Çѹø¿¡ ³¡³»´Â Ubuntu À¥¼¹ö¼¼Æà (¿ìºÐÅõ ¼¹ö¼¼ÆÃ)
#16.10.04 ¹«·á º¸¾ÈÀÎÁõ¼(SSL) Àû¿ë¹æ¹ýÀÌ Ãß°¡µÊ
¹«·á º¸¾ÈÀÎÁõ¼ ¼³Ä¡¹æ¹ýÀÌ Ãß°¡µÇ¾ú½À´Ï´Ù. HTTPS »ç¿ëÀ» ¿øÇϽŴٸé, º»¹®À» ´Ù ÀÐÀ¸½Å ÈÄ ´ÙÀ½ÀÇ ±Û·Î À̵¿ÇØÁÖ¼¼¿ä.
ÀÌ ¹®¼´Â 2010³â 4¿ù 12ÀÏ¿¡ óÀ½ ¾²¿©Á³À¸¸ç, ÁÖ±âÀûÀ¸·Î ¾÷µ¥ÀÌÆ®/À¯Áöº¸¼ö µÇ°í ÀÖ½À´Ï´Ù.
ÀÌ ¹®¼´Â Ç×»ó ÃֽŹöÀü(Edge Version)ÀÇ ¼¼ÆùýÀ» ¼³¸íÇÕ´Ï´Ù.
ÀÌ ±Û¿¡¼´Â ÀÚµ¿ÈµÇ°í À¯Áöº¸¼ö °ü¸®µÇ´Â ¼³Ä¡¹æ¹ýÀ» ¼³¸íÇÏ°í ÀÖ½À´Ï´Ù.
¾Æ·¡ÀÇ ¹æ¹ý´ë·Î ¼³Ä¡ÇÑ ÈÄ¿¡ ¾ðÁ¦µçÁö
1 | apt-get update |
1 | apt-get upgrade |
¸í·ÉÀ» »ç¿ëÇϸé, Ç×»ó ºü¸£°í ¾ÈÀüÇÑ ÃֽŹöÀüÀÇ ¼¹ö ¼ÒÇÁÆ®¿þ¾î¸¦ »ç¿ëÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù.
* ÀÌ ±ÛÀº Ubuntu ¿¡ PHP À¥¼¹ö¸¦ ¼¼ÆÃÇÏ´Â ¹æ¹ýÀ» ¼Ò°³ÇÏ°í ÀÖ½À´Ï´Ù.
* PHP¸¦ ÃֽŹöÀüÀ¸·Î ±¸ÃàÇÏ°í ½Í´Ù¸é https://blog.lael.be/post/2600 ±Û·Î À̵¿Çϼ¼¿ä. (Nginx + PHP7-FPM + MariaDB)
- CentOS ¿¡¼ PHP ¸¦ ±¸ÃàÇÏ°í ½Í´Ù¸é https://blog.lael.be/post/1721 (Apache + PHP + MariaDB)
* Ubuntu ¿¡¼ JSP À¥¼¹ö ¼¼ÆÃÀ» ¿øÇϽøé https://blog.lael.be/post/858 ±Û·Î À̵¿Çϼ¼¿ä.
* Ubuntu ¿¡¼ PHP¿Í JSP¸¦ µ¿½Ã ±¸µ¿ÇÏ°í ½ÍÀ¸½Ã¸é https://blog.lael.be/post/1023 ±Û·Î À̵¿Çϼ¼¿ä.
* Ubuntu °¡»ó¼¹öÈ£½ºÆÃÀ» ã´Â ÁßÀ̶ó¸é https://blog.lael.be/post/44 ±Û·Î À̵¿Çϼ¼¿ä.
ÇöÀç ¹èÆ÷µÈ Ubuntu ¹öÀüÀº ¾Æ·¡¿Í °°½À´Ï´Ù.
¿î¿µÃ¼Á¦ÀÇ ¼ö¸íÀÌ ±ä LTS ¹öÀüÀ» ¼³Ä¡Çϵµ·Ï ÇսôÙ. (¹öÀü¼ýÀÚ°¡ ³ô´Ù°í ´õ ÁÁ´Ù´Â ¶æÀº ¾Æ´Ô)
Ubuntu ¿î¿µÃ¼Á¦¿¡ °üÇؼ´Â http://en.wikipedia.org/wiki/Ubuntu_(operating_system) ¸¦ ÂüÁ¶Çϼ¼¿ä.
ÀÌ ¹®¼¿¡¼ ¼³Ä¡´Â Ubuntu 16.04 LTS¸¦ ±âÁØÀ¸·Î ÇÕ´Ï´Ù. (14.04 ¿Í´Â ÆÐÅ°Áö°¡ ¾à°£ ´Ù¸¦ ¼ö ÀÖÀ½)
Âü°í·Î
Ubuntu 14.04 LTS ´Ù¿î·Îµå À̹ÌÁö´Â http://releases.ubuntu.com/14.04/ubuntu-14.04.4-server-amd64.iso À̸ç,
Ubuntu 16.04 LTS ´Ù¿î·Îµå À̹ÌÁö´Â http://releases.ubuntu.com/16.04/ubuntu-16.04-server-amd64.iso ÀÔ´Ï´Ù.
ÀÏ¹Ý »ç¾÷ü ¹× ½Ç¹« ¼ºñ½º¿¡¼ »ç¿ëÇÒ ¼ö ÀÖ´Â ¾ÈÁ¤ÀûÀÎ ¼¼ÆùýÀ» ¾Ë·Áµå¸®°Ú½À´Ï´Ù.
0) root ±ÇÇÑÀ¸·Î º¯°æ
±âº»À¸·Î ÁÖ¾îÁø °èÁ¤ÀÌ root °¡ ¾Æ´Ò °æ¿ì¿¡¸¸ 0¹øÀ» µû¶óÇϼ¼¿ä.
º»¹®ÀÇ ¸ðµç ¸í·É¾î´Â root ÀÇ ±ÇÇÑ¿¡¼ ½ÇÇàÇؾßÇÕ´Ï´Ù. Àڽſ¡°Ô ÁÖ¾îÁø °èÁ¤ÀÌ root °èÁ¤ÀÌ ¾Æ´Ï¶ó¸é ´ÙÀ½ÀÇ ¸í·É¾î·Î root ·Î ÀüȯÇØ ÁÖµµ·Ï ÇսôÙ.
ÀÚ½ÅÀÇ °èÁ¤ º¸±â
# whoami
sudo ¸í·É¾î ½ÇÇà. root ±ÇÇÑÀ¸·Î root ·Î ·Î±×ÀÎÇÏ´Â ¸í·É¾î¸¦ ½ÇÇàÇÑ´Ù.
# sudo su
ÀÚ½ÅÀÇ °èÁ¤ º¸±â
# whoami
±âº» °èÁ¤ÀÇ UserID ´Â ±×¸²°ú ´Ù¸¦ ¼ö ÀÖÀ½. À§ ¿¹½Ã¿¡¼ ±âº» ¾ÆÀ̵ð´Â ubuntu ÀÌ´Ù.
sudo ¸í·É¾î¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Â °èÁ¤Àº root ¿Í µ¿±ÞÀÌ´Ï ºñ¹Ð¹øÈ£ °ü¸®¿¡ ½ÅÁßÇؾßÇÑ´Ù. ±âº» °èÁ¤ÀÇ ºñ¹Ð¹øÈ£¸¦ ¸Å¿ì±ä ¾î·Á¿î °ÍÀ¸·Î º¯°æÇØÁÖµµ·Ï ÇÏÀÚ.
# passwd ubuntu
1) ¸®´ª½º ¹öÀüüũ
#uname -a Linux Lael-ubuntu-xenial 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
2) Ubuntu ¹öÀüüũ
#cat /etc/issue Ubuntu 16.04 LTS \n \l
Á¶±Ý ´õ ÀÚ¼¼ÇÏ°Ô ¿î¿µÃ¼Á¦ ¹öÀüÁ¤º¸¸¦ ¾Ë¾Æº¸°í ½Í´Ù¸é
# lsb_release -a
ÇØ´ç ¸í·É¾î´Â Ubuntu ¿¡¼´Â ±âº»ÀûÀ¸·Î ¼³Ä¡µÇ¾î ÀÖÁö¸¸ CentOS °è¿¿¡¼´Â ±âº»ÆÐÅ°Áö°¡ ¾Æ´Ï´Ï »ç¿ëÇÏ·Á¸é ´ÙÀ½ ¸í·É¾î·Î ¼³Ä¡ÇØÁÖ¾î¾ß ÇÕ´Ï´Ù.
# yum install redhat-lsb-core
3) Çϵå¿ë·®Ã¼Å©
#df -h Filesystem Size Used Avail Use% Mounted on udev 2.0G 0 2.0G 0% /dev tmpfs 396M 6.2M 390M 2% /run /dev/vda1 85G 3.6G 77G 5% / tmpfs 2.0G 192K 2.0G 1% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup tmpfs 396M 92K 396M 1% /run/user/1000 tmpfs 396M 0 396M 0% /run/user/0
´ë·« ´Ù ´õÇϸé 90G°¡ ³ª¿Â´Ù.
4) ¸Þ¸ð¸® üũ
#free -m total used free shared buff/cache available Mem: 3951 770 2262 10 918 3116 Swap: 4093 0 4093
3951MÀÇ Àüü¸Þ¸ð¸®Áß ÇöÀç 770MÀ» »ç¿ëÇÏ°í ÀÖ°í 3116M°¡ ºñ¾îÀÖ´Ù.
4-1) CPU ÄÚ¾î¼ö È®ÀÎ
cpuÁ¤º¸ ÇÁ·Î¼¼½º¸¦ ÀÐ¾î¼ processor Ç׸ñÀÌ ¸î°³ÀÎÁö °¹¼ö¸¦ ¼Á´Ï´Ù.
#cat /proc/cpuinfo | grep processor | wc -l
À§ÀÇ »çÁøÀº 6 core ¸¦ ¶æÇÕ´Ï´Ù.
Çѹø Á¤µµ´Â ´ÙÀ½ÀÇ ¸í·É¾î¸¦ È®ÀÎÇØ º¸¼¼¿ä.
#cat /proc/cpuinfo | grep processor
#cat /proc/cpuinfo
5) ÇöÀç ¼¹ö¿¡ ¼³Ä¡µÈ ÆÐÅ°Áö ÃֽŹöÀüÀ¸·Î ¾÷±×·¹À̵å
APT ¸ñ·Ï °»½Å
APT¶õ Advanced Packaging Tool À» ¶æÇÕ´Ï´Ù.
¿ì¸®´Â apt ¶ó´Â ¿ìºÐÅõ¿¡ ³»ÀåµÈ ÇÁ·Î±×·¥À» ÀÌ¿ëÇؼ ÇÁ·Î±×·¥À» ½±°Ô ¼³Ä¡/Á¦°Å ÇÒ ¼ö ÀÖ½À´Ï´Ù.
ÆÐÅ°Áö ¸ñ·Ï °»½Å.
#apt-get update
ÇöÀç ¿î¿µÃ¼Á¦¿¡ ¼³Ä¡µÇ¾îÀÖ´Â ÇÁ·Î±×·¥ ÃֽŹöÀüÆÐÄ¡
#apt-get upgrade
6) ½Ã½ºÅÛ ½Ã°£ ¼³Á¤
ÀÌ°ÍÀ» ÇÏÁö ¾ÊÀ¸¸é ¿µ±¹ ½Ã°£À» ºÒ·¯¿Ã °ÍÀÌ´Ù.
¹°·Ð Ãʱ⠼³Ä¡ÇÒ ¶§ Asia/Seoul À» ¼³Á¤Çß´Ù¸é ÀÌ ÀÛ¾÷À» ÇÒ ÇÊ¿ä´Â ¾ø´Ù. ÇÏÁö¸¸ ¶Ç ÇÑ´Ù°í Çؼ ¹®Á¦µÇÁö´Â ¾Ê´Â´Ù.
- µ¥ºñ¾È ÆÐÅ°Áö Àç¼³Á¤ TimeZone Data ¸¦ ½ÇÇàÇÑ´Ù.
#dpkg-reconfigure tzdata
GUI ȯ°æÀÌ ³ª¿Ã ÅÙµ¥, ¼ø¼´ë·Î Asia - Seoul À» ¼±ÅÃÇÏ¸é µÈ´Ù.
7) Hostname ¼³Á¤
ÀÌ ¼¹ö¿¡ À̸§À» Á¤ÇÏ´Â °ÍÀÌ´Ù. À̸§À» Àß Á¤ÇØ µÎ¾î¾ß ³ªÁß¿¡ ´ÙÁß ¼¹öÀÛ¾÷À» ÇÒ ¶§ Çò°¥¸®Áö ¾Ê´Â´Ù.
À§ÀÇ ¶æÀº ¡°li599-115 ¼¹ö¿¡ root »ç¿ëÀÚ¡± ¶ó´Â ¶æÀÌ´Ù.
¼¹ö À̸§Àº FQDN(Fully Qualified Domain Name)À» ¾²´Â °ÍÀÌ ÁÁ´Ù.
Âü°í·Î ¶ó¿¤ÀÌÀÇ ÀÌ ºí·Î±× ¼¹öÀÇ hostnameÀº blog.lael.be ÀÌ´Ù.
#vi /etc/hostname
ºó ÆÄÀÏÀÏ °Çµ¥(¶Ç´Â ±âÁ¸ hostnameÀÌ ¾²¿©ÀÖÀ»°ÍÀÓ.) ¿øÇÏ´Â À̸§À¸·Î ¹Ù²Û´Ù.
±ÇÀåÇÏ´Â ´Ü¾î´Â ÀÌ ¼¹ö¿¡ ¿¬°áµÉ ´ëÇ¥ µµ¸ÞÀÎÀÌ´Ù. ¿¹¸¦ µé¾î blog.lael.be °°Àº °Í.
Àû¿ëÇÑ´Ù.
#hostname -F /etc/hostname
¼¹ö¿¡ Àç Á¢¼ÓÇϸé Àû¿ëµÈ °ÍÀ» È®ÀÎ ÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù.
hostname °ªÀº ¼¹öÀÛ¾÷ÀÚ¿¡°Ô ¼¹öÀ̸§À» ¾Ë·ÁÁÖ´Â ¿ªÇÒÀ» Çϸç, ¾Æ¹« Àǹ̾ø´Â ±ÛÀÚ¸¦ Àû¾îµµ µÈ´Ù.
ÀϺΠsendmail °°Àº ÇÁ·Î±×·¥¿¡¼ ´Ù¸¥ ¼¹ö¿Í Åë½Å½Ã »ç¿ëÇϱ⵵ ÇÑ´Ù.
- hostname À» FQDN À¸·Î ¼³Á¤ÇÏ´Â °ÍÀ» ±ÇÀåÇÏÁö¸¸, ¿ÜºÎ¿Í ¿¬°áÀÌ ¾ø´Â ¼¹öÀ̰ųª ÀÚ½ÅÀÌ ¾²°í ½ÍÀº À̸§ÀÌ ÀÖ´Ù¸é (ÆÀ¸íÀ̳ª, ȸ»ç¸í, ¼ºñ½º¸í µî) ±×°ÍÀ¸·Î Çصµ µÈ´Ù.
¿¹¸¦ µé¾î myserver1, new1111 °°ÀÌ ÀÚ½ÅÀÌ ÇÏ°í ½ÍÀº´ë·Î Á¤Çß´Ù°í ÇÑ´Ù¸é, ¼¹öÀÇ /etc/hosts ¿¡ ÇØ´ç À̸§À» µî·ÏÇصεµ·Ï ÇÏÀÚ.
127.0.0.1 myserver1
Ãß°¡) ¸ÞÀÏ ¹ß¼ÛÇÁ·Î±×·¥ ¼³Ä¡Çϱâ
¸¹Àº ÇÁ·Î±×·¥¿¡¼ mail() ÇÔ¼ö¸¦ »ç¿ëÇÑ´Ù. ÀÌ ÇÔ¼ö´Â ¼¹öÀÇ sendmail ÇÁ·Î±×·¥¿¡°Ô ¸ÞÀϹ߼ÛÀ» ¿äûÇÑ´Ù.
¸ÞÀϹ®ÀÇ, °¡ÀԽà ȯ¿µ¸ÞÀÏ, ºñ¹Ð¹øÈ£ ã±â ¸ÞÀÏ, À̸ÞÀÏÀÎÁõ µî ³Î¸® »ç¿ëµÈ´Ù. ¼¹ö°¡ ¸ÞÀÏ ¹ß¼ÛÀ» ÇÒ ¼ö ÀÖ°Ô sendmail À» ¼³Ä¡ÇÏÀÚ.
# apt-get install sendmail
ÀÌ°ÍÀº ¿ÀÁ÷ À¥»çÀÌÆ®¿¡¼ ¸ÞÀÏÀ» º¸³»±â À§ÇÑ °ÍÀÌ´Ù.
¾ÆÀ̵ð@´ç½ÅÀǵµ¸ÞÀÎ.com °°Àº °ÍÀ» ÇÏ°í ½Í´Ù¸é Àý´ë·Î Á÷Á¢ ±¸ÃàÇÏ·Á°í ÇÏÁö ¸»°í ±¸±Û¾Û½º, µµ¸ÞÀÎ ±¸ÀÔó, Ŭ¶ó¿ìµå¼¹ö ¾÷üÀÇ ¸ÞÀÏÈ£½ºÆÃ, ¼¹öÈ£½ºÆþ÷üÀÇ ¸ÞÀÏÈ£½ºÆà À» »ç¿ëÇϵµ·Ï ÇÏÀÚ.
# vi /etc/mail/local-host-names
localhost ¸¦ Á¦¿ÜÇÏ°í ³ª¸ÓÁö Ç׸ñÀº Áö¿î´Ù. ÀÌ°÷¿¡ ¾²¿©Áø µµ¸ÞÀÎÀº sendmail ¹ß¼Û½Ã ¸ñÀû ¸ÞÀϼ¹öÁ¶È¸(mx record query)¸¦ ÇÏÁö¾Ê°í ·ÎÄ÷Πº¸³½´Ù.
8) Apache2 ¼³Ä¡
#apt-get install apache2
16.04 LTS ¿¡¼´Â apache 2.4.x °¡ ¼³Ä¡µÈ´Ù. (2016³â 4¿ù 21ÀÏ ÇöÀç ÃֽŹöÀüÀº Apache 2.4.18 ÀÌ´Ù.)
°¡²û¾¿ apt-get update ¹× apt-get upgrade ¸¦ ½ÇÇàÇÏ¸é ¾Æ¹«·± ¹®Á¦¾øÀÌ ÃֽŹöÀüÀ¸·Î ¾÷µ¥ÀÌÆ® µÉ °ÍÀÌ´Ù.
¼³Ä¡°¡ ¿Ï·áµÇ¸é ÀÚµ¿Àû¿ë ¹× ½ÃÀ۵ȴÙ.
¹öÀüüũ
apache2 -v
È®ÀÎÇغ»´Ù.
http://256.123.213.213 (¼¹öÀǾÆÀÌÇÇ)
À¥ºê¶ó¿ìÁ®¿¡ ±âº» ¼³¸íÆäÀÌÁö°¡ ¶ß¸é ¼º°ø.
(Âü°í·Î ±âº»À¸·Î º¸¿©Áö´Â ÆÄÀÏÀº /var/www/html/index.html ÀÌ´Ù.)
±âº» ÆÄÀÏÀ» Áö¿î´Ù.
#rm /var/www/html/index.html
±âŸ ÁÖ·Î »ç¿ëµÇ´Â ¸ðµâÀ» È°¼ºÈ, ÇÊ¿ä¾ø´Â ¸ðµâÀº ºñÈ°¼ºÈ ÇÑ´Ù.
¾Æ·¡ ¸ðµâ¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ¼³¸íÀº¡¦ »ý·«ÇÑ´Ù.
»ç¿ë¿¡ ¹®Á¦°¡ ¹ß»ýÇÏÁö ¾Ê´Â ÃÖ»óÀÇ ¹æ½ÄÀ̶ó°í ÀÌÇØÇÏ¸é µÈ´Ù.
#a2enmod rewrite #a2enmod headers #a2enmod ssl #a2dismod -f autoindex
#Ãß°¡ º¸¾ÈÆÐÄ¡. (.git, .svn, .env µî dot·Î ½ÃÀÛÇÏ´Â ÆÄÀÏ ¹× Æú´õ º¸È£, Web Access°¡ µÇ¾î¼´Â ¾ÈµÉ ÆÄÀϵéÀÇ Á¢±Ù Á¦¾î)
# vi /etc/apache2/apache2.conf
ÆÄÀÏ Áß°£ÀÇ <FilesMatch ¡°^\.ht¡±> ±¸¹® ´ÙÀ½¿¡ Ãß°¡ÇÑ´Ù.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | # deny file, folder start with dot <DirectoryMatch "^\.|\/\." > Require all denied < /DirectoryMatch > # deny (log file, binary, certificate, shell script, sql dump file) access. <FilesMatch "\.(?i:log|binary|pem|enc|crt|conf|cnf|sql|sh|key)$" > Require all denied < /FilesMatch > # deny access. <FilesMatch "(?i:composer\.json|contributing\.md|license\.txt|readme\.rst|readme\.md|readme\.txt|copyright|artisan|gulpfile\.js|package\.json|phpunit\.xml)$" > Require all denied < /FilesMatch > # Allow Lets Encrypt Domain Validation Program <DirectoryMatch "\.well-known/acme-challenge/" > Require all granted < /DirectoryMatch > |
9) PHP 7.0 ¼³Ä¡
PHP 5 ¸¦ ¼³Ä¡ÇÏ°í ½ÍÀ¸½Ã¸é Ubuntu 14.04 LTS ¸¦ ¼³Ä¡Çϼ¼¿ä.
--
#apt-get install php
16.04 ¿¡¼´Â PHP 7.0.x °¡ ¼³Ä¡µÈ´Ù.
PHP-¾ÆÆÄÄ¡ ¿¬µ¿¸ðµâ ¼³Ä¡
#apt-get install libapache2-mod-php7.0
±âŸ ÁÖ·Î »ç¿ëµÇ´Â ¸ðµâÀ» ¼³Ä¡ÇÑ´Ù.
- ¾ÏÈ£È ¸ðµâ
#apt-get install php-mcrypt
- ´Ù±¹¾î 󸮸ðµâ
#apt-get install php-mbstring
- À̹ÌÁöó¸® ¸ðµâ
#apt-get install php-gd
- ¿ø°ÝÁö Á¤º¸ ºÒ·¯´Â ¸ðµâ (¿öµåÇÁ·¹½º, µå·çÆÈ µî¿¡¼ ¾²ÀÓ)
#apt-get install php-curl php-xml
-Ãß°¡·Î ¼³Ä¡ÇÏ°í ½ÍÀº ¸ðµâÀÌ ÀÖÀ¸¸é
#apt-cache search php-
¶ó°í ÀÔ·ÂÇؼ ¼³Ä¡°¡´ÉÇÑ ÆÐÅ°Áö¸¦ °Ë»öÈÄ install Çϵµ·Ï ÇÏÀÚ.
- ¾ÆÆÄÄ¡ Àç½ÃÀÛ(Àû¿ëÀ» À§Çؼ)
#service apache2 restart
¹öÀüüũ #php -v
PHP 7.0.4-7ubuntu2 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
7.0.4 ¹öÀüÀÌ´Ù. (´ç½ÅÀÌ ¼³Ä¡ÇÑ ¹öÀüÀº À̰ͺ¸´Ù ³ôÀ» °ÍÀÌ´Ù.)
10 - 1) MariaDB ¼³Ä¡
mysql °ú mariadb ´Â ¿ÏÀü API ȣȯµÈ´Ù.
#apt-get install mariadb-server
MariaDB 10.0.24 ÀÌ ¼³Ä¡µÈ´Ù.
MariaDB ÃʱâÈ.
14.04 LTS±îÁö´Â ÀÚµ¿À¸·Î 󸮵Ǵø ÀÛ¾÷Àε¥.. ºÐ¸®µÇ¾ú´Ù.
¾Æ¹«Æ° µ¥ÀÌÅͺ£À̽º ÃʱâÈ ÀÛ¾÷À» Çϵµ·Ï ÇÏÀÚ.
´ÙÀ½ÀÇ ¸í·É¾î ½ÇÇàÇÏÀÚ.
/usr/bin/mysql_secure_installation
¸ð¸£¸é ¿£ÅÍ ´©¸£¸é µÈ´Ù. (ºñ¹Ð¹øÈ£¸¸ ¼³Á¤ÇÏ°í ³ª¸ÓÁö´Â ¿£ÅÍ)
À߸øÇÑ °Í °°À¸¸é À§ ¸í·É¾î¸¦ ´Ù½Ã ½ÇÇàÇÏ¸é µÈ´Ù.
:: root ÀÇ ÀÎÁõ Ç÷¯±×ÀÎ Á¤º¸ Á¦°ÅÇϱâ
MySQL¿¡ Ç÷¯±×ÀÎÀ̶ó´Â °³³äÀÌ »ý°å´Ù. ±× Áß Çϳª°¡ ¼¹ö»çÀ̵å ÀÎÁõÀÌ´Ù.
¿¹¸¦µé¾î LinuxÀÇ myuser1 »ç¿ëÀÚ¿Í MySQL(MariaDB)ÀÇ myuser1 °ú ¿¬°áÀÌ µÇ´Â °æ¿ìÀÌ´Ù. (ºñ¹Ð¹øÈ£ ÇÊ¿ä¾øÀÌ ½©ÀÎÁõ)
root »ç¿ëÀÚ°¡ ±âº»°ªÀ¸·Î unix_socket Auth Plugin ÀÌ ¼³Á¤µÇ¾î Àִµ¥¡¦ ÀÌ°Ç ½Ç »ç¿ë¿¡ ¸¹Àº ºÒÆíÇÔÀ» ÁØ´Ù. ±âÁ¸°ú °°ÀÌ ºñ¹Ð¹øÈ£ ÀÎÁõ ¹æ½ÄÀ¸·Î ¹Ù²Ùµµ·Ï ÇÏÀÚ.
Linux root »ç¿ëÀÚ·Î ·Î±×ÀÎÇÑ »óÅ¿¡¼
# mysql
(ÇöÀç´Â unix_socket ÀÎÁõ¹æ½ÄÀ̶ó¼ Linux root »ç¿ëÀÚ´Â MySQL(MariaDB) root °èÁ¤¿¡ ºñ¹Ð¹øÈ£ ¾øÀÌ ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Ù)
use mysql; update user set plugin='' where User='root'; flush privileges; exit;
-----------
#apt-get install php-mysql
DB ¿¬µ¿¸ðµâ ¼³Ä¡. ¿ÏÀü ȣȯµÇ±â ¶§¹®¿¡ mysql À̶ó°í Çصµ mariadb »ç¿ë°¡´É.
MYSQL ÄÜ¼Ö Å¬¶óÀ̾ðÆ® ¹öÀüüũ
#mysql -V
mysql Ver 15.1 Distrib 10.0.24-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
10 - 2) ±âº» ¾ð¾î¼Â ¼³Á¤(Áß¿ä)
ÀÌ ´Ü°è¸¦ °Ç³Ê¶Ù¸é DB°¡ latin1 À¸·Î »ý¼ºµÇ¸ç ÃßÈÄ DBÀÛ¾÷¿¡ ¹®Á¦°¡ »ý±æ ¼ö ÀÖ´Ù.
#vi /etc/mysql/mariadb.conf.d/50-server.cnf
(vi ¿¡µðÅÍ »ç¿ë¹æ¹ýÀ» ¸ð¸¥´Ù¸é ftp Ŭ¶óÀ̾ðÆ®¸¦ »ç¿ëÇÏ¿© ¼¹ö¿¡ ·Î±×ÀÎ ÈÄ ÇØ´çÆÄÀÏÀ» ¼öÁ¤ÇÏ°í µ¤¾î¾²±âÇÑ´Ù.)
[mysqld] Ç׸ñ¿¡ ´ÙÀ½ 2 ÁÙÀ» Ãß°¡ÇÑ´Ù.
2015³âµµ ºÎÅÍ´Â ¾Æ·¡¿Í °°ÀÌ utf8mb4 ¼Ó¼ºÀ» »ç¿ëÇϼ¼¿ä.
ÀÌ ¼Ó¼ºÀº utf8È®ÀåÀÔ´Ï´Ù. ±âÁ¸ÀÇ ¸ðµç utf8°ú »óÀ§ ȣȯµË´Ï´Ù. (utf8 ¿¡¼ utf8mb4 ·ÎÀÇ º¯È¯Àº ¼Õ½ÇÀÌ ÀϾÁö ¾Ê½À´Ï´Ù.)
utf8mb4 ¼Ó¼ºÀº ½º¸¶Æ®Æù À̸ðƼÄÜ ¹®ÀÚ(emoji)¸¦ ÀúÀåÇÒ ¼ö ÀÖ½À´Ï´Ù.
ÀÚ¼¼ÇÑ ¼³¸íÀº ÀÌ°÷¿¡(https://blog.lael.be/post/917) ÀÖ½À´Ï´Ù.
1 2 | character- set -server = utf8mb4 collation-server = utf8mb4_unicode_ci |
º¯°æ»çÇ× Àû¿ë
#service mysql restart
11) PHP ±ÇÇÑ ¼³Á¤
À¥ ¼ºñ½º ±¸µ¿½Ã ¹ß»ýÇÒ ¼ö ÀÖ´Â Nobody ÆÛ¹Ì¼Ç °ü·Ã ¹®Á¦¸¦ ÇØ°áÇϱâ À§ÇØ °ü·Ã ÇÁ·Î±×·¥À» ¼³Ä¡ÇÑ´Ù.
ÀÌ ¼¼ÆÃÀ» Çϸé shellÀÇ ±ÇÇÑ°ú sftpÀÇ ±ÇÇÑ°ú webÀÇ ±ÇÇÑÀÌ µ¿ÀÏÇÏ°Ô Ãë±ÞµÇ¸ç º¸¾Èµµ ÁÁ°ÔµÈ´Ù.
¼ø¼´ë·Î ¾²¸é µÈ´Ù.
# apt-cache search mpm-itk
libapache2-mpm-itk - multiuser module for Apache
#apt-get install libapache2-mpm-itk
#chmod 711 /home
#chmod -R 700 /home/*
(/home/* ¾È¿¡ ¾Æ¹«ÆÄÀϵµ ¾øÀ» °æ¿ì ¸¶Áö¸· ±¸¹®Àº ¿¡·¯°¡ ³¯ ¼ö ÀÖ´Ù. ¿¡·¯°¡ ³ª¸é ¹«½ÃÇϵµ·Ï ÇÏÀÚ.)
11-1) PHP ½ÇÇàÈ®ÀåÀÚ º¯°æ
php ¸¦ Çؼ®ÇÏ´Â È®ÀåÀÚ°¡ ²Ï ¸¹ÀÌ ÀÖ´Ù.
#vi /etc/apache2/mods-available/php7.0.conf
.php .php3 .php4 .php5 .php7 .pht .phtml È®ÀåÀÚ ÆÄÀÏÀÌ ±âº»ÀûÀ¸·Î php¸¦ Çؼ®ÇÒ ¼ö ÀÖ°Ô µÇ¾îÀÖ´Ù.
À¥ÆäÀÌÁö¿¡¼ ÆÄÀϾ÷·Îµå ±¸Çö½Ã ÀÌ È®ÀåÀÚ ÆÄÀÏÀ» Á¦´ë·Î ¸·¾ÆÁÖÁö ¸øÇÏ¸é »çÀÌÆ®°¡ À§ÇèÇÏ°Ô µÈ´Ù.
.php ¸¦ Á¦¿ÜÇÑ ³ª¸ÓÁöÀÇ Á¢±ÙÀ» Â÷´ÜÇÏÀÚ.
1 2 3 | <FilesMatch ".+\.ph(p3|p4|p5|p7|t|tml)$" > Require all denied < /FilesMatch > |
--------------------------------------------
Àû¿ëÀ» À§Çؼ ¾ÆÆÄÄ¡ Àç½ÃÀÛ
#service apache2 restart
11-2) PHP Default timezone ¼³Á¤Çϱâ.
ÀÌ °ªÀ» ¼³Á¤ÇÏÁö ¾ÊÀ¸¸é ½Ã½ºÅÛ timezone À» »ç¿ëÇÕ´Ï´Ù.
PHP Default timezone À» ¼³Á¤ÇÏ´Â °ÍÀº Çʼö´Â ¾Æ´ÏÁö¸¸ ¸Å¿ì ±ÇÀåÇÏ´Â ÀÛ¾÷ÀÔ´Ï´Ù. ¼³Á¤ÇØÁÖ¼¼¿ä.
µ¿ÀÏÇÑ ÀÛ¾÷À» 2°³ÀÇ ÆÄÀÏ¿¡ Àû¿ëÇØ ÁÖ¾î¾ß ÇÕ´Ï´Ù.
ÀÌ°Ç Apache2 - PHP À϶§ ÂüÁ¶ÇÏ´Â ¼³Á¤ÆÄÀÏÀÔ´Ï´Ù.
#vi /etc/php/7.0/apache2/php.ini
ÀÌ°Ç CronÀ̳ª Console¿¡¼ PHP¸¦ Á÷Á¢½ÇÇàÇÒ¶§ ÂüÁ¶ÇÏ´Â ¼³Á¤ÆÄÀÏÀÔ´Ï´Ù.
#vi /etc/php/7.0/cli/php.ini
date.timezone °ªÀ» ã¾Æ¼ ÁÖ¼®À» Á¦°ÅÇÏ°í ½Ã°£À» ¼³Á¤ÇØÁÖ¼¼¿ä.
ÀÌ °ªÀ» ã¾Æ¼
ÀÌ·¸°Ô º¯°æ.
#service apache2 restart
³ªÁß¿¡ mytest.php ÆÄÀÏÀ» ¸¸µé°í À¥ºê¶ó¿ìÁ®¿¡¼ ½ÇÇà½ÃŲ µÚ À§¿Í °°ÀÌ ¼³Á¤µÇ¾î ÀÖÀ¸¸é Á¤»óÀÌ´Ù.
1 | <?php phpinfo(); ?> |
Default timezone ÀÌ ¼³Á¤µÇ¾î ÀÖÀ¸¸é Á¤»ó.
12) °èÁ¤»ý¼º ¹× µ¿ÀÛÅ×½ºÆ®
¿ø·¡ Ç¥Áظí·É¾î´Â useradd ÀÌÁö¸¸ ubuntu´Â »ç¿ëÇϱâ ÁÁ°Ô adduser ¸¦ Áö¿øÇÑ´Ù.
¸®´ª½º °ü·Ã ¼ÀûÀ» º¸¸é µÑ´Ù °èÁ¤»ý¼º¿ë ¸í·É¾î¶ó°í µÇ¾îÀÖ´Ù.
½¬¿î ¼³Á¤À» À§ÇØ adduser¸¦ »ç¿ë
#adduser myuser1
(Âü°í·Î À§¿Í ¹Ý´ëµ¿ÀÛÀ» ÇÏ´Â °èÁ¤»èÁ¦ ¸í·É¾î´Â - °èÁ¤À» »èÁ¦ÇÏ°í Ȩµð·ºÅ丮µµ »èÁ¦ÇÔ -
#userdel -r myuser1
ÀÔ´Ï´Ù.)
º¸Åë À¥·çÆ®´Â Ȩµð·ºÅ丮¿¡ ÇÏÁö ¾Ê½À´Ï´Ù.
Àú´Â ÁÖ·Î www µð·ºÅ丮¸¦ »ç¿ëÇÕ´Ï´Ù.»ç¿ëÀÚº¯°æ ÈÄ www µð·ºÅ丮¸¦ »ý¼ºÇÏ°í ºüÁ®³ª¿À±â
#su -l myuser1
#mkdir www
#exit
13) À¥»çÀÌÆ® Apache ȯ°æ¼³Á¤ÆÄÀÏ ÀÛ¼º
#16.12.20 ¼³Á¤ °¡À̵尡 Ãß°¡µÊ
ȯ°æ¼³Á¤À» ½±°ÔÇϵµ·Ï µµ¿ÍÁÖ´Â, ȯ°æ¼³Á¤ »ý¼º±â°¡ Ãß°¡µÇ¾ú½À´Ï´Ù.
https://blog.lael.be/demo-generator/apache/my-example-site.com.php
´ÙÀ½ÀÇ ³»¿ëÀ» ÀÛ¼ºÇÑ´Ù.
¾Æ·¡ ¿¹Á¦¿¡¼´Â »çÀÌÆ® ȯ°æ¼³Á¤ÆÄÀϸíÀ» lael.be ·Î °¡Á¤ÇÏ°í ÁøÇàÇÑ´Ù.
´ç½ÅÀÇ µµ¸ÞÀÎ, »ç¿ëÀÚ ¾ÆÀ̵ð, º°µµÀÇ ±¸ºÐ´Ü¾î·Î ¼³Á¤Çؼ »ç¿ëÇϵµ·Ï ÇÏÀÚ.
#vi /etc/apache2/sites-available/lael.be.conf
/etc/apache2/sites-available/lael.be.conf ¿¡ ÀúÀåÇÑ´Ù.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | <VirtualHost *:80> #main domain ServerName lael.be #additional domain ServerAlias www.lael.be ServerAlias my-anotherdomain.com #document Root DocumentRoot /home/myuser1/www/ #additional setting <Directory /home/myuser1/www/ > Options FollowSymLinks MultiViews AllowOverride All require all granted < /Directory > AssignUserID myuser1 myuser1 ErrorLog ${APACHE_LOG_DIR} /lael .be-error.log CustomLog ${APACHE_LOG_DIR} /lael .be-access.log combined < /VirtualHost > |
ServerAlias ´Â »ç¿ë¾ÈÇÏ¸é »©µµ µÇ´Â ÁÙÀÌ´Ù.
#15.09.16 Ãß°¡
´ç½ÅÀÌ ¸¸¾à SSL(https) ¸¦ Àû¿ëÇÏ°íÀÚ ÇÑ´Ù¸é lael.be.conf ÆÄÀÏ ÇÏ´Ü¿¡ ´ÙÀ½ÀÇ Äڵ带 Ãß°¡Çϼ¼¿ä. Áï VirtualHost ¿µ¿ªÀ» Çϳª ´õ Ãß°¡.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | <VirtualHost *:443> #main domain ServerName lael.be #additional domain ServerAlias www.lael.be ServerAlias my-anotherdomain.com #document Root DocumentRoot /home/myuser1/www/ #additional setting <Directory /home/myuser1/www/ > Options FollowSymLinks MultiViews AllowOverride All require all granted < /Directory > AssignUserID myuser1 myuser1 ErrorLog ${APACHE_LOG_DIR} /lael .be-error.log CustomLog ${APACHE_LOG_DIR} /lael .be-access.log combined Header always set Strict-Transport-Security "max-age=31536000" SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on SSLCertificateFile "/home/myuser1/ssl/mysite_ssl.crt" SSLCertificateKeyFile "/home/myuser1/ssl/mysite_ssl.key" SSLCertificateChainFile "/home/myuser1/ssl/mysite_ssl.certchain.crt" < /VirtualHost > |
https://www.sslshopper.com/ssl-checker.html#hostname=blog.lael.be (SSL Chain test - ÀÎÁõ¼°¡ ¿Ã¹Ù¸£°Ô ¼³Ä¡µÇ¾î ÀÖ´ÂÁö)
https://www.ssllabs.com/ssltest/analyze.html?d=blog.lael.be (SSL Algorithm test - ¾ÈÀüÇÑ ¾ÏÈ£È Åë½ÅÀÌ ¼³Á¤µÇ¾î ÀÖ´ÂÁö)
Chain test ´Â ¸ðµÎ Valid À̾î¾ßÇÏ°í, SSL Algorithm test ´Â A ÀÌ»óÀ̸é Á¤»óÀûÀÎ ¿î¿µÀÌ °¡´ÉÇÏ´Ù.
¶ó¿¤ÀÌ°¡ ¿©·¯ ¼³Á¤ °ª¿¡ ´ëÇؼ Å×½ºÆ®¸¦ ÇØ º¸¾Ò°í, ÃÖÀûÀÇ ±ÇÀå¼³Á¤ °ªÀ» À§¿Í °°ÀÌ Àû¾îµÎ¾úÀ¸´Ï ±×´ë·Î ¾²¸é µÈ´Ù.
À§ÀÇ ¼³Á¤°ªÀ¸·Î SSLÀ» ¼³Ä¡Çϸé A+µî±ÞÀ» ¹ÞÀ» ¼ö ÀÖÀ» °ÍÀÌ´Ù.
.
ÀÎÁõ¼ Àû¿ë Å×½ºÆ®´Â À§ÀÇ »çÀÌÆ®¸¦ ÀÌ¿ëÇÏ¿©¶ó.
ÀÎÁõ¼ üÀÎ ÆÄÀÏÀ̶õ ¡°ÀÎÁõ¼¿¡ ´ëÇÑ ÀÎÁõ¼¡± ÆÄÀÏÀÌ´Ù.
< ±×¸² : ÀÌ ºí·Î±×´Â À§ÀÇ ´Ü°è¸¦ °ÅÃÄ ÀÎÁõµÈ´Ù. ÀÌ°ÍÀ» üÀÎ ÀÎÁõ À̶ó°í ÇÑ´Ù. >
´ëÅë·ÉÀÌ ´ç½ÅÀ» ÀÎÁõÇÒ ¶§ Á÷±ÇÀ¸·Î ÀÎÁõÇÏ´Â °ÍÀÌ ¾Æ´Ï¶ó, ´ëÅë·É -> ¼¿ï½ÃÀå -> °³²±¸Ã»Àå -> »ï¼ºµ¿Àå -> ´ç½Å ÀÇ ´Ü°è¸¦ °ÅÄ£´Ù. °ËÁõÇÏ·Á¸é ¸ðµç ´Ü°èÀÇ º¸Áõ Áõ¼¸¦ Á¦°øÇØ¾ß ÇÏ´Â °ÍÀÌ´Ù.
ÀÎÁõ¼ ÆÄÀÏ¿¡´Â »ï¼ºµ¿Àå -> ´ç½Å ÀÇ Á¤º¸°¡ µé¾îÀÖ°í, (¾ÏÈ£È Åë½Å½Ã °ø°³µÊ)
ÀÎÁõ¼ Å° ÆÄÀÏ¿¡´Â ¾ÏÈ£È Åë½ÅÀ» À§ÇÑ Á¤º¸°¡ µé¾îÀÖ°í (ÀºÇà º¸¾ÈÄ«µå ·Î ºñÀ¯. ¿ÜºÎ¿¡ °ø°³µÇÁö ¾ÊÀ½.)
ÀÎÁõ¼ üÀÎ ÆÄÀÏ¿¡´Â ´ëÅë·É -> ¼¿ï½ÃÀå, ¼¿ï½ÃÀå -> °³²±¸Ã»Àå, °³²±¸Ã»Àå -> »ï¼ºµ¿Àå ÀÇ Á¤º¸°¡ µé¾îÀÖ´Ù. (üÀÎ ÀÎÁõÀ̶ó°í ÇÑ´Ù. ¿¬°á°í¸® ÀÎÁõ)
ÀÎÁõ¼ üÀÎÀ» ¿Ã¹Ù¸£°Ô ÀÛ¼ºÇÏÁö ¾ÊÀ¸¸é Firefox ºê¶ó¿ìÀú¿Í Android Chrome ºê¶ó¿ìÀú¿¡¼ ¡°ÀÎÁõ¼ Á¤º¸ºÎÁ·¡± ¿À·ù°¡ ¹ß»ýÇÏ°Ô µÈ´Ù.
14) »çÀÌÆ® È°¼ºÈ ¹× Àû¿ë
¸í·É¾î´Â
#a2ensite »çÀÌƮȯ°æ¼³Á¤ÆÄÀϸí
ÀÔ´Ï´Ù.
#a2ensite lael.be
(Âü°í·Î »çÀÌÆ® ºñÈ°¼ºÈ´Â
#a2dissite lael.be
ÀÔ´Ï´Ù.)
- ¾ÆÆÄÄ¡ ¼³Á¤ ´Ù½Ã ºÒ·¯¿À±â(Àû¿ëÀ» À§ÇØ)
#service apache2 reload
15) ¿¬µ¿Å×½ºÆ®
apache ¿Í php, ±×¸®°í mariadb ¸¦ ¸ðµÎ »ç¿ëÇÏ´Â ÇÁ·Î±×·¥À» ½ÇÇà½ÃÄѺ¸ÀÚ.
phpmyadmin °ø½Ä»çÀÌÆ® : https://www.phpmyadmin.net/
¼³Ä¡ ¸øÇϽô ºÐÀÌ ²Ï ÀÖÀ¸¼Å¼ µû·Î ¼³Ä¡¹ýÀ» Àû½À´Ï´Ù.
¿©·¯ ¼³Ä¡¹æ¹ýÀÌ ÀÖ°ÚÁö¸¸ Àú´Â ´ÙÀ½°ú °°ÀÌ ¼³Ä¡ÇÕ´Ï´Ù.
¾ÐÃàÇØÁ¦ ÇÁ·Î±×·¥ ¼³Ä¡
# apt-get install unzip
¾ÐÃàÆÄÀÏ ´Ù¿î·Îµå
# cd /var/www/html
https://www.phpmyadmin.net/ »çÀÌÆ®·Î À̵¿ ÈÄ À§ÀÇ ±×¸²°ú °°ÀÌ ÀÔ·ÂÇÏ¿© ÃֽŹöÀüÀ» ¼³Ä¡ÇÒ ¼ö ÀÖµµ·Ï ÇÏÀÚ.
ÀÌ ±Û¿¡¼´Â ±Û ÀÛ¼º ½Ã°¢ ÇöÀç ÃֽŹöÀüÀÎ 4.5.2 ¸¦ ¼³Ä¡ÇÒ °ÍÀÌ´Ù. phpmyadmin Àº ¸Å¿ì °ß°íÇÏ°Ô ¸¸µé¾îÁø ÇÁ·Î±×·¥À¸·Î½á 4.5.2¸¦ ¼³Ä¡Çصµ º¸¾ÈÃë¾àÁ¡ÀÌ ÀÖÁö´Â ¾Ê°ÚÁö¸¸ ÃֽŹöÀüÀ» ¼³Ä¡ÇÏ´Â ½À°üÀ» ±â¸£µµ·Ï ÇÏÀÚ. (Ȥ½Ã³ª ¸»ÇÏÁö¸¸, Alpha³ª Beta °°Àº °³¹ßÀÚ-ÃֽŹöÀüÀ» ¼³Ä¡Ç϶ó´Â ¶æÀÌ ¾Æ´Ï¶ó ³Î¸® »ç¿ëµÇ¾î °ËÁõµÈ Release Channel ÃֽŹöÀü ¸¦ »ç¿ëÇ϶ó´Â °ÍÀÌ´Ù.)
# wget https://files.phpmyadmin.net/phpMyAdmin/4.5.2/phpMyAdmin-4.5.2-all-languages.zip
¾ÐÃàÇØÁ¦
# unzip phpMyAdmin-4.5.2-all-languages.zip
Æú´õ À̸§º¯°æ
# mv phpMyAdmin-4.5.2-all-languages dbmyadmin
´Ù¿î¹ÞÀºÆÄÀÏ »èÁ¦
# rm phpMyAdmin-4.5.2-all-languages.zip
http://111.222.333.444/dbmyadmin/
- Á¦°Å
# apt-get purge mariadb-server
- ¼³Ä¡
# apt-get install mariadb-server
- ÀçºÎÆÃ
º¹ÀâÇÑ ¼¼ÆÃÀÌ ³¡³µÀ¸´Ï Çѹø ¼ûÀ» °í¸£°í °¡ÀÚ.
# reboot
ÀçºÎÆà ÈÄ¿¡ phpinfo ÆäÀÌÁö¿Í phpmyadmin °¡ Àß ½ÇÇàµÈ´Ù¸é ¡°ÀçºÎÆÃÀÌ °¡´ÉÇÑ ¼¹ö¡± ¶ó°í º¼ ¼ö ÀÖ´Ù.
16) Apache Ãß°¡ º¸¾È ¼³Á¤
- ±âº» ¾ð¾î¼Â ¼³Á¤
#vi /etc/apache2/conf-available/charset.conf
±âº» ¾ð¾î°ª UTF-8 ¿¡ ´ëÇؼ ÁÖ¼®Ã³¸®µÇ¾î ÀÖÀ» ÅÙµ¥ ÁÖ¼®(#)À» Á¦°ÅÇØ ÁØ´Ù.
- Ãß°¡ º¸¾È ¼³Á¤
#vi /etc/apache2/conf-available/security.conf
¸Å¿ì ±ÇÀåÇÏ´Â º¸¾È¼³Á¤À̹ǷΠUbuntu Apache ÆÐÅ°Áö Á¦ÀÛÀÚ°¡ ¹Ì¸® ½áµÎ¾ú´Ù.
ÀÌ¹Ì ´Ù ¾²¿© ÀÖÀ¸´Ï±î ÁÖ¼®(#) ¸¸ Á¦°ÅÇÏÀÚ.
- ¾ÆÆÄÄ¡ ¼³Á¤ ´Ù½Ã ºÒ·¯¿À±â(Àû¿ëÀ» À§ÇØ)
#service apache2 reload
¿É¼Ç) SSH ±âº» Æ÷Æ®¹øÈ£ º¯°æ
#ÀÌ ÀÛ¾÷Àº ¹«ÀÛÀ§ ´ëÀÔ°ø°Ý(Brutu force attack)ÀÇ ½Ãµµ¸¦ Â÷´ÜÇØÁÝ´Ï´Ù.
º¸Åë IPÁÖ¼Ò : 22¹ø Æ÷Æ®¸¦ ½ºÄµÇؼ ssh¿Í ¿¬°áµÇ¸é ¹«ÀÛÀ§ ·Î±×ÀÎ ½Ãµµ¸¦ ÇÏ´Â ÇÁ·Î±×·¥ÀÌ ¾öû ¸¹Àºµ¥,
Æ÷Æ®¹øÈ£¸¸ ¹Ù²Ù¾îÁ־ ¹æ¾î°¡ µÇ°Åµç¿ä.
!! IPTABLES ¹æȺ®, SSH Æ÷Æ®¹øÈ£ º¯°æ, Fail2ban Áß¿¡¼ Çϳª¸¸ Àû¿ëÇϼ¼¿ä!!
1) ³ª´Â KS Ŭ¶ó¿ìµå or ¾Æ¸¶Á¸ Ŭ¶ó¿ìµå¸¦ »ç¿ëÇÏ°í ÀÖ¾î! -> Ŭ¶ó¿ìµå ¹æȺ® ¾²¼¼¿ä !!
2) ³ª´Â Çã¿ëµÈ IP¸¸ ¼¹ö¿¡ Á¢¼ÓÇÏ°Ô ÇÒ°Å¾ß -> IPTABLES !!
3) ³ª´Â »ç¿ëÀÚÀÇ IP¸¦ ƯÁ¤ÁöÀ» ¼ö ¾ø´Âµ¥ ¹«Â÷º°´ëÀÔ °ø°ÝÀº ¹æ¾îÇÒ°Å¾ß -> Fail2ban !!
4) ³ª´Â ³ª¸¸ ¾Æ´Â Æ÷Æ®¹øÈ£·Î ¼¹ö¿¡ Á¢¼ÓÇÒ °Å¾ß -> SSH Æ÷Æ®º¯°æ!!
[°³ÀÎ ÇÁ·ÎÁ§Æ®, ȸ»çÀÇ ¼ºñ½º -> IPTABLES]
[À¥È£½ºÆà -> Fail2ban ¶Ç´Â SSH Æ÷Æ®º¯°æ]
SSH ±âº» Æ÷Æ®¹øÈ£ÀÎ 22¹øÀ» ´Ù¸¥ ¹øÈ£·Î ¹Ù²ß´Ï´Ù.
±â¾ïÇϱ⠽¬¿î ¼ýÀÚ·Î º¯°æÇϼ¼¿ä.
#vi /etc/ssh/sshd_config
Port 22 ¸¦ ã¾Æ¼ ÀÓÀÇÀÇ ¼ýÀÚ : 10022, 34522 µî ±â¾ïÇϱ⠽¬¿î ¼ýÀÚ·Î ¼³Á¤.
Æ÷Æ®¹øÈ£´Â 10000¹ø ÀÌ»óÀÇ ¼ýÀÚ¸¦ ¼±ÅÃÇÏ½Ã±æ ±ÇÀåÇÕ´Ï´Ù.
#service ssh restart
¿É¼Ç) ¹æȺ® Àû¿ëÇϱâ
¹æȺ®ÀÇ Á߿伺À» ¾Ë°í ½Í´Ù¸é
# tailf /var/log/auth.log
¸¦ ÀÔ·ÂÇغ¸µµ·Ï ÇÏÀÚ. (Control + C ¸¦ ´·¯ ÇÁ·Î±×·¥ Á¾·á)
º°µµÀÇ ¹æȺ® ¼³Á¤ÀÌ ¾ø¾ú´Ù¸é ¹ú½á Áß±¹¿¡¼ ¼¹ö¿¡ ·Î±×ÀÎ ½Ãµµ¸¦ ÇÏ°í ÀÖÀ» °ÍÀÌ´Ù.
ÀÌ·¯ÇÑ ¹«Â÷º° ·Î±×ÀÎ ½Ãµµ¸¦ ´ÙÀ½ Áß ¾î´À Çϳª¸¦ »ç¿ëÇؼ ¸·À» ¼ö ÀÖ´Ù.
°¡Àå ÆíÇÑ °ÍÀº fail2ban ÀÌ´Ù. (ÇÑÁÙ¸¸ ŸÀÌÇÎÇÏ¸é ¹æ¾îµÊ)
(https://blog.lael.be/post/858#fail2ban) ·Î À̵¿Çؼ ¼³Á¤Çϼ¼¿ä.
* Á¢¼ÓÀÚÀÇ IP °¡ °íÁ¤µÇ¾î ÀÖÀ¸¸é ¹æȺ® ¼³Á¤À» ÅëÇØ, ƯÁ¤ ¾ÆÀÌÇÇ¿¡¼¸¸ ¼¹ö¿¡ Á¢¼ÓÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ÇØÁÖ¼¼¿ä.
ÇöÀç ¹æȺ® ¼³Á¤ º¸±â. (List)
#iptables -L
INPUT (¼¹ö·Î µé¾î¿À´Â °Í °ü¸®), FORWARD (¼¹ö¿¡¼ ³»ºÎ¸ÁÀ¸·Î ¿¬°á°ü¸®;Àß ¾È¾¸), OUTPUT (¼¹ö¿¡¼ ³ª°¡´Â °Í °ü¸®)
·Î ÀÌ·ç¾îÁ® ÀÖ´Ù.
º¸Åë FORWARD¿Í OUTPUTÀº °ÇµéÀÌÁö ¾Ê°í INPUT ¸¸ ¼öÁ¤ÇÑ´Ù.
policy ACCEPT ¶ó´Â ¶æÀº ¾Æ¹« Á¶°Çµµ ÇØ´çÇÏÁö ¾Ê¾ÒÀ» ¶§ ACCEPT Ç϶ó´Â °ÍÀÌ´Ù.
¸ÕÀú ÇöÀç ¹æȺ® ¼³Á¤À» ÆÄÀÏ·Î ÀúÀåÇÑ´Ù. ¾ðÁ¦µç ÇöÀçÀÇ »óÅ·ΠµÇµ¹¸± ¼ö ÀÖ±â À§Çؼ ÀÌ´Ù.
#cd ~
#mkdir firewall_rules
#cd firewall_rules
#iptables-save > 151214.rules ÇöÀç ³¯Â¥ ¾²¼¼¿ä.
ÀÌÁ¦ ¹æȺ®À» º¹±¸ÇØ º¸ÀÚ.
#iptables-restore < 151214.rules
#iptables -L
>>¼³Á¤ ½ÃÀÛ.
±ÔÄ¢ : ¾ÆÀÌÇÇ 111.222.111.222 ¿¡ ´ëÇؼ destination port °¡ 22 À̸é ACCEPT ÇÏ¿©¶ó.
#iptables -A INPUT -s 111.222.111.222/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
¾ÆÀÌÇÇ ¹Ù²ÙÁö ¸¶½Ã°í À§ÀÇ ¿¹½Ã (111.222.111.222) ±×´ë·Î ÀÔ·ÂÇϼ¼¿ä.
#iptables -L
ÀÌÁ¦ ÇöÀç »óÅ¿¡ ´ëÇؼ ¹æȺ® ¼³Á¤ÆÄÀÏÀ» ´Ù½Ã »ý¼ºÇغ¸µµ·Ï ÇÏÀÚ.
#iptables-save > 151214.rules
SFTP³ª vi, cat À¸·Î ÇØ´ç 151214.rules ¸¦ ¿¾îº¸ÀÚ.
¿°í³ª¼ ÄÚµåÀÇ ¶æÀ» ´ëÃæ Çؼ®Çغ¸¾Æ¶ó. (°£´ÜÇÏ´Ù.)
ÇÏ´Ü *filter ºÎºÐ¿¡
-A INPUT -s 111.222.111.222/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
°¡ º¸À̴°¡?
¿©·¯ºÐÀº ÀÌ°÷¿¡ ¾Æ·¡ÀÇ Äڵ带 Áý¾î³Ö¾î¾ß ÇÑ´Ù.
¼ø¼°¡ Áß¿äÇÏ´Ù. IF-ELSE °°ÀÌ µ¿ÀÛÇϱ⠶§¹®¿¡ Á¶°Ç¿¡ ¸ÂÀ¸¸é ¹Ù·Î ÁöÁ¤µÈ µ¿ÀÛÀ» ÇÑ´Ù.
211.105.192.168 ¾ÆÀÌÇǸ¸ ÁöÁ¤ÇÏ°í ½ÍÀ» ¶§ -> -s 211.105.192.168/32
211.105.192.* ¾ÆÀÌÇÇ ±×·ìÀ» ÁöÁ¤ÇÏ°í ½ÍÀ» ¶§ -> -s 211.105.192.0/24
211.105.*.* ¾ÆÀÌÇÇ ±×·ìÀ» ÁöÁ¤ÇÏ°í ½ÍÀ» ¶§ -> -s 211.105.0.0/16
¸ñÀûÁö Æ÷Æ®°¡ 22¹ø(ssh) Æ÷Æ®ÀÏ ¶§ -> -dport 22
¸ñÀûÁö Æ÷Æ®°¡ 80¹ø(http) Æ÷Æ®ÀÏ ¶§ -> -dport 80
¸ñÀûÁö Æ÷Æ®°¡ 443¹ø(https) Æ÷Æ®ÀÏ ¶§ -> -dport 443
¾Æ·¡´Â
1. ÀÌ¹Ì ¿¬°áµÈ °ÍÀº Çã¿ë
2. ping Çã¿ë
3. loopback Çã¿ë
4. 111.222.111.222 ÀÇ 22¹ø Æ÷Æ® Á¢±Ù Çã¿ë
5. 123.111.123.111 ÀÇ 22¹ø Æ÷Æ® Á¢±Ù Çã¿ë
6. 80 Æ÷Æ® Á¢±Ù Çã¿ë (-s ¿É¼ÇÀÌ ¾øÀ¸¹Ç·Î ´©±¸³ª Çã¿ë)
7. 443 Æ÷Æ® Á¢±Ù Çã¿ë (-s ¿É¼ÇÀÌ ¾øÀ¸¹Ç·Î ´©±¸³ª Çã¿ë)
8. Â÷´Ü
9. FORWARD Â÷´Ü
ÀÇ ÄÚµåÀÌ´Ù.
¾Æ±î »ý¼ºÇÑ .rules ÆÄÀÏÀ» ¿¾î¼ ¾Æ·¡ÀÇ Äڵ带 ±×¸²°ú °°ÀÌ Äڵ带 Ãß°¡ÇÏ¿©¶ó. À̶§ ¹Ýµå½Ã ´ç½ÅÀÇ ¾ÆÀÌÇǸ¦ Ãß°¡ÇÏ¿©¶ó.
Ãß°¡°¡ À߸øµÇ¾îµµ ¾îÂ÷ÇÇ 1¹øÀÇ Á¶°Ç¿¡ ÀÇÇؼ ´ç½ÅÀÇ ¿¬°áÀÌ ²÷±âÁö´Â ¾Ê°ÚÁö¸¸ »õ·Î¿î ¿¬°áÀº Â÷´ÜµÉ °ÍÀÌ´Ù.
1 2 3 4 5 6 7 8 9 | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s 111.222.111.222 /32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -s 123.111.123.111 /32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited |
#iptables-restore < 151214.rules
#iptables -L
!!!¹Ýµå½Ã ÇöÀç ½© ¿¬°áÀ» ²÷Áö ¸»°í!!!
ÇöÀç ¿¬°áÀº 1¹ø Á¶°Ç¿¡ ÀÇÇؼ ¹Ýµå½Ã Çã¿ëÀ̱⠶§¹®¿¡ ±¦Âú´Ù.
»õ·Î ¿¬°áâ ¶ç¿ö¼ Å×½ºÆ®ÇØ º¸¾Æ¶ó.
¸¸¾à ¿øÇϴ´ë·Î µ¿ÀÛÇÏÁö ¾Ê´Â´Ù¸é ´Ù½Ã .rules ÆÄÀÏÀ» ¼öÁ¤ÇÏ°í iptables-restore ÇÏ¿©¶ó.
¹æȺ® ¼³Á¤ÀÌ ¸Ó¸®°¡ ¾ÆÇÁ´Ù¸é
# iptables -F
·Î ÃʱâÈ ÇÏ°í ³»ÀÏ ´Ù½Ã ½ÃµµÇØ º¸¾Æ¶ó.
ÀÌ ¼³Á¤Àº ÀçºÎÆÃÀÌ µÇ¸é ÃʱâÈ µÈ´Ù.
¼³Á¤À» Áö¼Ó½ÃÅ°µµ·Ï ÇÏÀÚ.
iptables-persistent ¼³Ä¡
#apt-get install iptables-persistent
Yes (¿£ÅÍ), Yes (¿£ÅÍ)
/etc/iptables ¶ó´Â Æú´õ°¡ »ý¼ºµÇ°í
rules.v4, rules.v6 °¡ »ý¼ºµÈ´Ù.
ºÎÆýà ½ÇÇàµÇ´Â ÆÄÀÏÀ» °»½ÅÇÏÀÚ.
#iptables-save > /etc/iptables/rules.v4
ipv6 Â÷´ÜÇϱâ
#vi /etc/sysctl.conf
¸Ç ¹Ø¿¡
1 2 3 | net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 |
Ãß°¡.
¼³Á¤ÆÄÀÏ Àû¿ë
#sysctl -p
°Ë»ç
#cat /proc/sys/net/ipv6/conf/all/disable_ipv6
1 À̸é disable µÈ »óÅÂÀÌ´Ù.
ÀçºÎÆÃ
#reboot
ÀçºÎÆà ÈÄ¿¡ ¹æȺ® ±ÔÄ¢ÀÌ À¯Áö°¡ µÇ¸é ¼º°øÀÌ´Ù.
#iptables -L
¿É¼Ç) °èÁ¤º° Æ®·¡ÇÈ ¾ç Á¦ÇÑÇϱâ. Apache Mod Cband install.
- 2015.06.01. Ubuntu 14.04 LTS Å×½ºÆ® ¿Ï·á.
- ¼ø°£¼Óµµ(´ë¿ªÆø), ÃÑ Àü¼Û·®(ÄõÅÍ), µ¿½ÃÁ¢¼Ó¿¬°áÀ» Á¦ÇÑÇÏ´Â ¸ðµâÀÔ´Ï´Ù.
Àå¾Ö°¡ ÀϾ °Í °°Àº °ªµéÀ» Hard Boundary ·Î Á¤ÇسõÀ¸¸é Àå¾Ö°¡ ÀϾ °Í °°Àº ȯ°æ¿¡¼ ¼¹ö°¡ Àß µ¹¾Æ°¡´Â °ÍÀ» º¼ ¼ö ÀÖÀ» °ÍÀÔ´Ï´Ù.
Àúµµ ¼¹ö ¼ºñ½ºÀÇ Àå¾Ö¸¦ ¸·±â À§Çؼ ½Ç ¼ºñ½º¿¡ ÀÌ°ÍÀ» »ç¿ëÇÏ°í ÀÖ½À´Ï´Ù.
´Ù¸¸ Àú °°Àº °æ¿ì ºÐ»ê󸮸¦ ÇØ µÎ¾ú±â ¶§¹®¿¡ °³º° ¼¹ö¿¡ Àû¿ëÇÑ Á¦ÇÑÄ¡º¸´Ù ½ÇÁ¦ ¼ºñ½º´Â ´õ ³ôÀº 󸮸¦ º¸¿©ÁÝ´Ï´Ù. (100ÀÇ Á¦ÇÑÀ» °Ç ¼¹ö 5´ë¿¡ ºÐ»êó¸®Çϸé ÀüüÀûÀ¸·Î 500ÀÇ Á¦ÇÑÀÌ °É¸° °Í ó·³ º¸ÀÌ°ÚÁÒ?)
Mod Cband ´Â Apache2 ¸ðµâÀÔ´Ï´Ù.
´ÙÀ½ÀÇ ±â´ÉÀÌ °¡´ÉÇÕ´Ï´Ù.
1) ´ë¿ªÆø Á¦ÇÑ (Bandwidth limit)
2) µ¿½Ã Á¢¼ÓÀÚ Á¦ÇÑ (Concurrent user)
3) Æ®·¡ÇÈ Á¦ÇÑ (Transfer quota)
Åë°è ¿ëµµ·Î¸¸ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù.
ÇöÀç °ø½Ä»çÀÌÆ®°¡ ´ÝÇôÀÖ¾î¼ ´ëüÇÒ ¸¸ÇÑ ´Ù¿î·Îµå °æ·Î¸¦ Àû´Â´Ù.
1) mod cband °ø½Ä»çÀÌÆ® : http://cband.linux.pl/ (¾È¿¸².)
2) mod cband ¸ÞÀÎ °³¹ßÀÚ ºí·Î±× : http://dembol.org/blog/mod_cband/ (´Ù¿î·Îµå ¸µÅ©°¡ µ¿ÀÛ¾ÈÇÔ)
3) source forge ¸µÅ© : http://sourceforge.net/projects/cband/files/ (ÃֽŹöÀüÀÌ ¾Æ´Ô)
4) ÇöÁ¸ÇÏ´Â °Í Áß¿¡¼ °¡Àå ÃÖ¼±ÀÇ ¼±Åà : https://fossies.org/linux/www/apache_httpd_modules/mod-cband-0.9.7.5.tgz/
5) ¶ó¿¤ÀÌ ºí·Î±× ¹é¾÷¿ë ÆÄÀÏ (4¹ø°ú ¿ÏÀüÈ÷ µ¿ÀÏÇÑ ÆÄÀÏ) mod-cband-0.9.7.5.zip
1] mod cband ´Â apxs ¶ó´Â ¾ÆÆÄÄ¡ È®Àå °³¹ß ¶óÀ̺귯¸®¸¦ ÇÊ¿ä·Î ÇÕ´Ï´Ù.
#apt-get install apache2-dev
2] apache cband module ´Ù¿î·Îµå
#wget https://fossies.org/linux/www/apache_httpd_modules/mod-cband-0.9.7.5.tgz
3] ¾ÐÃàÀ» Ç®°í ¼³Ä¡
#tar -xzvf mod-cband-0.9.7.5.tgz
#cd mod-cband-0.9.7.5
3-1] ÆÐÄ¡.
apxs °¡ ¾÷µ¥ÀÌÆ® µÇ¸é¼ º¯¼ö¸íÀÌ ¸î°³ ¹Ù²î¾ú´Ù.
#vi src/mod_cband.c
ã±â : remote_addr , ¹Ù²Ù±â : client_addr 1365¹ø°ÁÙ, 1ȸ¸¸ ġȯµÇ¾î¾ß ÇÔ.
ã±â : remote_ip , ¹Ù²Ù±â : client_ip 4ȸ ġȯµÇ¾î¾ß ÇÔ.
3-2] ¼³Ä¡ °è¼Ó ÁøÇà.
#./configure
#make
#make install
4] cband ¸ð´ÏÅ͸µ ÆäÀÌÁö »ý¼º
#vi /etc/apache2/mods-available/cband.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | <IfModule mod_cband.c> <Location /cband-status > SetHandler cband-status AuthName "adminpage" AuthType Basic AuthUserFile /home/ .htpasswd require valid-user < /Location > <Location /cband-status-me > SetHandler cband-status-me Order deny,allow Deny from all Allow from all < /Location > < /IfModule > |
#htpasswd -c -m /home/.htpasswd admin
5] ¾ÆÆÄÄ¡ ¸ðµâ Äѱâ
#a2enmod cband
6] Àû¿ëÀ» À§Çؼ ¾ÆÆÄÄ¡ Àç½ÃÀÛ
#service apache2 restart
7] È®ÀÎ
À¥ºê¶ó¿ìÁ®·Î
¼¹ö¾ÆÀÌÇÇ/cband-status-me
¼¹ö¾ÆÀÌÇÇ/cband-status
¿¡ µé¾î°¡ º¸ÀÚ.
Áö±ÝÀº ¸ðµÎ ¹«Á¦ÇÑÀ̹ǷΠ¾Æ¹« Ç׸ñÀÌ ¶ßÁö ¾ÊÀ» °ÍÀÌ´Ù.
8] ¼³Á¤Çϱâ.
https://www.linux.co.kr/home/lecture/?leccode=10588
À§ÀÇ ¸µÅ© ±ÛÀ» ÂüÁ¶ÇÏ¿© ÀÌ¹Ì »ý¼ºÇؼ »ç¿ëÁßÀÎ sites-available ¾ÈÀÇ virtualhost ÆÄÀÏÀ» ¼öÁ¤ÇÑ´Ù.
9] ¼³Á¤ ¿¹Á¦.
°¢ »çÀÌÆ®ÀÇ <virtualhost> ±¸¹®¿¡ Cband ¼³Á¤ °ªÀ» Ãß°¡ÇÑ´Ù. ´Ù ¾µ ÇÊ¿ä´Â ¾ø´Ù. ÇÊ¿äÇÑ Á¦ÇѸ¸ µÎµµ·Ï ÇÏÀÚ.
´ç½ÅÀÌ À¥È£½ºÆÃÀ» ¿î¿µÁßÀ̶ó¸é CBandLimit ±¸¹®°ú CBandPeriod ±¸¹®À» »ç¿ëÇÏ¿©¶ó.
´ç½ÅÀÌ µ¿¿µ»ó »çÀÌÆ®³ª, ÀÚ·á½ÇÀ» ¿î¿µÁßÀ̶ó¸é CBandSpeed ¿Í CbandExceededSpeed ¸¦ »ç¿ëÇÏ¿©¶ó.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | <VirtualHost *:80> #main domain ServerName lael.be #something #~~~ #~~~ <IfModule mod_cband.c> #4ÁÖµ¿¾È 6GB Àü¼Û·® Á¦ÇÑÀ» µÒ. ÃÊ°ú½Ã 503 Service ¿¡·¯ÆäÀÌÁö°¡ ¶ä. CBandLimit 6G CBandPeriod 4W #Æ®·¡ÇÈ Á¶°¢. ÀÌ »óȲÀÇ °æ¿ì 1ÁÖÀϸ¶´Ù 1.5GB °¡ º¸±ÞµÈ´Ù. #Æ®·¡ÇÈÀÌ CbandPeriod ±â°£µ¿¾È °ñ°í·ç »ç¿ëµÇ±â¸¦ ¿øÇÒ¶§ ¼³Á¤ÇÑ´Ù. CBandPeriodSlice 1W #µ¿¿µ»ó(flv, mp4)À̳ª ÀÚ·á½Ç ¼ºñ½º¸¦ ÇÏ°í ½ÍÀ»¶§¿¡¸¸ ¾Æ·¡ÀÇ ¼ÓµµÁ¦ÇÑ ±¸¹®ÀÛ¼º CBandSpeed 500kbps 10 30 CBandExceededSpeed 128kbps 5 15 #CBandScoreboard /var/www/scoreboard/domain.com.scoreboard < /IfModule > < /VirtualHost > |
¿É¼Ç ) ¼¹ö µ¿½ÃÁ¢¼ÓÀÚ ¼³Á¤ º¯°æÇϱâ. (15.11.20 Ãß°¡)
´ÙÀ½ÀÇ ÆäÀÌÁö¸¦ ¸¹ÀÌ ÂüÁ¶Çß½À´Ï´Ù. (http://www.zarafa.com/wiki/index.php/Apache_tuning)
¹®ÀÇÁֽô ºÐµé Áß¿¡ °£È¤ ÀǵµÄ¡¾ÊÀº ´ë¹Ú(?)ÀÌ ÀϾ½Å ºÐµéÀÌ ÀÖ´õ¶ó. µ¿½ÃÁ¢¼Ó Æ©´×¹ýÀ» ¼³¸íÇÏ°íÀÚ ÇÑ´Ù.
¸î°¡Áö ¹è°æÁö½Ä ¼³¸í.
- http À¥ÆäÀÌÁö´Â stateless(connectionless) ÀÔ´Ï´Ù. Áï ÆäÀÌÁö ºÒ·¯¿Ã ¶§¿¡¸¸ ¼¹ö¿Í ¿¬°áÇÏ°í ÆäÀÌÁö ·Îµå°¡ ³¡³ ÈÄ¿¡´Â ¿¬°áÀ» ²÷½À´Ï´Ù.
- 1°³ÀÇ ¿¬°á´ç Æò±Õ ¸Þ¸ð¸® ¼Ò¸ð·®Àº 20MB ÀÔ´Ï´Ù. (¶ó¿¤ÀÌ°¡ °ü¸®ÇÏ´Â ¿©·¯¼¹öÀÇ Æò±Õ°ªÀ» ³»º¸¾ÒÀ½)
- Ubuntu Apache ÀÇ ±âº» µ¿½ÃÁ¢¼ÓÀÚ Á¦ÇÑÀº 150°³ ÀÔ´Ï´Ù. 1000°³ÀÇ µ¿½ÃÁ¢¼ÓÀÌ ¿¬°áµÇ¸é 150°³´Â Áï½Ã ó¸®ÁøÇàµÇ°í, ³ª¸ÓÁö 850°³´Â ´ë±â¿¿¡¼ ´ë±âÇÏ´Ù°¡ Â÷·Ê´ë·Î 󸮵˴ϴÙ.
1] ¼¹ö ¿¬°á´ç ¾ó¸¶³ª ¸Þ¸ð¸®¸¦ ¼Ò¸ðÇÏ´ÂÁö È®ÀÎ
1 | ps -ylC apache2 | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}' |
2] ¼¹ö¿¡ ¿©À¯ ¸Þ¸ð¸® ÀÚ¿øÀÌ ¾ó¸¶³ª ÀÖ´ÂÁö È®ÀÎ
¼¹ö¸¦ ÀçºÎÆÃÇÑ ÈÄ¿¡ ¾ÆÆÄÄ¡¸¦ Á¾·áÈÄ ¼¹öÀÇ ¸Þ¸ð¸®¸¦ È®ÀÎÇغ»´Ù.
# free -m
3] Çϵå¿þ¾î ÀÚ¿øÀ» °í·ÁÇÑ °¡¿ë µ¿½Ã¿¬°á¼ö °è»ê
¿©À¯ ¸Þ¸ð¸® / 1¿¬°á´ç ¸Þ¸ð¸® ÇÏ¸é µÈ´Ù.
2000MB free memory °¡ ÀÖ°í, 1¿¬°á´ç 20MB ¸¦ »ç¿ëÇÑ´Ù¸é = 100°³ÀÇ µ¿½Ã¿¬°á °¡´É. (300~500 µ¿½ÃÁ¢¼ÓÀÚ Ã³¸®°¡´É)
4] »çÀÌÆ®ÀÇ ÇÊ¿ä µ¿½Ã¿¬°á¼ö °è»ê
450¸íÀÇ »ç¿ëÀÚ°¡ ÀÖ°í 3ÃÊÁÖ±â·Î ÆäÀÌÁö À̵¿ÀÌ ÀÏ¾î³´Ù°í °¡Á¤ÇÏÀÚ. ÆäÀÌÁö Ãâ·Â ½ÇÇà½Ã°£Àº 2Ãʶó°í °¡Á¤ÇÏÀÚ.
ÇÊ¿ä µ¿½Ã¿¬°á¼ö = 450 / 3 * 2 = 300
5] µ¿½Ã¿¬°á¼ö ¼³Á¤ º¯°æ.
# vi /etc/apache2/mods-available/mpm_prefork.conf
MaxRequestWorkers °ªÀ» ¼öÁ¤ÇØ¾ß ÇÕ´Ï´Ù.
ServerLimit ¶ó´Â ¿É¼ÇÀÇ ±âº»°ªÀÌ 256À̱⠶§¹®¿¡ MaxRequestWorkers °ªÀÌ 256º¸´Ù ÀÛÀ¸¸é µû·Î ÀûÀ» ÇÊ¿ä°¡ ¾øÀ¸¸ç, 256º¸´Ù Å©¸é ±×¿Í °°Àº °ªÀ¸·Î ServerLimit µµ ¼³Á¤ÇØ¾ß ÇÕ´Ï´Ù.
µ¿½Ã¿¬°á Á¦ÇÑ 300 ¿¹Á¦ ¼³Á¤¹ý.
1 2 3 4 5 6 7 8 | <IfModule mpm_prefork_module> StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxRequestWorkers 300 ServerLimit 300 MaxConnectionsPerChild 0 < /IfModule > |