RHEL 8.0 Beta Version

 

RHEL 8.0 Beta Version Download 시 서브스크립션이 있는 RHNID 가 필요 합니다.

자세한 정보는 아래 사이트에서 확인 가능 합니다.

rhel 8.0 site : https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8-beta/

https://cockpit-project.org/

 

추가된 사항 : Web Console 추가 , dnf 명령어 사용 , network 데몬 삭제?? 등이 있습니다.

그리고 yum grouplist 확인시 Desktop 을 확인 할수 없었습니다.

yum grouplist 

[root@rhel80 ~]# yum grouplist
~ 중략
Available Environment Groups:
   Minimal Install
   Custom Operating System
Installed Environment Groups:
   Server
Installed Groups:
   Development Tools
   Graphical Administration Tools
   Legacy UNIX Compatibility
Available Groups:
   Headless Management
   Network Servers
   Scientific Support
   Security Tools
   System Tools
[root@rhel80 ~]#

 

 

설치 화면

(설명은 생략 합니다.)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[GCP] Google cloud FTP 포트 추가

 

Google Cloud 이용시 80/443 은 체크박스에서 enable 할수 있지만 ftp 의 경우 별도로 방화벽에서 추가를 해야 합니다.

 

vsftpd 설치 및 실행 

[root@gg-test ~]# yum install -y vsftpd
[root@gg-test ~]# systemctl enable vsftpd
[root@gg-test ~]# systemctl start vsftpd
[root@gg-test ~]# firewall-cmd --permanent --add-port=21/tcp
[root@gg-test ~]# firewall-cmd --reload

 

네트워킹의 VPC 네트워크로 이동 합니다.

 

VPC 네트워크 -> 방화벽 규칙 -> 방화벽 규칙 만들기로 이동합니다. 

 

방화벽 규칙을 생성 합니다. 

21 포트와 tcp:49152-65535 포트를 추가 합니다. 

21 포트만 추가시 리눅스에서는 문제 없이 연결 되지만 윈도우즈 ftp Client 에서는 접속이 안됩니다. 

 

Compute Engine -> VM 인스턴스로 이동 합니다.

(변경할 vm 을 선택 합니다.)

 

수정을 클릭 합니다. 

 

네트워크 테그에 ftpd 를 추가 합니다. 

 

최하단에 있는 저장을 클릭 합니다. 

 

ftp 연결 테스트를 진행 합니다. 

 

[GCP] Google cloud Root ssh접속 설정

 

Google cloud 접속시 key 없이 ssh 를 사용 할수 있습니다.

Compute Engine 으로 이동후 설정할 VM 인스턴스의 SSH 를 클릭 합니다.

 

 

root 유저 password 를 설정 합니다. 

[test@gg-test ~]$ sudo -i 
[root@gg-test ~]# passwd 
Changing password for user root.
New password: 

Retype new password: 
passwd: all authentication tokens updated successfully.
[root@gg-test ~]#

 

 sshd_config 설정 및 sshd 재시작 

[root@gg-test ~]# vi /etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
[root@gg-test ~]# systemctl restart sshd

 

SSH 연결

vm 외부 ip 를 확인 합니다.

 

ssh 접속을 합니다. 

 

 

ubuntu 16.04 OpenVPN Server / Client

 

Reference site: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04

 

OpenVPN 설치전 시스템 의 모든 패키지를 업데이트 합니다.

test@ubuntu-vpn:~$ sudo apt upgrade -y

 

OpenVPN 설치

test@ubuntu-vpn:~$ sudo apt install -y openvpn

 

EasyRSA 을 다운 받고 압축을 해제 합니다.

test@vpn-test:~$ wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz
test@vpn-test:~$ tar xvf EasyRSA-3.0.4.tgz
test@vpn-test:~$ cd EasyRSA-3.0.4/

 

vars 파일 을 카피 하고 수정 합니다.

test@ubuntu-vpn:~$ cd EasyRSA-3.0.4/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ cp vars.example vars
test@ubuntu-vpn:~/EasyRSA-3.0.4$ vi vars

~중략
set_var EASYRSA_REQ_COUNTRY     "US"
set_var EASYRSA_REQ_PROVINCE    "California"
set_var EASYRSA_REQ_CITY        "San Francisco"
set_var EASYRSA_REQ_ORG        "Copyleft Certificate Co"
set_var EASYRSA_REQ_EMAIL       "me@example.net"
set_var EASYRSA_REQ_OU          "My Organizational Unit"

 

수정된 vars 를 이용하여 ca 를 생성합니다.

pki 디렉토리 생성

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa init-pki

Note: using Easy-RSA configuration from: ./vars

init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /home/test/EasyRSA-3.0.4/pki

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

nopass 옵션사용시 비밀번호 없이 설정을 진행 합니다.

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa build-ca nopass

Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
......................+++
....................................................................................................+++
writing new private key to '/home/test/EasyRSA-3.0.4/pki/private/ca.key.kMZbbLCFHN'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:

CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/home/test/EasyRSA-3.0.4/pki/ca.crt

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

Server 인증서 만들기

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa gen-req server nopass

Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
...............+++
.........................................................+++
writing new private key to '/home/test/EasyRSA-3.0.4/pki/private/server.key.smJLxpp4h4'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [server]:

Keypair and certificate request completed. Your files are:
req: /home/test/EasyRSA-3.0.4/pki/reqs/server.req
key: /home/test/EasyRSA-3.0.4/pki/private/server.key

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

server.key 파일 복사

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/private/server.key /etc/openvpn/

 

server.crt 파일 생성 yes 로 설정을 마무리 합니다.

yes 를 입력

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa sign-req server server

Note: using Easy-RSA configuration from: ./vars


You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.

Request subject, to be signed as a server certificate for 3650 days:

subject=
    commonName                = server


Type the word 'yes' to continue, or any other input to abort.
  Confirm request details: yes
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'server'
Certificate is to be certified until Nov  3 08:59:07 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Certificate created at: /home/test/EasyRSA-3.0.4/pki/issued/server.crt

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

crt 파일을 복사 합니다.

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/issued/server.crt /etc/openvpn/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/ca.crt /etc/openvpn/

 

Diffie-Hellman key 생성

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa gen-dh

Note: using Easy-RSA configuration from: ./vars
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
......................+
~중략


DH parameters of size 2048 created at /home/test/EasyRSA-3.0.4/pki/dh.pem

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

ta.key 를 생성

test@ubuntu-vpn:~/EasyRSA-3.0.4$ openvpn --genkey --secret ta.key
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp ta.key /etc/openvpn/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/dh.pem /etc/openvpn/

 

openvpn-config 디렉토리 생성 및 디렉토리 권한 설정

test@ubuntu-vpn:~/EasyRSA-3.0.4$ mkdir -p ~/openvpn-config/key
test@ubuntu-vpn:~/EasyRSA-3.0.4$ chmod -R 700 ~/openvpn-config

 

Client 인증서 생성

test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa gen-req user01 nopass

Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
..................................................................................................................................................................+++
..................+++
writing new private key to '/home/test/EasyRSA-3.0.4/pki/private/user01.key.xoi765b604'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [user01]:

Keypair and certificate request completed. Your files are:
req: /home/test/EasyRSA-3.0.4/pki/reqs/user01.req
key: /home/test/EasyRSA-3.0.4/pki/private/user01.key

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

user01.key 를 카피 합니다.

test@ubuntu-vpn:~/EasyRSA-3.0.4$ cp pki/private/user01.key ~/openvpn-config/key/test@ubuntu-vpn:~/EasyRSA-3.0.4$ ./easyrsa sign-req client user01

Note: using Easy-RSA configuration from: ./vars


You are about to sign the following certificate.
Please check over the details shown below for accuracy. Note that this request
has not been cryptographically verified. Please be sure it came from a trusted
source or that you have verified the request checksum with the sender.

Request subject, to be signed as a client certificate for 3650 days:

subject=
    commonName                = user01


Type the word 'yes' to continue, or any other input to abort.
  Confirm request details: yes
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'user01'
Certificate is to be certified until Nov  3 09:06:29 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Certificate created at: /home/test/EasyRSA-3.0.4/pki/issued/user01.crt

test@ubuntu-vpn:~/EasyRSA-3.0.4$

 

user01 crt 파일 복사

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp pki/issued/user01.crt ~/openvpn-config/key/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp ta.key ~/openvpn-config/key/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp /etc/openvpn/ca.crt ~/openvpn-config/key/

 

server.conf.gz 파일 카피 및 압축해제

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo gzip -d /etc/openvpn/server.conf.gz

 

server.conf 설정

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo vi /etc/openvpn/server.conf
tls-auth ta.key 0 # This file is secret
key-direction 0

cipher AES-128-CBC   # AES
auth SHA256

;dh dh2048.pem
dh dh.pem

user nobody
group nogroup

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

 

sysctl.conf 설정

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1

test@ubuntu-vpn:~/EasyRSA-3.0.4$ sudo sysctl -p
net.ipv4.ip_forward = 1

 

UFW 설정

Default G/W 로 사용되는 Nic Device 를 확인 합니다.

test@ubuntu-vpn:~$ ip route |grep default
default via 192.168.0.2 dev ens33

 

ufw 를 설정 합니다. 

test@ubuntu-vpn:~$ sudo vi /etc/ufw/before.rules
#   ufw-before-forward
#

# Don't delete these required lines, otherwise there will be errors
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# ens33 MASQUERADE Settins
-A POSTROUTING -s 10.8.0.0/8 -o ens33 -j MASQUERADE
COMMIT
# END OPENVPN RULES
#

 

/etc/default/ufw 설정

DROP => ACCEPT 로 변경 합니다.

test@ubuntu-vpn:~$ sudo vi /etc/default/ufw
#DEFAULT_FORWARD_POLICY="DROP"
DEFAULT_FORWARD_POLICY="ACCEPT"

 

ufw Service 추가 

test@ubuntu-vpn:~$ sudo ufw allow 1194/udp
Rules updated
Rules updated (v6)
test@ubuntu-vpn:~$ sudo ufw allow OpenSSH
Rules updated
Rules updated (v6)
test@ubuntu-vpn:~$ sudo ufw disable
Firewall stopped and disabled on system startup
test@ubuntu-vpn:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
test@ubuntu-vpn:~$

 

openvpn Server 활성화 및 구동

test@ubuntu-vpn:~$ sudo systemctl enable openvpn@server
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn@server.service to /lib/systemd/system/openvpn@.service.
test@ubuntu-vpn:~$ sudo systemctl start openvpn@server

 

ifconfig 확인시 tun0 Device 를 확인 할수 있습니다.

test@ubuntu-vpn:~$ ifconfig
ens33     Link encap:Ethernet  HWaddr 00:0c:29:18:c3:ea
          inet addr:192.168.0.12  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe18:c3ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3098 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4223 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:729938 (729.9 KB)  TX bytes:531750 (531.7 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:176 errors:0 dropped:0 overruns:0 frame:0
          TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:13296 (13.2 KB)  TX bytes:13296 (13.2 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

test@ubuntu-vpn:~$

 

base.conf 설정

test@ubuntu-vpn:~$ mkdir ~/openvpn-config/files
test@ubuntu-vpn:~$ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/openvpn-config/base.conf
test@ubuntu-vpn:~$ vi ~/openvpn-config/base.conf
remote 192.168.0.12 1194

user nobody
group nogroup


#ca ca.crt
#cert client.crt
#key client.key

cipher AES-256-CBC
auth SHA256
key-direction 1


# 최하단 

;mute 20


# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf

 

make_config.sh 스크립트 작성

test@ubuntu-vpn:~$ vi ~/openvpn-config/make_config.sh

#!/bin/bash

# First argument: Client identifier

KEY_DIR=~/openvpn-config/key
OUTPUT_DIR=~/openvpn-config/files
BASE_CONFIG=~/openvpn-config/base.conf

cat ${BASE_CONFIG} \
    <(echo -e '<ca>') \
    ${KEY_DIR}/ca.crt \
    <(echo -e '</ca>\n<cert>') \
    ${KEY_DIR}/${1}.crt \
    <(echo -e '</cert>\n<key>') \
    ${KEY_DIR}/${1}.key \
    <(echo -e '</key>\n<tls-auth>') \
    ${KEY_DIR}/ta.key \
    <(echo -e '</tls-auth>') \
    > ${OUTPUT_DIR}/${1}.ovpn


test@ubuntu-vpn:~$ chmod 700 ~/openvpn-config/make_config.sh

 

user01 계정 생성

test@ubuntu-vpn:~$ cd openvpn-config/
test@ubuntu-vpn:~/openvpn-config$ sudo ./make_config.sh user01
test@ubuntu-vpn:~/openvpn-config$ cd files/
test@ubuntu-vpn:~/openvpn-config/files$ sudo cp ../key/ta.key .
test@ubuntu-vpn:~/openvpn-config/files$ sudo chmod 644 ta.key

 

접속시 필요한 파일은 ~/openvpn-config/files 에 있습니다.

test@ubuntu-vpn:~$ ls -al openvpn-config/files/
total 24
drwxrwxr-x 2 test test  4096 Nov  6 18:19 .
drwx------ 4 test test  4096 Nov  6 18:17 ..
-rw-r--r-- 1 root root   636 Nov  6 18:19 ta.key
-rw-r--r-- 1 root root 11545 Nov  6 18:18 user01.ovpn
test@ubuntu-vpn:~$

 

Ubuntu OpenVPN Client

 

openvpn 설치

test@ubuntu-client:~$ sudo apt update
test@ubuntu-client:~$ sudo apt install -y openvpn
test@ubuntu-client:~$ sudo snap install easy-openvpn

 

user01 인증서 복사

test@ubuntu-vpn:~/openvpn-config/files$ scp user01.ovpn test@192.168.0.14:/home/test/openvpn/
test@ubuntu-vpn:~/openvpn-config/files$ scp ta.key  test@192.168.0.14:/home/test/openvpn/

 

접속 테스트 

test@ubuntu-client:~/openvpn$ sudo openvpn --config user01.ovpn

~중략
option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Nov  7 15:56:52 2018 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov  7 15:56:52 2018 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov  7 15:56:52 2018 OPTIONS IMPORT: route options modified
Wed Nov  7 15:56:52 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Nov  7 15:56:52 2018 ROUTE_GATEWAY 192.168.0.2/255.255.255.0 IFACE=ens33 HWADDR=00:0c:29:0f:e7:2a
Wed Nov  7 15:56:52 2018 TUN/TAP device tun0 opened
Wed Nov  7 15:56:52 2018 TUN/TAP TX queue length set to 100
Wed Nov  7 15:56:52 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Nov  7 15:56:52 2018 /sbin/ip link set dev tun0 up mtu 1500
Wed Nov  7 15:56:52 2018 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Wed Nov  7 15:56:52 2018 /sbin/ip route add 192.168.0.12/32 dev ens33
Wed Nov  7 15:56:52 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Wed Nov  7 15:56:52 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Wed Nov  7 15:56:52 2018 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Wed Nov  7 15:56:52 2018 GID set to nogroup
Wed Nov  7 15:56:52 2018 UID set to nobody
Wed Nov  7 15:56:52 2018 Initialization Sequence Completed

 

정상적으로 vpn 에 접속시 tun0 Device 를 확인 할수 있습니다. 

test@ubuntu-client:~$ ifconfig
ens33     Link encap:Ethernet  HWaddr 00:0c:29:0f:e7:2a
          inet addr:192.168.0.14  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe0f:e72a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:918 errors:0 dropped:0 overruns:0 frame:0
          TX packets:763 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:102521 (102.5 KB)  TX bytes:155757 (155.7 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:176 errors:0 dropped:0 overruns:0 frame:0
          TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:13296 (13.2 KB)  TX bytes:13296 (13.2 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

test@ubuntu-client:~$

 

systemd 에 추가 

test@ubuntu-client:~/openvpn$ sudo vi /lib/systemd/system/openvpn-client.service
[Unit]
Description=test.com OpenVPN Kr Service
After=multi-user.target

[Service]
Type=idle
ExecStart=/usr/sbin/openvpn --config /home/test/openvpn/user01.ovpn

[Install]
WantedBy=multi-user.target

test@ubuntu-client:~/openvpn$ sudo chmod 644 /lib/systemd/system/openvpn-client.service

 

systemd 활성화 및 실행 

test@ubuntu-client:~/openvpn$ sudo systemctl daemon-reload
test@ubuntu-client:~/openvpn$ sudo systemctl enable openvpn-client
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn-client.service to /lib/systemd/system/openvpn-client.service.
test@ubuntu-client:~/openvpn$ sudo systemctl start openvpn-client
test@ubuntu-client:~/openvpn$ sudo systemctl status openvpn-client
● openvpn-client.service - test.com OpenVPN Kr Service
   Loaded: loaded (/lib/systemd/system/openvpn-client.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-11-07 16:02:04 KST; 32s ago
 Main PID: 2034 (openvpn)
    Tasks: 1
   Memory: 828.0K
      CPU: 35ms
   CGroup: /system.slice/openvpn-client.service
           └─2034 /usr/sbin/openvpn --config /home/test/openvpn/user01.ovpn

Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 ERROR: Linux route add command failed: external program exited
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 GID set to nogroup
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 UID set to nobody
Nov 07 16:02:06 ubuntu-client openvpn[2034]: Wed Nov  7 16:02:06 2018 Initialization Sequence Completed

 

시스템 리부팅 및 동작 확인 

test@ubuntu-client:~/openvpn$ sudo init 6
test@ubuntu-client:~$ ifconfig
ens33     Link encap:Ethernet  HWaddr 00:0c:29:0f:e7:2a
          inet addr:192.168.0.14  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe0f:e72a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:152 errors:0 dropped:0 overruns:0 frame:0
          TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:30427 (30.4 KB)  TX bytes:33460 (33.4 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:176 errors:0 dropped:0 overruns:0 frame:0
          TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:13296 (13.2 KB)  TX bytes:13296 (13.2 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:1216 (1.2 KB)

test@ubuntu-client:~$ systemctl status openvpn-client
● openvpn-client.service - test.com OpenVPN Kr Service
   Loaded: loaded (/lib/systemd/system/openvpn-client.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-11-07 16:04:43 KST; 7min ago
 Main PID: 1312 (openvpn)
    Tasks: 1
   Memory: 1.7M
      CPU: 157ms
   CGroup: /system.slice/openvpn-client.service
           └─1312 /usr/sbin/openvpn --config /home/test/openvpn/user01.ovpn

Nov 07 16:10:59 ubuntu-client openvpn[1312]: Wed Nov  7 16:10:59 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modifi
Nov 07 16:10:59 ubuntu-client openvpn[1312]: Wed Nov  7 16:10:59 2018 Preserving previous TUN/TAP instance: tun0
Nov 07 16:10:59 ubuntu-client openvpn[1312]: Wed Nov  7 16:10:59 2018 Initialization Sequence Completed
Nov 07 16:11:09 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:09 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:20 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:20 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:30 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:30 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:40 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:40 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:11:51 ubuntu-client openvpn[1312]: Wed Nov  7 16:11:51 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:12:01 ubuntu-client openvpn[1312]: Wed Nov  7 16:12:01 2018 Authenticate/Decrypt packet error: cipher final failed
Nov 07 16:12:10 ubuntu-client openvpn[1312]: Wed Nov  7 16:12:10 2018 Authenticate/Decrypt packet error: cipher final failed

test@ubuntu-client:~$

 

Authenticate/Decrypt packet error: cipher final failed 메시지 발생시 설정 확인 필요.

 

 

 

Ubuntu 18.04 LEMP Stack

https://www.ubuntu.com/about/release-cycle

 

 

Mariadb 10.3 설치

mariadb 10.1 –> 10.3 으로 변경 10.1 repo 에서 정상적으로 설치 되지 않음

https://downloads.mariadb.org/mariadb/repositories/#mirror=harukasan&distro=Ubuntu&distro_release=bionic–ubuntu_bionic&version=10.1

mariadb 레포지터리를 추가 합니다. 

test@ubuntu1804:~$ sudo apt-get install software-properties-common
test@ubuntu1804:~$ sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
test@ubuntu1804:~$ sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://ftp.kaist.ac.kr/mariadb/repo/10.3/ubuntu bionic main'

 

mariadb-server , mariadb-client 패키지를 설치 합니다.

test@ubuntu1804:~$ sudo apt update
test@ubuntu1804:~$ sudo apt -y install mariadb-server mariadb-client

# 패스워드를 설정 합니다.

 

mariadb 서비스를 실행 및 활성화 합니다.

test@ubuntu1804:~$ sudo systemctl start mariadb.service
test@ubuntu1804:~$ sudo systemctl enable mariadb.service

 

mysql_secure_installation 을 실행 합니다.

test@ubuntu1804:~$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
test@ubuntu1804:~$

 

mariadb character set 을 utf8mb4 로 변경 합니다.

test@ubuntu1804:~$ sudo vi /etc/mysql/mariadb.cnf
# MariaDB-specific config file.
# Read by /etc/mysql/my.cnf

[client]
default-character-set = utf8mb4
# Default is Latin1, if you need UTF-8 set this (also in server section)
#default-character-set = utf8

[mysqld]

character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci

 

mariadb.service 재시작후 character set 확인 합니다.

test@ubuntu1804:~$ sudo systemctl restart mariadb.service
test@ubuntu1804:~$ sudo mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 37
Server version: 10.3.10-MariaDB-1:10.3.10+maria~bionic-log mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> status;
--------------
mysql  Ver 15.1 Distrib 10.3.10-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

Connection id:          37
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.3.10-MariaDB-1:10.3.10+maria~bionic-log mariadb.org binary distribution
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8mb4
Db     characterset:    utf8mb4
Client characterset:    utf8mb4
Conn.  characterset:    utf8mb4
UNIX socket:            /var/run/mysqld/mysqld.sock
Uptime:                 11 sec

Threads: 8  Questions: 61  Slow queries: 0  Opens: 32  Flush tables: 1  Open tables: 26  Queries per second avg: 5.545
--------------

MariaDB [(none)]> quit;
Bye
test@ubuntu1804:~$

 

Nginx 설치

test@ubuntu1804:~$ sudo apt install -y nginx

 

nginx 서비스를 실행 및 활성화 합니다.

test@ubuntu1804:~$ sudo systemctl start nginx
test@ubuntu1804:~$ sudo systemctl enable nginx

 

nginx.conf 를 설정 합니다.

test@ubuntu1804:~$ sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.org
test@ubuntu1804:~$ sudo vi /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 1024;
}

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

 

/etc/nginx/sites-enabled/default 설정

server {
    listen 80;
    listen [::]:80;
    root /var/www/html;
    index  index.php index.html index.htm;
    server_name  example.com www.example.com;

    location / {
        try_files $uri $uri/ =404;
    }


     # pass PHP scripts to FastCGI server
        #
        location ~ \.php$ {
               include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
               fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        }
}

 

nginx config 를 확인 합니다.

test@ubuntu1804:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
test@ubuntu1804:~$

 

php 7.1 0설치

test@ubuntu1804:~$ sudo add-apt-repository ppa:ondrej/php
test@ubuntu1804:~$ sudo apt-get install -y php7.1
test@ubuntu1804:~$ sudo add-apt-repository universe
test@ubuntu1804:~$ sudo apt install -y php7.1-fpm php7.1-mcrypt php7.1-cli php7.1-xml php7.1-mysql php7.1-gd php7.1-imagick php7.1-recode php7.1-tidy php7.1-xmlrpc

 

php.ini 설정

test@ubuntu1804:~$ sudo vi /etc/php/7.1/fpm/php.ini
display_errors = On
display_startup_errors = On
date.timezone = Asia/Seoul
cgi.fix_pathinfo=0

 

php-fpm 설정 www.conf

test@ubuntu1804:~$ sudo vi /etc/php/7.1/fpm/pool.d/www.conf
listen.owner = www-data
listen.group = www-data
listen.mode = 0660

 

php7.1-fpm.service 재시작

test@ubuntu1804:~$ sudo systemctl restart php7.1-fpm.service

 

phpinfo 확인

test@ubuntu1804:~$ sudo vi /var/www/html/test.php
<?php phpinfo(); ?>

 

 http://192.168.0.18/test.php 로 접속하여 확인 합니다. 

 

 

Opensource Reference docs Site 를 오픈 하였습니다. 🙂

http://docs.crois.net 

블로그내용을 정리 하다 보니 너무 많이 시간이 걸려 markdown 을 이용하여 몇가지를 정리 하고 있습니다.

바로 쓸수 있는 Opensource Reference docs 을 만들려고 생각했는데 생각처럼 쉽지가 않군요.

일주일 남짓해서 FreeBSD , CentOS , Ubuntu , Docker 를 정리 하였습니다.

아직 정리할것이 너무 많은데 언제쯤 다 끝날지는 모르겠습니다.

혼자하기 싫어서 Project 란 말을 남기긴 하였지만… 누가 같이 만들어 줄지는…

차후 어느정도 Site 내용이 정리되면 같이 글을 쓰고 테스트를 하고 문서를 공유할수 있는 사람이 있었으면 좋겠네요.

 

 

 

Docker nginx + sphinx-doc install

 

 

Local 에서 sphinx 구성을 하지 않은 경우 웹페이지를 확인 하기 어렸습니다.

docker nginx + sphinx 를 간단하게 구성하는 방법을 포스팅 합니다.

sphinx-doc 설치는 아래 페이지를 참고 해 주세요.

Ubuntu sphinx-doc install

 

참고 페이지 : https://github.com/serra/sphinx-with-markdown

https://docs.readthedocs.io/en/latest/getting_started.html

https://recommonmark.readthedocs.io/en/latest/#autostructify

https://recommonmark.readthedocs.io/en/latest/auto_structify.html

https://github.com/rtfd/recommonmark

 

docker 및 docker-compose 설치를 합니다.

test@ubuntu-docs:~$ curl -s https://get.docker.com/ | sudo sh
test@ubuntu-docs:~$ sudo usermod -aG docker test
test@ubuntu-docs:~$ sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
test@ubuntu-docs:~$ sudo chmod +x /usr/local/bin/docker-compose

docker-compose 대신 docker 만으로 사용하여도 됩니다.

 

docker-compose 에 사용할 디렉토리를 생성 합니다.

test@ubuntu-docs:~/Workspace$ mkdir web-docs
test@ubuntu-docs:~/Workspace$ cd web-docs/
test@ubuntu-docs:~/Workspace/web-docs$
test@ubuntu-docs:~/Workspace/web-docs$ mkdir docs

 

docker-compose.yml 파일을 생성 합니다.

./nginx/conf 디렉토리와 /etc/nginx/conf.d 디렉토리를 연결 합니다.

./docs 디렉토리와 컨테이너의 /code 디렉토리를 연결 합니다.

test@ubuntu-docs:~/Workspace/web-docs$ vi docker-compose.yml

version: '2'

services:
    nginx:
        image: nginx:1.10.2
        ports:
            - 80:80
        restart: always
        volumes:
            - ./nginx/conf:/etc/nginx/conf.d
            - ./docs:/code



test@ubuntu-docs:~/Workspace/web-docs$ mkdir -p nginx/conf/
test@ubuntu-docs:~/Workspace/web-docs$ vi nginx/conf/default.conf
server {
    listen       80 default_server;
    server_name  localhost _;
    index        index.html index.htm;
    root         /code;

    location / {
        autoindex on;
    }
}

 

docker-compose 를 실행 합니다.

test@ubuntu-docs:~/Workspace/web-docs$ docker-compose up -d --build

 

컨테이너 구동 확인

test@ubuntu-docs:~/Workspace/web-docs$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                         NAMES
e0e37ee2dbbe        nginx:1.10.2        "nginx -g 'daemon of…"   56 seconds ago      Up 54 seconds       0.0.0.0:80->80/tcp, 443/tcp   webdocs_nginx_1
test@ubuntu-docs:~/Workspace/web-docs$

 

sphinx 를 사용할 디렉토리로 이동 후 sphinx-quickstart 를 실행 합니다.

별도의 디렉토리를 지정 하지 않으면 sphinx-quickstart 를 실행한 디렉토리에 설정파일 등등이 생성 됩니다.

test@ubuntu-docs:~$ cd Workspace/web-docs/docs/
test@ubuntu-docs:~/Workspace/web-docs/docs$ sphinx-quickstart

Welcome to the Sphinx 1.3.6 quickstart utility.

Please enter values for the following settings (just press Enter to
accept a default value, if one is given in brackets).

Enter the root path for documentation.
> Root path for the documentation [.]:

You have two options for placing the build directory for Sphinx output.
Either, you use a directory "_build" within the root path, or you separate
"source" and "build" directories within the root path.
> Separate source and build directories (y/n) [n]:

Inside the root directory, two more directories will be created; "_templates"
for custom HTML templates and "_static" for custom stylesheets and other static
files. You can enter another prefix (such as ".") to replace the underscore.
> Name prefix for templates and static dir [_]:

The project name will occur in several places in the built documentation.
> Project name: opensource docs
> Author name(s): user01

Sphinx has the notion of a "version" and a "release" for the
software. Each version can have multiple releases. For example, for
Python the version is something like 2.5 or 3.0, while the release is
something like 2.5.1 or 3.0a1.  If you don't need this dual structure,
just set both to the same value.
> Project version: 1.0
> Project release [1.0]:

If the documents are to be written in a language other than English,
you can select a language here by its language code. Sphinx will then
translate text that it generates into that language.

For a list of supported codes, see
http://sphinx-doc.org/config.html#confval-language.
> Project language [en]: ko

The file name suffix for source files. Commonly, this is either ".txt"
or ".rst".  Only files with this suffix are considered documents.
> Source file suffix [.rst]:

One document is special in that it is considered the top node of the
"contents tree", that is, it is the root of the hierarchical structure
of the documents. Normally, this is "index", but if your "index"
document is a custom template, you can also set this to another filename.
> Name of your master document (without suffix) [index]:

Sphinx can also add configuration for epub output:
> Do you want to use the epub builder (y/n) [n]:

Please indicate if you want to use one of the following Sphinx extensions:
> autodoc: automatically insert docstrings from modules (y/n) [n]:
> doctest: automatically test code snippets in doctest blocks (y/n) [n]:
> intersphinx: link between Sphinx documentation of different projects (y/n) [n]:
> todo: write "todo" entries that can be shown or hidden on build (y/n) [n]:
> coverage: checks for documentation coverage (y/n) [n]:
> pngmath: include math, rendered as PNG images (y/n) [n]:
> mathjax: include math, rendered in the browser by MathJax (y/n) [n]:
> ifconfig: conditional inclusion of content based on config values (y/n) [n]:
> viewcode: include links to the source code of documented Python objects (y/n) [n]:

A Makefile and a Windows command file can be generated for you so that you
only have to run e.g. `make html' instead of invoking sphinx-build
directly.
> Create Makefile? (y/n) [y]:
> Create Windows command file? (y/n) [y]: n

Creating file ./conf.py.
Creating file ./index.rst.
Creating file ./Makefile.

Finished: An initial directory structure has been created.

You should now populate your master file ./index.rst and create other documentation
source files. Use the Makefile to build the docs, like so:
   make builder
where "builder" is one of the supported builders, e.g. html, latex or linkcheck.

test@ubuntu-docs:~/Workspace/web-docs/docs$

 

마크다운을 사용하기 위하여 recommonmark Python 패키지를 설치 합니다.

python-pip 패키지가 설치가 안되어 있을경우 설치를 먼저 진행합니다. 
$ sudo apt install python-pip
일반유저 에서 설치시 --user 옵션을 사용합니다.
$ pip install recommonmark  --user

 

conf.py 파일을 수정 합니다.

기존에 사용되던 source_suffix 라인은 주석 처리 합니다.

source_suffix 라인외의 항목은 수정이 아닌 추가된 항목 입니다.

2가지 경우로 설정 할수 있으며 markdown 고급기능에 따른 차이가? 있을수 있을거 같습니다.

자세한 내용은 링크 사이트를 참고해 주세요.

https://recommonmark.readthedocs.io/en/latest/ 설정시 

test@ubuntu-docs:~/Workspace/web-docs/docs$ vi conf.py
#source_suffix = '.rst'   <-- 주석 처리를 합니다. 
from recommonmark.parser import CommonMarkParser

source_parsers = {
    '.md': CommonMarkParser,
}

source_suffix = ['.rst', '.md']

from recommonmark.transform import AutoStructify

# At top on conf.py (with other import statements)
import recommonmark
from recommonmark.transform import AutoStructify

# At the bottom of conf.py
def setup(app):
    app.add_config_value('recommonmark_config', {
            'url_resolver': lambda url: github_doc_root + url,
            'auto_toc_tree_section': 'Contents',
            }, True)
    app.add_transform(AutoStructify)

 

https://recommonmark.readthedocs.io/en/latest/auto_structify.html  설정시 아래와 같이 conf.py 를 설정합니다. 

import sys
import os
import sphinx_rtd_theme

import recommonmark              <--  추가 


#source_suffix = '.rst'          <-- 기존 항목 주석처리 
from recommonmark.parser import CommonMarkParser
from recommonmark.transform import AutoStructify

source_parsers = {
    '.md': CommonMarkParser,
}

source_suffix = ['.rst', '.md']

github_doc_root = 'https://github.com/rtfd/recommonmark/tree/master/doc/'
def setup(app):
    app.add_config_value('recommonmark_config', {
            'url_resolver': lambda url: github_doc_root + url,
            'auto_toc_tree_section': 'Contents',
            }, True)
    app.add_transform(AutoStructify)

 

make html 을 실행 합니다. 

test@ubuntu-docs:~/Workspace/web-docs/docs$ make html
sphinx-build -b html -d _build/doctrees   . _build/html
Running Sphinx v1.8.1
loading pickled environment... done
building [mo]: targets for 0 po files that are out of date
building [html]: targets for 0 source files that are out of date
updating environment: 2 added, 0 changed, 2 removed
reading sources... [100%] test1
looking for now-outdated files... none found
pickling environment... done
checking consistency... done
preparing documents... done
writing output... [100%] test1
generating indices... genindex
writing additional pages... search
copying static files... done
copying extra files... done
dumping search index in English (code: en) ... done
dumping object inventory... done
build succeeded.

The HTML pages are in _build/html.

Build finished. The HTML pages are in _build/html.
test@ubuntu-docs:~/Workspace/web-docs/docs$

 

테마를 설치 합니다.

test@ubuntu-docs:~/Workspace/web-docs/docs$ pip install sphinx_rtd_theme

 

테마를 적용합니다.

test@ubuntu-docs:~/Workspace/web-docs/docs$ vi conf.py
import sphinx_rtd_theme

#html_theme = 'alabaster'
html_theme = 'sphinx_rtd_theme'

html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]

 

make html 을 실행 합니다.

test@ubuntu-docs:~/Workspace/web-docs/docs$ make html
sphinx-build -b html -d _build/doctrees   . _build/html
Running Sphinx v1.3.6
loading translations [ko]... done
loading pickled environment... done
building [mo]: targets for 0 po files that are out of date
building [html]: targets for 1 source files that are out of date
updating environment: [config changed] 1 added, 0 changed, 0 removed
reading sources... [100%] index
looking for now-outdated files... none found
pickling environment... done
checking consistency... done
preparing documents... done
writing output... [100%] index
generating indices... genindex
writing additional pages... search
copying static files... done
copying extra files... done
dumping search index in English (code: en) ... done
dumping object inventory... done
build succeeded.

Build finished. The HTML pages are in _build/html.
test@ubuntu-docs:~/Workspace/web-docs/docs$

 

web page 의 root page 는 /home/test/Workspace/web-docs/docs/_build/html 입니다.

docker-compose.yml 파일을 수정 해야 합니다. 🙂

test@ubuntu-docs:~/Workspace/web-docs/docs$ ls -al _build/html/
total 40
drwxrwxr-x 4 test test 4096 Sep 30 21:02 .
drwxrwxr-x 4 test test 4096 Sep 30 21:02 ..
-rw-rw-r-- 1 test test  230 Sep 30 21:02 .buildinfo
-rw-rw-r-- 1 test test 2663 Sep 30 21:02 genindex.html
-rw-rw-r-- 1 test test 3939 Sep 30 21:02 index.html
-rw-rw-r-- 1 test test  228 Sep 30 21:02 objects.inv
-rw-rw-r-- 1 test test 3045 Sep 30 21:02 search.html
-rw-rw-r-- 1 test test  323 Sep 30 21:02 searchindex.js
drwxrwxr-x 2 test test 4096 Sep 30 21:02 _sources
drwxrwxr-x 2 test test 4096 Sep 30 21:02 _static
test@ubuntu-docs:~/Workspace/web-docs/docs$

 

docker-compose down 및 docker-compose.yml 파일 수정

volumes 라인을 수정 합니다.

test@ubuntu-docs:~/Workspace/web-docs$ docker-compose down
test@ubuntu-docs:~/Workspace/web-docs$ vi docker-compose.yml
~중략
        volumes:
            - ./nginx/conf:/etc/nginx/conf.d
            - ./docs/_build/html:/code

 

docker-compose 구동

test@ubuntu-docs:~/Workspace/web-docs$ docker-compose up -d --build

Web page 를 확인 합니다.

 

markdown test

test@ubuntu-docs:~/Workspace/web-docs/docs$ vi index.rst
.. web-docs documentation master file, created by
   sphinx-quickstart on Mon Oct  1 18:59:13 2018.
   You can adapt this file completely to your liking, but it should at least
   contain the root `toctree` directive.

Welcome to web-docs's documentation!
====================================

Contents:

.. toctree::
   :maxdepth: 2

   test1.md
   test2.md



Indices and tables
==================

* :ref:`genindex`
* :ref:`modindex`
* :ref:`search

 

test1 / test2 메뉴 생성

test@ubuntu-docs:~/Workspace/web-docs/docs$ vi test1.md
# test1
test@ubuntu-docs:~/Workspace/web-docs/docs$ vi test2.md
# test2

 

make html 실행

test@ubuntu-docs:~/Workspace/web-docs/docs$ make html
sphinx-build -b html -d _build/doctrees   . _build/html
Running Sphinx v1.8.1
loading translations [ko]... done
loading pickled environment... done
building [mo]: targets for 0 po files that are out of date
building [html]: targets for 3 source files that are out of date
updating environment: 3 added, 0 changed, 0 removed
reading sources... [100%] test2
looking for now-outdated files... none found
pickling environment... done
checking consistency... done
preparing documents... done
writing output... [100%] test2
generating indices... genindex
writing additional pages... search
copying static files... done
copying extra files... done
dumping search index in English (code: en) ... done
dumping object inventory... done
build succeeded.

The HTML pages are in _build/html.

Build finished. The HTML pages are in _build/html.
test@ubuntu-docs:~/Workspace/web-docs/docs$

 

web page 확인

 

 

Ubuntu sphinx-doc install

sphinx 의 경우 Python 문서를 위해 만들어졌으며 소프트웨어 문서화를 위한 좋은 기능을 가지고 있습니다.

sphinx-doc : http://www.sphinx-doc.org/en/1.6/index.html

설치참고: https://docs-korean-sphinx.readthedocs.io/ko/docs-korean/tutorial_ko.html

 

ubuntu sphinx-doc 설치

test@ubuntu-docs:~$ sudo apt-get install python-sphinx python-pip make

 

apt-get 으로 인스톨 했다면 pip install sphinx 를 하실 필요가 없습니다.

pip list 명령어로 확인가능

Python 이 설치 되어 있으면  pip 명령어로 손쉽게 설치를 진행 할수 있습니다.

pip 는 파이썬 으로 작성된 패키지 소프트웨어를 설치 , 관리 하는 패키지 관리 시스템 입니다.

자세한 내용은 https://pypi.org/project/pip/ 에서 확인 가능합니다.

test@ubuntu-docs:~$ pip install sphinx

 

sphinx 문서 환경설정

문서 작성시 해당 디렉토리에 설정 파일을 생성 합니다.

shinx-quickstart 명령어를 통하여 환경을 설정 할수 있습니다.

대략적으로 필요 한 부분만 y를 입력 하여 설정을 진행 합니다.

test@ubuntu-docs:~$ mkdir -p Workspace/docs
test@ubuntu-docs:~$ sphinx-quickstart
test@ubuntu-docs:~$ sphinx-quickstart
Welcome to the Sphinx 1.3.6 quickstart utility.

Please enter values for the following settings (just press Enter to
accept a default value, if one is given in brackets).

Enter the root path for documentation.
> Root path for the documentation [.]: /home/test/Workspace/docs

You have two options for placing the build directory for Sphinx output.
Either, you use a directory "_build" within the root path, or you separate
"source" and "build" directories within the root path.
> Separate source and build directories (y/n) [n]:

Inside the root directory, two more directories will be created; "_templates"
for custom HTML templates and "_static" for custom stylesheets and other static
files. You can enter another prefix (such as ".") to replace the underscore.
> Name prefix for templates and static dir [_]:

The project name will occur in several places in the built documentation.
> Project name: opensource docs
> Author name(s): user01

Sphinx has the notion of a "version" and a "release" for the
software. Each version can have multiple releases. For example, for
Python the version is something like 2.5 or 3.0, while the release is
something like 2.5.1 or 3.0a1.  If you don't need this dual structure,
just set both to the same value.
> Project version: 1.0
> Project release [1.0]:

If the documents are to be written in a language other than English,
you can select a language here by its language code. Sphinx will then
translate text that it generates into that language.

For a list of supported codes, see
http://sphinx-doc.org/config.html#confval-language.
> Project language [en]: ko

The file name suffix for source files. Commonly, this is either ".txt"
or ".rst".  Only files with this suffix are considered documents.
> Source file suffix [.rst]:

One document is special in that it is considered the top node of the
"contents tree", that is, it is the root of the hierarchical structure
of the documents. Normally, this is "index", but if your "index"
document is a custom template, you can also set this to another filename.
> Name of your master document (without suffix) [index]:

Sphinx can also add configuration for epub output:
> Do you want to use the epub builder (y/n) [n]:

Please indicate if you want to use one of the following Sphinx extensions:
> autodoc: automatically insert docstrings from modules (y/n) [n]: y
> doctest: automatically test code snippets in doctest blocks (y/n) [n]:
> intersphinx: link between Sphinx documentation of different projects (y/n) [n]: y
> todo: write "todo" entries that can be shown or hidden on build (y/n) [n]:
> coverage: checks for documentation coverage (y/n) [n]:
> pngmath: include math, rendered as PNG images (y/n) [n]:
> mathjax: include math, rendered in the browser by MathJax (y/n) [n]:
> ifconfig: conditional inclusion of content based on config values (y/n) [n]:
> viewcode: include links to the source code of documented Python objects (y/n) [n]: y

A Makefile and a Windows command file can be generated for you so that you
only have to run e.g. `make html' instead of invoking sphinx-build
directly.
> Create Makefile? (y/n) [y]:
> Create Windows command file? (y/n) [y]: n

Creating file /home/test/Workspace/docs/conf.py.
Creating file /home/test/Workspace/docs/index.rst.
Creating file /home/test/Workspace/docs/Makefile.

Finished: An initial directory structure has been created.

You should now populate your master file /home/test/Workspace/docs/index.rst and create other documentation
source files. Use the Makefile to build the docs, like so:
   make builder
where "builder" is one of the supported builders, e.g. html, latex or linkcheck.

test@ubuntu-docs:~$

 

shinx-quickstart 에서 설정한 문서 위치로 이동 합니다.

test@ubuntu-docs:~$ cd Workspace/docs/
test@ubuntu-docs:~/Workspace/docs$ ls -al
total 44
drwxrwxr-x 5 test test 4096 Sep 30 19:56 .
drwxrwxr-x 3 test test 4096 Sep 30 19:44 ..
drwxrwxr-x 2 test test 4096 Sep 30 19:56 _build
-rw-rw-r-- 1 test test 9445 Sep 30 19:56 conf.py
-rw-rw-r-- 1 test test  450 Sep 30 19:56 index.rst
-rw-rw-r-- 1 test test 7688 Sep 30 19:56 Makefile
drwxrwxr-x 2 test test 4096 Sep 30 19:56 _static
drwxrwxr-x 2 test test 4096 Sep 30 19:56 _templates
test@ubuntu-docs:~/Workspace/docs$

 

make html

test@ubuntu-docs:~/Workspace/docs$ make html
sphinx-build -b html -d _build/doctrees   . _build/html
Running Sphinx v1.3.6
making output directory...
loading translations [ko]... done
loading pickled environment... not yet created
loading intersphinx inventory from https://docs.python.org/objects.inv...
building [mo]: targets for 0 po files that are out of date
building [html]: targets for 1 source files that are out of date
updating environment: 1 added, 0 changed, 0 removed
reading sources... [100%] index
looking for now-outdated files... none found
pickling environment... done
checking consistency... done
preparing documents... done
writing output... [100%] index
generating indices... genindex
writing additional pages... search
copying static files... done
copying extra files... done
dumping search index in English (code: en) ... done
dumping object inventory... done
build succeeded.

Build finished. The HTML pages are in _build/html.
test@ubuntu-docs:~/Workspace/docs$

 

make html 동작 확인

리눅스 Desktop 을 사용한다면 /home/test/Workspace/docs/_build/html/index.html 을 확인 하시면 됩니다.

</html>test@ubuntu-docs:~/Workspace/docs$ cat _build/html/index.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    <title>Welcome to opensource docs’s documentation! &mdash; opensource docs 1.0 documentation</title>

    <link rel="stylesheet" href="_static/alabaster.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />

    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    './',
        VERSION:     '1.0',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <script type="text/javascript" src="_static/translations.js"></script>
    <link rel="top" title="opensource docs 1.0 documentation" href="#" />


  <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" />
~중략

 

설치는 위에 까지 하여 마무리 되었습니다.

간략하게 정리해본 sphinx-doc 설치법 이며 Nginx or Apache Web Site 와 같이 사용하면 좋을것으로 보입니다.

sphinx-autobuild 패키지 설치시 http://127.0.0.1:8000 접속으로도 확인 가능합니다.

sphinx-autobuild 패키지 설치 

test@ubuntu-docs:~/Workspace/web-docs/docs$ pip install sphinx sphinx-autobuild --user 
test@ubuntu-docs:~/Workspace/web-docs$ sphinx-autobuild . _build/html

+--------- manually triggered build ---------------------------------------------
Error: Config directory doesn't contain a conf.py file.
+--------------------------------------------------------------------------------

[I 181001 00:22:43 server:292] Serving on http://127.0.0.1:8000
[I 181001 00:22:43 handlers:59] Start watching changes
[I 181001 00:22:43 handlers:61] Start detecting changes

 

 

 

공식가이드 : https://docs.gitlab.com/omnibus/docker/

Installation from source GitLab 을 설치 하다가 문제가 생겨 Docker 로 옮겨와서 테스트를 하고 있습니다.

GitLab Requirments : https://docs.gitlab.com/ce/install/requirements.html OS 의 경우 대부분의 OS 를 지원 합니다.

일전에 포스트한 FreeBSD(Unsupported Unix distributions 라고 문서에 나와 있지만 설치가 됩니다.)

에서도 동작하며 일반적으로 많이 사용하는 Linux 에서는 설치하는데 문제가 없습니다.

(Ubuntu / Debian / CentOS / openSUSE 등) Storage 의 경우 GitLab 을 사용하는 용량만큼 달라질수 있으며 사용량이 많을 경우 LVM 등으로 붙여서 사용하는것이 용의해 보입니다.

또한 SSD 를 사용하여 응답속도를 조금더 빠르게 할수 있습니다.

cpu 의 경우 2 core 의 경우 500 명의 사용자를 지원 하고 1 core 의 경우 100명의 사용자를 지원 하지만 응용프로그램이 약깐 느려질수 있습니다. Memory 의 경우 4G + 4G Swap 최대 100명 사용자를 지원 하지만 속도가 느리고 8G 사용을 권장 합니다. 테스트 머신의 경우 ubuntu 16.04 / 2core cpu / 4G memory 사용 하여 테스트를 진행 하였습니다.

 

 

가이드 부분에 보면 아주 쉽게 설명이 되어 있습니다.

아래 내용과 동일하게 테스트를 해도 되지만 관리상 편하게 몇군대를 수정 하였습니다.

GitLab 제공 Docker-compose.yml 파일

web:
  image: 'gitlab/gitlab-ce:latest'
  restart: always
  hostname: 'gitlab.example.com'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'https://gitlab.example.com'
      # Add any other gitlab.rb configuration here, each on its own line
  ports:
    - '80:80'
    - '443:443'
    - '22:22'
  volumes:
    - '/srv/gitlab/config:/etc/gitlab'
    - '/srv/gitlab/logs:/var/log/gitlab'
    - '/srv/gitlab/data:/var/opt/gitlab'

 

ports 부분의 경우 22:22 으로 연결을 해줍니다.

기본적으로 ssh 연결포트로 사용하기 때문에 해당 포트를 알려지지 않은 포트로 변경 합니다.

volume 부분의 경우 최상위 디렉토리가 아닌 Docker 관리 디렉토리에서 변경을 한다면 GitLab 서비스와 관리 하기 편하기 때문에

Workspcae/gitlab 아래의 디렉토리로 설정을 합니다.

 

docker-compose 설치

test@docker-test:~/Workspace$ sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
test@docker-test:~/Workspace$ sudo chmod +x /usr/local/bin/docker-compose
test@docker-test:~/Workspace$ docker-compose --version

 

docker-compose.yml 파일 생성

gitlab 디렉토리를 생성후 docker-compose.yml 파일을 생성합니다.

test@docker-test:~/Workspace/gitlab$ vi docker-compose.yml
web:
  image: 'gitlab/gitlab-ce:latest'
  restart: always
  hostname: 'gitlab.example.com'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'https://gitlab.example.com'
  ports:
    - '80:80'
    - '443:443'
    - '1234:22'
  volumes:
    - './srv/gitlab/config:/etc/gitlab'
    - './srv/gitlab/logs:/var/log/gitlab'
    - './srv/gitlab/data:/var/opt/gitlab'

test@docker-test:~/Workspace/gitlab$

 

docker-compose 실행

test@docker-test:~/Workspace/gitlab$ docker-compose up -d --build

 

external_url ‘https://gitlab.example.com’  의 경우 https 로 할경우 Web에서 접속을 https 로 접속을 해야 합니다.

http 로는 접속을 할수 없습니다.

http 를 사용하기 위해선 external_url ‘http://gitlab.example.com’ 로 설정 하시면 됩니다.

 

http 확인

Windows hosts 추가후 test domain 을 사용하였습니다.

 

https 확인

GitLab Server ip 로 접속시에도 동일합니다. 

 

 

http 접속 확인

docker-compose 의

external_url ‘https://gitlab.example.com’ => external_url ‘http://gitlab.example.com’ 부분을 변경하였습니다.

실제로 사용할 경우 디렉토리를 삭제후 다시 만들어 사용하는걸 권장합니다.

root user 의 password 를 설정 합니다.

 

docker-compose up -d –build 후 약 1분 ~ 2분 정도의 시간이 필요 합니다.

GitLab Service 가 정상적으로 올라가지 않은상태에서 웹사이트 접속시 아래와 같은 화면을 확인할수 있습니다.

 

 

root User 로 로그인

 

 

 

 

ubuntu locale 변경

 

locale 확인

test@docker-test:~$ locale
LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=
test@docker-test:~$

 

language-pack-ko pkg 설치

test@docker-test:~$ sudo apt-get install language-pack-ko

 

locale 변경 및 SSH 재접속후 locale 확인

test@docker-test:~$ locale -a |grep -i ko
ko_KR.utf8


test@docker-test:~$ sudo vi /etc/default/locale
#  File generated by update-locale
LANG="ko_KR.utf8"


## SSH 재접속후 확인

test@docker-test:~$ locale
LANG=ko_KR.utf8
LANGUAGE=
LC_CTYPE="ko_KR.utf8"
LC_NUMERIC="ko_KR.utf8"
LC_TIME="ko_KR.utf8"
LC_COLLATE="ko_KR.utf8"
LC_MONETARY="ko_KR.utf8"
LC_MESSAGES="ko_KR.utf8"
LC_PAPER="ko_KR.utf8"
LC_NAME="ko_KR.utf8"
LC_ADDRESS="ko_KR.utf8"
LC_TELEPHONE="ko_KR.utf8"
LC_MEASUREMENT="ko_KR.utf8"
LC_IDENTIFICATION="ko_KR.utf8"
LC_ALL=
test@docker-test:~$