페도라 설치후 서버 기본작업
2020.04.21 15:37
1) 리눅스 버전체크
# uname -a
Linux lael-centos 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
2) CentOS 버전체크
# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
3) 하드용량체크
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/cl-root 50G 11G 40G 21% /
devtmpfs 32G 0 32G 0% /dev
tmpfs 32G 96K 32G 1% /dev/shm
tmpfs 32G 26M 32G 1% /run
tmpfs 32G 0 32G 0% /sys/fs/cgroup
tmpfs 32G 80K 32G 1% /tmp
/dev/md126p2 494M 210M 285M 43% /boot
/dev/md126p1 200M 9.5M 191M 5% /boot/efi
/dev/mapper/cl-home 343G 108M 343G 1% /home
/dev/md124 2.7T 20G 2.6T 1% /data
tmpfs 6.3G 0 6.3G 0% /run/user/54321
tmpfs 6.3G 16K 6.3G 1% /run/user/1000
tmpfs 6.3G 0 6.3G 0% /run/user/0
4) 메모리 체크
# free -m
total used free shared buff/cache available
Mem: 64358 9627 31161 19385 23569 34721
Swap: 32191 0 32191
4-1) CPU 코어수 확인
# cat /proc/cpuinfo | grep processor | wc -l
16
# cat /proc/cpuinfo | grep processor
# cat /proc/cpuinfo
5) 표준 시간대 식별
# ls /usr/share/zoneinfo
# ls /usr/share/zoneinfo/Asia
5-1) 시스템 시간 설정
# ln -sf /usr/share/zoneinfo/Asia/Phnom_Penh /etc/localtime
# date
Thu Jul 13 11:02:18 +07 2017
6) Network 설정
# vi /etc/hostname
localhost.localdomain
# hostname -F /etc/hostname
# vi /etc/hosts
:wq
# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
GATEWAY=192.168.0.1
:wq
# ls /etc/sysconfig/network-scripts/ifcfg-*
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=none
DEVICE=eth0
ONBOOT=yes
NM_CONTROLLED=yes
IPADDR=000.000.000.000
NETMASK=255.255.255.0
GATEWAY=000.000.000.000
DNS1=000.000.000.000
DNS2=000.000.000.000
IPV6INIT=no
USERCTL=no
:wq
# sustemctl restart NetworkManager.service
7) yum 기본 팩키지와 GNOME 업데이트
# yum update
# yum -y groupinstall 'Development Tools'
# yum -y install wget
# yum -y install yum-utils
# yum -y install chkconfig
# yum -y install nodejs npm
# yum -y groups install "GNOME Desktop"
# startx
# systemctl get-default
multi-user.target
# systemctl set-default graphical.target
8) SSH 설정
# yum -y install openssh-server openssh-clients
# cd /etc/ssh
# vi /etc/ssh/sshd_config
Port 22
# 루트 로그인 차단할 경우 주석(#)제거하고 no 로 변경한다.
PermitRootLogin no
:wq
# service sshd start
## 22번 포트가 열렸는지 확인
netstat -an|grep LISTEN
# service sshd restart
## 방화벽 설정
# yum install -y firewalld
# firewall-cmd --state
# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --permanent --zone=public --add-port=80/tcp
# firewall-cmd --reload
# firewall-cmd --list-all
# systemctl disable firewalld
## iptable 설정
# yum install -y iptables-services
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 44220 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 44221 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
:wq
# iptables-restore < /etc/sysconfig/iptables
# service iptables restart
# systemctl enable ip6tables
# systemctl disable ip6tables
## 서버 접속이 안될때 점검사항 - 페도라는 iptables 방화벽을 정지해 본다.
# iptables -t nat -F
# iptables -F
## iptables 실행 오류가 있는 경우 firewalld 서비스를 정지한다.
# systemctl disable firewalld
9) NGINX 설치
# yum install -y nginx
# systemctl start nginx
or
# service nginx start
# systemctl enable nginx
or
# service enable nginx
# vi /etc/nginx/conf.d/www.mydomain.com.conf
upstream php-handler {
server unix:/run/php-fpm/www.sock;
}
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name mydomain.com;
charset utf-8;
access_log /var/log/nginx/www.mydomain.com.access.log;
error_log /var/log/nginx/www.ooadmin.dev.error.log;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ .php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ .php$ {
root /usr/share/nginx/html;
try_files $uri =404;
fastcgi_pass php-handler;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /.ht {
deny all;
}
}
:wq
# nginx -t -c /etc/nginx/nginx.conf
# service nginx restart
9-1) APACHE 설치
# dnf install httpd
# systemctl enable httpd.service
# systemctl start httpd.service
# systemctl status httpd.service
# systemctl restart httpd
# vi /etc/httpd/conf/httpd.conf
## PHP 설정
# dnf module list php
# dnf module reset php
# dnf module enable php:remi-7.3
# dnf install php73 php73-php-fpm -y
# dnf install php73 php73-php-fpm php73-php-common php73-php-cli php73-php-json php73-php-pdo php73-php-mysql php73-php-mysqlnd php73-php-zip php73-php-devel php73-php-gd php73-php-mcrypt php73-php-mbstring php73-php-curl php73-php-xml php73-php-pear php73-php-bcmath php73-php-xmlrpc php73-php-soap php73-php-dba php73-php-ldap php73-php-opcache php73-php-pecl-apcu php73-php-pecl-memcached php73-php-interbase php73-php-imap php73-php-odbc php73-php-snmp php73-php-pecl-imagick php73-php-process php73-php-recode php73-php-pspell php73-php-dbg
# vi /etc/opt/remi/php73/php.ini
cgi.fix_pathinfo=0
max_execution_time = 30
max_input_time = 60
upload_max_filesize = 2M
max_file_uploads = 200
default_socket_timeout = 60
:wq
# dnf module reset php
# dnf module enable php:remi-7.4
# dnf install php74 php74-php-fpm -y
# dnf install php74 php74-php-fpm php74-php-common php74-php-cli php74-php-json php74-php-pdo php74-php-mysql php74-php-mysqlnd php74-php-zip php74-php-devel php74-php-gd php74-php-mcrypt php74-php-mbstring php74-php-curl php74-php-xml php74-php-pear php74-php-bcmath php74-php-xmlrpc php74-php-soap php74-php-dba php74-php-ldap php74-php-opcache php74-php-pecl-apcu php74-php-pecl-memcached php74-php-interbase php74-php-imap php74-php-odbc php74-php-snmp php74-php-pecl-imagick php74-php-process php74-php-recode php74-php-pspell php74-php-dbg
# vi /etc/opt/remi/php74/php.ini
cgi.fix_pathinfo=0
max_execution_time = 30
max_input_time = 60
upload_max_filesize = 2M
max_file_uploads = 200
default_socket_timeout = 60
:wq
# systemctl start php73-php-fpm
# systemctl enable php73-php-fpm
# systemctl status php73-php-fpm
# systemctl start php74-php-fpm
# systemctl enable php74-php-fpm
# systemctl status php74-php-fpm
# vi /etc/httpd/conf.d/site2.your_domain.conf
<VirtualHost *:80>
ServerAdmin admin@site1.your_domain
ServerName site1.your_domain
DocumentRoot /var/www/site1.your_domain
DirectoryIndex info.php
ErrorLog /var/log/httpd/site1.your_domain-error.log
CustomLog /var/log/httpd/site1.your_domain-access.log combined
<IfModule !mod_php7.c>
<FilesMatch .(php|phar)$>
SetHandler "proxy:unix:/var/opt/remi/php74/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
</IfModule>
</VirtualHost>
# apachectl configtest
# systemctl restart httpd
10) MySQL (MariaDB) 설치
# vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/fedora31-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
:wq
# systemctl enable mariadb.service
# service mariadb start
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN 56204/mysqld
10-1) DB 기본 환경설정
# mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
Remove anonymous users? [Y/n] Y
... Success!
Disallow root login remotely? [Y/n] n
... skipping.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reload privilege tables now? [Y/n] Y
... Success!
Thanks for using MariaDB!
10-2) 기본 언어셋 설정
# vi /etc/my.cnf
아래 항목에 다음 2 줄을 추가한다.
[mysqld]
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
:wq
# service mariadb restart
10-3) DB 생성, 테이블 생성 및 사용자 추가
# mysql -u root -p
mysql> create database 디비명;
mysql> use mysql;
mysql> INSERT INTO mysql.user (host,user,password,ssl_cipher,x509_issuer,x509_subject,authentication_string) VALUES ('192.168.%','아이디',password('패스워드'),'','','','');
mysql> flush privileges;
mysql> GRANT ALL PRIVILEGES ON *.* TO '아이디'@'192.168.%';
mysql> create user '아이디'@'localhost' identified by '비번'; # 로컬 계정 생성
mysql> create user '아이디'@'%' identified by '비번'; # 원격 계정 생성
mysql> grant all privileges on 디비명.* to '아이디'@'localhost'; # 로컬 계정에 권한 허용
mysql> grant all privileges on 디비명.* to '아이디'@'%'; # 원격 계정에 권한 허용
mysql> flush privileges; # 변경사항 적용
mysql> quit
계정 삭제인경우
mysql> DELETE FROM mysql.user WHERE host='192.168.%' AND user='아이디';
11) PHP 설치
[FEDORA31/RHEL 7.x:]
# dnf -y update
# dnf -y install https://rpms.remirepo.net/fedora/remi-release-31.rpm
# dnf config-manager --set-enabled remi
# dnf config-manager --set-enabled remi-php74
# dnf module install php:remi-7.4
# dnf update
# yum install php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json
[PHP 7.4]
# php -v
# yum remove php*
# yum --enablerepo=remi update remi-release
[Composer]
# wget https://getcomposer.org/installer -O composer-setup.php
# php composer-setup.php --filename=composer --install-dir=/usr/local/bin
# composer --version
# yum -y install memcached
# vi /etc/php.ini
cgi.fix_pathinfo=0
max_execution_time = 30
max_input_time = 60
upload_max_filesize = 2M
max_file_uploads = 200
default_socket_timeout = 60
[...]
extension=apc.so
date.timezone = "Asia/Phnom_Penh"
:wq
# vi /etc/php-fpm.d/www.conf
[www]
listen = 127.0.0.1:9000
...
listen.owner = nobody
listen.group = nobody
...
user = nginx
group = nginx
...
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
:wq
# systemctl enable php-fpm.service
# systemctl start php-fpm.service
12) 사용자 계정 생성
# adduser testid
# passwd testid
# cat /etc/sudoers
# cat /etc/group | grep wheel
# usermod -G root testid // testid 계정에 root 그룹권한 등록
13) 리눅스 보안강화 모듈 해제하기
# setenforce 0
or
# vi /etc/sysconfig/selinux
SELINUX=disabled
14) SSL 설정
# mkdir -p /etc/nginx/cert/
# openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/cloud.crt -keyout /etc/nginx/cert/cloud.key
Generating a 2048 bit RSA private key
.....................................................................................+++
...................+++
writing new private key to '/etc/nginx/cert/cloud.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
# chmod 700 /etc/nginx/cert
# chmod 600 /etc/nginx/cert/*
15) vsftpd 설치
# yum install vsftpd ftp -y
# vi /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to FTP service.
use_localtime=YES
listen_port=44221
:wq
# systemctl enable vsftpd
# systemctl start vsftpd
# firewall-cmd --permanent --add-port=44221/tcp
# firewall-cmd --permanent --add-service=ftp
# firewall-cmd --reload
nginx 403 Forbidden Error hosting in User Home Directory
16) XE 설치
# cd /usr/share/nginx/html/
# wget https://github.com/xpressengine/xe-core/releases/download/1.11.6/xe.1.11.6.tar.gz
# tar -zxvf xe.1.11.6.tar.gz -C /usr/share/nginx/html/
# chown root:root -R /usr/share/nginx/html
# chmod 707 -R /usr/share/nginx/html
[설치환경 수집동의가 계속 출력될때]
# chown root:nginx /var/lib/php/session
17) XE3 설치
# php -r "copy('http://start.xpressengine.io/download/installer', 'installer');" && php installer install
or
# git clone https://github.com/xpressengine/xpressengine.git
# cd xpressengine
# composer install
# php artisan xe:install
# chmod 707 -R vendor
# chmod 707 -R plugins
# chmod 707 -R storage
# chmod 707 -R config
# chmod 707 composer.lock
18) Laravel 설치
# export=$PATH:$HOME/.composer/vendor/bin
# composer global require laravel/installer
# composer create-project --prefer-dist laravel/laravel 프로젝트명
# laravel new 프로젝트명
# chown -R $USER:nginx storage
# chown -R $USER:nginx bootstrap/cache
# chmod -R 775 storage
# chmod -R 775 bootstrap/cache
# cp .env.example .env
# vi .env
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=
:wq
# vi /app/AppServiceProvider.php
public function boot()
{
Schema::defaultStringLength(191);
# composer update
# php -d memory_limit=-1 composer.phar update // 메모리 오류가 있을경우
# php artisan key:generate
# php artisan migrate
# php artisan db:seed
# php artisan passport:install
# php artisan storage:link
# php artisan tinker
# factory(AppUser::class, 2)->create();
# php artisan scout:import AppModel;
# npm install
# npm run dev
# php artisan serve
# php artisan --version
# php artisan config:cache
# php artisan cache:clear
# php artisan route:clear
# php artisan view:clear
# composer update
# composer dump-autoload
# php artisan vendor:publish --tag=public --force
## AUTH
# composer require laravel/ui --dev
# composer require tcg/voyager
# vi .env
APP_URL=http://localhost
:wq
# php artisan voyager:install --with-dummy
# php artisan voyager:admin your@email.com --create
# php artisan vendor:publish --provider="TCGVoyagerVoyagerServiceProvider"
# php artisan vendor:publish --provider="InterventionImageImageServiceProviderLaravelRecent"
# php artisan db:seed --class=VoyagerDatabaseSeeder
# php artisan hook:setup
# php artisan hook:install test-hook
# php artisan storage:link
# composer dump-autoload
# vi /config/filesystems.php
'public' => [
'driver' => 'local',
'root' => storage_path('app/public'),
'url' => env('APP_URL').'/public/storage',
'visibility' => 'public',
],
:wq
19) 라라벨 기본 문서 경로 변경
라라벨 기본 문서 경로는 "/public" 이다. public 폴더를 "/public_html" 로 변경하거나, 루트(/)로 지정할때 다음과 같이 하면 된다.
public 폴더내의 index.php 의 'vondor/autoload.php'와 'bootstrap/app.php' 경로를 재설정하고, 'index.php' 파일을 원하는 경로로 이동한다.
여기에선 루트(/)로 지정을 하였고, 스크립트나 파일등은 '/public'에 보관한다.
define('LARAVEL_START', microtime(true));
require __DIR__.'/vendor/autoload.php';
$app = require_once __DIR__.'/bootstrap/app.php';
$kernel = $app->make(IlluminateContractsHttpKernel::class);
$response = $kernel->handle(
$request = IlluminateHttpRequest::capture()
);
$response->send();
$kernel->terminate($request, $response);
APP/Providers/AppServiceProvider.php 파일에서 register 에 아래 내용을 추가한다.
public function register()
{
$this->app->bind('path.public', function() {
return base_path().'/public';
});
}
server.php
if ($uri !== '/' && file_exists(__DIR__.'/public'.$uri)) {
return false;
}
require_once __DIR__.'/public/index.php';
루트에 있는 .env 파일 하단에 아래 내용을 추가한다.
APP_URL=localhost/sub
ASSET_URL=/sub/public
webpack.mix.js
mix.config.publicPath='public';
mix.js('resources/js/app.js', 'public/js')
라라벨 Migration
# php artisan make:migration create_테이블명_table --path="package/Migrations"
# php artisan make:migration add_fields_to_users_table --table=users
# php artisan make:controller SketchbookController --resource
# php artisan make:model 모델명 -c -m
{
Schema::disableForeignKeyConstraints();
Schema::dropIfExists('테이블명');
// column 생성
Schema::create('테이블명', function (Blueprint $table) {
$table->id();
$table->unsignedBigInteger('code')->nullable();
$table->string('name')->default('')->comment('user name');
$table->string('user_id')->references('id')->on('users');
$table->string('email');
$table->longText('content')->comment('content');
$table->text('pure_content')->nullable();
$table->tinyInteger('type')->default('0');
$table->boolean('is_admin')->default(0);
$table->decimal('amount', 8, 2)->default('36');
$table->dateTime('created_at')->nullable();
$table->index('created_at');
$table->unique(['email', 'user_id']);
$table->timestamps();
$table->foreign('code')->references('id')->on('users');
});
// column 삭제
Schema::table('테이블명', function (Blueprint $table) {
$table->dropColumn('id');
});
// column 추가, 변경
Schema::table('테이블명', function (Blueprint $table) {
$table->bigIncrements('id');
$table->string('title');
$table->renameColumn('is_admin', 'status');
$table->integer('type')->default(1)->change();
});
Schema::enableForeignKeyConstraints();
}
public function down()
{
if (Schema::hasColumn('테이블명', 'title')) {
Schema::table('테이블명', function (Blueprint $table) {
$table->dropColumn('title');
});
}
}
Comment 0
| No. | Subject | Author | Date | Views |
|---|---|---|---|---|
| 10 | REQUEST 관련 구문 정리 | Admin | 2020.10.22 | 25 |
| 9 | SCOUT AND 검색(searchBoolean) | Admin | 2020.05.05 | 122 |
| » | 페도라 설치후 서버 기본작업 | Admin | 2020.04.21 | 192 |
| 7 | Model Factory - 데이터 심기(Faker) | Admin | 2020.04.19 | 110 |
| 6 | SCOUT 관계 검색 | Admin | 2020.04.16 | 460 |
| 5 | 라라벨 Model, Controller, View 실습 | Admin | 2020.04.07 | 245 |
| 4 | October CMS Theme 만들기 | Admin | 2020.04.04 | 289 |
| 3 | October CMS 설치방법 | Admin | 2020.04.03 | 76 |
| 2 | Laravel 에서 라우트된 페이지에서 404 에러가 출력될 경우 - Synology | Admin | 2020.03.25 | 200 |
| 1 | 라라벨 설치와 기본 학습 | Admin | 2020.03.13 | 52 |