CentOS7にLAPP環境をソースビルドする

    [[[[[ 下準備 ]]]]]
    # yum -y install wget gcc vim net-tools nmap ntp unzip git
    # firewall-cmd --permanent --zone=public --add-service=http
    # firewall-cmd --reload
    # useradd sv01
    # passwd sv01
    # chmod 701 /home/sv01
    # mkdir /home/sv01/www
    # vim /etc/ntp.conf
    以下を追加
    server ntp.nict.jp
    server ntp.jst.mfeed.ad.jp
    server ntp.ring.gr.jp
    server ntp.google.com
    # vim /etc/sysconfig/ntpd
    以下に変更
    OPTIONS="-g -x"
    # systemctl enable ntpd
    # systemctl restart ntpd
    # date
    # ntpq -p
    # vim /etc/ntp/step-tickers
    以下を追加
    server ntp.nict.jp
    server ntp.jst.mfeed.ad.jp
    server ntp.ring.gr.jp
    server ntp.google.com
    # systemctl enable ntpdate
    # hwclock -w --debug
    # timedatectl set-timezone Asia/Tokyo
    # vim /etc/ld.so.conf.d/usr-local-lib.conf
    以下の内容
    /usr/local/lib
    /usr/local/lib64
    # ldconfig

    [[[[[ OpenSSL 1.0.2k ]]]]]
    # wget http://www.openssl.org/source/openssl-1.0.2k.tar.gz
    # tar xvzf openssl-1.0.2k.tar.gz
    # cd openssl-1.0.2k
    # ./config --prefix=/usr/local --openssldir=/usr/local/openssl -fPIC shared
    # make
    # make install
    # make install LIBDIR=lib
    # openssl version

    [[[[[ Apache 2.2 系 ]]]]]
    # wget http://ftp.tsukuba.wide.ad.jp/software/apache/httpd/httpd-2.2.32.tar.gz
    # tar xvzf httpd-2.2.32.tar.gz
    # cd httpd-2.2.32
    # ./configure
    > --enable-layout=RedHat \
    > --enable-module=so \
    > --enable-rewrite \
    > --enable-rewrite=shared \
    > --enable-headers \
    > --enable-ssl \
    > --with-ssl=/usr/local/openssl \
    > --enable-proxy \
    > --enable-proxy-balancer \
    > --enable-so \
    > --enable-setenvif \
    > --enable-status \
    > --enable-cache \
    > --enable-disk-cache \
    > --enable-file-cache \
    > --enable-mem-cache \
    > --enable-unique-id \
    > --enable-unique-id=shared \
    > --with-included-apr \
    > --enable-dav \
    > --enable-deflate \
    > --disable-userdir \
    > $@
    # make
    # make install
    # vim /etc/httpd/conf/httpd.conf
    各行を以下に変更
    56: LoadModule security2_module lib/apache/mod_security2.so
    57: LoadModule php5_module      lib/apache/libphp5.php
    58: Addtype application/x-httpd-php .php .phtml
    170: DirectoryIndex index.php index.html
    408: Include /etc/httpd/conf/extra/httpd-vhost.conf
    以下を追加
    ServerTokens Prod
    ServerSignature Off
    # vim /etc/httpd/conf/extra/httpd-vhosts.conf
    以下を追加
    NameVirtualHost *:80
    <VirtualHost *:80>
      DocumentRoot "/home/sv01/www/html/"
      ServerName demo.example.com
      ErrorLog /var/log/httpd/demo.example.com-error_log
      CustomLog /var/log/httpd/demo.example.com-access_log common
    
      SecRuleEngine On

      <Directory "/home/sv01/www/html/">
      AllowOverride All
      Order allow,deny
      Allow from all
      </Directory>
    </VirtualHost>

    [[[[[ ModSecurity ]]]]]
    # yum -y install pcre-devel libxml2-devel
    # wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
    # tar xvzf modsecurity-crs-2.9.1.tar.gz
    # cd modsecurity-crs-2.9.1
    # ./configure --with-apxs=/usr/sbin/apxs --with-apr=/usr/bin/apr-1-config --with-apu=/usr/bin/apu-1-config --with-pcre=/usr/bin/pcre-config --with-libxml=/usr/bin/xml2-config LDFLAGS=-L/lib
    # make
    # make install

    # git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
    # cd owasp-modsecurity-crs
    # mv crs-setup.conf.example crs-setup.conf
    # cd ..
    # mv owasp-modsecurity-crs /etc/httpd/conf/

    [[[[[ PostgreSQL 9.6.2 ]]]]]
    # yum -y install readline readline-devel zlib-devel
    # useradd postgres
    # passwd postgres
    # chown postgres:postgres /var/lib/pgsql
    # chown postgres:postgres /usr/local/src/postgresql-9.6.2.tar.gz
    # cd postgresql1.9.6.2
    # ./configure --prefix=/var/lib/pgsql --with-zlib --with-readline
    # make
    # make install
    # su - postgres
    # vim /home/postgres/.bash_profile
    以下を追加
    export PATH=$PATH:/var/lib/pgsql/bin
    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/lib/pgsql/lib
    export PGDATA=/var/lib/pgsql/data
    # source /home/.bash_profile
    # mkdir /var/log/postgresql
    # initdb --encoding=UTF-8 --no-locale
    # vim /var/lib/pgsql/data/postgresql.conf
    以下に変更
    59:  listen_addresses = '*'
    337: logging_collector = on
    343: log_directory = '/var/log/postgresql'
    453: log_statement = 'all'
    # vim /var/lib/pgsql/data/pg_hba.conf
    以下に変更
    86: host all all 127.0.0.1/32 md5
    以下を追加
    95: host all all 0.0.0.0/0 md5
    # pg_ctl start
    # nmap localhost
    # createuser ecuser
    # createdb ecdb
    # psql -d ecdb -U ecuser -W

    //自動起動
    CentOS7ではカーネルがSysvinitやUpstartを起動するわけではなく、
    Systemdといったシステム管理デーモンおよびユーティリティが起動処理を行うよう。
    そしてSystemdはシェルスクリプトではなくUnitという単位で設定ファイル(普通のテキストファイル)を
    参照するため、スクリプトの自動起動を行うには自作Unitを
    # /usr/lib/systemd/system/XXX.service みたいな感じで配置して、
    # systemctl enable XXX.service で自動起動を有効化する必要がある。

    # vim postgresql.service
    今回は以下の設定。(書き方は分からないので、とりあえずコピペ)
    [Unit]
    Description=PostgreSQL database server
    After=network.target

    [Service]
    Type=forking

    User=postgres
    Group=postgres

    # Where to send early-startup messages from the server (before the logging
    # options of postgresql.conf take effect)
    # This is normally controlled by the global default set by systemd
    # StandardOutput=syslog

    # Disable OOM kill on the postmaster
    OOMScoreAdjust=-1000
    # ... but allow it still to be effective for child processes
    # (note that these settings are ignored by Postgres releases before 9.5)
    Environment=PG_OOM_ADJUST_FILE=/proc/self/oom_score_adj
    Environment=PG_OOM_ADJUST_VALUE=0

    # Maximum number of seconds pg_ctl will wait for postgres to start.  Note that
    # PGSTARTTIMEOUT should be less than TimeoutSec value.
    Environment=PGSTARTTIMEOUT=270

    Environment=PGDATA=/usr/local/pgsql/data

    ExecStart=/usr/local/pgsql/bin/pg_ctl start -D ${PGDATA} -s -w -t ${PGSTARTTIMEOUT}
    ExecStop=/usr/local/pgsql/bin/pg_ctl stop -D ${PGDATA} -s -m fast
    ExecReload=/usr/local/pgsql/bin/pg_ctl reload -D ${PGDATA} -s

    # Give a reasonable amount of time for the server to start up/shut down.
    # Ideally, the timeout for starting PostgreSQL server should be handled more
    # nicely by pg_ctl in ExecStart, so keep its timeout smaller than this value.
    TimeoutSec=300

    [Install]
    WantedBy=multi-user.target

    # cp postgresql.service /usr/lib/systemd/system/postgresql.service
    # systemctl enable postgresql.service
    ※ postgresql.serviceファイルの6行目は"Type=notify"とした方が
    メインプロセスの追跡にPIDファイルを参照しなくて済む。
    そのためにはMakefileを作成する際に./configure --with-systemd
    としてビルドする必要がある。ライブラリいるのかな。。

    [[[[[ PHP 5.6.30 ]]]]]
    # yum -y install libxml2 libxml2-devel curl curl-devel libpng-devel libjpeg-devel
    # yum -y install libpng libpng-devel freetype-devel libxslt-devel libmcrypt-devel
    # wget http://au1.php.net/get/php-5.6.30.tar.gz/from/this/mirror
    # tar xvzf mirror
    # wget http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-2.5.8-9.e16.x86_64.rpm
    # wget http://dl.fedoraproject.org/pub/epel/6/x86_64/libmcrypt-devel-2.5.8-9.e16.x86_64.rpm
    # wget localinstall libmcrypt-2.5.8-9.e16.x86_64.rpm libmcrypt-devel-2.5.8-9.e16.x86_64.rpm
    # cd php-5.6.30
    #'./configure' \
    '--with-apxs2=/usr/sbin/apxs' \
    '--with-config-file-path=/etc/httpd/conf' \
    '--with-pgsql=/var/lib/pgsql' \
    '--with-openssl' \
    '--with-zlib-dir=/usr/lib64' \
    '--with-jpeg-dir=/usr/lib64' \
    '--with-freetype-dir=/usr/lib64' \
    '--with-png-dir=/usr/lib64' \
    '--with-mcrypt=/usr/lib64' \
    '--with-gd' \
    '--enable-gd-native-ttf' \
    '--with-iconv' \
    '--enable-mbstring' \
    '--enable-mbregex' \
    '--enable-json' \
    '--enable-shared' \
    '--enable-cli' \
    '--with-pdo_pgsql=/var/lib/pgsql' \
    '--enable-sysvshm' \
    '--enable-sysvsem' \
    '--with-curl' \
    "$@"
    # make
    # make test
    # make install
トップへ