OpenSource

[Apache] Httpd 서버 설치

아르비스 2017. 2. 13. 14:36

Apache Httpd 설치

<사전 Lib 설치>

1.     Apr (Apache Portable Runtime)

A.     설치버전 : apr 1.5.2

B.      설치경로 : /ccpkg/platform/apache/apr/

C.      Download : http://apache.mirror.cdnetworks.com//apr/apr-1.5.2.tar.gz

D.     설치 Process

                         i.         tar –zxvf apr-1.5.2.tar.gz

                        ii.         cd apr-1.5.2

                       iii.         ./configure --prefix=/ccpkg/platform/apache/apr/

                       iv.         make && make install

 

2.     Apr Util (Apache Portable Runtime Util)

A.     설치버전 :  apr-util 1.5.4

B.      설치경로 : /ccpkg/platform/apache/apr/

C.      Download : http://apache.mirror.cdnetworks.com//apr/apr-util-1.5.4.tar.gz

D.     설치 Process

                         i.         tar -zxvf apr-util-1.5.4.tar.gz

                        ii.         cd apr-util-1.5.4

                       iii.         ./configure --prefix=/ccpkg/platform/apache/apr/ --with-apr=/ccpkg/platform/apache/apr/

                       iv.         make && make install

 

3.      pcre (Perl Compatible Regular Expressions)

A.     설치버전 : pcre 8.40

B.      설치경로 : /ccpkg/platform/apache/pcre/

C.      Download : https://ftp.pcre.org/pub/pcre/pcre-8.40.tar.gz

D.     설치 Process

                         i.         tar -zxvf pcre-8.40.tar.gz

                        ii.         cd pcre-8.40

                       iii.         ./configure --prefix=/ccpkg/platform/apache/pcre/ --with-apr=/ccpkg/platform/apache/apr/bin --with-apr-util=/ccpkg/platform/apache/apr/bin

                       iv.         make && make install

 

4.      cronolog

A.     설치버전 : 1.6.2

B.      설치경로 : /ccpkg/platform/apache/bin

C.      Download : http://pkgs.fedoraproject.org/repo/pkgs/cronolog/cronolog-1.6.2.tar.gz/a44564fd5a5b061a5691b9a837d04979/cronolog-1.6.2.tar.gz

D.     설치 Process

                         i.         tar –zxvf cronolog-1.6.2.tar.gz

                        ii.         cd cronolog-1.6.2

                       iii.         ./configure --prefix=/ccpkg/platform/apache/bin

                       iv.         make && make install

 

5.     Open SSL

A.     설치버전 : 1.0.2k

B.      설치경로 : /ccpkg/platform/apache/s

C.      Download : https://www.openssl.org/source/openssl-1.0.2k.tar.gz

D.     설치 Process

                         i.         tar –zxvf openssl-1.0.2k.tar.gz

                        ii.         cd openssl-1.0.2k

                       iii.         ./config --prefix=/ccpkg/platform/apache/ssl shared

                       iv.         make && make install

 

6.      Apache HTTP Server Project

A.     설치버전 : httpd 2.4.25

B.      설치경로 : /ccpkg/platform/apache

C.      Download : http://apache.tt.co.kr//httpd/httpd-2.4.25.tar.gz

D.     설치 Process

                         i.         tar –zxvf httpd-2.4.25.tar.gz

                        ii.         MPM worker 사용을 위한 설정 변경

1.      /usr/local/src/httpd-2.4.9/server/mpm/worker/worker.c 파일에서 아래 define 값으로 수정

#define DEFAULT_SERVER_LIMIT 64

#define DEFAULT_THREAD_LIMIT 256

                       iii.         cd httpd-2.4.25

                       iv.         ./configure --prefix=/ccpkg/platform/apache --enable-mods-shared=most --enable-so --enable-proxy --enable-ssl --with-ssl=/ccpkg/platform/apache/ssl --with-mpm=worker --with-apr=/ccpkg/platform/apache/apr --with-apr-util=/ccpkg/platform/apache/apr --with-pcre=/ccpkg/platform/apache/pcre

                        v.         make && make install

                       vi.         vi /ccpkg/platform/apache/conf/httpd.conf

1.      LoadModule 추가(주석제거)

LoadModule slotmem_shm_module modules/mod_slotmem_shm.so

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

LoadModule ssl_module modules/mod_ssl.so

2.      실행 계정 변경(apache 계정 존재: adduser apache)

User apache 로 변경

Group apache 로 변경

ServerName localhost(xxx.xxx.xxx.xxx) 로 수정

3.      HTTP Header 권한(사용) 설정

<Directory />

    <LimitExcept GET POST HEAD>

        Order deny,allow

        Deny from all

    </LimitExcept>

AllowOverride All

    Require all denied

</Directory>

4.       Options Indexes FollowSymLinks 부분 주석처리 (<Directory 내부 )

#Options Indexes FollowSymLinks

5.      Log 위치 변경 및 lotatelogs 설정

(다음과 같이 수정)

ErrorLog "| /ccpkg/platform/apache/bin/sbin/cronolog /ccdata/logs/platform/apache/%Y%m /error.log.%Y%m%d"

CustomLog "| /ccpkg/platform/apache/bin/sbin/cronolog /ccdata/logs/platform/apache/%Y%m /access.log.%Y%m%d" common

6.      Proxy Type 설정

(On : Forward Proxy / Off : Reverse Proxy)

ProxyRequests Off

ProxyVia Off

 

7.      Apache 보안설정

(Apache Version 정보 숨기기)

ServerSignature Off

ServerTokens Prod

TraceEnable off

 

8.      세션 설정

KeepAlive On

KeepAliveTimeout 30

MaxKeepAliveRequests 0

 

9.      server-status 설정 추가, IP 추가

<Location /server-status>

    SetHandler server-status

    Order Deny,Allow

    Deny from all

    Allow from xxx.xxx.xxx.xxx

</Location>

 

10.    HTTPS Redirect 설정 (HTTPS only)

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)

RewriteRule .* - [F]

 

11.    Jk Module 추가

LoadModule jk_module modules/mod_jk.so

JkWorkersFile conf/workers.properties

JkLogLevel info

JkLogFile "| /ccpkg/platform/apache/bin/sbin/cronolog /ccdata/logs/platform/apache/.%Y%m /mod_jk.log.%Y%m%d"

 

12.    httpd-mpm 설정

A.     httpd-mpm configuration load (주석제거)

Include conf/extra/httpd-mpm.conf

B.      mpm worker config (apache/conf/extra/httpd-mpm.conf 수정)

<IfModule mpm_worker_module>

    StartServers                4

MinSpareThreads         256

    MaxSpareThreads         512

    ThreadsPerChild           64

    MaxRequestWorkers      640

    MaxConnectionsPerChild    0

</IfModule>

 

13.    HTTPS(SSL) 설정

A.     Httpd-ssl configuration load (주석제거)

Include conf/extra/httpd-ssl.conf

 

14.     Apache HTTPS 설정 (/apache/conf/extra/httpd-ssl.conf)

A.     Virtual Host 설정 (Multi 설정 가능)

<VirtualHost *:443>

ServerName DNS.example.com:443

….

</VirtualHost>

B.      인증서 설정 (Virtual Host별 설정)

SSLEngine on

SSLCertificateFile "/ccpkg/platform/apache/conf/cert/server.host.crt"

SSLCertificateKeyFile "/ccpkg/platform/apache/conf/cert/server.host.key"

SSLCACertificateFile "/ccpkg/platform/apache/conf/cert/ca.crt"

 

C.      Log 설정 (Virtual Host 별 설정가능)

ErrorLog "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/%Y%m%d/ssl_error.log.%Y%m%d"

TransferLog "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/%Y%m%d/ssl_access.log.%Y%m%d"

CustomLog "| /ccpkg/platform/apache/bin/cronolog /ccdata/logs/platform/apache/%Y%m%d/ssl_request_log.%Y%m%d" \

         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

D.     Browser 보안 설정(httpOnly, Secure Browser cookie 설정)

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

 

                      vii.         Apache 실행 계정 권한 변경

1.      일반계정 실행 가능 권한 추가

cd /ccpkg/platform/apache/bin

chmod 4775 httpd

 적용결과

-rwsr-xr-x  1 root root 1217098 Feb 28 10:44 httpd

 

2.      읽기/쓰기권한 추가

chmod g+w /ccpkg/platform/apache/conf

chmod g+w /ccpkg/platform/apache/conf/httpd.conf

chmod g+w /ccpkg/platform/apache/conf/extra

chmod g+w /ccpkg/platform/apache/conf/extra/httpd-mpm.conf

chmod g+w /ccpkg/platform/apache/conf/extra/httpd-ssl.conf

 

                     viii.          Apache 실행 / 종료

1.      Start

/ccpkg/platform/apache/bin/apachectl start

2.      Stop

/ccpkg/platform/apache/bin/apachectl stop

 

7.      Tomcat Connector 설지

A.     설치버전 : tomcat connector 1.2.42

B.      설치경로 : /ccpkg/platform/apache/bin/

C.      Download : http://apache.mirror.cdnetworks.com/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.42-src.tar.gz

D.     설치 Process

                         i.         tar –zxvf tomcat-connectors-1.2.42-src.tar.gz

                        ii.         cd tomcat-connectors-1.2.42-src

                       iii.         ./configure --with-apxs=/ccpkg/platform/apache/bin/apxs

                       iv.         make && make install

 

8.       Apache Balancer 설정

A.     JkMount

                         i.         Routing

JkMount /ios   cc_common

JkMount /ios/* cc_common

 

JkMount /fsw   cc_drive

JkMount /fsw/* cc_drive

 

JkMount /snw   cc_stream

JkMount /snw/* cc_stream

                        ii.          Worker 설정

vi workers.properties

worker.list=cc_common,cc_drive,cc_stream,cc_admin, jkstatus

 

worker.cc_common1_1.port=8009

worker.cc_common1_1.host={WAS IP}

worker.cc_common1_1.type=ajp13

worker.cc_common1_1.lbfactor=1

 

worker.cc_common.type=lb

worker.cc_common.sticky_session=true

worker.cc_common.balance_workers=cc_common1_1

 

 

worker.cc_drive1_1.port=8109

worker.cc_drive1_1.host={WAS IP}

worker.cc_drive1_1.type=ajp13

worker.cc_drive1_1.lbfactor=1

 

worker.cc_drive2_1.port=8109

worker.cc_drive2_1.host={WAS IP}

worker.cc_drive2_1.type=ajp13

worker.cc_drive2_1.lbfactor=1

 

 

worker.cc_drive.type=lb

worker.cc_drive.sticky_session=true

worker.cc_drive.set_session_cookie=true

worker.cc_drive.session_cookie_path=/fsw     #sticky cookie 설정

worker.cc_drive.balance_workers=cc_drive1_1, cc_drive2_1

 

 

 

                       iii.          

B.      ProxyPass 로 설정 방법

### Driver ###

Header add Set-Cookie "ROUTEID=FSWSESSION.%{BALANCER_WORKER_ROUTE}e; path=/fsw; Secure; HttpOnly" env=BALANCER_ROUTE_CHANGED

 

ProxyPass /fsw balancer://syfswcluster/fsw

ProxyPassReverse /fsw balancer://syfswcluster/fsw

 

<Proxy balancer://syfswcluster>

BalancerMember ajp://{was1 IP}:9109 loadfactor=1 route=ioffice_fsw1_1 timeout=240

BalancerMember ajp://{was2 IP}:9109 loadfactor=1 route=ioffice_fsw2_1 timeout=240

ProxySet stickysession=ROUTEID

ProxySet lbmethod=byrequests

</Proxy>

 

 

저작자표시 비영리 변경금지

'OpenSource'의 다른글

  • 현재글[Apache] Httpd 서버 설치

관련글

티스토리툴바