# Apache WebServer 설치 전 OS 모듈 업데이트 (권장)
yum update -y
# 방화벽 Off
systemctl disable --now firewalld
# SELinux disable
vi /etc/sysconfig/selinux
... 중략
SELINUX=enforcing -> SELINUX=disable 로 변경
setenforce 0
# nofile 설정
vi /etc/security/limits.conf
... 중략
* hard nofile 8192
* soft nofile 8292
# 커널 파라미터 및 TCPIP 파라미터 튜닝
vi /etc/sysctl.conf
... 중략
###############################################################################
### Kernel
# Increase size of file handles and inode cache
fs.file-max = 2097152
# Insure we always have enough memory
vm.min_free_kbytes = 8192
# Do less swapping
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
###############################################################################
### SECURITY
# Avoid a smurf attack
#net.ipv4.icmp_echo_ignore_broadcasts = 1
# Turn on protection for bad icmp error messages
#net.ipv4.icmp_ignore_bogus_error_responses = 1
#Prevent SYN attack, enable SYNcookies
#net.ipv4.tcp_syncookies = 1
#net.ipv4.tcp_syn_retries = 2
#net.ipv4.tcp_synack_retries = 2
#net.ipv4.tcp_max_syn_backlog = 4096
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
#net.ipv4.tcp_max_tw_buckets = 1440000
# Enable IP spoofing protection, turn on source route verification
#net.ipv4.conf.all.rp_filter = 1
#net.ipv4.conf.default.rp_filter = 1
###############################################################################
### NETWORK
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
# Do not auto-configure IPv6
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.eth0.autoconf=0
net.ipv6.conf.eth0.accept_ra=0
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
# Increase TCP Backlog and SYN
net.core.somaxconn = 2048
net.core.netdev_max_backlog = 2048
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Speedup retransmission (Google recommended)
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_early_retrans = 1
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65535
# Decrease the time default value for connections to keep alive
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 10
# Turn on the tcp_timestamps, accurate timestamp make TCP congestion control algorithms work better
net.ipv4.tcp_timestamps = 1
# try to reuse time-wait connections, but don't recycle them (recycle can break clients behind NAT)
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
# Enable a fix for RFC1337 - time-wait assassination hazards in TCP
net.ipv4.tcp_rfc1337 = 1
# Limit number of orphans, each orphan can eat up to 16M (max wmem) of unswappable memory
net.ipv4.tcp_max_orphans = 16384
net.ipv4.tcp_orphan_retries = 0
# Increase the read-buffer space allocatable
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
net.core.rmem_default = 262144
net.core.rmem_max = 16777216
# Increase the write-buffer-space allocatable
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
net.core.wmem_default = 262144
net.core.wmem_max = 16777216
sysctl -p
# 최신버전의 epel repository 추가
yum install -y epel-release
cd /etc/yum.repos.d
wget https://repo.codeit.guru/codeit.el`rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)`.repo
# httpd 설치
yum install -y httpd
# httpd 버전 확인
httpd -V
# httpd 기동 및 중지 커맨드
systemctl start httpd
systemctl stop httpd
systemctl restart httpd