From 2ce39c3120569cd4c0008605aba23b86d1f922a9 Mon Sep 17 00:00:00 2001 From: siane Date: Tue, 23 Dec 2025 17:38:41 +0900 Subject: [PATCH] Update vm/install_php.sh --- vm/install_php.sh | 63 +++++++++++++++++++---------------------------- 1 file changed, 26 insertions(+), 37 deletions(-) diff --git a/vm/install_php.sh b/vm/install_php.sh index c09e9f5..f810fd4 100644 --- a/vm/install_php.sh +++ b/vm/install_php.sh @@ -1,13 +1,14 @@ #!/bin/bash # Rocky Linux 9 - 테스트 서버용 공통 설치 스크립트 # Apache + FTP + Vim -# Forbidden 방지 (권한 + welcome.conf 제거) +# WebRoot = /home/$USER/www +# Forbidden 방지 (권한 + SELinux + welcome.conf) set -euo pipefail WEB_USER="$USER" WEB_HOME="$(eval echo "~$WEB_USER")" -WEB_ROOT="/var/www/html" +WEB_ROOT="$WEB_HOME/www" APACHE_CONF="/etc/httpd/conf.d/${WEB_USER}.conf" PHP_CONF="/etc/httpd/conf.d/10-php-${WEB_USER}.conf" @@ -19,8 +20,7 @@ cleanup() { EXIT_CODE=$? if [ $EXIT_CODE -ne 0 ]; then echo "❌ 오류 발생 ($EXIT_CODE) – Apache 설정 롤백" - sudo rm -f "$APACHE_CONF" - sudo rm -f "$PHP_CONF" + sudo rm -f "$APACHE_CONF" "$PHP_CONF" sudo systemctl restart httpd 2>/dev/null || true fi exit $EXIT_CODE @@ -51,39 +51,31 @@ sudo systemctl disable firewalld 2>/dev/null || true if [ -f /etc/httpd/conf.d/welcome.conf ]; then sudo mv /etc/httpd/conf.d/welcome.conf \ /etc/httpd/conf.d/welcome.conf.disabled - echo "✓ Apache welcome.conf 비활성화" + echo "✓ welcome.conf 비활성화" fi ######################################## -# 웹 루트 생성 및 권한 (403 방지 핵심) +# WebRoot 생성 ######################################## -sudo mkdir -p "$WEB_ROOT" - -# Apache가 반드시 접근 가능해야 함 -sudo chown -R apache:apache "$WEB_ROOT" -sudo chmod 755 "$WEB_ROOT" - -# 디렉토리/파일 권한 정규화 -sudo find "$WEB_ROOT" -type d -exec chmod 755 {} \; -sudo find "$WEB_ROOT" -type f -exec chmod 644 {} \; +mkdir -p "$WEB_ROOT" ######################################## -# 홈 디렉토리 심볼릭 링크 (~/www) +# ★ 권한 설정 (403 방지 핵심) ######################################## -if [ -d "$WEB_HOME/www" ] && [ ! -L "$WEB_HOME/www" ]; then - rm -rf "$WEB_HOME/www" -fi +# 홈 디렉토리는 execute 권한 필요 +chmod 711 "$WEB_HOME" -if [ ! -L "$WEB_HOME/www" ]; then - ln -s "$WEB_ROOT" "$WEB_HOME/www" - echo "✓ ~/www → /var/www/html" -fi +# Apache가 webroot에 접근 가능해야 함 +chown -R apache:apache "$WEB_ROOT" +chmod 755 "$WEB_ROOT" +find "$WEB_ROOT" -type d -exec chmod 755 {} \; +find "$WEB_ROOT" -type f -exec chmod 644 {} \; ######################################## -# 기본 index.html 생성 (없을 경우) +# 기본 index.html (없을 경우) ######################################## if [ ! -f "$WEB_ROOT/index.html" ] && [ ! -f "$WEB_ROOT/index.php" ]; then - sudo tee "$WEB_ROOT/index.html" >/dev/null </dev/null < @@ -96,7 +88,7 @@ if [ ! -f "$WEB_ROOT/index.html" ] && [ ! -f "$WEB_ROOT/index.php" ]; then EOF - sudo chown apache:apache "$WEB_ROOT/index.html" + chown apache:apache "$WEB_ROOT/index.html" fi ######################################## @@ -119,7 +111,7 @@ sudo tee "$APACHE_CONF" >/dev/null </dev/null <<'EOF' @@ -130,9 +122,10 @@ sudo tee "$PHP_CONF" >/dev/null <<'EOF' EOF ######################################## -# SELinux 컨텍스트 복구 +# SELinux 컨텍스트 (홈 디렉토리 웹 허용) ######################################## -sudo restorecon -Rv "$WEB_ROOT" +sudo semanage fcontext -a -t httpd_sys_content_t "${WEB_ROOT}(/.*)?" +sudo restorecon -Rv "$WEB_HOME" ######################################## # Apache / FTP 활성화 @@ -141,7 +134,7 @@ sudo systemctl enable --now httpd sudo systemctl enable --now vsftpd ######################################## -# SELinux - Apache/PHP 통합 허용 +# SELinux - Apache 통합 허용 ######################################## sudo setsebool -P httpd_unified 1 @@ -152,16 +145,12 @@ IP_ADDR=$(hostname -I | awk '{print $1}') echo "" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -echo "✅ 테스트 서버 설정 완료 (Forbidden 해결)" +echo "✅ 테스트 서버 설정 완료" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "✔ WebRoot : $WEB_ROOT" -echo "✔ Welcome 페이지 제거됨" -echo "✔ Apache 접근 권한 정상" +echo "✔ 홈 디렉토리 기반 웹 서비스" +echo "✔ SELinux / 권한 / Forbidden 해결" echo "" echo "🌐 접속 주소" echo " http://$IP_ADDR/" echo "" -echo "📄 로그" -echo " /var/log/httpd/${WEB_USER}-access.log" -echo " /var/log/httpd/${WEB_USER}-error.log" -echo ""