[root@localhost ~]# yum -y update
[root@localhost ~]# vi /etc/selinux/config
#SELINUX=enforcing
SELINUX=disabled
[root@localhost ~]# reboot
필수라이브러리 설치.
[root@localhost ~]# yum -y install gcc* make libtool-ltdl-devel openssl-devel pcre-devel ncurses-devel libxml2-devel bzip2-devel curl-devel gdbm-devel libjpeg-devel libpng-devel freetype-devel imap-devel libc-client-devel krb5-devel libmcrypt libmcrypt-devel libmhash-devel flex icu libicu libicu-devel gd gd-devel wget gzip libxslt-devel cmake ncurses ncurses-devel bison gnutls-devel
nginx 설치.
[root@localhost ~]# vi /etc/yum.repos.d/nginx.repo
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
[root@localhost ~]# yum -y –enablerepo=nginx install nginx
[root@localhost ~]# nginx -v
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-service=http
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-service=https
[root@localhost ~]# firewall-cmd –reload
참고: https://www.nginx.com/resources/wiki/start/topics/examples/full/
php7 설치.
[root@localhost ~]# yum install -y epel-release
[root@localhost ~]# yum -y update
[root@localhost ~]# rpm -ivh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
[root@localhost ~]# yum -y update
[root@localhost ~]# yum –enablerepo=remi update remi-release
[root@localhost ~]# yum –enablerepo=remi-php71 install -y php php-fpm php-mysql php-gd php-common php-cli php-json php-opcache php-devel php-imagick php-mbstring php-mcrypt php-mysqlnd php-pear php-xml php-xmlrpc php-soap php-dba php-bcmath php-pdo php-ldap php-geoip php-tidy php-zip
[root@localhost ~]# php -v
[root@localhost ~]# vi /etc/php.ini
allow_url_fopen = Off
expose_php = Off
display_errors = Off
[root@localhost ~]# vi /etc/php-fpm.d/www.conf
group = nginx
listen.owner = nobody # ; 지움
listen.group = nobody # ; 지움
[root@localhost ~]# vi /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name naver.com www.naver.com; #수정
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
#나중에 인증서 설치용.
location ~ /.well-known {
allow all;
}
}
기존내용 싹 지우고 위 내용으로 바꿈. dd 누르면 줄 지움.
[root@localhost ~]# systemctl start nginx php-fpm
[root@localhost ~]# vi /usr/share/nginx/html/phpinfo.php
phpinfo();
?>
확인 햇으면… 지우기
[root@localhost ~]# rm /usr/share/nginx/html/phpinfo.php
mariadb 설치.
[root@localhost ~]# vi /etc/yum.repos.d/MariaDB.repo
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
[root@localhost ~]# yum install -y mariadb mariadb-server
[root@localhost ~]# mv /etc/my.cnf /etc/my.bak
[root@localhost ~]# cp /usr/share/mysql/my-large.cnf /etc/my.cnf #메모리1~2G?
[root@localhost ~]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf #메모리 256M?
[root@localhost ~]# vi /etc/my.cnf
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
[mysqld]
collation-server = utf8mb4_unicode_ci
character-set-server = utf8mb4
[mysqldump]
default-character-set = utf8mb4
[root@localhost ~]# systemctl start mariadb
[root@localhost ~]# systemctl enable mariadb
[root@localhost ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we’ll need the current
password for the root user. If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #엔터
OK, successfully used password, moving on…
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: #새암호
Re-enter new password: #다시 한번 더
Password updated successfully!
Reloading privilege tables..
… Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
… Success!
Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
… Success!
By default, MariaDB comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
– Dropping test database…
… Success!
– Removing privileges on test database…
… Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
… Success!
Cleaning up…
All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@localhost ~]# mysql -uroot -p
Enter password: #암호
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.1.26-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> show databases; #테스트 해보기
+——————–+
| Database |
+——————–+
| information_schema |
| mysql |
| performance_schema |
+——————–+
3 rows in set (0.01 sec)
MariaDB [(none)]> exit #입력하고 나오기
Bye
방화벽 추가
[root@localhost ~]# firewall-cmd –permanent –zone=public –add-port=3306/tcp
[root@localhost ~]# firewall-cmd –reload
[root@localhost ~]# firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client http https ssh
ports: 3306/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
phpMyAdmin 설치.
[root@localhost ~]# yum -y install phpmyadmin
[root@localhost ~]# vi /etc/nginx/conf.d/phpMyAdmin.conf
server {
listen 80;
server_name phpmyadmin.naver.com; #접속할 도메인
root /usr/share/phpMyAdmin;
location / {
index index.php;
}
## Images and static content is treated different
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|xml)$ {
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location ~ /(libraries|setup/frames|setup/libs) {
deny all;
return 404;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin$fastcgi_script_name;
}
location ~ /.well-known {
allow all;
}
}
[root@localhost ~]# systemctl restart nginx php-fpm
[root@localhost ~]# vi /usr/share/phpMyAdmin/libraries/config.default.php
$cfg[‘blowfish_secret’] = ‘Lz+Sgxip}mBi+Wz^(uD3WJ$gr9iyXz9I}f|g7H5V’; #아래 주소가서 받아온다.
$cfg[‘SessionSavePath’] = ‘/tmp’; #세션저장경로
https://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator