1. 연동 서버 이미지 및 실행 파일 설치 ( cmd 실행 )
:: docker toolbox 로 이용하여 도커 사용시 아래 명령어를 이용하여 docker toolbox 실행
:: docker-machine start
:: centos 이미지 확인
:: [ https://hub.docker.com/ ] 에서 태그(버전) 확인
docker search centos
:: centos7 이미지 다운로드
docker pull centos:7
:: centos7 이미지 다운로드 확인
docker images
:: centos7 bandit 이라는 이름으로 설치
:: -d : background 로 실행
:: -p : 포트 포워딩
:: -it : 터미널 입력모드 사용
:: --privileged ~ init : systemctl 명령을 사용할 수 있도록 함
:: --cap-add : docker를 실행하는 OS 파라미터에 해당하는 내역을 동기화
docker run --privileged --cap-add=SYS_TIME -d -it -p 2024:22 -p 80:80 -p 8080:8080 -p 443:443 --name apache centos:7 init
:: 설치 내역 확인
docker ps -a
:: 설치한 bandit bash 쉘로 접속 접속
docker exec -it apache /bin/bash
2. 연동 서버 접속 SSH 설치 ( bash 접속 상태 )
# ssh 설치
yum install -y openssh-server
sed -i 's/^Port.*//g' /etc/ssh/sshd_config
sed -i 's/^#Port.*//g' /etc/ssh/sshd_config
echo "Port 22" >> /etc/ssh/sshd_config
sed -i 's/^#PasswordAuthentication.*//g' /etc/ssh/sshd_config
sed -i 's/^PasswordAuthentication.*//g' /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
# root 비밀번호 설정
echo -e "root\nroot" | passwd
systemctl restart sshd
systemctl enable sshd
3. 연동 서버 SSH 접속( cmd 실행 )
:: docker-toolbox로 실행시 docker-toolbox 에 해당하는 ip로 접속해야함
:: 일반 도커 사용시 pc 아이피로 진행
:: docker-toolbox ip 확인
docker-machine ip
ssh root@192.168.99.101 -p 2220
4. APACHE 서버 설치
yum -y install wget
yum -y install libtool
yum -y install make
yum -y install gcc-c++
yum -y install pcre-devel
mkdir -p /app/install /app/temp
wget https://downloads.apache.org/httpd/httpd-2.4.55.tar.gz -O /app/install/httpd-2.4.55.tar.gz
wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz -O /app/install/apr-1.7.0.tar.gz
wget https://downloads.apache.org/apr/apr-util-1.6.1.tar.gz -O /app/install/apr-util-1.6.1.tar.gz
wget https://github.com/libexpat/libexpat/releases/download/R_2_2_10/expat-2.2.10.tar.gz -O /app/install/expat-2.2.10.tar.gz
wget --no-check-certificate https://ftp.exim.org/pub/pcre/pcre-8.44.tar.gz -O /app/install/pcre-8.44.tar.gz
wget --no-check-certificate https://www.openssl.org/source/openssl-1.1.1i.tar.gz -O /app/install/openssl-1.1.1i.tar.gz
mkdir -p /app/server/apache/2.4.55/
rm -rf /app/temp/*
mkdir -p /app/temp/httpd /app/temp/apr /app/temp/expat /app/temp/apr-util /app/temp/pcre /app/temp/openssl
mkdir -p /app/util/apr /app/util/apr-util /app/util/expat /app/util/pcre /app/util/openssl
tar xvfz /app/install/apr-1.7.0.tar.gz -C /app/temp/apr --strip-components=1
cd /app/temp/apr
cp -arp libtool libtoolT
/app/temp/apr/configure --prefix=/app/util/apr
cp -arp libtool libtoolT
/app/temp/apr/configure --prefix=/app/util/apr
make && make install
tar xvfz /app/install/expat-2.2.10.tar.gz -C /app/temp/expat --strip-components=1
cd /app/temp/expat
/app/temp/expat/configure --prefix=/app/util/expat
make && make install
tar xvfz /app/install/apr-util-1.6.1.tar.gz -C /app/temp/apr-util --strip-components=1
cd /app/temp/apr-util
/app/temp/apr-util/configure --prefix=/app/util/apr-util --with-apr=/app/util/apr --with-expat=/app/util/expat
make && make install
tar xvfz /app/install/pcre-8.44.tar.gz -C /app/temp/pcre --strip-components=1
cd /app/temp/pcre
/app/temp/pcre/configure --enable-utf8 --prefix=/app/util/pcre
make && make install
tar xvfz /app/install/openssl-1.1.1i.tar.gz -C /app/temp/openssl --strip-components=1
cd /app/temp/openssl
/app/temp/openssl/config --prefix=/app/util/openssl --openssldir=/app/util/openssl
make && make install
export LD_LIBRARY_PATH=/app/util/openssl/lib
sed -i "s/LD_LIBRARY_PATH=.*//g" /root/.bash_profile
sed -i "s/export LD_LIBRARY_PATH//g" /root/.bash_profile
cat <<BASH_SETTING >> /root/.bash_profile
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/app/util/openssl/lib
export LD_LIBRARY_PATH
BASH_SETTING
echo /app/util/openssl/lib > /etc/ld.so.conf.d/openssl.conf
ldconfig
ldconfig -p | grep libssl.so
chmod 744 /root/.bash_profile
source /root/.bash_profile
tar xvfz /app/install/httpd-2.4.55.tar.gz -C /app/temp/httpd --strip-components=1
cd /app/temp/httpd
/app/temp/httpd/configure --prefix=/app/server/apache/2.4.55 --enable-mods-shared=all --enable-so --enable-rewrite --enable-proxy --enable-proxy-ajp --enable-proxy-balaner --enable-proxy-http --enable-proxy-connect --enable-ssl --with-apr=/app/util/apr --with-apr-util=/app/util/apr-util --with-pcre=/app/util/pcre --with-ssl=/app/util/openssl
make && make install
ln -Tfs /app/server/apache/2.4.55 /app/server/apache/release
cp /app/server/apache/release/bin/apachectl /etc/init.d/httpd
sed -i '2 i\# Comments to support chkconfig on CentOS' /etc/init.d/httpd
sed -i '3 i\# chkconfig: 2345 90 90' /etc/init.d/httpd
sed -i '4 i\# description: A very fast and reliable WebServer engine.' /etc/init.d/httpd
chkconfig httpd on
systemctl daemon-reload
systemctl start httpd
5. JAVA 설치
mkdir -p /app/install/dkit/jdk /app/dkit/jdk/1.8.0
ls -la /app/install/dkit/jdk/jdk-8u291-linux-x64.tar.gz
tar xvfz /app/install/dkit/jdk/jdk-8u291-linux-x64.tar.gz -C /app/dkit/jdk/1.8.0 --strip-components=1
/app/dkit/jdk/1.8.0/bin/java -version
ln -Tfs /app/dkit/jdk/1.8.0 /app/dkit/jdk/release
ln -Tfs /app/dkit/jdk/release/bin/java /usr/bin/java
ls -la /usr/bin/java*
java -version
6. TOMCAT 서버 설치
wget --no-check-certificate https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.85/bin/apache-tomcat-8.5.85.tar.gz -O /app/install/tomcat8.5.tar.gz
mkdir -p /app/server/tomcat/8.5
tar xvfz /app/install/tomcat8.5.tar.gz -C /app/server/tomcat/8.5 --strip-components=1
ln -Tfs /app/server/tomcat/8.5 /app/server/tomcat/release
cat <<TOMCAT_SETTING > /etc/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target
[Service]
Type=forking
Environment=JAVA_HOME=/app/dkit/jdk/release
Environment=CATALINA_PID=/app/server/tomcat/release/temp/tomcat.pid
Environment=CATALINA_HOME=/app/server/tomcat/release
Environment=CATALINA_BASE=/app/server/tomcat/release
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/app/server/tomcat/release/bin/startup.sh
ExecStop=/bin/kill -15 \$MAINPID
User=root
Group=root
[Install]
WantedBy=multi-user.target
TOMCAT_SETTING
systemctl restart tomcat
7. APACHE ↔ TOMCAT 연동
mkdir -p /app/temp/mod_jk
wget https://mirror.navercorp.com/apache/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.48-src.tar.gz -O /app/install/tomcat-connectors-1.2.48-src.tar.gz
tar xvfz /app/install/tomcat-connectors-1.2.48-src.tar.gz -C /app/temp/mod_jk --strip-components=1
cd /app/temp/mod_jk/native/
./configure --with-apxs=/app/server/apache/release/bin/apxs
make & make install
cp /app/temp/mod_jk/native/apache-2.0/mod_jk.so /app/server/apache/release/modules/
#chcon -u system_u -r object_r -t httpd_modules_t /app/server/apache/release/modules/mod_jk.so
cat <<APACHE_SETTING > /app/server/apache/release/conf/workers.properties
worker.list=worker1
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13
worker.worker1.lbfactor=1
APACHE_SETTING
cat <<APACHE_SETTING > /app/server/apache/release/conf/uriworkermap.properties
/*=worker1
APACHE_SETTING
sed -i "s/^\s*DocumentRoot.*/DocumentRoot \"\/app\/server\/tomcat\/release\/webapps\/\"/g" /app/server/apache/release/conf/httpd.conf
sed -i "s/^\s*#.*//g" /app/server/apache/release/conf/httpd.conf
sed -i "s/^\s*<\/*Directory.*//g" /app/server/apache/release/conf/httpd.conf
sed -i "s/^\s*<\/*Files.*//g" /app/server/apache/release/conf/httpd.conf
sed -i "s/^\s*AllowOverride.*//g" /app/server/apache/release/conf/httpd.conf
sed -i "s/^\s*Require all.*//g" /app/server/apache/release/conf/httpd.conf
sed -i "s/^\s*Options.*//g" /app/server/apache/release/conf/httpd.conf
sed -i "/^$/d" /app/server/apache/release/conf/httpd.conf
cat <<APACHE_SETTING >> /app/server/apache/release/conf/httpd.conf
<Directory />
$(printf '\t')AllowOverride None
$(printf '\t')Require all granted
</Directory>
<Directory "/app/server/apache/release/cgi-bincgi-bin">
$(printf '\t')AllowOverride None
$(printf '\t')Options None
$(printf '\t')Require all granted
</Directory>
<Files ".ht*">
$(printf '\t')Require all denied
</Files>
LoadModule jk_module modules/mod_jk.so
<IfModule jk_module>
$(printf '\t')JkWorkersFile conf/workers.properties
$(printf '\t')JkLogFile logs/mod_jk.log
$(printf '\t')JkLogLevel info
$(printf '\t')JkLogStampFormat "[%y %m %d %H:%M:%S] "
$(printf '\t')JkShmFile logs/mod_jk.shm
$(printf '\t')JkMountFile conf/uriworkermap.properties
$(printf '\t')JkUnMount /mail/* worker1
$(printf '\t')JkUnMount /*.php worker1
</IfModule>
APACHE_SETTING
sed -i "s/^\s*<\/Service>.*//g" /app/server/tomcat/release/conf/server.xml
sed -i "s/^\s*<\/Server>.*//g" /app/server/tomcat/release/conf/server.xml
cat <<TOMCAT_SETTING >> /app/server/tomcat/release/conf/server.xml
<Connector protocol="AJP/1.3"
$(printf '\t')port="8009"
$(printf '\t')address="0.0.0.0"
$(printf '\t')secretRequired="false"
$(printf '\t')redirectPort="8443" />
$(printf '\t')</Service>
</Server>
TOMCAT_SETTING
systemctl restart tomcat
8. APACHE SSL 설정
sed -i "s/^LoadModule\s*ssl_module\s*.*//g" /app/server/apache/release/conf/httpd.conf
sed -i "s/^LoadModule\s*socache_shmcb_module\s*.*//g" /app/server/apache/release/conf/httpd.conf
sed -i "s/^Include\s*conf\/extra\/httpd-ssl.conf//g" /app/server/apache/release/conf/httpd.conf
sed -i '/^<IfModule\s*ssl_module>/,/<\/IfModule>/d' /app/server/apache/release/conf/httpd.conf
cat <<APACHE_SETTING >> /app/server/apache/release/conf/httpd.conf
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
APACHE_SETTING
cat <<APACHE_SSL_SETTING > /app/server/apache/release/conf/extra/httpd-ssl.conf
Listen 443 https
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/app/server/apache/2.4.55/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLCryptoDevice builtin
<VirtualHost *:443>
$(printf '\t')DocumentRoot "/app/server/tomcat/release/webapps/"
$(printf '\t')SSLEngine on
$(printf '\t')SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
$(printf '\t')SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
$(printf '\t')SSLCertificateFile /app/cert/apache/cert.pem
$(printf '\t')SSLCertificateKeyFile /app/cert/apache/privkey.pem
$(printf '\t')SSLCACertificateFile /app/cert/apache/chain.pem
$(printf '\t')<Files ~ "\.(cgi|shtml|phtml|php3?)$">
$(printf '\t')$(printf '\t')SSLOptions +StdEnvVars
$(printf '\t')</Files>
$(printf '\t')<Directory />
$(printf '\t')Order allow,deny
$(printf '\t')Allow from all
$(printf '\t')Require all granted
$(printf '\t')</Directory>
$(printf '\t')<Directory "/app/server/apache/release/cgi-bin">
$(printf '\t')$(printf '\t')SSLOptions +StdEnvVars
$(printf '\t')</Directory>
$(printf '\t')SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
$(printf '\t')ErrorLog logs/ssl_error_log
$(printf '\t')TransferLog logs/ssl_access_log
$(printf '\t')LogLevel warn
$(printf '\t')CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
$(printf '\t')JkMountFile /app/server/apache/release/conf/uriworkermap.properties
</VirtualHost>
APACHE_SSL_SETTING'Docker' 카테고리의 다른 글
| [ Docker ] Dockerfile 작성 (0) | 2024.01.21 |
|---|---|
| [ Docker ] Docker 명령어 활용 (0) | 2024.01.07 |
| [ Docker ] 에러 대응 리스트 (0) | 2023.03.22 |
| [ Docker ] Bandit Wargame 만들기 ( 1 / 1 ) (0) | 2021.11.26 |
| [ Docker Tool Box ] 에러 대응 리스트 (0) | 2021.04.29 |