root@localhost php-7.2.3]# vi /usr/local/apache/conf/php.ini short_open_tag = On date.timezone = "Asia/Seoul" error_reporting = "E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_USER_DEPRECATED" upload_max_filesize = 12M [opcache] zend_extension=opcache.so opcache.enable=1 opcache.enable_cli=1 opcache.memory_consumption=512 opcache.interned_strings_buffer=32 opcache.max_accelerated_files=50000 opcache.max_wasted_percentage=5 ;opcache.use_cwd=1 opcache.validate_timestamps=1 opcache.revalidate_freq=0 opcache.revalidate_path=1 opcache.save_comments=1 opcache.load_comments=1 opcache.fast_shutdown=0 opcache.enable_file_override=0 opcache.consistency_checks=200 opcache.force_restart_timeout=180 |
일반사용자도 php를 사용할게 있는 심벌릭 링크 구성 및 버전 확인
|
1 2 3 4 5 6 7 |
[root@localhost php-7.2.3]# ln -s /usr/local/php/bin/php /usr/bin/php [root@xinet ~]# php -v PHP 7.2.3 (cli) (built: Mar 19 2018 13:50:30) ( ZTS DEBUG ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.2.3, Copyright (c) 1999-2018, by Zend Technologies |
가상호스트 등록을 하고 PHP INFO 화면을 출력해 보자
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
[root@xinet ~]# vi /usr/local/apache/conf/httpd.conf #주석해제 Include conf/extra/httpd-vhosts.conf [root@xinet ~]# vi /usr/local/apache/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot /free/home/xinet/html ServerName xinet.kr ServerAlias www.xinet.kr CustomLog logs/access_log vcommon </VirtualHost> [root@xinet ~]# cd /free/home/xinet/html [root@xinet html]# vi info.php <? phpinfo(); ?> |
웹사이트에서 확인
HTTPS 통신과 HTTP/2 통신 테스트를 위해서 무료 인증서를 설치 진행해 보자 letsencrypt 설치
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@localhost ~]# git clone https://github.com/letsencrypt/letsencrypt [root@localhost ~]# cd letsencrypt/ [root@localhost letsencrypt]# ./certbot-auto certonly --webroot --webroot-path=/free/home/xinet/html -d xinet.kr -d www.xinet.kr [root@xinet letsencrypt]# ls -l /etc/letsencrypt/live/xinet.kr/ -rw-r--r--. 1 root root 543 3월 20 11:45 README lrwxrwxrwx. 1 root root 32 3월 20 11:45 cert.pem -> ../../archive/xinet.kr/cert1.pem lrwxrwxrwx. 1 root root 33 3월 20 11:45 chain.pem -> ../../archive/xinet.kr/chain1.pem lrwxrwxrwx. 1 root root 37 3월 20 11:45 fullchain.pem -> ../../archive/xinet.kr/fullchain1.pem lrwxrwxrwx. 1 root root 35 3월 20 11:45 privkey.pem -> ../../archive/xinet.kr/privkey1.pem |
웹서버에 ssl을 적용해보자 httpd.conf 파일과 ssl.conf 파일에 내용을 수정
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
[root@xinet letsencrypt]# vi /usr/local/apache/conf/extra/httpd-ssl.conf Listen 443 https SSLProtocol ALL -SSLv2 -SSLv3 # SSLCipherSuite "ECDHE-ECDSA-AES128-GCM-SHA256 \ ECDHE-ECDSA-AES256-GCM-SHA384 \ ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES256-SHA \ ECDHE-ECDSA-AES128-SHA256 \ ECDHE-ECDSA-AES256-SHA384 \ ECDHE-RSA-AES128-GCM-SHA256 \ ECDHE-RSA-AES256-GCM-SHA384 \ ECDHE-RSA-AES128-SHA \ ECDHE-RSA-AES256-SHA \ ECDHE-RSA-AES128-SHA256 \ ECDHE-RSA-AES256-SHA384 \ DHE-RSA-AES128-GCM-SHA256 \ DHE-RSA-AES256-GCM-SHA384 \ DHE-RSA-AES128-SHA \ DHE-RSA-AES256-SHA \ DHE-RSA-AES128-SHA256 \ DHE-RSA-AES256-SHA256 \ EDH-RSA-DES-CBC3-SHA" # SSLHonorCipherOrder on AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLCompression off SSLSessionTickets off SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache "shmcb:/usr/local/apache/logs/ocsp(128000)" # <VirtualHost *:443> DocumentRoot /free/home/xinet/html ServerName xinet.kr ServerAlias www.xinet.kr SSLEngine on SSLCertificateFile /etc/letsencrypt/live/xinet.kr/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/xinet.kr/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/xinet.kr/chain.pem SSLCACertificateFile /etc/letsencrypt/live/xinet.kr/fullchain.pem </VirtualHost> [root@xinet letsencrypt]# vi /usr/local/apache/conf/httpd.conf ##주석해제 Include conf/extra/httpd-ssl.conf LoadModule ssl_module modules/mod_ssl.so |
웹서버 환경설정에 오타나 문제가 없는지 체크 후 서비스 재시작
|
1 2 3 4 5 6 |
[root@xinet letsencrypt]# /usr/local/apache/bin/httpd -t Syntax OK [root@xinet letsencrypt]# /usr/local/apache/bin/apachectl stop [root@xinet letsencrypt]# /usr/local/apache/bin/apachectl start |
사이트 SSL 통신 확인 및 HTTP/2 지원 확인
Warning: Use of undefined constant bbse_list_comments_callback - assumed 'bbse_list_comments_callback' (this will throw an Error in a future version of PHP) in /free/home/xinet/html/wp-content/themes/Blog_Shop/comments.php on line 79
아래 index.php 추가 안하니 403 오류나더군요. ^^
vi /usr/local/apache/conf/httpd.conf
DirectoryIndex index.html index.php
vi /usr/local/apache/conf/httpd.conf
아래 내용도 주석 해제해야 ssl 정상 세팅됩니다.
LoadModule ssl_module modules/mod_ssl.so
좋은 자료 감사합니다.
덕분에 잘 설치 했네요. ^^