페도라 설치후 서버 기본작업

Admin 2020.04.21 15:37 조회 수 : 99

1) 리눅스 버전체크

# uname -a

Linux lael-centos 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

 

2) CentOS 버전체크

# cat /etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

 

3) 하드용량체크

# df -h

Filesystem           Size  Used Avail Use% Mounted on
/dev/mapper/cl-root   50G   11G   40G  21% /
devtmpfs              32G     0   32G   0% /dev
tmpfs                 32G   96K   32G   1% /dev/shm
tmpfs                 32G   26M   32G   1% /run
tmpfs                 32G     0   32G   0% /sys/fs/cgroup
tmpfs                 32G   80K   32G   1% /tmp
/dev/md126p2         494M  210M  285M  43% /boot
/dev/md126p1         200M  9.5M  191M   5% /boot/efi
/dev/mapper/cl-home  343G  108M  343G   1% /home
/dev/md124           2.7T   20G  2.6T   1% /data
tmpfs                6.3G     0  6.3G   0% /run/user/54321
tmpfs                6.3G   16K  6.3G   1% /run/user/1000
tmpfs                6.3G     0  6.3G   0% /run/user/0


4) 메모리 체크

# free -m

              total        used        free      shared  buff/cache   available
Mem:          64358        9627       31161       19385       23569       34721
Swap:         32191           0       32191


4-1) CPU 코어수 확인

# cat /proc/cpuinfo | grep processor | wc -l
16

# cat /proc/cpuinfo | grep processor
# cat /proc/cpuinfo

 

5) 표준 시간대 식별

# ls /usr/share/zoneinfo
# ls /usr/share/zoneinfo/Asia

 

5-1) 시스템 시간 설정

# ln -sf /usr/share/zoneinfo/Asia/Phnom_Penh /etc/localtime
# date

Thu Jul 13 11:02:18 +07 2017


6) Network 설정

# vi /etc/hostname
localhost.localdomain
# hostname -F /etc/hostname
# vi /etc/hosts

:wq

 

# vi /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=localhost.localdomain

GATEWAY=192.168.0.1

:wq

 

# ls /etc/sysconfig/network-scripts/ifcfg-*
# vi /etc/sysconfig/network-scripts/ifcfg-eth0

TYPE=Ethernet

BOOTPROTO=none

DEVICE=eth0

ONBOOT=yes

NM_CONTROLLED=yes

IPADDR=000.000.000.000

NETMASK=255.255.255.0

GATEWAY=000.000.000.000

DNS1=000.000.000.000

DNS2=000.000.000.000

IPV6INIT=no

USERCTL=no

:wq

 

 

# sustemctl restart NetworkManager.service

 

7) yum 기본 팩키지와 GNOME 업데이트

# yum update

# yum -y groupinstall 'Development Tools'

# yum -y install wget

# yum -y install yum-utils

# yum -y install chkconfig

# yum -y install nodejs npm

# yum -y groups install "GNOME Desktop"

# startx

# systemctl get-default

multi-user.target

# systemctl set-default graphical.target

 


8) SSH 설정

# yum -y install openssh-server openssh-clients

# cd /etc/ssh

# vi /etc/ssh/sshd_config
Port 22

# 루트 로그인 차단할 경우 주석(#)제거하고 no 로 변경한다.
PermitRootLogin no
:wq

# service sshd start


## 22번 포트가 열렸는지 확인
netstat -an|grep LISTEN
# service sshd restart 


## 방화벽 설정

# yum install -y firewalld

# firewall-cmd --state
# firewall-cmd --permanent --zone=public --add-service=http 
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --permanent --zone=public --add-port=80/tcp
# firewall-cmd --reload

# firewall-cmd --list-all

# systemctl disable firewalld

 

## iptable 설정

# yum install -y iptables-services

# vi /etc/sysconfig/iptables

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 44220 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 44221 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 3306 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

:wq

# iptables-restore < /etc/sysconfig/iptables

# service iptables restart

# systemctl enable iptables

# systemctl enable ip6tables

 
# systemctl disable iptables

# systemctl disable ip6tables

 

## 서버 접속이 안될때 점검사항 - 페도라는 iptables 방화벽을 정지해 본다.

# iptables -t nat -F

# iptables -F

 

## iptables 실행 오류가 있는 경우 firewalld 서비스를 정지한다.

# systemctl disable firewalld

 

 

9) NGINX 설치

# yum install -y nginx

# systemctl start nginx

or
# service nginx start

# systemctl enable nginx

or
# service enable nginx
# vi /etc/nginx/conf.d/www.mydomain.com.conf

upstream php-handler {

    server unix:/run/php-fpm/www.sock;

}

 

server {

    listen 80;

    listen [::]:80 ipv6only=on;

    server_name mydomain.com;

 

    charset utf-8;
    access_log  /var/log/nginx/www.mydomain.com.access.log;

    error_log   /var/log/nginx/www.ooadmin.dev.error.log;

    root   /usr/share/nginx/html;

    index  index.php index.html index.htm;

 

    location / {

        try_files $uri $uri/ /index.php?$args;
    }

 

    error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ .php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ .php$ {
        root           /usr/share/nginx/html;

        try_files $uri =404;
        fastcgi_pass   php-handler;
        fastcgi_index  index.php;

        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

        fastcgi_param  SCRIPT_NAME $fastcgi_script_name;

        fastcgi_buffer_size 128k;

        fastcgi_buffers 256 16k;

        fastcgi_busy_buffers_size 256k;

        fastcgi_temp_file_write_size 256k;

        include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /.ht {
        deny  all;
    }
}

:wq

# nginx -t -c /etc/nginx/nginx.conf

# service nginx restart

 

9-1) APACHE 설치

# dnf install httpd

# systemctl enable httpd.service

# systemctl start httpd.service

# systemctl status httpd.service

# systemctl restart httpd

# vi /etc/httpd/conf/httpd.conf

 

## PHP 설정

# dnf module list php

# dnf module reset php

# dnf module enable php:remi-7.3

# dnf install php73 php73-php-fpm -y

# dnf install php73 php73-php-fpm php73-php-common php73-php-cli php73-php-json php73-php-pdo php73-php-mysql php73-php-mysqlnd php73-php-zip php73-php-devel php73-php-gd php73-php-mcrypt php73-php-mbstring php73-php-curl php73-php-xml php73-php-pear php73-php-bcmath php73-php-xmlrpc php73-php-soap php73-php-dba php73-php-ldap php73-php-opcache php73-php-pecl-apcu php73-php-pecl-memcached php73-php-interbase php73-php-imap php73-php-odbc php73-php-snmp php73-php-pecl-imagick php73-php-process php73-php-recode php73-php-pspell php73-php-dbg

# vi /etc/opt/remi/php73/php.ini

cgi.fix_pathinfo=0

max_execution_time = 30

max_input_time = 60

upload_max_filesize = 2M

max_file_uploads = 200

default_socket_timeout = 60

:wq

 

# dnf module reset php

# dnf module enable php:remi-7.4

# dnf install php74 php74-php-fpm -y

# dnf install php74 php74-php-fpm php74-php-common php74-php-cli php74-php-json php74-php-pdo php74-php-mysql php74-php-mysqlnd php74-php-zip php74-php-devel php74-php-gd php74-php-mcrypt php74-php-mbstring php74-php-curl php74-php-xml php74-php-pear php74-php-bcmath php74-php-xmlrpc php74-php-soap php74-php-dba php74-php-ldap php74-php-opcache php74-php-pecl-apcu php74-php-pecl-memcached php74-php-interbase php74-php-imap php74-php-odbc php74-php-snmp php74-php-pecl-imagick php74-php-process php74-php-recode php74-php-pspell php74-php-dbg

# vi /etc/opt/remi/php74/php.ini

cgi.fix_pathinfo=0

max_execution_time = 30

max_input_time = 60

upload_max_filesize = 2M

max_file_uploads = 200

default_socket_timeout = 60

:wq

 

# systemctl start php73-php-fpm

# systemctl enable php73-php-fpm

# systemctl status php73-php-fpm

 

# systemctl start php74-php-fpm

# systemctl enable php74-php-fpm

# systemctl status php74-php-fpm

 

# vi /etc/httpd/conf.d/site2.your_domain.conf

<VirtualHost *:80>

     ServerAdmin admin@site1.your_domain

     ServerName site1.your_domain

     DocumentRoot /var/www/site1.your_domain

     DirectoryIndex info.php

     ErrorLog /var/log/httpd/site1.your_domain-error.log

     CustomLog /var/log/httpd/site1.your_domain-access.log combined

 

  <IfModule !mod_php7.c>

    <FilesMatch \.(php|phar)$>

        SetHandler "proxy:unix:/var/opt/remi/php74/run/php-fpm/www.sock|fcgi://localhost"

    </FilesMatch>

  </IfModule>

</VirtualHost>

 

# apachectl configtest

# systemctl restart httpd

 

 

10) MySQL (MariaDB) 설치

# vi /etc/yum.repos.d/MariaDB.repo

[mariadb]

name = MariaDB

baseurl = http://yum.mariadb.org/10.4/fedora31-amd64

gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

gpgcheck=1

:wq

# yum -y install mariadb MariaDB-server MariaDB-client net-tools
# systemctl enable mariadb.service
# service mariadb start
# firewall-cmd --permanent --zone=public --add-port=3306/tcp
# firewall-cmd --reload
# firewall-cmd --list-all
# netstat -tap | grep mysql

tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN 56204/mysqld

 

10-1) DB 기본 환경설정

# mysql_secure_installation

Enter current password for root (enter for none): 

Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


Remove anonymous users? [Y/n] Y
 ... Success!

 

Disallow root login remotely? [Y/n] n
 ... skipping.

 

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

 

Reload privilege tables now? [Y/n] Y
 ... Success!

Thanks for using MariaDB!

 

10-2) 기본 언어셋 설정

# vi /etc/my.cnf

아래 항목에 다음 2 줄을 추가한다.
[mysqld]
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
:wq
# service mariadb restart

 

10-3) DB 생성, 테이블 생성 및 사용자 추가

# mysql -u root -p

mysql> create database 디비명;
mysql> use mysql;

mysql> INSERT INTO mysql.user (host,user,password,ssl_cipher,x509_issuer,x509_subject,authentication_string) VALUES ('192.168.%','아이디',password('패스워드'),'','','','');

mysql> flush privileges;

mysql> GRANT ALL PRIVILEGES ON *.* TO '아이디'@'192.168.%';

mysql> create user '아이디'@'localhost' identified by '비번'; # 로컬 계정 생성
mysql> create user '아이디'@'%' identified by '비번'; # 원격 계정 생성

mysql> grant all privileges on 디비명.* to '아이디'@'localhost'; # 로컬 계정에 권한 허용
mysql> grant all privileges on 디비명.* to '아이디'@'%'; # 원격 계정에 권한 허용
mysql> flush privileges; # 변경사항 적용
mysql> quit

 

계정 삭제인경우

mysql> DELETE FROM mysql.user WHERE host='192.168.%' AND user='아이디';
 

 

11) PHP 설치

[FEDORA31/RHEL 7.x:]

# dnf -y update
# dnf -y install https://rpms.remirepo.net/fedora/remi-release-31.rpm

# dnf config-manager --set-enabled remi

# dnf config-manager --set-enabled remi-php74

# dnf module install php:remi-7.4

# dnf update

# yum install php  php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json

 

[PHP 7.4]

# php -v

# yum remove php*

# yum --enablerepo=remi update remi-release

# yum-config-manager --enable remi-php74
# yum --enablerepo=remi-php74 install -y zip unzip php-zip
# yum --enablerepo=remi-php74 install -y php php-fpm php-common php-cli php-json php-pdo php-mysql php-mysqlnd
[추가 패키지 옵션]
# yum --enablerepo=remi-php74 install -y php-mbstring php-gd php-devel php-xml php-xmlrpc php-soap php-pear php-dba php-ldap php-opcache php-pecl-apcu php-pecl-memcached php-mcrypt php-dba php-interbase php-imap php-odbc php-snmp php-pecl-imagick php-process php-recode php-pspell php-dbg
# systemctl start php-fpm
# systemctl enable php-fpm

 

[Composer]

# wget https://getcomposer.org/installer -O composer-setup.php

# php composer-setup.php --filename=composer --install-dir=/usr/local/bin

# composer --version


# yum -y install memcached

 

# vi /etc/php.ini

cgi.fix_pathinfo=0

max_execution_time = 30

max_input_time = 60

upload_max_filesize = 2M

max_file_uploads = 200

default_socket_timeout = 60

 

[...]
extension=apc.so

date.timezone = "Asia/Phnom_Penh"

:wq

 

# vi /etc/php-fpm.d/www.conf

[www]

listen = 127.0.0.1:9000

...

listen.owner = nobody
listen.group = nobody

...

user = nginx
group = nginx

...

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

:wq

# systemctl enable php-fpm.service
# systemctl start php-fpm.service

 

12) 사용자 계정 생성

# adduser testid
# passwd testid
# cat /etc/sudoers
# cat /etc/group | grep wheel

# usermod -G root testid  // testid 계정에 root 그룹권한 등록

 

13) 리눅스 보안강화 모듈 해제하기

# setenforce 0
or
# vi /etc/sysconfig/selinux
SELINUX=disabled

 

14) SSL 설정

# mkdir -p /etc/nginx/cert/
# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/cloud.crt -keyout /etc/nginx/cert/cloud.key
Generating a 2048 bit RSA private key
.....................................................................................+++
...................+++
writing new private key to '/etc/nginx/cert/cloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

# chmod 700 /etc/nginx/cert
# chmod 600 /etc/nginx/cert/*

 

15) vsftpd 설치

# yum install vsftpd ftp -y

# vi /etc/vsftpd/vsftpd.conf

anonymous_enable=NO

ascii_upload_enable=YES

ascii_download_enable=YES

ftpd_banner=Welcome to FTP service.

use_localtime=YES

listen_port=44221

:wq

 

# systemctl enable vsftpd

# systemctl start vsftpd

# firewall-cmd --permanent --add-port=44221/tcp

# firewall-cmd --permanent --add-service=ftp

# firewall-cmd --reload

 
사용자 홈 디렉토리 권한 조정을 해주어야 웹 루트 폴더로 사용가능

nginx 403 Forbidden Error hosting in User Home Directory

# cd /home
#chmod 701 사용자홈
 

 

16) XE 설치

# cd /usr/share/nginx/html/

# wget https://github.com/xpressengine/xe-core/releases/download/1.11.6/xe.1.11.6.tar.gz

# tar -zxvf xe.1.11.6.tar.gz -C /usr/share/nginx/html/

# chown root:root -R /usr/share/nginx/html

# chmod 707 -R /usr/share/nginx/html

 

[설치환경 수집동의가 계속 출력될때]

# chown root:nginx /var/lib/php/session

 

17) XE3 설치

# php -r "copy('http://start.xpressengine.io/download/installer', 'installer');" && php installer install

or

# git clone https://github.com/xpressengine/xpressengine.git

# cd xpressengine

# composer install

# php artisan xe:install

# chmod 707 -R vendor

# chmod 707 -R plugins

# chmod 707 -R storage

# chmod 707 -R config

# chmod 707 composer.lock

 

18) Laravel 설치

# export=$PATH:$HOME/.composer/vendor/bin

# composer global require laravel/installer

# composer create-project --prefer-dist laravel/laravel 프로젝트명

# laravel new 프로젝트명

# chown -R $USER:nginx storage

# chown -R $USER:nginx bootstrap/cache

# chmod -R 775 storage

# chmod -R 775 bootstrap/cache

# cp .env.example .env

# vi .env

DB_CONNECTION=mysql

DB_HOST=127.0.0.1

DB_PORT=3306

DB_DATABASE=laravel

DB_USERNAME=root

DB_PASSWORD=

:wq

# vi /app/AppServiceProvider.php

public function boot()

{

  Schema::defaultStringLength(191);

}
:wq

# composer update

# php artisan key:generate

# php artisan migrate

# php artisan db:seed

# php artisan passport:install

# php artisan storage:link

# php artisan tinker

# factory(App\User::class, 2)->create();

# php artisan scout:import App\Model;

# npm install

# npm run dev

# php artisan serve

# php artisan --version

 

# php artisan config:cache

# php artisan cache:clear

# php artisan route:clear

# php artisan view:clear

 

# composer update

# composer dump-autoload

# php artisan vendor:publish --tag=public --force

 

## AUTH

# composer require laravel/ui --dev

# php artisan ui vue --auth
# npm install && npm run dev
 
## VOYAGER

# composer require tcg/voyager

# vi .env

APP_URL=http://localhost

:wq

# php artisan voyager:install --with-dummy

# php artisan voyager:admin your@email.com --create

# php artisan vendor:publish --provider="TCG\Voyager\VoyagerServiceProvider"

# php artisan vendor:publish --provider="Intervention\Image\ImageServiceProviderLaravelRecent"

# php artisan db:seed --class=VoyagerDatabaseSeeder

# php artisan hook:setup

# php artisan hook:install test-hook

# php artisan storage:link

# composer dump-autoload 

# vi /config/filesystems.php

'public' => [

    'driver' => 'local',

    'root' => storage_path('app/public'),

    'url' => env('APP_URL').'/public/storage',

    'visibility' => 'public',

],

:wq

 

19) 라라벨 기본 문서 경로 변경

라라벨 기본 문서 경로는 "/public" 이다. public 폴더를 "/public_html" 로 변경하거나, 루트(/)로 지정할때 다음과 같이 하면 된다.

public 폴더내의 index.php 의 'vondor/autoload.php'와 'bootstrap/app.php' 경로를 재설정하고, 'index.php' 파일을 원하는 경로로 이동한다.

여기에선 루트(/)로 지정을 하였고, 스크립트나 파일등은 '/public'에 보관한다.

define('LARAVEL_START', microtime(true));

require __DIR__.'/vendor/autoload.php';

$app = require_once __DIR__.'/bootstrap/app.php';

$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);

$response = $kernel->handle(

    $request = Illuminate\Http\Request::capture()

);

$response->send();

$kernel->terminate($request, $response);

 

APP/Providers/AppServiceProvider.php 파일에서 register 에 아래 내용을 추가한다.

public function register()

{

  $this->app->bind('path.public', function() {

    return base_path().'/public';

  });

}

 

server.php

if ($uri !== '/' && file_exists(__DIR__.'/public'.$uri)) {

    return false;

}

require_once __DIR__.'/public/index.php';

 

루트에 있는 .env 파일 하단에 아래 내용을 추가한다.

APP_URL=localhost/sub

ASSET_URL=/sub/public

 

webpack.mix.js

mix.config.publicPath='public';

mix.js('resources/js/app.js', 'public/js')

 

 

라라벨 Migration

# php artisan make:migration create_테이블명_table --path="package/Migrations"

# php artisan make:migration add_fields_to_users_table --table=users

# php artisan make:controller SketchbookController --resource

# php artisan make:model 모델명 -c -m

 

public function up()
{
  Schema::disableForeignKeyConstraints();
  Schema::dropIfExists('테이블명');
  // column 생성
  Schema::create('테이블명', function (Blueprint $table) {
      $table->id();
      $table->unsignedBigInteger('code')->nullable();
      $table->string('name')->default('')->comment('user name');
      $table->string('user_id')->references('id')->on('users');
      $table->string('email');
      $table->longText('content')->comment('content');
      $table->text('pure_content')->nullable();
      $table->tinyInteger('type')->default('0');
      $table->boolean('is_admin')->default(0);
      $table->decimal('amount', 8, 2)->default('36');
      $table->dateTime('created_at')->nullable();
      $table->index('created_at');
      $table->unique(['email', 'user_id']);
      $table->timestamps();
      $table->foreign('code')->references('id')->on('users');
  });
  // column 삭제
  Schema::table('테이블명', function (Blueprint $table) {
      $table->dropColumn('id');
  });
  // column 추가, 변경
  Schema::table('테이블명', function (Blueprint $table) {
      $table->bigIncrements('id');
      $table->string('title');
      $table->renameColumn('is_admin', 'status');
      $table->integer('type')->default(1)->change();
  });

  Schema::enableForeignKeyConstraints();
}

public function down()
{
  if (Schema::hasColumn('테이블명', 'title')) {
    Schema::table('테이블명', function (Blueprint $table) {
        $table->dropColumn('title');
    });
  }
}