centOS 7.8 (64bit) APM 설치

# 서버셋팅

APM설치 (APACHE: 2.4.6 PHP : 5.6 Maria : 5.5.68)

 

# yum 패키지 업데이트

yum list updates && yum –y update

 

# 의존성 라이브러리 설치

yum -y install gcc gcc-c++ libtermcap* libtermcap-devel gdbm-devel zlib* libxml* freetype* libpng-* libjpeg* gd-*

 

# apache설치

yum -y install httpd

systemctl start httpd

systemctl enable httpd.service

 

# 리부팅 후 아파치 확인 : IP로 확인

 

# PHP설치

yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm

yum install yum-utils

yum-config-manager --enable remi-php56

yum -y install php php-bcmath php-cli php-common php-dba php-dbg php-devel php-embedded php-enchant php-fpm php-gd php-gmp php-imap php-interbase php-intl php-ldap php-litespeed php-mbstring php-mcrypt php-mysqlnd php-odbc php-opcache php-pdo php-pgsql php-process php-pspell php-recode php-snmp php-soap php-tidy php-xml php-xmlrpc php-cur

 

# pico /etc/php.ini

   short_open_tag = On 수정

 

# 아파치 재시작 : systemctl restart httpd

# pico /var/www/html/phpinfo.php

<?php

phpinfo();

?>

 

# http://x.x.x.x/phpinfo.php 확인

 

# maria db설치

yum -y install mariadb-server mariadb

systemctl start mariadb

systemctl enable mariadb

 

# maria db 초기설정

mysql_secure_installation

:: 이후 설정

Enter current password for root (enter for none)

mysql 비밀번호를 물어보는건데 처음 설치하는거니 비밀번호가 없으니 엔터

 

Set root password ? [Y/n] - Y

Remove anonymous users? [Y/n] - Y

Disallow root login remotely? [Y/n] - Y

Remove test database and access to it? [Y/n] - Y

Reload privilege tables now? [Y/n] - Y

 

# DB설정

mysql -u root -p****

create database db명;

grant all privileges on abc.* to abc@localhost identified by "비번";

flush privileges;

 

# 커넥션 늘리기 설정

pico /etc/security/limits.conf

* soft nofile 65536

* hard nofile 65536

 

pico /etc/security/limits.d/20-nproc.conf

기존 내용 및에 아래 2줄 추가

mysql hard nofile 65536

mysql soft nofile 65536

 

pico /etc/my.cnf.d/server.cnf

[mysqld]

max_connections = 4000

wait_timeout=600

max_allowed_pcaket = 15M

참고 : wait_timeout 확인은 show global variables like '%timeout%';

 

systemctl edit mariadb

[Service]

LimitNOFILE=65535

 

# DB UTF-8셋팅

pico /etc/my.cnf

아래 내용 복사 해 넣을것

 

[client]

default-character-set=utf8

 

[mysqld]

character-set-server=utf8

collation-server=utf8_general_ci

init_connect=SET collation_connection=utf8_general_ci

init_connect=SET NAMES utf8

 

[mysql]

default-character-set=utf8

 

# 계정추가

cd /etc/skel

mkdir public_html

useradd bittobig –d /home/계정

 

# mod_ssl 설치

yum -y install mod_ssl

 

# httpd.conf파일수정

pico /etc/httpd/conf/httpd.conf

- ServerName x.x.x.x (ip)

- 아래 추가

- <Directory />

Options FollowSymLinks

AllowOverride All

</Directory>

- 맨 하단에 추가

include /etc/httpd/conf/vhost.conf

<Directory "/home">

AllowOverride All

Options FollowSymLinks

</Directory>

<IfModule dir_module>

DirectoryIndex index.html index.php -> 수정

</IfModule>

아래 적당한 위치에 추가

AddType application/x-httpd-php .php .html .htm .inc

AddType application/x-httpd-php-source .phps

7.4 /etc/httpd/conf/vhost.conf 파일수정

 

<VirtualHost *:80>

DocumentRoot /home/도메인.com/public_html

ServerName 도메인.com

ServerAlias www.도메인.com

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

 

Let’s Encrypt 설치

먼저 도메인의 네임서버가 변경되었는지 확인

사이트 : https://letsencrypt.org/

yum install epel-release

yum install certbot python2-certbot-apache

certbot --apache certonly

이후 몇가지 물어보는 것이 나옴

Do you agree? - Y

Support digital freedom. - N

도메인이 여러개일 때, 한번에 여러개 설치가 되지는 않음

따라서, 도메인 개수만큼 반복 수행 해야 함.

 

- Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/도메인.com/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/도메인.com/privkey.pem

Your certificate will expire on 2021-05-15. To obtain a new or

tweaked version of this certificate in the future, simply run

certbot again. To non-interactively renew *all* of your

certificates, run "certbot renew"

같은식으로 반복하여. SSL설치

 

# pico /etc/httpd/conf/vhost.conf 주석해제

# systemctl restart httpd

 

# Sendmail 설치

rpm -qa | grep sendmail

yum -y install sendmail sendmail-cf

rpm -qa | grep sendmail*

 

pico /etc/hosts

x.x.x.X mail.도메인.com : 맨밑에 추가

 

pico /etc/mail/local-host-names : 아래내용 추가

localhost RELAY

mail.도메인.com

도메인.com

 

설정파일 백업 복사

cp /etc/mail/sendmail.mc /usr/local/src/backup_sendmail.mc

cp /etc/mail/sendmail.cf /usr/local/src/backup_sendmail.cf

 

pico /etc/mail/sendmail.mc

52라인 TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

53라인 define(`confAUTH_MECHANISMS',

`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

118라인 DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl

sendmail.cf 생성

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

 

pico /etc/mail/access

기존 설정 밑에 아래 내용 추가

Connect:도메인.com RELAY

 

makemap hash /etc/mail/access < /etc/mail/access

 

# 메일 계정설정

cd /home

mkdir MAIL

useradd infomykorea –d /home/MAIL/계정

passwd 계정

 

pico /etc/passwd

메일 계정의 맨 뒤를 bash -> false로 변경

 

# pico /etc/mail/virtusertable

info@도메인.com info

makemap hash /etc/mail/virtusetable </etc/mail/virtusertable

 

systemctl start saslauthd

systemctl enable saslauthd

service sendmail.service restart

netstat –nap – 25번 포트 떠 있는지 확인

 

# pop3설치

rpm -qa | grep dovecot

yum -y install dovecot

pico /etc/dovecot/dovecot.conf

protocols = pop3

 

pico /etc/dovecot/conf.d/10-mail.conf

mail_location = mbox:/var/empty:INBOX=/var/spool/mail/%u:INDEX=MEMORY

 

pico /etc/dovecot/conf.d/10-ssl.conf

ssl=no

 

pico /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no

 

service dovecot start

netstat -nltp | grep dovecot

 

# 서버가 여러개의 도메인일 경우 8.1 참조해서 ssl인증서 마저 설치

 

# 인증서 자동 갱신

crontab -ll

crontab –e 아래 두줄 추가

0 1 * * * /home/scripts/delmail.sh

0 03 1 * * /usr/bin/certbot renew --renew-hook="service httpd restart"