리눅스 서버 설치과정 -- (CentOS 8.1) 작업한 과정



 

시작~

> code /etc/sysconfig/selinux


> SELINUX=enforcing => SELINUX=disabled

> reboot


> passwd root

> dnf install -y wget

 

dnf 업데이트

> dnf update

 

 의존성 라이브러리 설치

> dnf -y install openssl openssl-devel mhash mhash-devel libtool libtool-ltdl libtool-ltdl-devel imap-devel imap zlib-devel zlib freetype-devel freetype libpng-devel libpng libjpeg-devel libjpeg libtiff-devel libtiff gd-devel gd pcre-devel pcre libxml-devel libxml libxml2-devel libxml2 gdbm-devel gdbm ncurses-devel ncurses curl-devel curl expat-devel expat bzip2-devel bzip2-libs bzip2 libc libc-devel libc-client-devel gcc* libtermcap-devel

 

 아파치(Apache) 설치

> dnf install -y httpd httpd-tools httpd-devel httpd-manual

 

 MariaDB 설치

> code /etc/yum.repos.d/MariaDB.repo

----------------- 아래내용으로 저장 ------------


# MariaDB 10.5 CentOS repository list - created 2020-06-30 05:27 UTC

# http://downloads.mariadb.org/mariadb/repositories/

[mariadb]

name = MariaDB

baseurl = http://yum.mariadb.org/10.5/centos8-amd64

module_hotfixes=1

gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

gpgcheck=1

> systemctl stop mysqld

> dnf -y remove MariaDB-server

# rm -rf /var/lib/mysql/

> dnf -y install MariaDB-server

> systemctl start mysqld

> systemctl enable mariadb

# mysql_upgrade

 

PHP 설치

> dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm


> dnf module list php


> dnf module enable php:remi-7.4


> dnf install php php-fpm php-intl php-mbstring php-pdo php-xml php-gd php-mysqlnd php-zip php-soap

 

 설치 확인 및 버전확인

> rpm -qa httpd MariaDB* php


> httpd -v


> mariadb --version


> php -v

 

PHP 설정

> code /etc/php.ini

short_open_tag=Off (Off → On 변경)

session.save_path = "/session_tmp"


date.timezone = Asia/Seoul

> code /etc/httpd/conf.d/php.conf

php_value session.save_path "/session_tmp"

> mkdir /session_tmp

> chmod 757 /session_tmp

 

아파치(Apache) 설정

> code /etc/httpd/conf/httpd.conf

User apache (apache → nobody 변경)

Group apache (apache → nobody 변경)


ServerName www.example.com:80 (ServerName xxx.xxx.xxx.xxx:80)


DirectoryIndex index.html index.htm index.php (추가)


AddType application/x-httpd-php .php .html .htm .inc .cfg

AddType application/x-httpd-php-source .phps

 

아파치 시작

> systemctl start httpd

> systemctl enable httpd (부팅후 자동 실행 설정) , systemctl disable httpd (부팅후 자동 실행 해제)

> service httpd start/stop/restart (Service 명령어 이용 가능)

> ps -ef | grep httpd (아파치 구동 확인)

 

웹서비스 테스트

> cd /var/www/html/

> code /var/www/html/phpinfo.php

<?php phpinfo(); ?>

 

 

 사용자 홈 설정

> cd /etc/skel

> mkdir public_html


> cat /etc/passwd | grep 사용자

 

MariaDB 설정

> code /etc/my.cnf.d/server.cnf

[mysqld]


character-set-server = utf8mb4

collation-server = utf8mb4_unicode_ci

max_allowed_packet = 1G


skip-host-cache

skip-name-resolve


max_connections = 1000

key_buffer_size = 256M


# 전체 메모리 중 20%~60%


innodb_buffer_pool_size = 64M

expire_logs_days = 7


innodb_log_file_size = 64M

innodb_strict_mode = 0


sql_mode = NO_ENGINE_SUBSTITUTION

 

 MariaDB / 사용자 만들기, 사용자 삭제하기, 권한 부여하기, 권한 제거하기

# 사용자 user 추가

> create user 'user'@'localhost' identified by '!password!';

> create user 'user'@'%' identified by '!password!';


# user 에게 데이터베이스의 모든 테이블에 대한 모든 권한 부여

> grant all privileges on *.* to 'user'@'localhost';

> grant all privileges on *.* to 'user'@'%';


# 권한 삭제

> revoke all on database.table from 'user'@'host';

> revoke all on *.* from 'user'@'host';


# 사용자 삭제

drop user 'user'@'host';

> flush privileges;

 

방화벽 설정

우선 작동 중인 firewalld 데몬을 중지 시킨 후 재부팅 시에도 올라오지 않도록 설정한다.

> systemctl stop firewalld

> systemctl mask firewalld


다음으로 iptables 명령어와 연관된 패키지를 설치한다.

> dnf install iptables-services


iptables 서비스 데몬이 재부팅시에 자동으로 올라오도록 만들자

> systemctl enable iptables


iptables 서비스를 중지 | 시작 | 재시작

> systemctl [stop | start | restart ] iptables


> code /etc/sysconfig/iptables

873 (외부백업을 위해 추가)

3306 (외부접속을 위해 추가)

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 662 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 662 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 875 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 875 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 892 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 892 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 2049 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 4000 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 4000 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 50001:50005 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

> service iptables restart (방화벽 재시작)

> iptables -nL (적용 확인)

 

FTP(sftp) 설정

CentOS에 포함되어 있음


> code /etc/ssh/sshd_config


> service sshd restart

 

VIRTUALHOST 설정

> code /etc/httpd/conf/httpd.conf

설정 파일을 열고 맨 밑에 다음을 추가합니다.

NameVirtualHost *:80

<VirtualHost *:80>

DocumentRoot /home/site/public_html

ServerName site.com

ServerAlias site.com

ErrorLog /backup/apache_logs/site-error_log

CustomLog /backup/apache_logs/site-access_log common

</VirtualHost>

디렉토리 생성

> mkdir /backup

> mkdir /backup/apache_logs

> service httpd restart

 

chrony 설치:서버시간 동기화

> dnf -y install chrony

> systemctl enable chronyd

> systemctl start chronyd


> code /etc/chrony.conf


# pool 2.centos.pool.ntp.org iburst

server time.bora.net iburst


> timedatectl (확인)


> chronyc sources -v (확인)

 

wkhtmltopdf 설치

> dnf -y install libXrender

> dnf -y install mkfontdir

> dnf -y install ttmkfdir


> wget http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/ttmkfdir-3.0.9-54.el8.x86_64.rpm

> rpm -ivh ttmkfdir-3.0.9-54.el8.x86_64.rpm

> wget https://rpmfind.net/linux/centos/8.1.1911/AppStream/x86_64/os/Packages/xorg-x11-fonts-Type1-7.5-19.el8.noarch.rpm

> rpm -ivh xorg-x11-fonts-Type1-7.5-19.el8.noarch.rpm


> wget https://rpmfind.net/linux/centos/8.1.1911/AppStream/x86_64/os/Packages/xorg-x11-fonts-75dpi-7.5-19.el8.noarch.rpm

> rpm -ivh xorg-x11-fonts-75dpi-7.5-19.el8.noarch.rpm


> wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos8.x86_64.rpm

> rpm -ivh wkhtmltox-0.12.6-1.centos8.x86_64.rpm


(한글이 깨질경우 폰트 설치)

dnf install *korean*

- google-noto-sans-korean-fonts

- google-noto-fonts-common


또는 나눔폰트 설치


> cd /usr/share/fonts/

> wget http://cdn.naver.com/naver/NanumFont/fontfiles/NanumFont_TTF_ALL.zip

> unzip NanumFont_TTF_ALL.zip -d NanumFont

> rm -f NanumFont_TTF_ALL.zip

> fc-cache -r

# 서버 언어 설정

> locale

> code /etc/locale.conf


LANG="en_US.UTF-8"


LANG=ko_KR.UTF-8

 

 추가 작업

  • /var/spool/clientmqueue 디렉토리에 파일 쌓이는 현상

> code /etc/mail/submit.cf

----------------------------------------------

# queue directory

# O QueueDirectory=/var/spool/clientmqueue <- 요부분 주석처리

----------------------------------------------

# /var/spool/clientmqueue 폴더 안에 들어가서 ll 하면 다운먹으니까 리스트 보지말고 바로

> ls | xargs rm -f