OS : Centos 7.x
MYSQL VERSION : 8.0.21
Apache Version : 2.4.43
Php Version : 7.4.8
- mysql 8.0.21 설치를 진행하는데 간단하게 yum 으로 진행해보자 repo rpm file down 및 설치
1234567[root@localhost ~]# wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm[root@localhost ~]# rpm -Uvh mysql80-community-release-el7-3.noarch.rpm[root@localhost ~]# ll /etc/yum.repos.d/ | grep mysql-rw-r--r-- 1 root root 2108 4월 25 2019 mysql-community-source.repo-rw-r--r-- 1 root root 2076 4월 25 2019 mysql-community.repo - yum install
1[root@localhost ~]# yum -y install mysql-community-server.x86_64 mysql-community-libs.x86_64 mysql-community-client.x86_64 mysql-community-devel.x86_64 - /etc/my.cnf 파일 설정 (기본 innodb) —> 만약 기본 engine을 myisam으로 설정하고 싶다면 젤 하단 myisam my.cnf파일 내용 참고
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485[root@localhost ~]# vi /etc/my.cnfmysqld]# innodb_buffer_pool_size = 128M# disable_log_bin## join_buffer_size = 128M# sort_buffer_size = 2M# read_rnd_buffer_size = 2Mdatadir=/var/lib/mysqlsocket=/var/lib/mysql/mysql.sock### loglog-error=/var/log/mysqld.logpid-file=/var/run/mysqld/mysqld.pidskip-external-lockingkey_buffer_size = 384Mmax_allowed_packet = 16Mtable_open_cache = 2048sort_buffer_size = 2Mread_buffer_size = 2Mread_rnd_buffer_size = 8Mmyisam_sort_buffer_size = 64Mthread_cache_size = 8#dns queryskip-name-resolve#connectionmax_connections = 1000max_connect_errors = 1000wait_timeout= 60#slow-queries#slow_query_log = /var/log//slow-queries.log#long_query_time = 3#log-slow-queries = /var/log/mysql-slow-queries.log##timestampexplicit_defaults_for_timestamp#symbolic-links=0##Password Policy#validate_password.policy=0#validate_password.policy=1#validate_password.policy=2### MyISAM Spectific options#default-storage-engine = myisamkey_buffer_size = 32Mbulk_insert_buffer_size = 64Mmyisam_sort_buffer_size = 128Mmyisam_max_sort_file_size = 10Gmyisam_repair_threads = 1### INNODB Spectific optionsdefault-storage-engine = InnoDB#innodb_additional_mem_pool_size = 16Minnodb_buffer_pool_size = 1024MBinnodb_data_file_path = ibdata1:10M:autoextendinnodb_write_io_threads = 8innodb_read_io_threads = 8innodb_thread_concurrency = 16innodb_flush_log_at_trx_commit = 1innodb_log_buffer_size = 8Minnodb_log_file_size = 128Minnodb_log_files_in_group = 3innodb_max_dirty_pages_pct = 90innodb_lock_wait_timeout = 120[mysqldump]max_allowed_packet = 512M[mysql]#no-auto-rehash[myisamchk]key_buffer_size = 512Msort_buffer_size = 512Mread_buffer = 8Mwrite_buffer = 8M
4. 서비스 시작 및 서비스 확인
1234[root@localhost ~]# systemctl start mysqld.service[root@localhost ~]# ps -ef | grep mysqlmysql 2517 1 6 15:07 ? 00:00:01 /usr/sbin/mysqld
5. 기본 설치를 하게 되면 패스워드 정보가 log 파일에 기록이 된다 검색을 통해서 패스워드를 확인하자
12[root@localhost ~]# grep 'temporary password' /var/log/mysqld.log2020-07-24T06:07:32.666525Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: %h/nsrfoC55h
6. 서버 접속
12[root@localhost ~]# mysql -u root -p mysqlEnter password: %h/nsrfoC55h
7.기본 환경값 확인해야 하는데 에러가 발생한다 즉 root user가 없다는 것이다 alter로 추가
123456mysql> \sERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.### root alter 추가mysql> alter user 'root'@localhost identified by 'qwer1234';ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
8. 사용자를 추가해도 에러가 발생한다 이 부분은 패스워드 정책에 어긋나기 때문에 그러는데 해당 부분은 좀더 자세하게 다를것이다
우선 강력한 패스워드 8자리를 설정한다 (8자리 이상, 숫자,소문자,대문자,특수문자 를 모두 포함)
123456789101112131415161718192021222324252627mysql> alter user 'root'@localhost identified by 'Qwer1234!@#$';Query OK, 0 rows affected (0.03 sec)mysql> flush privileges;Query OK, 0 rows affected (0.00 sec)mysql> \s--------------mysql Ver 8.0.21 for Linux on x86_64 (MySQL Community Server - GPL)Connection id: 8Current database: mysqlCurrent user: root@localhostSSL: Not in useCurrent pager: stdoutUsing outfile: ''Using delimiter: ;Server version: 8.0.21Protocol version: 10Connection: Localhost via UNIX socketServer characterset: utf8mb4Db characterset: utf8mb4Client characterset: utf8mb4Conn. characterset: utf8mb4UNIX socket: /var/lib/mysql/mysql.sockBinary data as: HexadecimalUptime: 6 min 5 sec
9.기본 mysql engine을 확인해보자
123456789101112131415mysql> SELECT engine, support FROM information_schema.engines;+--------------------+---------+| engine | support |+--------------------+---------+| FEDERATED | NO || MEMORY | YES || InnoDB | DEFAULT || PERFORMANCE_SCHEMA | YES || MyISAM | YES || MRG_MYISAM | YES || BLACKHOLE | YES || CSV | YES || ARCHIVE | YES |+--------------------+---------+9 rows in set (0.00 sec)
1이제 패스워드를 좀더 쉽게 변경 해보자
기존 mysql 5.7 버전에서는 패스워드 정책이#validate_password_policy=LOW#validate_password_policy=MEDIUM
이런식으로 설정을 했었는데 mysql 8.0 버전에서는 _가 아닌 .으로 설정을 해야 한다우선 기본값이 어떤값으로 되어 있는지 확인 해 보자
12345678910111213mysql> SHOW VARIABLES LIKE 'validate_password.%';+--------------------------------------+--------+| Variable_name | Value |+--------------------------------------+--------+| validate_password.check_user_name | ON || validate_password.dictionary_file | || validate_password.length | 8 || validate_password.mixed_case_count | 1 || validate_password.number_count | 1 || validate_password.policy | MEDIUM || validate_password.special_char_count | 1 |+--------------------------------------+--------+7 rows in set (0.00 sec)
해당 값은 MEDIUM 으로 되어 있지만 validate_password.policy 값이 5.7하고 다르게 구성되어 있다. 위에서 패스워드를 강력하게 구성을 했던것이
이것 때문에 그런다 그럼 이제 패스워들 쉽게 구성하기 위해서 값을 변경해보자
여기서 기존에는 LOW , MEDIUM 을 사용하였지만 my.cnf에서는 0,1,2로 설정해서 사용한다12345678[root@localhost mysql]# vi /etc/my.cnf[mysqld]##Password Policyvalidate_password.policy=0#validate_password.policy=1#validate_password.policy=2mysql 재시작
1[root@localhost mysql]# systemctl restart mysqldmysql 접속해서 이제 상태값을 보고 패스워드를 변경해보자 값이 LOW으로 변경 된 것을 확인 할 수 있다
12345678910111213mysql> SHOW VARIABLES LIKE 'validate_password.%';+--------------------------------------+-------+| Variable_name | Value |+--------------------------------------+-------+| validate_password.check_user_name | ON || validate_password.dictionary_file | || validate_password.length | 8 || validate_password.mixed_case_count | 1 || validate_password.number_count | 1 || validate_password.policy | LOW || validate_password.special_char_count | 1 |+--------------------------------------+-------+7 rows in set (0.00 sec)이제 패스워드를 좀더 쉬운것으로 변경 해 보자 근데 에러가 발생한다. 뭐지…
12mysql> update user set password=password('qwer1234') where user='root';ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('qwer1234') where user='root'' at line 1mysql 5.7 버전부터 password 필드가 없어지고 그 대신 authentication_string 필드가 password 필드를 대체
12345678910mysql> select host, user, authentication_string, password_last_changed from user;+-----------+------------------+------------------------------------------------------------------------+-----------------------+| host | user | authentication_string | password_last_changed |+-----------+------------------+------------------------------------------------------------------------+-----------------------+| localhost | mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | 2020-07-24 16:24:24 || localhost | mysql.session | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | 2020-07-24 16:24:24 || localhost | mysql.sys | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | 2020-07-24 16:24:24 || localhost | root | *D75CC763C5551A420D28A227AC294FADE26A2FF2 | 2020-07-24 16:57:59 |+-----------+------------------+------------------------------------------------------------------------+-----------------------+4 rows in set (0.00 sec)이제 패스워드를 변경하는데 기존 update가 아닌 alter 명령어로 패스워드를 변경해 주면 된다
12345mysql> alter user 'root'@'localhost' identified with mysql_native_password by 'qwer1234';Query OK, 0 rows affected (0.02 sec)mysql> flush privileges;Query OK, 0 rows affected (0.01 sec)변경된 패스워드로 정상 접속되는지 테스트 해보면 된다
추가적으로 mysql engine을 myisam으로 사용하고 싶다면 아래 my.cnf 파일 복사 후 사용
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990[root@localhost mysql]# vi /etc/my.cnf[client]port = 3306[mysqld]# innodb_buffer_pool_size = 128M# disable_log_bin## join_buffer_size = 128M# sort_buffer_size = 2M# read_rnd_buffer_size = 2Mdatadir=/home/mysql_datasocket=/var/lib/mysql/mysql.sock### loglog-error=/var/log/mysqld.logpid-file=/var/run/mysqld/mysqld.pidskip-external-lockingkey_buffer_size = 384Mmax_allowed_packet = 16Mtable_open_cache = 2048sort_buffer_size = 2Mread_buffer_size = 2Mread_rnd_buffer_size = 8Mmyisam_sort_buffer_size = 64Mthread_cache_size = 8#dns queryskip-name-resolve#connectionmax_connections = 1000max_connect_errors = 1000wait_timeout= 60#slow-queries#slow_query_log = /var/log//slow-queries.log#long_query_time = 3#log-slow-queries = /var/log/mysql-slow-queries.log##timestampexplicit_defaults_for_timestamp#symbolic-links=0##Password Policy#validate_password.policy=0#validate_password.policy=1#validate_password.policy=2### MyISAM Spectific optionsdefault-storage-engine = myisamkey_buffer_size = 32Mbulk_insert_buffer_size = 64Mmyisam_sort_buffer_size = 128Mmyisam_max_sort_file_size = 10Gmyisam_repair_threads = 1### INNODB Spectific options#default-storage-engine = InnoDB#skip--innodb=OFF#innodb_additional_mem_pool_size = 16M#innodb_buffer_pool_size = 1024MB#innodb_data_file_path = ibdata1:10M:autoextend#innodb_write_io_threads = 8#innodb_read_io_threads = 8#innodb_thread_concurrency = 16#innodb_flush_log_at_trx_commit = 1#innodb_log_buffer_size = 8M#innodb_log_file_size = 128M#innodb_log_files_in_group = 3#innodb_max_dirty_pages_pct = 90#innodb_lock_wait_timeout = 120[mysqldump]max_allowed_packet = 512M[mysql]#no-auto-rehash[myisamchk]key_buffer_size = 512Msort_buffer_size = 512Mread_buffer = 8Mwrite_buffer = 8M
10. APACHE 2.4.43 를 설치하기 앞서 필요한 패키지를 설치해줘야 한다
apr 1.7 / apr-util 1.61 / openssl 1.1.1 이상 (TLS 1.3 지원) / nghttp2 (HTTP2 지원) / brotil 1.0.7 (이미지 압축기술)
그리고 추가적으로 yum 을 이용하여 필요한 패키지를 설치하자
|
1 2 3 |
[root@localhost ~]# yum -y install wget perl perl-core zlib-devel gcc gcc-c++ \ cmake git automake autoconf libtool \ pcre-devel libxml2-devel openssl-devel expat-devel curl-devel |
11. ARP 1.7 INSTALL
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@localhost ~]# wget http://apache.mirror.cdnetworks.com//apr/apr-1.7.0.tar.gz [root@localhost ~]# tar xvfz apr-1.7.0.tar.gz [root@localhost ~]# cd apr-1.7.0 [root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr rm: cannot remove 'libtoolT': No such file or directory 에러가 발생되면 [root@localhost apr-1.7.0]# cp -a libtool libtoolT [root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr [root@localhost apr-1.7.0]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost apr-1.7.0]# make install |
apr-util 1.6.1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@localhost apr-1.7.0]# cd /root [root@localhost ~]# wget https://archive.apache.org/dist/apr/apr-util-1.6.1.tar.bz2 [root@localhost ~]# tar -xvjf apr-util-1.6.1.tar.bz2 [root@localhost ~]# cd apr-util-1.6.1 [root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr/ --with-apr=/usr/local/apr/ [root@localhost apr-util-1.6.1]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost apr-util-1.6.1]# make install |
openssl 1.1.1g install
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@localhost ~]# wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz [root@localhost ~]# tar xvfz openssl-1.1.1g.tar.gz [root@localhost ~]# cd openssl-1.1.1g [root@localhost openssl-1.1.1g# ./config --prefix=/usr/local/openssl shared zlib-dynamic [root@localhost openssl-1.1.1g]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost openssl-1.1.1g]# make install [root@localhost openssl-1.1.1g]# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf.d/openssl.conf [root@localhost openssl-1.1.1g]# ldconfig [root@localhost openssl-1.1.1g]# mv /usr/bin/openssl /usr/bin/openssl.old [root@localhost openssl-1.1.1g]# ln -s /usr/local/openssl/bin/openssl /usr/bin/ |
openssl TLS 1.3 지원여부 체크
|
1 2 3 4 |
[root@localhost openssl-1.1.1g]# openssl ciphers -v | grep TLSv1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD |
nghttp2 install
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@localhost ~]#cd /root [root@localhost ~]# yum install libev-devel python-devel c-ares-devel jemalloc-devel jansson-devel CUnit-devel cmake [root@localhost ~]# wget https://github.com/nghttp2/nghttp2/releases/download/v1.34.0/nghttp2-1.34.0.tar.gz [root@localhost ~]# tar xvfz nghttp2-1.34.0.tar.gz [root@localhost ~]# cd nghttp2-1.34.0 [root@localhost nghttp2-1.34.0]# OPENSSL_CFLAGS="-I/usr/local/openssl/include" OPENSSL_LIBS="-L/usr/local/openssl/lib -lssl -lcrypto" ./configure --prefix=/usr/local/nghttp2 --with-boost [root@localhost nghttp2-1.34.0]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost nghttp2-1.34.0]# make install |
brotil 1.0.7 install
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@localhost ~]#cd /root [root@localhost ~]# wget https://github.com/google/brotli/archive/v1.0.7.tar.gz [root@localhost ~]# tar xvfz v1.0.7.tar.gz [root@localhost ~]# cd brotli-1.0.7/ [root@localhost brotli-1.0.7]# mkdir out && cd out [root@localhost out]# ../configure-cmake --prefix=/usr/local/brotli [root@localhost out]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost out]# make install |
12. httpd 다운로드 및 설치
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
[root@localhost ~]# wget http://apache.mirror.cdnetworks.com//httpd/httpd-2.4.43.tar.gz [root@localhost ~]# tar xvfz httpd-2.4.43.tar.gz [root@localhost ~]# cd httpd-2.4.43 [root@localhost httpd-2.4.43]# ./configure --prefix=/usr/local/apache \ --enable-so \ --enable-unique-id \ --enable-http2 \ --enable-brotli \ --enable-deflate \ --enable-ssl \ --with-brotli=/usr/local/brotli \ --with-ssl=/usr/local/openssl \ --with-apr=/usr/local/apr \ --with-apr-util=/usr/local/apr \ --with-pcre \ --with-curl \ --with-nghttp2=/usr/local/nghttp2 \ --enable-mods-shared=all \ --enable-mpms-shared=all [root@localhost httpd-2.4.43]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost httpd-2.4.43]# make install |
13. envvars 파일 내용 수정 ( brotil로 변경)
|
1 2 3 4 5 6 7 8 9 |
[root@localhost httpd-2.4.43]# vi /usr/local/apache/bin/envvars 수정 if test "x$LD_LIBRARY_PATH" != "x" ; then LD_LIBRARY_PATH="/usr/local/brotli/lib/:$LD_LIBRARY_PATH" else LD_LIBRARY_PATH="/usr/local/brotli/lib/" fi export LD_LIBRARY_PATH |
14. mod_url install
|
1 2 3 4 5 6 7 8 9 |
[root@localhost httpd-2.4.43]# cd /root [root@localhost ~]# wget http://jini.kldp.net/modurl/release/2186-mod_url-apache2-1.6.2.6.tar.bz2 [root@localhost ~]# tar xvfj 2186-mod_url-apache2-1.6.2.6.tar.bz2 [root@localhost ~]# cd mod_url-apache2/ [root@localhost mod_url-apache2]# /usr/local/apache/bin/apxs -iac mod_url.c |
15. httpd.conf 파일 복사 후 내용 아래처럼 수정
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
[root@localhost mod_url-apache2]# cp -a /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.ori [root@localhost mod_url-apache2]# vi /usr/local/apache/conf/httpd.conf ServerRoot "/usr/local/apache" Listen 80 # LoadModule foo_module modules/mod_foo.so # LoadModule mpm_event_module modules/mod_mpm_event.so #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so #LoadModule mpm_worker_module modules/mod_mpm_worker.so LoadModule authn_file_module modules/mod_authn_file.so #LoadModule authn_dbm_module modules/mod_authn_dbm.so #LoadModule authn_anon_module modules/mod_authn_anon.so #LoadModule authn_dbd_module modules/mod_authn_dbd.so #LoadModule authn_socache_module modules/mod_authn_socache.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so #LoadModule authz_dbm_module modules/mod_authz_dbm.so #LoadModule authz_owner_module modules/mod_authz_owner.so #LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so #LoadModule auth_form_module modules/mod_auth_form.so #LoadModule auth_digest_module modules/mod_auth_digest.so #LoadModule allowmethods_module modules/mod_allowmethods.so #LoadModule file_cache_module modules/mod_file_cache.so #LoadModule cache_module modules/mod_cache.so #LoadModule cache_disk_module modules/mod_cache_disk.so #LoadModule cache_socache_module modules/mod_cache_socache.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #LoadModule socache_dbm_module modules/mod_socache_dbm.so #LoadModule socache_memcache_module modules/mod_socache_memcache.so #LoadModule socache_redis_module modules/mod_socache_redis.so LoadModule watchdog_module modules/mod_watchdog.so #LoadModule macro_module modules/mod_macro.so #LoadModule dbd_module modules/mod_dbd.so #LoadModule dumpio_module modules/mod_dumpio.so #LoadModule echo_module modules/mod_echo.so #LoadModule buffer_module modules/mod_buffer.so #LoadModule data_module modules/mod_data.so #LoadModule ratelimit_module modules/mod_ratelimit.so LoadModule reqtimeout_module modules/mod_reqtimeout.so #LoadModule ext_filter_module modules/mod_ext_filter.so #LoadModule request_module modules/mod_request.so #LoadModule include_module modules/mod_include.so LoadModule filter_module modules/mod_filter.so #LoadModule reflector_module modules/mod_reflector.so #LoadModule substitute_module modules/mod_substitute.so #LoadModule sed_module modules/mod_sed.so #LoadModule charset_lite_module modules/mod_charset_lite.so #LoadModule deflate_module modules/mod_deflate.so #LoadModule xml2enc_module modules/mod_xml2enc.so #LoadModule proxy_html_module modules/mod_proxy_html.so LoadModule brotli_module modules/mod_brotli.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so #LoadModule log_debug_module modules/mod_log_debug.so #LoadModule log_forensic_module modules/mod_log_forensic.so #LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so #LoadModule mime_magic_module modules/mod_mime_magic.so #LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so #LoadModule usertrack_module modules/mod_usertrack.so #LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so #LoadModule remoteip_module modules/mod_remoteip.so #LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so #LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so #LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so #LoadModule proxy_express_module modules/mod_proxy_express.so #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so #LoadModule session_module modules/mod_session.so #LoadModule session_cookie_module modules/mod_session_cookie.so #LoadModule session_dbd_module modules/mod_session_dbd.so #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so LoadModule ssl_module modules/mod_ssl.so #LoadModule dialup_module modules/mod_dialup.so LoadModule http2_module modules/mod_http2.so #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so LoadModule unixd_module modules/mod_unixd.so #LoadModule heartbeat_module modules/mod_heartbeat.so #LoadModule heartmonitor_module modules/mod_heartmonitor.so #LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so #LoadModule asis_module modules/mod_asis.so #LoadModule info_module modules/mod_info.so #LoadModule cgid_module modules/mod_cgid.so #LoadModule dav_fs_module modules/mod_dav_fs.so #LoadModule dav_lock_module modules/mod_dav_lock.so #LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so #LoadModule actions_module modules/mod_actions.so #LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule redurl_module modules/mod_url.so <IfModule unixd_module> User nobody Group nobody </IfModule> ServerAdmin you@example.com ServerName localhost:80 <Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory> DocumentRoot "/usr/local/apache/htdocs" <Directory "/usr/local/apache/htdocs"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html index.php index.htm </IfModule> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined # LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{MM_COUNTRY_CODE}e" combined <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> #ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" </IfModule> <IfModule cgid_module> </IfModule> #<Directory "/usr/local/apache/cgi-bin"> # AllowOverride None # Options None # Require all granted #</Directory> <IfModule headers_module> RequestHeader unset Proxy early </IfModule> <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-gzip .tgz AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php4 .php .html .htm .inc AddType application/x-httpd-php-source .phps AddHandler cgi-script .cgi AddHandler type-map var AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> #MIMEMagicFile conf/magic #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html #MaxRanges unlimited #EnableMMAP off #EnableSendfile on Include conf/extra/httpd-mpm.conf # Multi-language error messages Include conf/extra/httpd-multilang-errordoc.conf # Fancy directory listings #Include conf/extra/httpd-autoindex.conf # Language settings Include conf/extra/httpd-languages.conf # User home directories Include conf/extra/httpd-userdir.conf # Real-time info on requests and configuration #Include conf/extra/httpd-info.conf # Virtual hosts Include conf/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual #Include conf/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) #Include conf/extra/httpd-dav.conf # Various default settings Include conf/extra/httpd-default.conf # Configure mod_proxy_html to understand HTML4/XHTML1 <IfModule proxy_html_module> #Include conf/extra/proxy-html.conf </IfModule> <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> # Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf |
언어설정 파일 내용 추가
|
1 2 3 |
[root@localhost ]# vi /usr/local/apache/conf/extra/httpd-languages.conf ##추가 AddLanguage ko .ko |
httpd-default.conf 내용 수정
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@localhost ~]# vi /usr/local/apache/conf/extra/httpd-default.conf Timeout 60 KeepAlive On MaxKeepAliveRequests 300 KeepAliveTimeout 2 UseCanonicalName Off AccessFileName .htaccess ServerTokens Prod ServerSignature Off HostnameLookups Off <IfModule reqtimeout_module> RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 </IfModule> |
httpd-userdir.conf 내용 수정
|
1 2 3 4 5 6 7 8 |
[root@localhost ~]# vi /usr/local/apache/conf/extra/httpd-userdir.conf UserDir html <Directory "/home/*/html"> AllowOverride FileInfo AuthConfig Limit Options Require method GET POST Options MultiViews SymLinksIfOwnerMatch IncludesNoExec </Directory> |
16. systemctl 파일 등록 (서비스 관리)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@localhost ~]# vi /usr/lib/systemd/system/httpd.service [Unit] Description=The Apache HTTP Server After=network.target remote-fs.target nss-lookup.target Documentation=man:httpd.service(8) [Service] Type=forking ExecStart=/usr/local/apache/bin/apachectl start ExecReload=/usr/local/apache/bin/apachectl graceful ExecStop=/usr/local/apache/bin/apachectl stop [Install] WantedBy=multi-user.target |
17. 서비스 등록 및 서비스 시작
|
1 2 3 4 5 6 7 8 |
### 데몬 리로드 [root@localhost ~]# systemctl daemon-reload ### httpd 등록 [root@localhost ~]# systemctl enable httpd.service ### httpd 시작 [root@localhost ~]# systemctl start httpd.service |
18.TLS 1.3 및 HTTP/2 정상적인지 테스트하기 위해서 SSL 생성 ( 테스트 도메인 : tlstest2.xinet.kr )
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[root@localhost ] mkdir /usr/local/apache/conf/ssl [root@localhost ] cd /usr/local/apache/conf/ssl [root@localhost ssl]# openssl genrsa -des3 -out tlstest2.xinet.kr.key 2048 Generating RSA private key, 2048 bit long modulus (2 primes) .....................................................................................+++++ .......+++++ e is 65537 (0x010001) Enter pass phrase for tlstest2.xinet.kr.key: Verifying - Enter pass phrase for tlstest2.xinet.kr.key: root@localhost ssl]# openssl req -new -key tlstest2.xinet.kr.key -out tlstest2.xinet.kr.csr Enter pass phrase for phptest.xinet.kr.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:KR State or Province Name (full name) [Some-State]:Gyeonggi-do Locality Name (eg, city) []:Gwangmyeong-si Organization Name (eg, company) [Internet Widgits Pty Ltd]:xinet Organizational Unit Name (eg, section) []:se Common Name (e.g. server FQDN or YOUR name) []:tlstest2.xinet.kr Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
19. 인증서를 발급받고 httpd-ssl.conf 에 등록해보자
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
[root@localhost logs]# vi /usr/local/apache/conf/extra/httpd-ssl.conf Listen 443 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/run/httpd/sslcache(1024000)" SSLSessionCacheTimeout 3600 SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin SSLStrictSNIVHostCheck off SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite "TLS_AES_128_GCM_SHA256 \ TLS_AES_256_GCM_SHA384 \ TLS_CHACHA20_POLY1305_SHA256 \ ECDHE-ECDSA-AES128-GCM-SHA256 \ ECDHE-ECDSA-AES256-GCM-SHA384 \ ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES256-SHA \ ECDHE-ECDSA-AES128-SHA256 \ ECDHE-ECDSA-AES256-SHA384 \ ECDHE-RSA-AES128-GCM-SHA256 \ ECDHE-RSA-AES256-GCM-SHA384 \ ECDHE-RSA-AES128-SHA \ ECDHE-RSA-AES256-SHA \ ECDHE-RSA-AES128-SHA256 \ ECDHE-RSA-AES256-SHA384 \ DHE-RSA-AES128-GCM-SHA256 \ DHE-RSA-AES256-GCM-SHA384 \ DHE-RSA-AES128-SHA \ DHE-RSA-AES256-SHA \ DHE-RSA-AES128-SHA256 \ DHE-RSA-AES256-SHA256 \ EDH-RSA-DES-CBC3-SHA" SSLHonorCipherOrder on SSLCompression off SSLUseStapling On SSLStaplingCache shmcb:/run/httpd/stapling_cache(128000) <VirtualHost *:443> DocumentRoot /home/ssltest/html ServerName tlstest2.xinet.kr SSLEngine on Protocols h2 http/1.1 SetOutputFilter BROTLI_COMPRESS;DEFLATE SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip no-brotli dont-vary Header always set Strict-Transport-Security "max-age=31536000" SSLCertificateFile /usr/local/apache/conf/ssl/tlstest2.xinet.kr.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl/tlstest2.xinet.kr.key SSLCertificateChainFile /usr/local/apache/conf/ssl/EncryptionEverywhereDVCA.crt SSLCACertificateFile /usr/local/apache/conf/ssl/DigiCertRoot2.crt.cer CustomLog "logs/access_log" combined </VirtualHost> |
ssl.conf 주석해제 ( httpd.conf)
|
1 2 3 4 5 |
[root@localhost ssl]# vi /usr/local/apache/conf/httpd.conf #주석해제 # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf |
웹서버 재시작
|
1 |
[root@localhost ~]# systemctl restart httpd |
TLS 1.3 지원 확인
HTTP2 지원 확인
웹로그에서 확인
20. PHP 7.4.8 설치 ( 설치에 앞서 libzip을 설치해야 기본 설치된 버전이 0.10이다 php 7.4.8에서는 libzip 0.11버전이 필요하다
|
1 2 3 4 5 |
[root@localhost ~]# wget http://packages.psychotic.ninja/7/plus/x86_64/RPMS/libzip-0.11.2-6.el7.psychotic.x86_64.rpm [root@localhost ~]# wget http://packages.psychotic.ninja/7/plus/x86_64/RPMS/libzip-devel-0.11.2-6.el7.psychotic.x86_64.rpm [root@localhost ~]# rpm -Uvh libzip-* |
21. PHP 설치에 앞서 필요한 패키지 yum 설치
|
1 2 3 4 5 |
[root@localhost ~]# yum -y install bison re2c libcurl-devel bzip2-devel gd-devel gmp-devel libc-client-devel \ libicu-devel libtidy-devel libxslt-devel zlib-devel libwebp-devel e2fsprogs-devel krb5-devel libidn-devel \ libtermcap libtermcap-devel gdbm-devel zlib* libxml* freetype* libpng* libjpeg* gd gd-devel \ mhash mhash-devel enchant-devel enchant netpbm* libxslt* gmp gmp-devel systemd-devel \ readline readline-devel sqlite-devel oniguruma-devel |
22. PHP 7.4.8 다운로드 및 설치 ( 설치 방식은 apache의 모듈형태로 서비스 되는 형태 libphp7.so )
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
[root@localhost ~]# wget https://www.php.net/distributions/php-7.4.8.tar.gz [root@localhost ~]# tar xvfj php-7.4.8.tar.gz [root@localhost ~]# cd php-7.4.8 [root@localhost php-7.4.8]#./configure \ --prefix=/usr/local/php \ --with-apxs2=/usr/local/apache/bin/apxs \ --with-config-file-path=/usr/local/apache/conf \ --with-config-file-scan-dir=/usr/local/apache/conf \ --with-openssl=/usr/local/openssl \ --with-mysql-sock=/var/lib/mysql/mysql.sock \ --with-mysqli \ --with-pdo-mysql \ --with-libdir=lib64 \ --with-enchant \ --with-gettext \ --with-freetype \ --with-jpeg \ --with-webp \ --with-xpm \ --with-zlib \ --with-gmp \ --with-iconv \ --with-gdbm \ --with-bz2 \ --with-curl \ --with-mhash \ --with-xsl \ --with-readline \ --with-curl \ --with-pear \ --with-gettext \ --with-xmlrpc \ --with-ldap \ --with-zip \ --with-libxml \ --enable-mysqlnd \ --enable-bcmath \ --enable-gd \ --enable-sockets \ --enable-pcntl \ --enable-ftp \ --enable-bcmath \ --enable-mbstring \ --enable-calendar \ --enable-simplexml \ --enable-json \ --enable-session \ --enable-soap \ --enable-xml \ --enable-opcache \ --enable-intl \ --enable-cli \ --enable-maintainer-zts \ --enable-debug \ --enable-mbregex \ --enable-dba \ --enable-litespeed \ --enable-shmop \ --enable-sysvsem \ --enable-sysvshm \ --enable-sysvmsg \ --enable-exif [root@localhost php-7.4.8]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost php-7.4.8]# make install |
23. php.ini 환경설정 파일 복사 및 수정
|
1 2 3 4 5 6 7 8 |
[root@localhost php-7.4.8]# cp -a php.ini-development /usr/local/apache/conf/php.ini [root@localhost php-7.4.8]# vi /usr/local/apache/conf/php.ini short_open_tag = On date.timezone = "Asia/Seoul" error_reporting = "E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_USER_DEPRECATED" upload_max_filesize = 12M |
24. /usr/bin에 php 심벌릭링크 생성
|
1 2 3 4 5 6 |
[root@localhost php-7.4.8]# ln -s /usr/local/php/bin/php /usr/bin/php [root@localhost php-7.4.8]# php -v PHP 7.3.8 (cli) (built: Aug 9 2019 16:55:10) ( ZTS DEBUG ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.8, Copyright (c) 1998-2018 Zend Technologies |
25. mod 방식으로 설치했기 때문에 httpd.conf 파일의 내용을 수정해준다 ( index.php 추가해주고 addtype도 추가해준다)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[root@localhost php-7.4.8]# vi /usr/local/apache/conf/httpd.conf <IfModule dir_module> DirectoryIndex index.html index.php </IfModule> <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-gzip .tgz AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php4 .php .html .htm .inc AddType application/x-httpd-php-source .phps AddHandler cgi-script .cgi AddHandler type-map var AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> |
26. 웹서버 재시작
|
1 |
[root@localhost ~]# systemctl restart httpd |
27. 웹페이지에서 확인
테스트로 wordpress 설치
1. myslq 데이터베이스 추가 및 사용자 추가 및 권한 설정
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[root@localhost html]# mysql -u root -p mysql Enter password: mysql> create database xinet; Query OK, 1 row affected (0.02 sec) mysql> CREATE USER 'xinet'@'localhost' IDENTIFIED BY 'Xinet78##'; Query OK, 0 rows affected (0.02 sec) mysql> GRANT ALL PRIVILEGES ON * . * TO 'xinet'@'localhost'; Query OK, 0 rows affected, 1 warning (0.03 sec) mysql> GRANT ALL PRIVILEGES ON xinet . * TO 'xinet'@'localhost'; Query OK, 0 rows affected, 1 warning (0.02 sec) mysql> ALTER USER 'xinet'@'localhost' IDENTIFIED WITH mysql_native_password BY 'Xinet78##'; Query OK, 0 rows affected (0.01 sec) mysql> flush privileges; Query OK, 0 rows affected (0.01 sec) |
2. 워드프레스 다운로드 및 압축 해제
|
1 2 3 4 5 6 7 8 9 |
[root@localhost ~]# cd /home/ssltest/html/ [root@localhost html]# wget https://ko.wordpress.org/latest-ko_KR.tar.gz [root@localhost html]# tar xvfz latest-ko_KR.tar.gz [root@localhost html]# cd wordpress/ [root@localhost wordpress]# cp -a wp-config-sample.php wp-config.php |
3. wp-config 파일 내용 수정 ( https://api.wordpress.org/secret-key/1.1/salt/ 값 확인 후 아래 내용 수정해야함)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
[root@localhost wordpress]# vi wp-config.php /** The name of the database for WordPress */ define( 'DB_NAME', 'xinet' ); /** MySQL database username */ define( 'DB_USER', 'xinet' ); /** MySQL database password */ define( 'DB_PASSWORD', 'Xinet78##' ); /** MySQL hostname */ define( 'DB_HOST', 'localhost' ); /** Database Charset to use in creating database tables. */ define( 'DB_CHARSET', 'utf8' ); /** The Database Collate type. Don't change this if in doubt. */ define( 'DB_COLLATE', '' ); * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org s ecret-key service} * You can change these at any point in time to invalidate all existing cookies. This will force all user s to have to log in again. * * @since 2.6.0 */ define('AUTH_KEY', 'u{*oa=25S)D>rZY~To;ILTH{J$|j--Q=Ba~H~yB0Q_N|sWtjp32uQOx4e,w:J_MG'); define('SECURE_AUTH_KEY', 'Cp[gr;,|rVOUOoX7iYv!#N2.6a{$UtQ0=BZZRtlrdHoW191=ETff/|pm2f]ahu)A'); define('LOGGED_IN_KEY', '(~-inP!.Wp5wRVC{/{^zne3MuU~g,=eUd,qVLPWV65iw[PK$.i2+z;i+ZC}P,imI'); define('NONCE_KEY', 't/L]|I-=&r.AWa5JnUhD$X^ $O^wN>jZ?`{2W)]rlz3KJ <}3@^{AEcTFaK7,LSy'); define('AUTH_SALT', 'gcD=*v%aK-XB.< .GGik_8P3!K}:ce/3O4|d6Ff>f1eM/inqnJ|M|v=DB~S{}!W*'); define('SECURE_AUTH_SALT', '-z|O+1|5f(Ad`#k1 IT*sRKd]({Wtcp`%@SnR6>T}fS(xF}[v`u{a9(77$e^`;E&'); define('LOGGED_IN_SALT', '|K{J7rkl&^V4?z&f9..;KkdeagY:,bRX2-|fh~A]DD+ caVp%AX%6.JeG3A5/&74'); define('NONCE_SALT', 'vd#`]E+K/}~YX>Vq4l&4@x]x8^BMKAC>^86{p)N&g84M![_d`,o-8}zG0/]Av=L}'); /**#@-*/ |
4. 웹페이지에서 설치 화면 진행
설치 완료
|
1 |