O/S : CenotsOS 7.x 64bit
APACHE : 2.4.46 ( http/2 지원 / TLS 1.3 지원 )
PHP : 7.4.19
MariaDB : mariadb 10.5.10
1. mariadb 설치 yum repo에 추가 후 설치 진행
1 2 3 4 5 6 7 8 |
[root@localhost ~]# vi /etc/yum.repos.d/MariaDB.repo #추가 [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.5/centos7-amd64 gpgkey = https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck = 1 |
2. yum으로 mariadb 10.5.10 install
1 |
yum -y install MariaDB-server MariaDB-devel MariaDB-client MariaDB-compat MariaDB-common MariaDB-shared |
3. mariadb start
1 |
[root@localhost ~]# systemctl start mariadb |
3-1 ) mysql 접속하여 버전 및 언어 확인
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
[root@localhost ~]# mysql MariaDB [(none)]> \s -------------- mysql Ver 15.1 Distrib 10.5.10-MariaDB, for Linux (x86_64) using readline 5.1 Connection id: 3 Current database: Current user: root@localhost SSL: Not in use Current pager: stdout Using outfile: '' Using delimiter: ; Server: MariaDB Server version: 10.5.10-MariaDB MariaDB Server Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: latin1 Db characterset: latin1 Client characterset: utf8 Conn. characterset: utf8 UNIX socket: /var/lib/mysql/mysql.sock Uptime: 21 sec Threads: 1 Questions: 4 Slow queries: 0 Opens: 17 Open tables: 10 Queries per second avg: 0.190 |
언어를 utf8로 변경하기 위해서 my.cnf 변경 ( 기본 엔진 myisam / 만약 innodb를 사용하려면 6번의 server.cnf 파일을 참고한다 )
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
[root@localhost ~]# vi /etc/my.cnf.d/server.cnf bind-address=0.0.0.0 skip-external-locking key_buffer_size = 384M max_allowed_packet = 512M table_open_cache = 2048 sort_buffer_size = 2M read_buffer_size = 2M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M thread_cache_size = 8 #dns query skip-name-resolve #connection max_connections = 1000 max_connect_errors = 1000 wait_timeout= 60 #slow-queries #slow_query_log = /var/lib//mysql/slow-queries.log #long_query_time = 3 #log-slow-queries = /var/lib/mysql/mysql-slow-queries.log ##timestamp explicit_defaults_for_timestamp symbolic-links=0 ###chracter character-set-client-handshake=FALSE init_connect = SET collation_connection = utf8_general_ci init_connect = SET NAMES utf8 character-set-server = utf8 collation-server = utf8_general_ci ### MyISAM Spectific options default-storage-engine = myisam key_buffer_size = 32M bulk_insert_buffer_size = 64M myisam_sort_buffer_size = 128M myisam_max_sort_file_size = 10G myisam_repair_threads = 1 ### INNODB Spectific options #default-storage-engine = InnoDB skip-innodb #innodb_additional_mem_pool_size = 16M #innodb_buffer_pool_size = 1024MB #innodb_data_file_path = ibdata1:10M:autoextend #innodb_write_io_threads = 8 #innodb_read_io_threads = 8 #innodb_thread_concurrency = 16 #innodb_flush_log_at_trx_commit = 1 #innodb_log_buffer_size = 8M #innodb_log_file_size = 128M #innodb_log_files_in_group = 3 #innodb_max_dirty_pages_pct = 90 #innodb_lock_wait_timeout = 120 [mysqldump] #default-character-set = utf8 max_allowed_packet = 512M [myisamchk] key_buffer_size = 512M sort_buffer_size = 512M read_buffer = 8M write_buffer = 8M # # * Galera-related settings # [galera] # Mandatory settings #wsrep_on=ON #wsrep_provider= #wsrep_cluster_address= #binlog_format=row #default_storage_engine=InnoDB #innodb_autoinc_lock_mode=2 # Optional setting #wsrep_slave_threads=1 |
mariadb 재시작 후 언어 확인
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
[root@localhost ~]# systemctl restart mariadb [root@localhost ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 3 Server version: 10.5.10-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> \s -------------- mysql Ver 15.1 Distrib 10.5.10-MariaDB, for Linux (x86_64) using readline 5.1 Connection id: 3 Current database: Current user: root@localhost SSL: Not in use Current pager: stdout Using outfile: '' Using delimiter: ; Server: MariaDB Server version: 10.5.10-MariaDB MariaDB Server Protocol version: 10 Connection: Localhost via UNIX socket Server characterset: utf8 Db characterset: utf8 Client characterset: utf8 Conn. characterset: utf8 UNIX socket: /var/lib/mysql/mysql.sock Uptime: 6 sec Threads: 1 Questions: 4 Slow queries: 0 Opens: 16 Open tables: 9 Queries per second avg: 0.666 |
4. mariadb는 기본 데이터베이스 저장 경로는 /var/lib/mysql 이 기본경로이다
용량 이슈 문제로 우리는 /home/mysql_data 에 진행하려고 한다 / 데이터베이스 디렉토리 변경 방법
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@localhost ~]# systemctl stop mariadb [root@localhost /]# mv /var/lib/mysql /home/mysql_data [root@localhost /]# ln -s /home/mysql_data /var/lib/mysql [root@localhost /]# chown -h mysql:mysql /var/lib/mysql [root@localhost /]# vi /usr/lib/systemd/system/mariadb.service ProtectHome=false [root@localhost /]# systemctl daemon-reload |
저장 경로 my.cnf 에서 변경
1 2 3 |
[root@localhost ~]# vi /etc/my.cnf.d/server.cnf datadir=/home/mysql_data/ |
mariadb 재시작 및 데이터베이스 접속 후 datadir 경로 확인
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@localhost /]# systemctl start mariadb [root@localhost /]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 3 Server version: 10.5.10-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> select @@datadir; +-------------------+ | @@datadir | +-------------------+ | /home/mysql_data/ | +-------------------+ 1 row in set (0.000 sec) |
mariadb root 패스워드 변경
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
[root@localhost /]# mysql MariaDB [mysql]> select host,user,password from user; +-----------------------+-------------+-------------------------------------------+ | Host | User | Password | +-----------------------+-------------+-------------------------------------------+ | localhost | mariadb.sys | | | localhost | root | *D75CC763C5551A420D28A227AC294FADE26A2FF2 | | localhost | mysql | invalid | | localhost | | | | localhost.localdomain | | | +-----------------------+-------------+-------------------------------------------+ 5 rows in set (0.002 sec) MariaDB [mysql]> alter user root@localhost identified via mysql_native_password using password("qwer1234"); Query OK, 0 rows affected (0.003 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.001 sec)개 |
root 패스워드 변경 후 mysql 접속
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@localhost /]# mysql -u root -p mysql Enter password: qwer1234 Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 6 Server version: 10.5.10-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [mysql]> 서 |
서버 재시작시 mariadb 서비스가 올라올수 있게 서비스 등록
1 |
[root@localhost /]# systemctl enable mariadb |
5. 기본 여러지 환경설정값을 변경해서 사용하므로 /etc/my.cnf.d/server.cnf 해당 파일을 아래와 같이 수정해준다
기본 엔진 myisam / 만약 innodb를 사용하려면 6번의 server.cnf 파일을 참고한다
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
[server] [mysqld] bind-address=0.0.0.0 skip-external-locking key_buffer_size = 384M max_allowed_packet = 512M table_open_cache = 2048 sort_buffer_size = 2M read_buffer_size = 2M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M thread_cache_size = 8 ###datadir datadir=/home/mysql_data #dns query skip-name-resolve #connection max_connections = 1000 max_connect_errors = 1000 wait_timeout= 60 #slow-queries #slow_query_log = /var/lib//mysql/slow-queries.log #long_query_time = 3 #log-slow-queries = /var/lib/mysql/mysql-slow-queries.log ##timestamp explicit_defaults_for_timestamp symbolic-links=0 ###chracter character-set-client-handshake=FALSE init_connect = SET collation_connection = utf8_general_ci init_connect = SET NAMES utf8 character-set-server = utf8 collation-server = utf8_general_ci ### MyISAM Spectific options default-storage-engine = myisam key_buffer_size = 32M bulk_insert_buffer_size = 64M myisam_sort_buffer_size = 128M myisam_max_sort_file_size = 10G myisam_repair_threads = 1 ### INNODB Spectific options #default-storage-engine = InnoDB skip-innodb #innodb_additional_mem_pool_size = 16M #innodb_buffer_pool_size = 1024MB #innodb_data_file_path = ibdata1:10M:autoextend #innodb_write_io_threads = 8 #innodb_read_io_threads = 8 #innodb_thread_concurrency = 16 #innodb_flush_log_at_trx_commit = 1 #innodb_log_buffer_size = 8M #innodb_log_file_size = 128M #innodb_log_files_in_group = 3 #innodb_max_dirty_pages_pct = 90 #innodb_lock_wait_timeout = 120 [mysqldump] #default-character-set = utf8 max_allowed_packet = 512M [myisamchk] key_buffer_size = 512M sort_buffer_size = 512M read_buffer = 8M write_buffer = 8M # # * Galera-related settings # [galera] # Mandatory settings #wsrep_on=ON #wsrep_provider= #wsrep_cluster_address= #binlog_format=row #default_storage_engine=InnoDB #innodb_autoinc_lock_mode=2 # Optional setting #wsrep_slave_threads=1 |
6. 기본 여러지 환경설정값을 변경해서 사용하므로 /etc/my.cnf.d/server.cnf 해당 파일을 아래와 같이 수정해준다
기본 엔진 innodb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
[server] [mysqld] bind-address=0.0.0.0 skip-external-locking key_buffer_size = 384M max_allowed_packet = 512M table_open_cache = 2048 sort_buffer_size = 2M read_buffer_size = 2M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M thread_cache_size = 8 ###datadir datadir=/home/mysql_data #dns query skip-name-resolve <span class="crayon-i">sql_mode</span>=<span class="crayon-i">NO_AUTO_CREATE_USER</span><span class="crayon-sy">,</span><span class="crayon-i">NO_ENGINE_SUBSTITUTION</span> #connection max_connections = 1000 max_connect_errors = 1000 wait_timeout= 60 #slow-queries #slow_query_log = /var/lib//mysql/slow-queries.log #long_query_time = 3 #log-slow-queries = /var/lib/mysql/mysql-slow-queries.log ##timestamp explicit_defaults_for_timestamp <span class="crayon-i">sql_mode</span>=<span class="crayon-i">NO_AUTO_CREATE_USER</span><span class="crayon-sy">,</span><span class="crayon-i">NO_ENGINE_SUBSTITUTION</span> #symbolic-links=0 ###chracter character-set-client-handshake=FALSE init_connect = SET collation_connection = utf8_general_ci init_connect = SET NAMES utf8 character-set-server = utf8 collation-server = utf8_general_ci ### MyISAM Spectific options #default-storage-engine = myisam key_buffer_size = 32M bulk_insert_buffer_size = 64M myisam_sort_buffer_size = 128M myisam_max_sort_file_size = 10G myisam_repair_threads = 1 ### INNODB Spectific options default-storage-engine = InnoDB #skip-innodb #innodb_additional_mem_pool_size = 16M innodb_buffer_pool_size = 1024MB innodb_data_file_path = ibdata1:10M:autoextend innodb_write_io_threads = 8 innodb_read_io_threads = 8 innodb_thread_concurrency = 16 innodb_flush_log_at_trx_commit = 1 innodb_log_buffer_size = 8M innodb_log_file_size = 128M innodb_log_files_in_group = 3 innodb_max_dirty_pages_pct = 90 innodb_lock_wait_timeout = 120 [mysqldump] #default-character-set = utf8 max_allowed_packet = 512M [myisamchk] key_buffer_size = 512M sort_buffer_size = 512M read_buffer = 8M write_buffer = 8M # * Galera-related settings # [galera] # Mandatory settings #wsrep_on=ON #wsrep_provider= #wsrep_cluster_address= #binlog_format=row #default_storage_engine=InnoDB #innodb_autoinc_lock_mode=2 # Optional setting #wsrep_slave_threads=1 |
8. APACHE 2.4.46 를 설치하기 앞서 필요한 패키지를 설치해줘야 한다
apr 1.7 / apr-util 1.61 / openssl 1.1.1 이상 (TLS 1.3 지원) / nghttp2 (HTTP2 지원) / brotil 1.0.7 (이미지 압축기술)
그리고 추가적으로 yum 을 이용하여 필요한 패키지를 설치하자
1 2 3 |
[root@localhost ~]# yum -y install wget perl perl-core zlib-devel gcc gcc-c++ \ cmake git automake autoconf libtool \ pcre-devel libxml2-devel openssl-devel expat-devel curl-devel |
11. ARP 1.7 INSTALL
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@localhost ~]# wget http://apache.mirror.cdnetworks.com//apr/apr-1.7.0.tar.gz [root@localhost ~]# tar xvfz apr-1.7.0.tar.gz [root@localhost ~]# cd apr-1.7.0 [root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr rm: cannot remove 'libtoolT': No such file or directory 에러가 발생되면 [root@localhost apr-1.7.0]# cp -a libtool libtoolT [root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr [root@localhost apr-1.7.0]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost apr-1.7.0]# make install |
apr-util 1.6.1
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@localhost apr-1.7.0]# cd /root [root@localhost ~]# wget https://archive.apache.org/dist/apr/apr-util-1.6.1.tar.bz2 [root@localhost ~]# tar -xvjf apr-util-1.6.1.tar.bz2 [root@localhost ~]# cd apr-util-1.6.1 [root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr/ --with-apr=/usr/local/apr/ [root@localhost apr-util-1.6.1]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost apr-util-1.6.1]# make install |
openssl 1.1.1k install
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@localhost /]# wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz [root@localhost ~]# tar xvfz openssl-1.1.1k.tar.gz [root@localhost ~]# cd openssl-1.1.1k [root@localhost openssl-1.1.1k]# ./config --prefix=/usr/local/openssl shared zlib-dynamic [root@localhost openssl-1.1.1k]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost openssl-1.1.1k]# make install [root@localhost openssl-1.1.1k]# echo "/usr/local/openssl/lib" >> /etc/ld.so.conf.d/openssl.conf [root@localhost openssl-1.1.1k]# ldconfig [root@localhost openssl-1.1.1k]# mv /usr/bin/openssl /usr/bin/openssl.old [root@localhost openssl-1.1.1k]# ln -s /usr/local/openssl/bin/openssl /usr/bin/ |
openssl TLS 1.3 지원여부 체크
1 2 3 4 |
[root@localhost openssl-1.1.1k]# openssl ciphers -v | grep TLSv1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD |
nghttp2 install
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@localhost ~]#cd /root [root@localhost ~]# yum install libev-devel python-devel c-ares-devel jemalloc-devel jansson-devel CUnit-devel cmake [root@localhost ~]# wget https://github.com/nghttp2/nghttp2/releases/download/v1.34.0/nghttp2-1.34.0.tar.gz [root@localhost ~]# tar xvfz nghttp2-1.34.0.tar.gz [root@localhost ~]# cd nghttp2-1.34.0 [root@localhost nghttp2-1.34.0]# OPENSSL_CFLAGS="-I/usr/local/openssl/include" OPENSSL_LIBS="-L/usr/local/openssl/lib -lssl -lcrypto" ./configure --prefix=/usr/local/nghttp2 --with-boost [root@localhost nghttp2-1.34.0]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost nghttp2-1.34.0]# make install |
brotil 1.0.7 install
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@localhost ~]#cd /root [root@localhost ~]# wget https://github.com/google/brotli/archive/v1.0.7.tar.gz [root@localhost ~]# tar xvfz v1.0.7.tar.gz [root@localhost ~]# cd brotli-1.0.7/ [root@localhost brotli-1.0.7]# mkdir out && cd out [root@localhost out]# ../configure-cmake --prefix=/usr/local/brotli [root@localhost out]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost out]# make install |
9. httpd 다운로드 및 설치
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
[root@localhost ~]# wget http://apache.mirror.cdnetworks.com//httpd/httpd-2.4.46.tar.gz [root@localhost ~]# tar xvfz httpd-2.4.46.tar.gz [root@localhost ~]# cd httpd-2.4.46 [root@localhost httpd-2.4.46]# ./configure --prefix=/usr/local/apache \ --enable-so \ --enable-unique-id \ --enable-http2 \ --enable-brotli \ --enable-deflate \ --enable-ssl \ --with-brotli=/usr/local/brotli \ --with-ssl=/usr/local/openssl \ --with-apr=/usr/local/apr \ --with-apr-util=/usr/local/apr \ --with-pcre \ --with-curl \ --with-nghttp2=/usr/local/nghttp2 \ --enable-mods-shared=all \ --enable-mpms-shared=all [root@localhost httpd-2.4.43]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost httpd-2.4.43]# make install |
10. envvars 파일 내용 수정 ( brotil로 변경)
1 2 3 4 5 6 7 8 9 |
[root@localhost httpd-2.4.46]# vi /usr/local/apache/bin/envvars 수정 if test "x$LD_LIBRARY_PATH" != "x" ; then LD_LIBRARY_PATH="/usr/local/brotli/lib/:$LD_LIBRARY_PATH" else LD_LIBRARY_PATH="/usr/local/brotli/lib/" fi export LD_LIBRARY_PATH |
11. mod_url install
1 2 3 4 5 6 7 8 9 |
[root@localhost httpd-2.4.46]# cd /root [root@localhost ~]# wget http://jini.kldp.net/modurl/release/2186-mod_url-apache2-1.6.2.6.tar.bz2 [root@localhost ~]# tar xvfj 2186-mod_url-apache2-1.6.2.6.tar.bz2 [root@localhost ~]# cd mod_url-apache2/ [root@localhost mod_url-apache2]# /usr/local/apache/bin/apxs -iac mod_url.c |
12. httpd.conf 파일 복사 후 내용 아래처럼 수정
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
[root@localhost mod_url-apache2]# cp -a /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.ori [root@localhost mod_url-apache2]# vi /usr/local/apache/conf/httpd.conf ServerRoot "/usr/local/apache" Listen 80 # LoadModule foo_module modules/mod_foo.so # LoadModule mpm_event_module modules/mod_mpm_event.so #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so #LoadModule mpm_worker_module modules/mod_mpm_worker.so LoadModule authn_file_module modules/mod_authn_file.so #LoadModule authn_dbm_module modules/mod_authn_dbm.so #LoadModule authn_anon_module modules/mod_authn_anon.so #LoadModule authn_dbd_module modules/mod_authn_dbd.so #LoadModule authn_socache_module modules/mod_authn_socache.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so #LoadModule authz_dbm_module modules/mod_authz_dbm.so #LoadModule authz_owner_module modules/mod_authz_owner.so #LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so #LoadModule auth_form_module modules/mod_auth_form.so #LoadModule auth_digest_module modules/mod_auth_digest.so #LoadModule allowmethods_module modules/mod_allowmethods.so #LoadModule file_cache_module modules/mod_file_cache.so #LoadModule cache_module modules/mod_cache.so #LoadModule cache_disk_module modules/mod_cache_disk.so #LoadModule cache_socache_module modules/mod_cache_socache.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #LoadModule socache_dbm_module modules/mod_socache_dbm.so #LoadModule socache_memcache_module modules/mod_socache_memcache.so #LoadModule socache_redis_module modules/mod_socache_redis.so LoadModule watchdog_module modules/mod_watchdog.so #LoadModule macro_module modules/mod_macro.so #LoadModule dbd_module modules/mod_dbd.so #LoadModule dumpio_module modules/mod_dumpio.so #LoadModule echo_module modules/mod_echo.so #LoadModule buffer_module modules/mod_buffer.so #LoadModule data_module modules/mod_data.so #LoadModule ratelimit_module modules/mod_ratelimit.so LoadModule reqtimeout_module modules/mod_reqtimeout.so #LoadModule ext_filter_module modules/mod_ext_filter.so #LoadModule request_module modules/mod_request.so #LoadModule include_module modules/mod_include.so LoadModule filter_module modules/mod_filter.so #LoadModule reflector_module modules/mod_reflector.so #LoadModule substitute_module modules/mod_substitute.so #LoadModule sed_module modules/mod_sed.so #LoadModule charset_lite_module modules/mod_charset_lite.so #LoadModule deflate_module modules/mod_deflate.so #LoadModule xml2enc_module modules/mod_xml2enc.so #LoadModule proxy_html_module modules/mod_proxy_html.so #LoadModule brotli_module modules/mod_brotli.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so #LoadModule log_debug_module modules/mod_log_debug.so #LoadModule log_forensic_module modules/mod_log_forensic.so #LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so #LoadModule mime_magic_module modules/mod_mime_magic.so #LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so #LoadModule usertrack_module modules/mod_usertrack.so #LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so #LoadModule remoteip_module modules/mod_remoteip.so #LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so #LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so #LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so #LoadModule proxy_express_module modules/mod_proxy_express.so #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so #LoadModule session_module modules/mod_session.so #LoadModule session_cookie_module modules/mod_session_cookie.so #LoadModule session_dbd_module modules/mod_session_dbd.so #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so LoadModule ssl_module modules/mod_ssl.so #LoadModule dialup_module modules/mod_dialup.so LoadModule http2_module modules/mod_http2.so #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so LoadModule unixd_module modules/mod_unixd.so #LoadModule heartbeat_module modules/mod_heartbeat.so #LoadModule heartmonitor_module modules/mod_heartmonitor.so #LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so #LoadModule asis_module modules/mod_asis.so #LoadModule info_module modules/mod_info.so #LoadModule cgid_module modules/mod_cgid.so #LoadModule dav_fs_module modules/mod_dav_fs.so #LoadModule dav_lock_module modules/mod_dav_lock.so #LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so #LoadModule actions_module modules/mod_actions.so #LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule redurl_module modules/mod_url.so <IfModule unixd_module> User nobody Group nobody </IfModule> ServerAdmin you@example.com ServerName localhost:80 <Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory> DocumentRoot "/usr/local/apache/htdocs" <Directory "/usr/local/apache/htdocs"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html index.php index.htm </IfModule> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined # LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{MM_COUNTRY_CODE}e" combined <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> #ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" </IfModule> <IfModule cgid_module> </IfModule> #<Directory "/usr/local/apache/cgi-bin"> # AllowOverride None # Options None # Require all granted #</Directory> <IfModule headers_module> RequestHeader unset Proxy early </IfModule> <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-gzip .tgz AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php4 .php .html .htm .inc AddType application/x-httpd-php-source .phps AddHandler cgi-script .cgi AddHandler type-map var AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> #MIMEMagicFile conf/magic #ErrorDocument 500 "The server made a boo boo." #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html #MaxRanges unlimited #EnableMMAP off #EnableSendfile on Include conf/extra/httpd-mpm.conf # Multi-language error messages Include conf/extra/httpd-multilang-errordoc.conf # Fancy directory listings #Include conf/extra/httpd-autoindex.conf # Language settings Include conf/extra/httpd-languages.conf # User home directories Include conf/extra/httpd-userdir.conf # Real-time info on requests and configuration #Include conf/extra/httpd-info.conf # Virtual hosts Include conf/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual #Include conf/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) #Include conf/extra/httpd-dav.conf # Various default settings Include conf/extra/httpd-default.conf # Configure mod_proxy_html to understand HTML4/XHTML1 <IfModule proxy_html_module> #Include conf/extra/proxy-html.conf </IfModule> <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> # Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf |
언어설정 파일 내용 추가
1 2 3 |
[root@localhost ]# vi /usr/local/apache/conf/extra/httpd-languages.conf ##추가 AddLanguage ko .ko |
httpd-default.conf 내용 수정
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@localhost ~]# vi /usr/local/apache/conf/extra/httpd-default.conf Timeout 60 KeepAlive On MaxKeepAliveRequests 300 KeepAliveTimeout 2 UseCanonicalName Off AccessFileName .htaccess ServerTokens Prod ServerSignature Off HostnameLookups Off <IfModule reqtimeout_module> RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 </IfModule> |
httpd-userdir.conf 내용 수정
1 2 3 4 5 6 7 8 |
[root@localhost ~]# vi /usr/local/apache/conf/extra/httpd-userdir.conf UserDir html <Directory "/home/*/html"> AllowOverride FileInfo AuthConfig Limit Options Require method GET POST Options MultiViews SymLinksIfOwnerMatch IncludesNoExec </Directory> |
13. systemctl 파일 등록 (서비스 관리)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@localhost ~]# vi /usr/lib/systemd/system/httpd.service [Unit] Description=The Apache HTTP Server After=network.target remote-fs.target nss-lookup.target Documentation=man:httpd.service(8) [Service] Type=forking ExecStart=/usr/local/apache/bin/apachectl start ExecReload=/usr/local/apache/bin/apachectl graceful ExecStop=/usr/local/apache/bin/apachectl stop [Install] WantedBy=multi-user.target |
14. 서비스 등록 및 서비스 시작
1 2 3 4 5 6 7 8 |
### 데몬 리로드 [root@localhost ~]# systemctl daemon-reload ### httpd 등록 [root@localhost ~]# systemctl enable httpd.service ### httpd 시작 [root@localhost ~]# systemctl start httpd.service |
15. PHP 7.4.19 설치 ( 설치에 앞서 libzip을 설치해야 기본 설치된 버전이 0.10이다 php 7.4.19에서는 libzip 0.11버전이 필요하다
1 2 3 4 5 |
[root@localhost ~]# wget http://packages.psychotic.ninja/7/plus/x86_64/RPMS/libzip-0.11.2-6.el7.psychotic.x86_64.rpm [root@localhost ~]# wget http://packages.psychotic.ninja/7/plus/x86_64/RPMS/libzip-devel-0.11.2-6.el7.psychotic.x86_64.rpm [root@localhost ~]# rpm -Uvh libzip-* |
16. PHP 설치에 앞서 필요한 패키지 yum 설치
1 2 3 4 5 |
[root@localhost ~]# yum -y install bison re2c libcurl-devel bzip2-devel gd-devel gmp-devel libc-client-devel \ libicu-devel libtidy-devel libxslt-devel zlib-devel libwebp-devel e2fsprogs-devel krb5-devel libidn-devel \ libtermcap libtermcap-devel gdbm-devel zlib* libxml* freetype* libpng* libjpeg* gd gd-devel \ mhash mhash-devel enchant-devel enchant netpbm* libxslt* gmp gmp-devel systemd-devel \ readline readline-devel sqlite-devel oniguruma-devel openldap-devel |
17. PHP 7.4.19 다운로드 및 설치 ( 설치 방식은 apache의 모듈형태로 서비스 되는 형태 libphp7.so )
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
[root@localhost ~]# wget https://www.php.net/distributions/php-7.4.19.tar.gz [root@localhost ~]# tar xvfj php-7.4.19.tar.gz [root@localhost ~]# cd php-7.4.19 [root@localhost php-7.4.8]#./configure \ --prefix=/usr/local/php \ --with-apxs2=/usr/local/apache/bin/apxs \ --with-config-file-path=/usr/local/apache/conf \ --with-config-file-scan-dir=/usr/local/apache/conf \ --with-openssl=/usr/local/openssl \ --with-mysql-sock=/var/lib/mysql/mysql.sock \ --with-mysqli \ --with-pdo-mysql \ --with-libdir=lib64 \ --with-enchant \ --with-gettext \ --with-freetype \ --with-jpeg \ --with-webp \ --with-xpm \ --with-zlib \ --with-gmp \ --with-iconv \ --with-gdbm \ --with-bz2 \ --with-curl \ --with-mhash \ --with-xsl \ --with-readline \ --with-curl \ --with-pear \ --with-gettext \ --with-xmlrpc \ --with-ldap \ --with-zip \ --with-libxml \ --enable-mysqlnd \ --enable-bcmath \ --enable-gd \ --enable-sockets \ --enable-pcntl \ --enable-ftp \ --enable-bcmath \ --enable-mbstring \ --enable-calendar \ --enable-simplexml \ --enable-json \ --enable-session \ --enable-soap \ --enable-xml \ --enable-opcache \ --enable-intl \ --enable-cli \ --enable-maintainer-zts \ --enable-debug \ --enable-mbregex \ --enable-dba \ --enable-litespeed \ --enable-shmop \ --enable-sysvsem \ --enable-sysvshm \ --enable-sysvmsg \ --enable-exif [root@localhost php-7.4.8]# make -j `grep processor /proc/cpuinfo | wc -l` [root@localhost php-7.4.8]# make install |
18. php.ini 환경설정 파일 복사 및 수정
1 2 3 4 5 6 7 8 |
[root@localhost php-7.4.19]# cp -a php.ini-development /usr/local/apache/conf/php.ini [root@localhost php-7.4.19]# vi /usr/local/apache/conf/php.ini short_open_tag = On date.timezone = "Asia/Seoul" error_reporting = "E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_USER_DEPRECATED" upload_max_filesize = 12M |
19. /usr/bin에 php 심벌릭링크 생성
1 2 3 4 5 6 7 |
[root@localhost php-7.4.19]# ln -s /usr/local/php/bin/php /usr/bin/php [root@localhost php-7.4.19]# php -v PHP 7.4.19 (cli) (built: Jun 1 2021 14:23:53) ( ZTS DEBUG ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies |
20. mod 방식으로 설치했기 때문에 httpd.conf 파일의 내용을 수정해준다 ( index.php 추가해주고 addtype도 추가해준다)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
[root@localhost php-7.4.19]# vi /usr/local/apache/conf/httpd.conf LoadModule php7_module modules/libphp7.so <IfModule dir_module> DirectoryIndex index.html index.php </IfModule> <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-gzip .tgz AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php4 .php .html .htm .inc AddType application/x-httpd-php-source .phps AddHandler cgi-script .cgi AddHandler type-map var AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> |
21. 가상호스트 설정
1 2 3 4 5 6 7 8 9 10 |
[root@localhost php-7.4.19]# vi /usr/local/apache/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/home/xinet/html/" ServerName apm.xinet.kr ServerAlias www.xinet.kr ErrorLog "logs/error_log" CustomLog "logs/access_log" combined </VirtualHost> |
22. httpd.conf virtualhost 주석해제
1 2 3 4 5 |
[root@localhost php-7.4.19]# vi /usr/local/apache/conf/httpd.conf ###주석해제 # Virtual hosts Include conf/extra/httpd-vhosts.conf |
23. 홈 디렉토리 생성 및 phpinfo 파일 생성
1 2 3 4 5 6 7 |
[root@localhost php-7.4.19]# mkdir -p /home/xinet/html/ [root@localhost php-7.4.19]# vi /home/xinet/html/index.php <? phpinfo(); ?> |
24. 웹서버 재시작
1 2 |
웹서버 재시작 [root@localhost php-7.4.19]# systemctl restart httpd |
26. 해당 페이지에 wordpress install ( 데이터베이스 생성 및 유저 권한 설정)
1 2 3 4 5 6 7 8 9 10 11 |
[root@localhost ~]# mysql -u root -p mysql Enter password: MariaDB [mysql]> create database xinet; Query OK, 1 row affected (0.001 sec) MariaDB [mysql]> grant all on xinet.* to xinet@localhost identified by 'qwer1234#$'; Query OK, 0 rows affected (0.007 sec) MariaDB [mysql]> flush privileges; Query OK, 0 rows affected (0.001 sec) |
27. wordpress 설치 파일 다운로드 및 압축해제
1 2 3 4 5 6 7 8 9 |
[root@localhost ~]# cd /home/xinet/html/ [root@localhost html]# wget https://ko.wordpress.org/latest-ko_KR.tar.gz [root@localhost html]# tar xvfz latest-ko_KR.tar.gz [root@localhost html]# cd wordpress/ [root@localhost wordpress]# cp -a wp-config-sample.php wp-config.php |
28. wp-config 내용 수정 ( 데이터베이스 부분만 수정)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@localhost wordpress]# vi wp-config.php /** The name of the database for WordPress */ define( 'DB_NAME', 'xinet' ); /** MySQL database username */ define( 'DB_USER', 'xinet' ); /** MySQL database password */ define( 'DB_PASSWORD', 'qwer1234#$' ); /** MySQL hostname */ define( 'DB_HOST', 'localhost' ); |
29. 웹페이지에서 설치화면 확인 (데이터베이스 정보를 잘못 입력하면 이 화면이 아닌 데이터베이스 연결 오류 화면이 출력됨)
30. 정상적으로 설치 후 사이트 확인
31. 무료 ssl 발급을 받아서 https 및 HTTP/2 통신 확인
무료 인증서를 발급 받기 위해서 certbot 설치 진행
1 |
[root@localhost ~]# yum -y install certbot |
32. certbot 명령어를 이용해서 위에서 추가한 도메인 apm.xinet.kr 인증서 발급
-d : 도메인 명 / –webroot -w : 홈경로
1 |
[root@localhost ~]# certbot certonly -d apm.xinet.kr --webroot -w /home/xinet/html/ |
33. 인증서 발급 파일 확인
1 2 3 4 5 6 7 |
[root@localhost ~]# ls -l /etc/letsencrypt/live/apm.xinet.kr/ 합계 4 -rw-r--r-- 1 root root 692 6월 1 14:59 README lrwxrwxrwx 1 root root 36 6월 1 14:59 cert.pem -> ../../archive/apm.xinet.kr/cert1.pem lrwxrwxrwx 1 root root 37 6월 1 14:59 chain.pem -> ../../archive/apm.xinet.kr/chain1.pem lrwxrwxrwx 1 root root 41 6월 1 14:59 fullchain.pem -> ../../archive/apm.xinet.kr/fullchain1.pem lrwxrwxrwx 1 root root 39 6월 1 14:59 privkey.pem -> ../../archive/apm.xinet.kr/privkey1.pem |
34. SSL 파일 수정
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
[root@localhost ~]# vi /usr/local/apache/conf/extra/httpd-ssl.conf Listen 443 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/run/httpd/sslcache(1024000)" SSLSessionCacheTimeout 3600 SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin SSLStrictSNIVHostCheck off #SSLProtocol -all +TLSv1.1 +TLSv1.2 +TLSv1.3 SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite "TLS_AES_128_GCM_SHA256 \ TLS_AES_256_GCM_SHA384 \ TLS_CHACHA20_POLY1305_SHA256 \ ECDHE-ECDSA-AES128-GCM-SHA256 \ ECDHE-ECDSA-AES256-GCM-SHA384 \ ECDHE-ECDSA-AES128-SHA \ ECDHE-ECDSA-AES256-SHA \ ECDHE-ECDSA-AES128-SHA256 \ ECDHE-ECDSA-AES256-SHA384 \ ECDHE-RSA-AES128-GCM-SHA256 \ ECDHE-RSA-AES256-GCM-SHA384 \ ECDHE-RSA-AES128-SHA \ ECDHE-RSA-AES256-SHA \ ECDHE-RSA-AES128-SHA256 \ ECDHE-RSA-AES256-SHA384 \ DHE-RSA-AES128-GCM-SHA256 \ DHE-RSA-AES256-GCM-SHA384 \ DHE-RSA-AES128-SHA \ DHE-RSA-AES256-SHA \ DHE-RSA-AES128-SHA256 \ DHE-RSA-AES256-SHA256 \ EDH-RSA-DES-CBC3-SHA" SSLHonorCipherOrder on SSLCompression off SSLUseStapling On SSLStaplingCache shmcb:/run/httpd/stapling_cache(128000) <VirtualHost *:443> DocumentRoot /home/xinet/html ServerName apm.xinet.kr Protocols h2 http/1.1 SSLEngine on SSLCertificateFile /etc/letsencrypt/live/apm.xinet.kr/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/apm.xinet.kr/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/apm.xinet.kr/chain.pem CustomLog "logs/access_log" combined </VirtualHost> |
35. httpd.conf ssl 주석해제
1 2 3 4 |
[root@localhost ~]# vi /usr/local/apache/conf/httpd.conf # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf |
36. 구분 에러 확인 및 웹서버 재시작
1 2 3 4 5 |
[root@localhost ~]# /usr/local/apache/bin/httpd -t Syntax OK 웹서버 재시작 [root@localhost ~]# /usr/local/apache/bin/apachectl restart |
37. 웹페이지 확인 ( tls 1.3 확인)
38. http/2 통신 확인
1 |
1 |