server CentOS 6 - Apache 2.4.1 컴파일 / 보안 설정

2012.04.15 10:06

엘카 조회 수:30240

참고 문서  

시스템 환경: CentOS 6 (32bit)

라이브러리

# yum install gcc libtool apr-util-devel pcre-devel openssl-devel
# wget http://ftp.jaist.ac.jp/pub/apache/apr/apr-1.4.6.tar.gz
# tar xvfz apr-1.4.6.tar.gz
# cd apr-1.4.6
# ./configure && make && make install
# wget http://ftp.jaist.ac.jp/pub/apache/apr/apr-util-1.4.1.tar.gz
# tar xvfz apr-util-1.4.1.tar.gz
# cd apr-util-1.4.1
# ./configure --with-apr=/usr/local/apr && make && make install

다운로드 / 컴파일

http://httpd.apache.org/

# wget http://apache.mirror.cdnetworks.com/httpd/httpd-2.4.2.tar.gz
# tar xvfz httpd-2.4.2.tar.gz
# cd httpd-2.4.2
# ./configure --prefix=/usr/local/apache --enable-module=so --enable-so --enable-rewrite --enable-ssl=shared --with-ssl --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr --enable-nonportable-atomics=yes --with-mpm=worker
# make
# make install

방화벽

# vi /etc/sysconfig/iptables

-I INPUT -p tcp --dport 80 -j ACCEPT
-I INPUT -p tcp --dport 443 -j ACCEPT
# service iptables restart
# /usr/local/apache/bin/apachectl start
It works!
# /usr/local/apache/bin/apachectl stop

httpd.conf 설정

기본적인 내용은 생략하였습니다.

# vi /usr/local/apache/conf/httpd.conf

LoadModule deflate_module modules/mod_deflate.so LoadModule unique_id_module modules/mod_unique_id.so LoadModule rewrite_module modules/mod_rewrite.so <directory /> AllowOverride None Options -FollowSymLinks </directory> <directory "/home/*/public_html"> Options FollowSymLinks AllowOverride FileInfo Require all granted # 필터를 추가한다 SetOutputFilter DEFLATE # Netscape 4.x에 문제가 있다... BrowserMatch ^Mozilla/4 gzip-only-text/html # Netscape 4.06-4.08에 더 문제가 있다 BrowserMatch ^Mozilla/4\.0[678] no-gzip # MSIE은 Netscape라고 자신을 알리지만, 문제가 없다 # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # 주의: 아파치 2.0.48까지 mod_setenvif의 버그때문에 # 위의 정규표현식은 동작하지 않는다. 원하는 효과를 # 얻기위해 다음과 같이 수정하여 사용한다: BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html # 이미지를 압축하지 않는다 SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png)$ no-gzip dont-vary # 프록시가 잘못된 내용을 전달하지않도록 한다 Header append Vary User-Agent env=!dont-vary # 나머지 주석처리 </directory> <ifmodule log_config_module> ... SetEnvIf Request_URI "^/robots.txt$" dontlog SetEnvIf Request_URI ".gif$" dontlog SetEnvIf Request_URI ".png$" dontlog SetEnvIf Request_URI ".jpg$" dontlog SetEnvIf Request_URI ".jpeg$" dontlog SetEnvIf Request_URI ".js$" dontlog SetEnvIf Request_URI ".css$" dontlog ... CustomLog "|/usr/local/apache/bin/rotatelogs logs/access_log 5M" combined env=!dontlog # CustomLog "logs/access_log" common </ifmodule> Include conf/extra/httpd-mpm.conf Timeout 5 KeepAliveTimeout 3

Timeout, KeepAliveTimeout 값은 직접 테스트하면서 맞는 값을 찾아야 합니다.

mod_security

http://www.modsecurity.org/download/

# yum install libxml2 libxml2-devel
# tar xvfz modsecurity-apache_2.6.5.tar.gz
# cd modsecurity-apache_2.6.5
# ./configure --with-apxs=/usr/local/apache/bin/apxs
# make && make install
# cp modsecurity.conf-recommended /usr/local/apache/conf/modsecurity.conf
# vi /usr/local/apache/conf/httpd.conf
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity.conf # 아래쪽에 추가

VirtualHost 팁

# mkdir /home/elkha/public_html # chmod 701 /home/elkha /home/elkha/public_html <virtualhost *> ServerAdmin m@elkha.kr DocumentRoot "/home/elkha/public_html" ServerName elkha.kr ServerAlias *.elkha.kr php_admin_value upload_max_filesize 100M php_admin_value user_dir /home/elkha/public_html php_admin_value doc_root /home/elkha </virtualhost>

자동시작

# vi /etc/rc.d/rc.local

rm -rf /usr/local/apache/logs/* # 로그파일 삭제
/usr/local/apache/bin/apachectl start

관련문서

이 게시물을

.

목록
목록
번호 제목 날짜 조회 수
81 vmware with centos 7 secret 2019.08.23 0
80 php-fpm tcp to socket secret 2020.01.25 0
79 net::ERR_CONNECTION_REFUSED secret 2021.10.11 0
78 my.cnf secret 2019.04.11 1
77 To download large files with rsync command. 2023.05.04 21
76 The best configuration of php7.4-fpm / 1.5GB 2023.05.04 23
75 The best configuration of php7.4-fpm / 8GB 2023.05.04 23
74 windows hardware encrypt ssd 2024.01.23 234
73 php 에서 비동기 처리하는 방법 2023.06.22 311
72 gearman 은 무엇인가? 2023.06.21 316
71 apache2 AllowOverride config 2023.05.23 324
70 mysqldump from remote db to my local server. 2023.05.04 421
69 yum install php 7.1 [6] 2018.10.10 687
68 mysql 백업 (shell script) file 2018.10.14 697
67 munin 설치 2018.10.13 787
66 yum install mariadb [2] 2018.10.10 1143
65 웹 백업 (쉘 스크립트) file 2018.10.14 1194
64 certbot apache multiple domain 2019.04.10 1416
63 yum install php-apcu 2019.03.12 1542
62 yum install latest redis file 2019.03.27 1682
쓰기
태그