리눅스 서버 설치과정 -- (CentOS 8.1) 작업한 과정
시작~
> code /etc/sysconfig/selinux
> SELINUX=enforcing => SELINUX=disabled
> reboot
> passwd root
> dnf install -y wget
dnf 업데이트
의존성 라이브러리 설치
> dnf -y install openssl openssl-devel mhash mhash-devel libtool libtool-ltdl libtool-ltdl-devel imap-devel imap zlib-devel zlib freetype-devel freetype libpng-devel libpng libjpeg-devel libjpeg libtiff-devel libtiff gd-devel gd pcre-devel pcre libxml-devel libxml libxml2-devel libxml2 gdbm-devel gdbm ncurses-devel ncurses curl-devel curl expat-devel expat bzip2-devel bzip2-libs bzip2 libc libc-devel libc-client-devel gcc* libtermcap-devel
아파치(Apache) 설치
MariaDB 설치
----------------- 아래내용으로 저장 ------------
# MariaDB 10.5 CentOS repository list - created 2020-06-30 05:27 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/centos8-amd64
module_hotfixes=1
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
> systemctl stop mysqld
> dnf -y remove MariaDB-server
# rm -rf /var/lib/mysql/
> dnf -y install MariaDB-server
> systemctl start mysqld
> systemctl enable mariadb
# mysql_upgrade
PHP 설치
> dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
> dnf module list php
> dnf module enable php:remi-7.4
> dnf install php php-fpm php-intl php-mbstring php-pdo php-xml php-gd php-mysqlnd php-zip php-soap
설치 확인 및 버전확인
> rpm -qa httpd MariaDB* php
> httpd -v
> mariadb --version
> php -v
PHP 설정
> code /etc/php.ini
short_open_tag=Off (Off → On 변경)
session.save_path = "/session_tmp"
date.timezone = Asia/Seoul
> code /etc/httpd/conf.d/php.conf
php_value session.save_path "/session_tmp"
> mkdir /session_tmp
> chmod 757 /session_tmp
아파치(Apache) 설정
> code /etc/httpd/conf/httpd.conf
User apache (apache → nobody 변경)
Group apache (apache → nobody 변경)
ServerName www.example.com:80 (ServerName xxx.xxx.xxx.xxx:80)
DirectoryIndex index.html index.htm index.php (추가)
AddType application/x-httpd-php .php .html .htm .inc .cfg
AddType application/x-httpd-php-source .phps
아파치 시작
> systemctl start httpd
> systemctl enable httpd (부팅후 자동 실행 설정) , systemctl disable httpd (부팅후 자동 실행 해제)
> service httpd start/stop/restart (Service 명령어 이용 가능)
> ps -ef | grep httpd (아파치 구동 확인)
웹서비스 테스트
> cd /var/www/html/
> code /var/www/html/phpinfo.php
<?php phpinfo(); ?>
사용자 홈 설정
> cd /etc/skel
> mkdir public_html
> cat /etc/passwd | grep 사용자
MariaDB 설정
[mysqld]
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
max_allowed_packet = 1G
skip-host-cache
skip-name-resolve
max_connections = 1000
key_buffer_size = 256M
# 전체 메모리 중 20%~60%
innodb_buffer_pool_size = 64M
expire_logs_days = 7
innodb_log_file_size = 64M
innodb_strict_mode = 0
sql_mode = NO_ENGINE_SUBSTITUTION
MariaDB / 사용자 만들기, 사용자 삭제하기, 권한 부여하기, 권한 제거하기
# 사용자 user 추가
> create user 'user'@'localhost' identified by '!password!';
> create user 'user'@'%' identified by '!password!';
# user 에게 데이터베이스의 모든 테이블에 대한 모든 권한 부여
> grant all privileges on *.* to 'user'@'localhost';
> grant all privileges on *.* to 'user'@'%';
# 권한 삭제
> revoke all on database.table from 'user'@'host';
> revoke all on *.* from 'user'@'host';
# 사용자 삭제
drop user 'user'@'host';
> flush privileges;
방화벽 설정
우선 작동 중인 firewalld 데몬을 중지 시킨 후 재부팅 시에도 올라오지 않도록 설정한다.
> systemctl stop firewalld
> systemctl mask firewalld
다음으로 iptables 명령어와 연관된 패키지를 설치한다.
> dnf install iptables-services
iptables 서비스 데몬이 재부팅시에 자동으로 올라오도록 만들자
> systemctl enable iptables
iptables 서비스를 중지 | 시작 | 재시작
> systemctl [stop | start | restart ] iptables
> code /etc/sysconfig/iptables
873 (외부백업을 위해 추가)
3306 (외부접속을 위해 추가)
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 4000 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 4000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 50001:50005 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
> service iptables restart (방화벽 재시작)
> iptables -nL (적용 확인)
FTP(sftp) 설정
CentOS에 포함되어 있음
> code /etc/ssh/sshd_config
> service sshd restart
VIRTUALHOST 설정
설정 파일을 열고 맨 밑에 다음을 추가합니다.
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /home/site/public_html
ServerName site.com
ServerAlias site.com
ErrorLog /backup/apache_logs/site-error_log
CustomLog /backup/apache_logs/site-access_log common
</VirtualHost>
디렉토리 생성
> mkdir /backup
> mkdir /backup/apache_logs
chrony 설치:서버시간 동기화
> dnf -y install chrony
> systemctl enable chronyd
> systemctl start chronyd
> code /etc/chrony.conf
# pool 2.centos.pool.ntp.org iburst
server time.bora.net iburst
> timedatectl (확인)
> chronyc sources -v (확인)
wkhtmltopdf 설치
> dnf -y install libXrender
> dnf -y install mkfontdir
> dnf -y install ttmkfdir
> wget http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/ttmkfdir-3.0.9-54.el8.x86_64.rpm
> rpm -ivh ttmkfdir-3.0.9-54.el8.x86_64.rpm
> wget https://rpmfind.net/linux/centos/8.1.1911/AppStream/x86_64/os/Packages/xorg-x11-fonts-Type1-7.5-19.el8.noarch.rpm
> rpm -ivh xorg-x11-fonts-Type1-7.5-19.el8.noarch.rpm
> wget https://rpmfind.net/linux/centos/8.1.1911/AppStream/x86_64/os/Packages/xorg-x11-fonts-75dpi-7.5-19.el8.noarch.rpm
> rpm -ivh xorg-x11-fonts-75dpi-7.5-19.el8.noarch.rpm
> wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos8.x86_64.rpm
> rpm -ivh wkhtmltox-0.12.6-1.centos8.x86_64.rpm
(한글이 깨질경우 폰트 설치)
dnf install *korean*
- google-noto-sans-korean-fonts
- google-noto-fonts-common
또는 나눔폰트 설치
> cd /usr/share/fonts/
> wget http://cdn.naver.com/naver/NanumFont/fontfiles/NanumFont_TTF_ALL.zip
> unzip NanumFont_TTF_ALL.zip -d NanumFont
> rm -f NanumFont_TTF_ALL.zip
> fc-cache -r
# 서버 언어 설정
> locale
> code /etc/locale.conf
LANG="en_US.UTF-8"
LANG=ko_KR.UTF-8
추가 작업
- /var/spool/clientmqueue 디렉토리에 파일 쌓이는 현상
> code /etc/mail/submit.cf
----------------------------------------------
# queue directory
# O QueueDirectory=/var/spool/clientmqueue <- 요부분 주석처리
----------------------------------------------
# /var/spool/clientmqueue 폴더 안에 들어가서 ll 하면 다운먹으니까 리스트 보지말고 바로
> ls | xargs rm -f