우분투 APM 설치 [Ubuntu 22.04.5..]
설치된 우분투 서버에 APM을 설치 진행합니다. 우분투 APM 설치 버전은 apache 2.4 php 7.4 mariadb 10.11 버전으로 설치를 진행합니다.
우분투 APM 설치
Ubuntu 22.04.5
Apache 2.4
php 7.4
mariadb 10.11
✅ 패키지 업데이트 및 apache2 설치
업데이트, 업그레이드 이후 아파치 설치를 진행합니다. 설치 후 버전 및 상태 확인을 진행하여 정상 설치 및 구동 상태를 확인합니다.
apt update
apt upgrade
apt install apache2
apache2 -v
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2025-04-03T09:05:48
systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2025-05-07 14:29:09 KST; 18h ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 61136 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Main PID: 56805 (apache2)
Tasks: 10 (limit: 4531)
Memory: 97.6M
CPU: 1min 41.235s
CGroup: /system.slice/apache2.service
├─56805 /usr/sbin/apache2 -k start
├─61147 /usr/sbin/apache2 -k start
### 생략 ###🔲 방화벽 설정 확인
ufw 명령어로 ssh 포트 80번 ufw status 명령어로 열린 포트를 확인합니다.
ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
ufw allow 22
ufw allow 'Apache'
ufw status✅ MariaDB 설치
10.11 버전 설치를 위한 사전 작업(curl은 이미 설치 확인)을 진행합니다.
apt install apt-transport-https curl # APT가 HTTPS 프로토콜 및 curl 다운로드
apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc' # APT가 외부 저장소의 패키지를 신뢰하도록 GPG 키를 등록▼ /etc/apt/sources.list 파일 하단에 아래 내용을 붙여 넣어 줍니다.
vi /etc/apt/sources.list # sources.list 파일은 패키지 저장소 목록을 어디로 받을지 정의한 파일
### 생략 ###
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security main restricted
deb http://security.ubuntu.com/ubuntu/ jammy-security universe
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security universe
deb http://security.ubuntu.com/ubuntu/ jammy-security multiverse
# deb-src http://security.ubuntu.com/ubuntu/ jammy-security multiverse
deb https://mirrors.xtom.jp/mariadb/repo/10.11/ubuntu jammy main
:wq # 저장하고 나가기▼ 업데이트 후 MariaDB 설치를 진행합니다.
apt-get update
apt install -y mariadb-server mariadb-client
# mariadb-server 일반 데이터베이스 운영 | mariadb-client : mysql MariaDB 등의 명령어 수행이나 하이디SQL 접속을 가능하게 해주는 패키지
mariadb -V # 정상 설치되었는지 버전 확인
mariadb Ver 15.1 Distrib 10.11.11-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper▼ mysql_secure_installation 명령으로 기본 보안 설정 4가지를 진행하겠습니다.
🛡️ 순서
- root 비밀번호 설정
- root 계정에 비밀번호가 없다면 설정하게 함.
- 익명 사용자 삭제
- 기본적으로 설치된 익명 계정을 제거함.
- 원격 root 접속 차단
- 보안 강화를 위해 로컬에서만 root 계정 사용 가능하게 함.
- test 데이터베이스 제거
- 누구나 접근 가능한
testDB 삭제.
- 누구나 접근 가능한
- 권한 테이블 다시 로드
- 변경 사항을 즉시 반영.
mysql_secure_installation
# mariadb_secure_installation 명령어는 없는 점 확인.
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] y
Enabled successfully!
Reloading privilege tables..
... Success!
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
systemctl start mariadb
systemctl enable mariadb✅ php 7.4 설치 진행
외부저장소(PPA 등) 추가 및 관리를 위한 필수 패키지 설치하겠습니다. add-apt-repository 저장소 추가를 가능하게 할 소프트웨어 설치를 먼저 진행합니다.
apt-get install -y software-properties-common
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
software-properties-common is already the newest version (0.99.22.9).
0 upgraded, 0 newly installed, 0 to remove and 11 not upgraded.▼ php 빌드패키지가 있는 ppa:ondrej/php PPA 저장소를 추가합니다.
add-apt-repository ppa:ondrej/php
PPA publishes dbgsym, you may need to include 'main/debug' component
Repository: 'deb https://ppa.launchpadcontent.net/ondrej/php/ubuntu/ jammy main'
Description:
Co-installable PHP versions: PHP 5.6, PHP 7.x, PHP 8.x and most requested extensions are included. Packages are provided for *Current* Ubuntu *LTS* releases (https://wiki.ubuntu.com/Releases). Expanded Security Maintenance releases ARE NOT supported.
Debian stable, oldstable and Debian LTS packages are provided from a separate repository: https://deb.sury.org/#debian-dpa
You can get more information about the packages at https://deb.sury.org
BUGS&FEATURES: This PPA has a issue tracker:
https://deb.sury.org/#bug-reporting
### 생략 ##▼ 이제 php 7.4 설치 및 PHP 추가할 패키지를 같이 설치합니다.
apt-get install -y php7.4 php7.4-{gd,mbstring,mysql,soap,json,intl,zip,xml,xmlrpc,cli,xsl}
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
libapache2-mod-php7.4
Suggested packages:
php-pear
The following NEW packages will be installed:
libapache2-mod-php7.4 php7.4 php7.4-cli php7.4-gd php7.4-intl php7.4-json php7.4-mbstring php7.4-mysql php7.4-soap php7.4-xml php7.4-xmlrpc php7.4-xsl
php7.4-zip
0 upgraded, 13 newly installed, 0 to remove and 11 not upgraded.
Need to get 0 B/4,290 kB of archives.
After this operation, 13.0 MB of additional disk space will be used.
Selecting previously unselected package php7.4-json.
(Reading database ... 112656 files and directories currently installed.)
Preparing to unpack .../00-php7.4-json_1%3a7.4.33-18+ubuntu22.04.1+deb.sury.org+1_amd64.deb ...
Unpacking php7.4-json (1:7.4.33-18+ubuntu22.04.1+deb.sury.org+1) ...
Selecting previously unselected package php7.4-cli.
Preparing to unpack .../01-php7.4-cli_1%3a7.4.33-18+ubuntu22.04.1+deb.sury.org+1_amd64.deb ...
Unpacking php7.4-cli (1:7.4.33-18+ubuntu22.04.1+deb.sury.org+1) ...
Selecting previously unselected package libapache2-mod-php7.4.
Preparing to unpack .../02-libapache2-mod-php7.4_1%3a7.4.33-18+ubuntu22.04.1+deb.sury.org+1_amd64.deb ...
Unpacking libapache2-mod-php7.4 (1:7.4.33-18+ubuntu22.04.1+deb.sury.org+1) ...
Selecting previously unselected package php7.4.
#### 생략 ###
# php 버전 혹인 #
php -v
PHP 7.4.33 (cli) (built: Dec 24 2024 07:11:50) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.33, Copyright (c), by Zend Technologies✅ 우분투 APM 설정
1. apache2.conf 설정
디렉토리 Directory /var/www/ 경로를 주석 처리하는 이유는 apache2.conf 설정 이후 새로 생성할 /etc/apache2/sites-available/virtual.conf 파일에서 /home/myhost/www 디렉토리로 경로 설정을 변경하기 위해서입니다.
vi /etc/apache2/apache2.conf
# 디렉토리 확장자 추가: 없어도 구동은 되지만 워드프레스 같은 index.php만 사용하면 한개만, 다른 index.html을 사용하는 웹사이트가 있면 index.html 설정을 추가로 해줄 수 있습니다.
<IfModule dir_module>
DirectoryIndex index.php index.html index.htm
</IfModule>2. 기존 파일 비활성화 및 새로 생성한 파일 활성화
/etc/apache2/sites-available/
├── 000-default.conf
├── 000-default-le-ssl.conf
├── default-ssl.conf
├── virtual.conf ← 사용하고자 하는 설정 파일
/etc/apache2/sites-enabled/
└── virtual.conf → ../sites-available/virtual.conf (심볼릭 링크만 존재)기존 3개 파일의 파일 명을 수정합니다.
mv 000-default-le-ssl.conf 000-default-le-ssl.conf_ori
mv 000-default.conf 000-default.conf_ori
mv default-ssl.conf_o default-ssl.conf_ori
vi /etc/apache2/sites-available/virtual.conf
<VirtualHost *:80>
ServerAdmin webmaster@ubuntu.mydomain.com
ServerName ubuntu.mydomain.co
DocumentRoot /home/myhost/www
<Directory /home/myhost/www>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</Directory>
ErrorLog ${APACHE_LOG_DIR}/ubuntu_error.log
CustomLog ${APACHE_LOG_DIR}/ubuntu_access.log combined
</VirtualHost>
:wq
systemctl restart apache2
