[사전 설치]
1. apr 설치
(Aparch Portable Runtime)
download : https://apr.apache.org/download.cgi
1) 설치 버전 : apr 1.5.2
2) 설치 위치 : /ccpkg/platform/apache/apr/
3) 빌드
> tar –zxvf apr-1.5.2.tar.gz > cd apr-1.5.2 > ./configure --prefix=/ccpkg/platform/apache/apr/ > make && make install |
2. apr-util 설치
download : https://apr.apache.org/download.cgi
1) 설치 버전 : apr-util 1.5.4
2) 설치 위치 : /ccpkg/platform/apache/apr
3) 빌드
> tar -zxvf apr-util-1.5.4.tar.gz > cd apr-util-1.5.4>./configure --prefix=/ccpkg/platform/apache/apr/ --with-apr=/ccpkg/platform/apache/apr/ > make && make install |
3. pcre 설치
(Perl Compatible Regular Expressions)
URL : http://www.pcre.org/
1) 설치 버전 : pcre 8.39
2) 설치 위치 : /ccpkg/platform/apache/pcre
3) 빌드
> tar -zxvf pcre-8.39.tar.gz
> cd pcre-8.39 |
4. cronolog 설치
1) 설치 버전 : cronolog 1.6.2
2) 설치 위치 : /ccpkg/platform/apache/bin
3) 빌드
> tar -zxvf cronolog-1.6.2.tar.gz > cd cronolog-1.6.2 > ./configure --prefix=/ccpkg/platform/apache/bin/ > make && make install |
[openssl 1.0.1u 설치]
1. 표준 Openssl 수동(Build) 설치
1) download
https://www.openssl.org/source/openssl-1.0.2j.tar.gz
2) 설치 버전 : openssl 1.0.1u
3) 설치 위치 :/ccpkg/platform/apache/ssl
> tar -zxvf openssl-1.0.1u.tar.gz
> cd openssl-1.0.1u |
shared 를 추가 안하는 경우, .a 만 생성되며, 동적 lib (*. so)를 생성하려면, shared를 추가해 주어야 한다.
[apache 기본 설치]
1. Apache Compile 설치
1) 설치 버전 : apache 2.4.25
2) 설치 위치 : /ccpkg/platform/apache
> tar -zxvf httpd-2.4.25.tar.gz > cd httpd-2.4.25 |
3) MPM worker 사용 설정
> vi server/mpm/worker/worker.c (Define 값 수정) |
#define DEFAULT_SERVER_LIMIT 64 ==> 16->64 ..... #define DEFAULT_THREAD_LIMIT 256 ==> 64 -> 256 |
4) make 를 통한 configure 실행
- 설치 위치 : /ccpkg/platform/apache
- 빌드
( apr, apr-util, pcre, ssl 사전 설치)
> ./configure --prefix=/ccpkg/platform/apache --enable-mods-shared=most --enable-so --enable-proxy --enable-ssl --with-ssl=/ccpkg/platform/apache/ssl --with-mpm=worker --with-apr=/ccpkg/platform/apache/apr --with-apr-util=/ccpkg/platform/apache/apr --with-pcre=/ccpkg/platform/apache/pcre > make && make install |
<참고>
apache make 시 아래 에러 발생할 경우
exports.c:1929: error: redefinition of 'ap_hack_apr_allocator_create' exports.c:921: note: previous definition of 'ap_hack_apr_allocator_create' was here exports.c:1930: error: redefinition of 'ap_hack_apr_allocator_destroy' ..... |
configure 설정에 --with-apr-util=/ 경로... .누락 혹은 경로를 확인해보자!!
5) apache httpd.conf 설정
- 설치 경로로 이동
- 설치 위치 : /ccpkg/platform/apache/conf/httpd.conf
> vi httpd.conf
1> LoadMoudle 활성화(주석제거)
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so 주석 제거 #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so 주석 제거 #LoadModule ssl_module modules/mod_ssl.so 주석 제거, |
2> 사용자 변경
User nobody 로 변경 Group nobody 로 변경 ServerName localhost 로 수정 |
3> Symbolic link 제거
#Options Indexes FollowSymLinks (주석처리) |
4> Log 경로 변경
* ErrorLog 부분에 아래와 같이 수정 ErrorLog "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/error.log.%Y%m%d" * CustomLog 부분에 아래와 같이 수정 CustomLog "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/access.log.%Y%m%d" common |
5> Server-pool management (MPM specific)설정
#Include conf/extra/httpd-ssl.conf (#주석 제거) |
6> Secure (SSL/TLS) connections 설정
#Include conf/extra/httpd-ssl.conf (#주석 제거) |
7> 기타 설정 추가
ProxyRequests Off ==>설정 OFF ( Proxy 사용시 설정) ProxyVia Off ServerSignature Off ServerTokens ProductOnly RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS) RewriteRule .* - [F] KeepAlive On KeepAliveTimeout 30 ==> Session Timeout 30 초 MaxKeepAliveRequests 0
JkWorkersFile conf/workers.properties ==> workes File load JkLogLevel info JkLogFile "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/mod_jk.log.%Y%m%d" |
8> apache httpd-ssl.conf 설정 (./conf/extra/httpd-ssl.conf)
vi httpd-ssl.conf
<VirtualHost _default_:443> ServerName 127.0.0.1:443 ==>local ip로 수정 ErrorLog "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/%Y%m%d/ssl_error.log.%Y%m%d" TransferLog "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/%Y%m%d/ssl_access.log.%Y%m%d" CustomLog "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/%Y%m%d /ssl_request_log.%Y%m%d" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" |
9> JkMount 설정
JkMount /spl efss_spl JkMount /spl/* efss_spl
JkMount /ssl efss_ssl JkMount /ssl/* efss_ssl
JkMount /jkmanager/* jkstatus
<Location /jkmanager> JkMount jkstatus Order Deny,Allow Deny from all Allow from 192.0.0.1 </Location> |
10 > SSL 인증서 추가
(httpd-ssl.conf)
SSLCertificateFile "/ccpkg/platform/apache/conf/cert/server.host.crt" SSLCertificateKeyFile "/ccpkg/platform/apache/conf/cert/server.host.key" SSLCACertificateFile "/ccpkg/platform/apache/conf/cert/efss.crt" |
11 > HttpOnly / Secure
Header edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly;Secure" |
12 > MPM 설정
- httpd-mpm.conf (/ccpkg/platform/apache/conf/extra/httpd-mpm.conf)
- mpm worker 수정
<IfModule mpm_worker_module> StartServers 4 MinSpareThreads 256 MaxSpareThreads 512 ThreadsPerChild 64 MaxRequestWorkers 640 MaxConnectionsPerChild 0 </IfModule> |
httpd.conf 에서 Include conf/extra/httpd-mpm.conf 주석해제.
13 > Tomcat Connector 빌드 및 설치 (mod_jk 용)
1) download
http://apache.tt.co.kr/tomcat/tomcat-connectors/jk/
- 버전 : 1.2.42
2) 빌드
> tar -zxvf tomcat-connectors-1.2.42-src.tar.gz
> cd tomcat-connectors-1.2.42-src/native/
> ./configure --with-apxs=/ccpkg/platform/apache/bin/apxs
> make && make install
( 빌드 후 apache/modules/mod_jk.so 생성)
3) Apache option 설정 추가
> vi ./conf/httpd.conf
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties JkWorkersFile conf/workers.properties JkLogLevel info JkLogFile "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/mod_jk.lo g.%Y%m%d" |
4) workers.properties 생성
file 위치 : ./apache/conf/workers.properties
> vi workers.properties
worker.list=cc_common,cc_drive,cc_stream,cc_admin,cc_sms,jkstatus worker.cc_common1_1.port=8009 worker.cc_common1_1.host=127.0.0.2 worker.cc_common1_1.type=ajp13 worker.cc_common1_1.lbfactor=1 ... worker.cc_common.type=lb worker.cc_common.sticky_session=true worker.cc_common.balance_workers=cc_common1_1,cc_common2_1 worker.cc_drive1_1.port=8109 worker.cc_drive1_1.host=127.0.0.3 worker.cc_drive1_1.type=ajp13 worker.cc_drive1_1.lbfactor=1 ... worker.cc_drive.type=lb worker.cc_drive.sticky_session=true worker.cc_drive.set_session_cookie=true worker.cc_drive.session_cookie_path=/fsw <== sticky 처리 worker.cc_drive.balance_workers=cc_drive1_1,cc_drive2_1 worker.cc_stream1_1.port=8209 worker.cc_stream1_1.host=127.0.0.4 worker.cc_stream1_1.type=ajp13 .worker.cc_stream1_1.lbfactor=1 .. worker.cc_stream.type=lb worker.cc_stream.sticky_session=true worker.cc_stream.balance_workers=cc_stream1_1,cc_stream2_1 worker.cc_admin1_1.port=8309 worker.cc_admin1_1.host=127.0.0.5 worker.cc_admin1_1.type=ajp13 worker.cc_admin1_1.lbfactor=1 .... worker.cc_admin.type=lb worker.cc_admin.sticky_session=true worker.cc_admin.balance_workers=cc_admin1_1,cc_admin2_1 |
[ 기타 설정 ]
1. Apache root 이외 권한으로 실행 방법
1) ./bin/httpd 파일에 setuid 실행 권한 추가
- 적용방법 : chmod 4755 httpd
- 적용결과 :
[root@cl-EFSS-linux04 bin]# ls -al httpd -rwxr-xr-x. 1 root root 2055403 2016-12-21 14:50 httpd [root@cl-EFSS-linux04 bin]# chmod 4755 httpd [root@cl-EFSS-linux04 bin]# ls -al httpd -rwsr-xr-x. 1 root root 2055403 2016-12-21 14:50 httpd [root@cl-EFSS-linux04 bin]# |
2) 파일 다른 Other User의 읽기 / 쓰기 권한 추가 (파일/폴더)
./apache/conf
./apache/conf/httpd.conf
./apache/conf/extra
./conf/extra/httpd-mpm.conf
[ Apache disable Cache 설정 ]
1) vi ./apache/conf/httpd.conf
아래 모듈 활성화 (# 제거)
LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so |
[ 추가 사용 모듈 설정 ]
1) vi ./apache/conf/httpd.conf
아래 모듈 활성화 (# 제거)
1> Proxy
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so LoadModule proxy_scgi_module modules/mod_proxy_scgi.so LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_express_module modules/mod_proxy_express.so LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so LoadModule ssl_module modules/mod_ssl.so LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so |
2. Start / Stop scrit 생성
1) start
vi start.sh
#!/bin/sh # check user USER=`whoami` if [ ${USER} != 'root' ]; then ## 위 1-1) 적용시 불필요 (root 실행시만) echo '' echo 'please!!!' echo "login root." echo '' exit 1 fi . `dirname $0`/base.sh $APACHE_HOME/bin/apachectl start |
2) stop
vi stop.sh
#!/bin/sh . `dirname $0`/base.sh $APACHE_HOME/bin/apachectl stop |
3) base
vi base.sh
#!/bin/sh export APACHE_HOME=/ccpkg/platform/apache export LD_LIBRARY_PATH=$APACHE_HOME/ssl/lib export TZ=GMT |