# 서버셋팅
APM설치 (APACHE: 2.4.6 PHP : 5.6 Maria : 5.5.68)
# yum 패키지 업데이트
yum list updates && yum –y update
# 의존성 라이브러리 설치
yum -y install gcc gcc-c++ libtermcap* libtermcap-devel gdbm-devel zlib* libxml* freetype* libpng-* libjpeg* gd-*
# apache설치
yum -y install httpd
systemctl start httpd
systemctl enable httpd.service
# 리부팅 후 아파치 확인 : IP로 확인
# PHP설치
yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install yum-utils
yum-config-manager --enable remi-php56
yum -y install php php-bcmath php-cli php-common php-dba php-dbg php-devel php-embedded php-enchant php-fpm php-gd php-gmp php-imap php-interbase php-intl php-ldap php-litespeed php-mbstring php-mcrypt php-mysqlnd php-odbc php-opcache php-pdo php-pgsql php-process php-pspell php-recode php-snmp php-soap php-tidy php-xml php-xmlrpc php-cur
# pico /etc/php.ini
short_open_tag = On 수정
# 아파치 재시작 : systemctl restart httpd
# pico /var/www/html/phpinfo.php
<?php
phpinfo();
?>
# http://x.x.x.x/phpinfo.php 확인
# maria db설치
yum -y install mariadb-server mariadb
systemctl start mariadb
systemctl enable mariadb
# maria db 초기설정
mysql_secure_installation
:: 이후 설정
Enter current password for root (enter for none)
mysql 비밀번호를 물어보는건데 처음 설치하는거니 비밀번호가 없으니 엔터
Set root password ? [Y/n] - Y
Remove anonymous users? [Y/n] - Y
Disallow root login remotely? [Y/n] - Y
Remove test database and access to it? [Y/n] - Y
Reload privilege tables now? [Y/n] - Y
# DB설정
mysql -u root -p****
create database db명;
grant all privileges on abc.* to abc@localhost identified by "비번";
flush privileges;
# 커넥션 늘리기 설정
pico /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
pico /etc/security/limits.d/20-nproc.conf
기존 내용 및에 아래 2줄 추가
mysql hard nofile 65536
mysql soft nofile 65536
pico /etc/my.cnf.d/server.cnf
[mysqld]
max_connections = 4000
wait_timeout=600
max_allowed_pcaket = 15M
참고 : wait_timeout 확인은 show global variables like '%timeout%';
systemctl edit mariadb
[Service]
LimitNOFILE=65535
# DB UTF-8셋팅
pico /etc/my.cnf
아래 내용 복사 해 넣을것
[client]
default-character-set=utf8
[mysqld]
character-set-server=utf8
collation-server=utf8_general_ci
init_connect=SET collation_connection=utf8_general_ci
init_connect=SET NAMES utf8
[mysql]
default-character-set=utf8
# 계정추가
cd /etc/skel
mkdir public_html
useradd bittobig –d /home/계정
# mod_ssl 설치
yum -y install mod_ssl
# httpd.conf파일수정
pico /etc/httpd/conf/httpd.conf
- ServerName x.x.x.x (ip)
- 아래 추가
- <Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
- 맨 하단에 추가
include /etc/httpd/conf/vhost.conf
<Directory "/home">
AllowOverride All
Options FollowSymLinks
</Directory>
<IfModule dir_module>
DirectoryIndex index.html index.php -> 수정
</IfModule>
아래 적당한 위치에 추가
AddType application/x-httpd-php .php .html .htm .inc
AddType application/x-httpd-php-source .phps
7.4 /etc/httpd/conf/vhost.conf 파일수정
<VirtualHost *:80>
DocumentRoot /home/도메인.com/public_html
ServerName 도메인.com
ServerAlias www.도메인.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
Let’s Encrypt 설치
먼저 도메인의 네임서버가 변경되었는지 확인
사이트 : https://letsencrypt.org/
yum install epel-release
yum install certbot python2-certbot-apache
certbot --apache certonly
이후 몇가지 물어보는 것이 나옴
Do you agree? - Y
Support digital freedom. - N
도메인이 여러개일 때, 한번에 여러개 설치가 되지는 않음
따라서, 도메인 개수만큼 반복 수행 해야 함.
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/도메인.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/도메인.com/privkey.pem
Your certificate will expire on 2021-05-15. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
같은식으로 반복하여. SSL설치
# pico /etc/httpd/conf/vhost.conf 주석해제
# systemctl restart httpd
# Sendmail 설치
rpm -qa | grep sendmail
yum -y install sendmail sendmail-cf
rpm -qa | grep sendmail*
pico /etc/hosts
x.x.x.X mail.도메인.com : 맨밑에 추가
pico /etc/mail/local-host-names : 아래내용 추가
localhost RELAY
mail.도메인.com
도메인.com
설정파일 백업 복사
cp /etc/mail/sendmail.mc /usr/local/src/backup_sendmail.mc
cp /etc/mail/sendmail.cf /usr/local/src/backup_sendmail.cf
pico /etc/mail/sendmail.mc
52라인 TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
53라인 define(`confAUTH_MECHANISMS',
`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
118라인 DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
sendmail.cf 생성
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
pico /etc/mail/access
기존 설정 밑에 아래 내용 추가
Connect:도메인.com RELAY
makemap hash /etc/mail/access < /etc/mail/access
# 메일 계정설정
cd /home
mkdir MAIL
useradd infomykorea –d /home/MAIL/계정
passwd 계정
pico /etc/passwd
메일 계정의 맨 뒤를 bash -> false로 변경
# pico /etc/mail/virtusertable
info@도메인.com info
makemap hash /etc/mail/virtusetable </etc/mail/virtusertable
systemctl start saslauthd
systemctl enable saslauthd
service sendmail.service restart
netstat –nap – 25번 포트 떠 있는지 확인
# pop3설치
rpm -qa | grep dovecot
yum -y install dovecot
pico /etc/dovecot/dovecot.conf
protocols = pop3
pico /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=MEMORY
pico /etc/dovecot/conf.d/10-ssl.conf
ssl=no
pico /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
service dovecot start
netstat -nltp | grep dovecot
# 서버가 여러개의 도메인일 경우 8.1 참조해서 ssl인증서 마저 설치
# 인증서 자동 갱신
crontab -ll
crontab –e 아래 두줄 추가
0 1 * * * /home/scripts/delmail.sh
0 03 1 * * /usr/bin/certbot renew --renew-hook="service httpd restart"
'프로그램개발' 카테고리의 다른 글
홈페이지 유지보수가 고민되신다면? (0) | 2024.01.19 |
---|---|
centOS 7.8 (64bit) node.js 와 관련 프로그램 설치 (0) | 2021.03.03 |
네이버 클라우드 플랫폼 서버 설치 절차(cent os) (0) | 2021.03.03 |