by ·0 Comments

Centos7 apm install

detail 설정의 경우 별도로 정리할 예정입니다.

 

 

mariadb 10.2 설치

mariadb repo 확인

https://downloads.mariadb.org/mariadb/repositories/#mirror=kaist&distro=CentOS&distro_release=centos7-amd64–centos7&version=10.2

[root@centos74 ~]# vi /etc/yum.repos.d/mariadb.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
[root@centos74 ~]# yum clean all && yum list

 

mariadb 10.2 설치 

[root@centos74 ~]# yum install -y mariadb mariadb-server

 

mariadb 10.2 start & enable 

[root@centos74 ~]# systemctl start mariadb.service
[root@centos74 ~]# systemctl enable mariadb.service

 

mariadb secure_installation 실행 (root 패스워드를 설정합니다.)

[root@centos74 ~]# /usr/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[root@centos74 ~]#

 

mariadb status 확인

[root@centos74 ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 10.2.11-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> status;
--------------
mysql  Ver 15.1 Distrib 10.2.11-MariaDB, for Linux (x86_64) using readline 5.1

Connection id:          16
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.2.11-MariaDB MariaDB Server
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    utf8
Conn.  characterset:    utf8
UNIX socket:            /var/lib/mysql/mysql.sock
Uptime:                 1 min 54 sec

Threads: 7  Questions: 27  Slow queries: 0  Opens: 18  Flush tables: 1  Open tables: 12  Queries per second avg: 0.236
--------------

MariaDB [(none)]>

 

 

apache설치 

[root@centos74 ~]# yum install httpd

 

apache start & enable 

[root@centos74 ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@centos74 ~]# systemctl start httpd

 

php 7.1 설치

[root@centos74 ~]# yum install -y epel-release
[root@centos74 ~]# rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
[root@centos74 ~]# yum clean all && yum list
[root@centos74 ~]# yum update -y
[root@centos74 ~]# init 6
[root@centos74 ~]# yum-config-manager --enable remi-php71
[root@centos74 ~]# yum -y install php php-opcache
[root@centos74 ~]# yum -y install php-mysql
[root@centos74 ~]# yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-soap curl curl-devel

 

phpinfo 확인

[root@centos74 ~]# vi /var/www/html/info.php
<?php phpinfo(); ?>

 

apache 재시작

[root@centos74 ~]# systemctl restart httpd

 

 

 

apache MPM 설정

참고 페이지:https://httpd.apache.org/docs/2.4/ko/mod/prefork.htmlhttps://httpd.apache.org/docs/2.4/ko/mod/worker.html

perfork 와 worker 차이점:

 

확인

[root@centos74 ~]# httpd -V |grep "^Server MPM"
Server MPM:     prefork

확인 Default 는 perfork 입니다.

 

worker 로 변경

[root@centos74 ~]# vi /etc/httpd/conf.modules.d/00-mpm.conf
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

LoadModule mpm_worker_module modules/mod_mpm_worker.so

[root@centos74 ~]# vi /etc/httpd/conf.modules.d/10-worker.conf
<IfModule mpm_worker_module>
    ServerLimit             250
    StartServers             10
    MinSpareThreads          75
    MaxSpareThreads         250
    ThreadLimit              64
    ThreadsPerChild          32
    MaxClients             8000
    MaxRequestsPerChild   10000
</IfModule>

[root@centos74 ~]# systemctl restart httpd
[root@centos74 ~]# httpd -V |grep "^Server MPM"
Server MPM:     worker

 

apache httpd.conf 설정 

[root@centos74 ~]# vi /etc/httpd/conf/httpd.conf
ServerRoot "/etc/httpd"   / apache root 디렉토리

Listen 80                 / apache Port 

Include conf.modules.d/*.conf  /  apache module 디렉토리

User apache                    / apache 실행유저
Group apache                   / apache 실행구룹


ServerAdmin root@localhost     / Server 관리자 e-mail

ServerName www.test.com:80  / Apache Server Domain:port

<IfModule dir_module>
    DirectoryIndex index.html  /Directory index 설정 
</IfModule>

bind 설치시 만든 test.com domain 사용

 

userdir 설정

Default userdir.conf

<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    UserDir disabled

    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    #UserDir public_html
</IfModule>

#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
<Directory "/home/*/public_html">
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>

 

userdir 사용시

    #UserDir disabled
    UserDir public_html

<Directory "/home/*/public_html">
        Options Indexes Includes FollowSymLinks
        Require all granted
</Directory>

참고페이지: http://blog.camilord.com/2014/12/10/centos-7-enable-apache-userdir/

 

VirtualHost 설정

[root@centos74 ~]# cd /etc/httpd/conf.d/
[root@centos74 conf.d]# vi vhost.conf
#NameVirtualHost *:80
<VirtualHost *:80>
       ServerAdmin admin@test.com
       DocumentRoot /var/www/html/test.com/public_html
       ServerName test1.com
       ServerAlias www.test1.com
       ErrorLog logs/test1.com-error_log
       CustomLog logs/test1.com-access_log common
</VirtualHost>
<VirtualHost *:80>
       ServerAdmin admin@test.com
       DocumentRoot /var/www/html
       ServerName test.com
       ServerAlias www.test.com
       ErrorLog logs/test.com-error_log
       CustomLog logs/test.com-access_log common
</VirtualHost>

참고페이지: https://linode.com/docs/web-servers/apache/install-and-configure-apache-on-centos-7/

 

 apache 재시작및 phpinfo 확인

[root@centos74 ~]# systemctl restart httpd
[root@centos74 ~]# mkdir -p /var/www/html/test.com/public_html/
[root@centos74 ~]# vi /var/www/html/test.com/public_html/index.php
<?php phpinfo(); ?>

 

웹페이지확인

 

 

 

 

 

 

 

by ·0 Comments

참고 페이지 : https://www.freebsd.org/doc/handbook/network-dns.html

 

unbound 라는게 있지만 local 에서만 사용이 가능함.

DNS Server Configuration in FreeBSD 10.0 and Later
In FreeBSD 10.0, BIND has been replaced with Unbound. Unbound is a validating caching resolver only. If an authoritative server is needed, many are available from the Ports Collection.

Unbound is provided in the FreeBSD base system. By default, it will provide DNS resolution to the local machine only. While the base system package can be configured to provide resolution services beyond the local machine, it is recommended that such requirements be addressed by installing Unbound from the FreeBSD Ports Collection.

To enable Unbound, add the following to /etc/rc.conf:

local_unbound_enable="YES"

 

 

bind99 install

root@bsd10:~ # whereis bind99
bind99: /usr/ports/dns/bind99
root@bsd10:~ # cd /usr/ports/dns/bind99
root@bsd10:/usr/ports/dns/bind99 # make install clean
root@bsd10:/usr/ports/dns/bind99 # vi /etc/rc.conf

named_enable="YES"
root@bsd10:/usr/ports/dns/bind99 # init 6

 

named Deamon 실행 확인

root@bsd10:~ # sockstat -4 |grep -i named
bind     named      464   20 tcp4   127.0.0.1:53          *:*
bind     named      464   21 tcp4   127.0.0.1:953         *:*
bind     named      464   512 udp4  127.0.0.1:53          *:*
root@bsd10:~ #

 

namedb 디렉토리

/usr/local/etc/namedb
root@bsd10:~ # cd /usr/local/etc/namedb/
root@bsd10:/usr/local/etc/namedb # vi named.conf
//      listen-on       { 127.0.0.1; };
        listen-on       { 127.0.0.1; };

최하단에 추가
include "/usr/local/etc/namedb/named.conf.local";

 

named.conf.local 파일 생성 및 zone 파일생성

root@bsd10:/usr/local/etc/namedb # vi named.conf.local
zone "test.com" {
type master;
file "/usr/local/etc/namedb/working/test.com";
};
root@bsd10:/usr/local/etc/namedb # cd working/
root@bsd10:/usr/local/etc/namedb/working # vi test.com
$TTL 3600        ; 1 hour default TTL
@               IN      SOA      ns.test.com. mail.test.com. (
                                2006051501      ; Serial
                                10800           ; Refresh
                                3600            ; Retry
                                604800          ; Expire
                                300             ; Negative Response TTL
                        )
; DNS Servers
                IN      NS      ns.test.com.
                IN      MX 10   mail.test.com.
                IN      A       192.168.192.200

; Machine Names
ns              IN      A       192.168.192.200
mail            IN      A       192.168.192.200


; Aliases
www             IN      CNAME   test.com.

 

resolv.conf 변경 및 Ping Test 

root@bsd10:~ # vi /etc/resolv.conf
nameserver 192.168.192.200
root@bsd10:~ # service named restart
Stopping named.
Waiting for PIDS: 2540.
Starting named.
root@bsd10:~ #
root@bsd10:~ # ping test.com
PING test.com (192.168.192.200): 56 data bytes
64 bytes from 192.168.192.200: icmp_seq=0 ttl=64 time=0.023 ms
64 bytes from 192.168.192.200: icmp_seq=1 ttl=64 time=0.036 ms
^C
--- test.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.023/0.029/0.036/0.006 ms
root@bsd10:~ #

 

타 System 에서 resolv.conf 파일 변경후 Dig 테스트를 진행합니다.

[root@centos74 named]# dig www.test.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.1 <<>> www.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55568
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.test.com.                  IN      A

;; ANSWER SECTION:
www.test.com.           3600    IN      CNAME   test.com.
test.com.               3600    IN      A       192.168.192.200

;; AUTHORITY SECTION:
test.com.               3600    IN      NS      ns.test.com.

;; ADDITIONAL SECTION:
ns.test.com.            3600    IN      A       192.168.192.200

;; Query time: 0 msec
;; SERVER: 192.168.192.200#53(192.168.192.200)
;; WHEN: Fri Dec 22 01:15:34 KST 2017
;; MSG SIZE  rcvd: 104

[root@centos74 named]#