RHCE : HTTP/HTTPS – 가상 호스트 구성

RHCE 주제입니다. CertDepot 사이트를 번역 및 내용 추가하였으며, 컨텐츠 관련 모든 권리는 CertDepot에 있습니다.

사전 준비사항

Dependencies Resolved

================================================================================ Package Arch Version Repository Size ================================================================================ Installing for group install “웹 서버”: crypto-utils x86_64 2.4.1-42.el7 RHELREPO 78 k httpd x86_64 2.4.6-17.el7.centos.1 RHELREPO 2.7 M httpd-manual noarch 2.4.6-17.el7.centos.1 RHELREPO 1.3 M mod_fcgid x86_64 2.3.9-4.el7 RHELREPO 79 k mod_ssl x86_64 1:2.4.6-17.el7.centos.1 RHELREPO 97 k Installing for dependencies: apr x86_64 1.4.8-3.el7 RHELREPO 103 k apr-util x86_64 1.5.2-6.el7 RHELREPO 92 k httpd-tools x86_64 2.4.6-17.el7.centos.1 RHELREPO 77 k mailcap noarch 2.1.41-2.el7 RHELREPO 31 k perl-Newt x86_64 1.08-36.el7 RHELREPO 64 k

Transaction Summary

Install 5 Packages (+5 Dependent packages)

Total download size: 4.6 M Installed size: 16 M Downloading packages: (1/10): apr-1.4.8-3.el7.x86_64.rpm | 103 kB 00:00
(2/10): crypto-utils-2.4.1-42.el7.x86_64.rpm | 78 kB 00:00
(3/10): httpd-2.4.6-17.el7.centos.1.x86_64.rpm | 2.7 MB 00:00
(4/10): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00
(5/10): httpd-manual-2.4.6-17.el7.centos.1.noarch.rpm | 1.3 MB 00:00
(6/10): httpd-tools-2.4.6-17.el7.centos.1.x86_64.rpm | 77 kB 00:00
(7/10): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:00
(8/10): mod_ssl-2.4.6-17.el7.centos.1.x86_64.rpm | 97 kB 00:00
(9/10): perl-Newt-1.08-36.el7.x86_64.rpm | 64 kB 00:00
(10/10): mod_fcgid-2.3.9-4.el7.x86_64.rpm | 79 kB 00:00
——————————————————————————– Total 10 MB/s | 4.6 MB 00:00
Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : apr-1.4.8-3.el7.x86_64 1/10 Installing : apr-util-1.5.2-6.el7.x86_64 2/10 Installing : httpd-tools-2.4.6-17.el7.centos.1.x86_64 3/10 Installing : mailcap-2.1.41-2.el7.noarch 4/10 Installing : httpd-2.4.6-17.el7.centos.1.x86_64 5/10 Installing : perl-Newt-1.08-36.el7.x86_64 6/10 Installing : crypto-utils-2.4.1-42.el7.x86_64 7/10 Installing : mod_fcgid-2.3.9-4.el7.x86_64 8/10 Installing : httpd-manual-2.4.6-17.el7.centos.1.noarch 9/10 Installing : 1:mod_ssl-2.4.6-17.el7.centos.1.x86_64 10/10 Verifying : mod_fcgid-2.3.9-4.el7.x86_64 1/10 Verifying : httpd-2.4.6-17.el7.centos.1.x86_64 2/10 Verifying : perl-Newt-1.08-36.el7.x86_64 3/10 Verifying : httpd-manual-2.4.6-17.el7.centos.1.noarch 4/10 Verifying : mailcap-2.1.41-2.el7.noarch 5/10 Verifying : apr-1.4.8-3.el7.x86_64 6/10 Verifying : apr-util-1.5.2-6.el7.x86_64 7/10 Verifying : 1:mod_ssl-2.4.6-17.el7.centos.1.x86_64 8/10 Verifying : httpd-tools-2.4.6-17.el7.centos.1.x86_64 9/10 Verifying : crypto-utils-2.4.1-42.el7.x86_64 10/10

Installed: crypto-utils.x86_64 0:2.4.1-42.el7
httpd.x86_64 0:2.4.6-17.el7.centos.1
httpd-manual.noarch 0:2.4.6-17.el7.centos.1
mod_fcgid.x86_64 0:2.3.9-4.el7
mod_ssl.x86_64 1:2.4.6-17.el7.centos.1

Dependency Installed: apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7
httpd-tools.x86_64 0:2.4.6-17.el7.centos.1 mailcap.noarch 0:2.1.41-2.el7
perl-Newt.x86_64 0:1.08-36.el7

Complete! [root@server2 ~]#

##### 2. (만약에 DNS 서버를 구축하지 않았거나, DNS 서버에 서버를 등록이 불가능한 경우) `/etc/hosts` 파일을 열고, ip 주소와 서버의 도메인 이름을 다음과 같이 추가한다.

[root@server2 ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 1.2.3.4 server2.4am.kr ~
~
~
~
~
~
~
~
~
~
– 끼워넣기 – 1,32 모두 [root@server2 ~]#

노트: 이 부분은 필수가 아니지만, 경고 메시지를 방지해준다.
추가로, **ServerName** 디렉티브를 `/etc/httpd/conf/httpd.conf`파일에 설정할 수 있다.

##### 3. 서비스를 부팅시에 활성화하고 시작한다.

[root@server2 ~]# systemctl enable httpd && systemctl start httpd ln -s ‘/usr/lib/systemd/system/httpd.service’ ‘/etc/systemd/system/multi-user.target.wants/httpd.service’ [root@server2 ~]#

##### 4. HTTP, HTTPS 서비스를 방화벽 설정에 추가하고, 다시 방화벽을 로드한다.

[root@server2 ~]# firewall-cmd –permanent –add-service=http success [root@server2 ~]# firewall-cmd –permanent –add-service=https success [root@server2 ~]# firewall-cmd –reload success [root@server2 ~]#

## 설정하기
* 설정해야 할 웹사이트를 `server2.4am.kr`이라고 하자.
##### 1. `/var/www/html/server2.4am.kr` 디렉토리를 생성한다.

[root@server2 ~]# cd /var/www/html/ [root@server2 html]# mkdir server2.4am.kr [root@server2 html]#

##### 2. `index.html` 파일을 만들고, 올바른 **SELinux** 컨텍스트를 정의한다.

[root@server2 html]# echo “This is a testpage of server2.4am.kr.” > server2.4am.kr/index.html [root@server2 html]# restorecon -R server2.4am.kr [root@server2 html]#

##### 3. `/etc/httpd/conf.d/vhosts.conf`파일을 생성하고 다음 줄들을 붙여넣기한다.

[root@server2 html]# cd /etc/httpd/conf.d [root@server2 conf.d]# vim vhosts.conf <VirtualHost *:80> ServerAdmin webmaster@4am.kr DocumentRoot /var/www/html/server2.4am.kr ServerName server2.4am.kr ErrorLog logs/server2.4am.kr-error_log CustomLog logs/server2.4am.kr-access_log common </VirtualHost> ~
~
~
~
~
~
– 끼워넣기 – 2,15 모두 [root@server2 conf.d]#

##### 4. 선택적으로 `/etc/httpd/conf.d/ssl.conf`파일을 이름을 변경할 수 있다. 만약 이름을 변경하지 않는다면 작동하지 않는 `https` 설정에 있는 가상 호스트가 표시될 것이다.

[root@server2 conf.d]# mv ssl.conf ssl.conf2 [root@server2 conf.d]#

##### 5. **설정**의 유효성을 확인한다.

[root@server2 conf.d]# apachectl configtest AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using server2.example.com. Set the ‘ServerName’ directive globally to suppress this message Syntax OK [root@server2 conf.d]# vim vhosts.conf [root@server2 conf.d]#

노트: `httpd -t`를 통해서도 확인할 수 있다.

##### 6. `httpd`서비스를 재시작한다.

[root@server2 conf.d]# apachectl restart [root@server2 conf.d]#

노트1: `systemctl restart httpd`를 통해서도 재시작이 가능하다.
노트2: 마이너한 설정 변경이라면, 현재 접속을 손실하지 않고, **Apache** 데몬의 재시작만으로도 가능할 수 있다(`apachectl graceful`).

##### 7. 가상 호스트 설정을 확인한다.

[root@server2 conf.d]# httpd -D DUMP_VHOSTS AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using server2.example.com. Set the ‘ServerName’ directive globally to suppress this message VirtualHost configuration: *:80 is a NameVirtualHost default server server2.4am.kr (/etc/httpd/conf.d/vhosts.conf:1) port 80 namevhost server2.4am.kr (/etc/httpd/conf.d/vhosts.conf:1) port 80 namevhost server2.4am.kr (/etc/httpd/conf.d/vhosts.conf:1) [root@server2 conf.d]#

##### 8-1. 테스트하기(by elinks) - 설정을 확인한다.

[root@server2 ~]# yum install -y elinks Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile Resolving Dependencies –> Running transaction check —> Package elinks.x86_64 0:0.12-0.36.pre6.el7 will be installed –> Processing Dependency: libnss_compat_ossl.so.0()(64bit) for package: elinks-0.12-0.36.pre6.el7.x86_64 –> Running transaction check —> Package nss_compat_ossl.x86_64 0:0.9.6-8.el7 will be installed –> Finished Dependency Resolution

Dependencies Resolved

================================================================================ Package Arch Version Repository Size ================================================================================ Installing: elinks x86_64 0.12-0.36.pre6.el7 RHELREPO 882 k Installing for dependencies: nss_compat_ossl x86_64 0.9.6-8.el7 RHELREPO 37 k

Transaction Summary

Install 1 Package (+1 Dependent package)

Total download size: 919 k Installed size: 2.7 M Downloading packages: (1/2): elinks-0.12-0.36.pre6.el7.x86_64.rpm | 882 kB 00:00
(2/2): nss_compat_ossl-0.9.6-8.el7.x86_64.rpm | 37 kB 00:00
——————————————————————————– Total 4.0 MB/s | 919 kB 00:00
Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : nss_compat_ossl-0.9.6-8.el7.x86_64 1/2 Installing : elinks-0.12-0.36.pre6.el7.x86_64 2/2 Verifying : elinks-0.12-0.36.pre6.el7.x86_64 1/2 Verifying : nss_compat_ossl-0.9.6-8.el7.x86_64 2/2

Installed: elinks.x86_64 0:0.12-0.36.pre6.el7

Dependency Installed: nss_compat_ossl.x86_64 0:0.9.6-8.el7

Complete! [root@server2 ~]# elinks http://server2.4am.kr ``` vhost-test-elinks-server2-4am-kr

8-2. 테스트하기(by 일반적인 브라우저) - 설정을 확인한다.

vhost-test-browser-server2-4am-kr

at4am의 프로필 이미지

at4am

2016년 05월 04일

글쓴이의 더 많은 글 읽어보기