Hatena::ブログ(Diary)

hi3103のメモ帳

2017-11-29

WordPressをインストールしたときにまずやること(作成中)

プラグイン

/img/uploadsを規定のアップロード先にする

  1. ディレクトリ作成
  2. 上記の所有者&権限を apache:apache 777 に設定
  3. /wp-admin/options.phpにアクセスし、下記の通り設定
    • upload_path:img/uploads

2017-11-24

2017-11-18

.htaccessでhttpsへの強制リダイレクトを行う

やりたいこと

.htaccessのソース

ドキュメントルート直下
# === リダイレクト設定 ================================
# httpsに統一
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://hi3103.net/$1 [R=301,L]
# wwwなしに統一
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.hi3103\.net)(:80)?
RewriteRule ^(.*) https://hi3103.net/$1 [R=301,L]
WordPressサイト直下
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /hoge/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /hoge/index.php [L]
</IfModule>
# END WordPress

参考URL

Let's Encrypt SSL証明書をサブドメインも合わせて取得する

経緯

  • .htaccessで以下を設定しようとした
    • http → https に統一
    • wwwあり → wwwなし に統一
  • https://www.〜 にアクセスした際、安全でない接続と判断されてしまう

Let's Encrypt の仕様を確認

1枚で複数のドメイン名に対応する証明書は発行できますか?

はい。サブジェクト代替名(SAN : Subject Alternative Name)という仕組みを使用することで、1枚の SSL/TLS サーバ証明書を、複数の異なるドメイン名・サブドメイン名で使用することが可能です。

Certbot クライアントの証明書取得コマンド実行時に、複数のドメイン名・サブドメイン名を指定することで、複数ドメイン名・サブドメイン名に対応した証明書を取得することができます。

Webブラウザは、Webサイトドメイン名・サブドメイン名がサブジェクト代替名(SAN : Subject Alternative Name)のリストに掲載されていれば、正当な証明書として受け付けます。

よくある質問 - Let%27s Encrypt 総合ポータル

WebサーバApache や nginx など)が動作している環境において、

"example.jp" と "www.example.jp" に対応する証明書を取得する場合:

入力するコマンド:

certbot certonly --webroot -w /var/www/html -d example.jp -d www.example.jp

オプション -w で指定されている /var/www/html は、WebサーバApache や nginx など)における、証明書を取得するドメイン名に対応した DocumentRoot に置き換えてください。

オプション -d で指定されている example.jp www.example.jp は、証明書を取得するドメイン名・サブドメイン名に置き換えてください。

※このコマンドで取得した証明書は、FQDN "example.jp" と "www.example.jp" に対してのみ有効です。

"sub.example.jp", "sub.www.example.jp", "www2.example.jp" などの FQDN に対しては無効です。

Let%27s Encrypt の使い方 - Let%27s Encrypt 総合ポータル

証明書を取得しなおす

取得した証明書を失効させて削除する
  • /etc/letsencrypt/archive/{ドメイン名}/の中にあるpemファイルを確認
# cd /etc/letsencrypt/archive/{ドメイン名}/
# ls   
cert1.pem  chain1.pem  fullchain1.pem  privkey1.pem
  • 上記のcert1.pemを指定してrevoke実行
# certbot revoke --cert-path /etc/letsencrypt/archive/{ドメイン名}/cert1.pem
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

-------------------------------------------------------------------------------
Would you like to delete the cert(s) you just revoked?
-------------------------------------------------------------------------------
(Y)es (recommended)/(N)o: 
  • 失効後に証明書を削除するか聞かれるので、yを入力してreturn
-------------------------------------------------------------------------------
Deleted all files relating to certificate {ドメイン名}.
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Congratulations! You have successfully revoked the certificate that was located
at /etc/letsencrypt/archive/{ドメイン名}/cert1.pem

-------------------------------------------------------------------------------
# vi /etc/httpd/conf.d/ssl.conf
    211 ServerName {ドメイン名}
    212 SSLCertificateFile /etc/letsencrypt/live/{ドメイン名}/cert.pem
    213 SSLCertificateKeyFile /etc/letsencrypt/live/{ドメイン名}/privkey.pem
    214 Include /etc/letsencrypt/options-ssl-apache.conf
    215 SSLCertificateChainFile /etc/letsencrypt/live/{ドメイン名}/chain.pem
  • 元のssl.confのBAKをとっておらず、元に戻せなかったので、mod_sslをremoveしてinstallし直す
# yum remove mod_ssl
==========================================================================================================
 Package                         Arch            Version                          Repository         Size
==========================================================================================================
Removing:
 mod_ssl                         x86_64          1:2.4.6-67.el7.centos.6          @updates          224 k
Removing for dependencies:
 python2-certbot-apache          noarch          0.19.0-1.el7                     @epel             594 k

Transaction Summary
==========================================================================================================
Remove  1 Package (+1 Dependent package)
# yum install mod_ssl
# yum install certbot-apache
# systemctl restart httpd
  • ブラウザからssl通信ができている&証明書が無効化されていることを確認。
  • 念のためssl.confのBAKをとっておく。
# cp ssl.conf ssl.conf.default
証明書の再取得
  • 下記2つのドメインに対して取得する
    • hi3103.net
    • www.hi3103.net
# certbot certbot --apache -d hi3103.net -d www.hi3103.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for hi3103.net
tls-sni-01 challenge for www.hi3103.net

We were unable to find a vhost with a ServerName or Address of hi3103.net.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf                       |                       | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel):
  • 1を入力してreturn
We were unable to find a vhost with a ServerName or Address of www.hi3103.net.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf                       |                       | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel):
  • 1を入力してreturn (wwwのぶん)
Waiting for verification...
Cleaning up challenges

We were unable to find a vhost with a ServerName or Address of hi3103.net.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf                       |                       | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel):
  • 1を入力してreturn
Deploying Certificate for hi3103.net to VirtualHost /etc/httpd/conf.d/ssl.conf

We were unable to find a vhost with a ServerName or Address of www.hi3103.net.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf                       | hi3103.net            | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel):
  • 1を入力してreturn (wwwのぶん)
Deploying Certificate for www.hi3103.net to VirtualHost /etc/httpd/conf.d/ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
  • httpからのアクセスをhttpsに強制リダイレクトするかしないか
    • 1(しない)にした(のちほど.htaccessで設定するため)
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://hi3103.net and
https://www.hi3103.net

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=hi3103.net
https://www.ssllabs.com/ssltest/analyze.html?d=www.hi3103.net
-------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/hi3103.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/hi3103.net/privkey.pem
   Your cert will expire on 2018-02-16. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
# systemctl restart httpd

参考URL

証明書の更新をcronで自動化する

参考URL

cronの稼働状況を確認する

cronieパッケージがインストールされているか確認
# yum list cronie
(略)
Installed Packages
cronie.x86_64                                     1.4.11-17.el7                                      @base
cronが稼働しているか確認
# systemctl status crond
* crond.service - Command Scheduler
   Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2017-11-09 14:29:50 JST; 1 weeks 2 days ago
(略)
  • active (running) になっているのでOK
サーバー起動時に起動するようになっているか確認
# systemctl list-unit-files | grep cron
crond.service                                 enabled
  • enabled になっているのでOK

cronの設定ファイルに証明書更新コマンドを追記する

cronで実行したいコマンドのフルパスを調べる
# which certbot
/usr/bin/certbot
  • 証明書更新のコマンドをフルパスから書くと以下のようになる
/usr/bin/certbot renew
  • 有効期限の残りが30日未満の場合にのみ更新される
  • 即時更新の場合は --force-renew オプションを加える
cronの設定ファイルを編集する
# vi /etc/crontab
      1 SHELL=/bin/bash
      2 PATH=/sbin:/bin:/usr/sbin:/usr/bin
      3 MAILTO=root
      4 
      5 # For details see man 4 crontabs
      6 
      7 # Example of job definition:
      8 # .---------------- minute (0 - 59)
      9 # |  .------------- hour (0 - 23)
     10 # |  |  .---------- day of month (1 - 31)
     11 # |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
     12 # |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
     13 # |  |  |  |  |
     14 # *  *  *  *  * user-name  command to be executed
  • 書式に則って証明書更新コマンドを記述
    • 毎日3:00にroot権限で実行する場合
曜日ユーザ名実行コマンド
03 * * * root/usr/bin/certbot renew
0  3  *  *  * root /usr/bin/certbot renew
  • 2017-11-18現在、有効期限が「2018年2月16日」となっているので、1/20くらいに更新されたかどうか確認してみる。
設定後のcron再起動は必要か?

cron の場合、設定ファイルを保存した時点で、cron が自動的に変更を検知するため、cron デーモン再起動は必要ありません。

第30回 「cron のお勉強」

さくらVPSサーバー初期設定 - 無料SSL証明書 Let's Encrypt の導入

参考URL

ApacheSSL通信を使えるようする

# yum install mod_ssl
# systemctl restart httpd
mod_sslがインストール済みかどうか確認する方法
# httpd -M | grep ssl
ssl_module (shared)

https用の443番ポートのファイアーウォール通過を許可する

# firewall-cmd --add-service=https --zone=public --permanent
# systemctl restart firewalld
ファイアーウォールで許可されているポートを確認する方法
# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: dhcpv6-client ssh http https
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Let's Encrypt をインストールする

Certbotをインストールする
  • いちおうyum listで確認してみる
    • ある
# yum list certbot
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
 * base: ftp.iij.ad.jp
 * epel: mirror.dmmlabs.jp
 * extras: ftp.iij.ad.jp
 * remi-safe: repo1.sea.innoscale.net
 * updates: ftp.iij.ad.jp
Available Packages
certbot.noarch                                      0.19.0-1.el7                                      epel
# yum install certbot
==========================================================================================================
 Package                                    Arch          Version                    Repository      Size
==========================================================================================================
Installing:
 certbot                                    noarch        0.19.0-1.el7               epel            20 k
Installing for dependencies:
 audit-libs-python                          x86_64        2.7.6-3.el7                base            73 k
 checkpolicy                                x86_64        2.5-4.el7                  base           290 k
 dialog                                     x86_64        1.2-4.20130523.el7         base           208 k
 libcgroup                                  x86_64        0.41-13.el7                base            65 k
 libsemanage-python                         x86_64        2.5-8.el7                  base           104 k
 policycoreutils-python                     x86_64        2.5-17.1.el7               base           446 k
 pyOpenSSL                                  x86_64        0.13.1-3.el7               base           133 k
 python-IPy                                 noarch        0.75-6.el7                 base            32 k
 python-backports                           x86_64        1.0-8.el7                  base           5.8 k
 python-backports-ssl_match_hostname        noarch        3.4.0.2-4.el7              base            12 k
 python-cffi                                x86_64        1.6.0-5.el7                base           218 k
 python-enum34                              noarch        1.0.4-1.el7                base            52 k
 python-idna                                noarch        2.4-1.el7                  base            94 k
 python-ipaddress                           noarch        1.0.16-2.el7               base            34 k
 python-ndg_httpsclient                     noarch        0.3.2-1.el7                epel            43 k
 python-parsedatetime                       noarch        1.5-3.el7                  epel            61 k
 python-ply                                 noarch        3.4-11.el7                 base           123 k
 python-pycparser                           noarch        2.14-1.el7                 base           104 k
 python-requests                            noarch        2.6.0-1.el7_1              base            94 k
 python-setuptools                          noarch        0.9.8-7.el7                base           397 k
 python-urllib3                             noarch        1.10.2-3.el7               base           101 k
 python-zope-component                      noarch        1:4.1.0-3.el7              epel           227 k
 python-zope-event                          noarch        4.0.3-2.el7                epel            79 k
 python-zope-interface                      x86_64        4.0.5-4.el7                base           138 k
 python2-acme                               noarch        0.19.0-1.el7               epel           176 k
 python2-certbot                            noarch        0.19.0-1.el7               epel           471 k
 python2-configargparse                     noarch        0.11.0-1.el7               epel            30 k
 python2-cryptography                       x86_64        1.7.2-1.el7_4.1            updates        502 k
 python2-dialog                             noarch        3.3.0-6.el7                epel            94 k
 python2-future                             noarch        0.16.0-2.el7               epel           799 k
 python2-mock                               noarch        1.0.1-9.el7                epel            92 k
 python2-psutil                             x86_64        2.2.1-2.el7                epel           116 k
 python2-pyasn1                             noarch        0.1.9-7.el7                base           100 k
 python2-pyrfc3339                          noarch        1.0-2.el7                  epel            13 k
 pytz                                       noarch        2016.10-2.el7              base            46 k
 setools-libs                               x86_64        3.3.8-1.1.el7              base           612 k

Transaction Summary
==========================================================================================================
Install  1 Package (+36 Dependent packages)
#  yum install certbot-apache
==========================================================================================================
 Package                            Arch               Version                     Repository        Size
==========================================================================================================
Installing:
 python2-certbot-apache             noarch             0.19.0-1.el7                epel             151 k

Transaction Summary
==========================================================================================================
Install  1 Package
certbotで証明書をインストールする
# certbot --apache -d {ドメイン名}
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): 
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
  • 規約を読んで同意するならaを入力してreturn
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
  • EmailアドレスをLet's Encryptのパートナーデベロッパーに共有してお知らせを受け取ってもいいならyを入力してreturn
Starting new HTTPS connection (1): supporters.eff.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for hi3103.net

We were unable to find a vhost with a ServerName or Address of hi3103.net.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf                       |                       | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 
  • 1を入力してreturn(ssl.confを選択する)
Deploying Certificate for hi3103.net to VirtualHost /etc/httpd/conf.d/ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 
  • httpからのアクセスをhttpsに強制リダイレクトするかしないか
    • 1(しない)にした
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://hi3103.net

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=hi3103.net
-------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/hi3103.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/hi3103.net/privkey.pem
   Your cert will expire on 2018-02-16. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
# systemctl restart httpd
  • 試しにアクセスしてみる。
    • 安全な接続になった。
      • 右矢印をクリック > 詳細を表示 > 証明書を表示 で詳細が確認できる。

f:id:hi3103:20171118160859p:image

Let’s Encrypt SSL証明書を更新する

  • 有効期限の残りが30日未満の場合にのみ更新する
# certbot renew
  • 有効期限に関係なくすぐに証明書を更新する
# certbot renew --force-renew

2017-11-13

WordPressのお引っ越しメモ

サイトにおいてあったWP

wordpress.comのブログ

  • .comからすべてのデータをxmlエクスポート
  • DBにテーブルを作成
  • Wordpress.orgから最新のWP落としてきてまるっとアップ
  • wp-config.phpの書き換え
  • /wp-adminにアクセス
  • プラグインwordpressインポーターをインストール
    • 実行したが wp-content/uploads に権限がなくて弾かれる
    • 再度実行→できた
      • ずっとぐるぐるして焦ってページ遷移したけどしばらくしたら完了した
  • 動作確認
  • 記事guidと、記事本文に他の記事へのリンクがあったので、Search-Replace-DB-masterをアップして一括置換
    • wp_posts内で複数行書き換え発生
      • 反映確認


上記いずれも直下とwp-admin内に .htaccessbasic認証をかけた。

サイトURLデータベース内の画像&URLリンクもすべてhttpsに書き換え済み。

2017-11-10

MySQLをアンインストールしたときに消えてしまったパッケージを戻しておく

# yum install fail2ban fail2ban-sendmail postfix
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.iij.ad.jp
 * epel: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * remi-safe: repo1.sea.innoscale.net
 * updates: ftp.iij.ad.jp
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.9.7-1.el7 will be installed
---> Package fail2ban-sendmail.noarch 0:0.9.7-1.el7 will be installed
---> Package postfix.x86_64 2:2.10.1-6.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================
 Package                        Arch                Version                       Repository         Size
==========================================================================================================
Installing:
 fail2ban                       noarch              0.9.7-1.el7                   epel               11 k
 fail2ban-sendmail              noarch              0.9.7-1.el7                   epel               14 k
 postfix                        x86_64              2:2.10.1-6.el7                base              2.4 M

Transaction Summary
==========================================================================================================
Install  3 Packages

Total download size: 2.5 M
Installed size: 12 M
Is this ok [y/d/N]: y
Downloading packages:
(1/3): fail2ban-sendmail-0.9.7-1.el7.noarch.rpm                                    |  14 kB  00:00:00     
(2/3): fail2ban-0.9.7-1.el7.noarch.rpm                                             |  11 kB  00:00:00     
(3/3): postfix-2.10.1-6.el7.x86_64.rpm                                             | 2.4 MB  00:00:00     
----------------------------------------------------------------------------------------------------------
Total                                                                     5.2 MB/s | 2.5 MB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 2:postfix-2.10.1-6.el7.x86_64                                                          1/3 
  Installing : fail2ban-sendmail-0.9.7-1.el7.noarch                                                   2/3 
  Installing : fail2ban-0.9.7-1.el7.noarch                                                            3/3 
  Verifying  : fail2ban-sendmail-0.9.7-1.el7.noarch                                                   1/3 
  Verifying  : fail2ban-0.9.7-1.el7.noarch                                                            2/3 
  Verifying  : 2:postfix-2.10.1-6.el7.x86_64                                                          3/3 

Installed:
  fail2ban.noarch 0:0.9.7-1.el7   fail2ban-sendmail.noarch 0:0.9.7-1.el7   postfix.x86_64 2:2.10.1-6.el7  

Complete
  • それぞれなんのパッケージなのかあとで調べる
    • メールサーバーに関係ありそうな感じがする

MariaDBのインストール

MySQL入れちゃったけどやっぱりMariaDBにする。

参考URL

MariaDBインストールする

# yum install mariadb
==========================================================================================================
 Package                    Arch                 Version                         Repository          Size
==========================================================================================================
Installing:
 mariadb                    x86_64               1:5.5.56-2.el7                  base               8.7 M
Installing for dependencies:
 mariadb-libs               x86_64               1:5.5.56-2.el7                  base               757 k
# yum install mariadb-server
==========================================================================================================
 Package                             Arch               Version                    Repository        Size
==========================================================================================================
Installing:
 mariadb-server                      x86_64             1:5.5.56-2.el7             base              11 M
Installing for dependencies:
 perl-Compress-Raw-Bzip2             x86_64             2.061-3.el7                base              32 k
 perl-Compress-Raw-Zlib              x86_64             1:2.061-4.el7              base              57 k
 perl-DBD-MySQL                      x86_64             4.023-5.el7                base             140 k
 perl-DBI                            x86_64             1.627-4.el7                base             802 k
 perl-IO-Compress                    noarch             2.061-2.el7                base             260 k
 perl-Net-Daemon                     noarch             0.48-5.el7                 base              51 k
 perl-PlRPC                          noarch             0.2020-14.el7              base              36 k
関連パッケージ
# yum list available | grep mariadb       
mariadb-bench.x86_64                    1:5.5.56-2.el7                 base     
mariadb-devel.i686                      1:5.5.56-2.el7                 base     
mariadb-devel.x86_64                    1:5.5.56-2.el7                 base     
mariadb-embedded.i686                   1:5.5.56-2.el7                 base     
mariadb-embedded.x86_64                 1:5.5.56-2.el7                 base     
mariadb-embedded-devel.i686             1:5.5.56-2.el7                 base     
mariadb-embedded-devel.x86_64           1:5.5.56-2.el7                 base     
mariadb-libs.i686                       1:5.5.56-2.el7                 base     
mariadb-test.x86_64                     1:5.5.56-2.el7                 base  

MariaDBを起動する

  • Apacheと同じコマンド。
# systemctl start mariadb

サーバー起動時にMariaDBも起動するようにする

  • Apacheでやったのと同じコマンド。
# systemctl enable mariadb
  • リストで確認
    • enabledになっていればOK
# systemctl list-unit-files -t service | grep mariadb
mariadb.service                               enabled

MariaDBの初期設定

# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
  • 何も入力せずReturn
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!
Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

データベースrootログインする

# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.56-MariaDB MariaDB Server

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>
データベースをみてみる
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)

MariaDBのバージョンを確認する

# mysql --version
mysql  Ver 15.1 Distrib 5.5.56-MariaDB, for Linux (x86_64) using readline 5.1
MariaDB [(none)]> select version();
+----------------+
| version()      |
+----------------+
| 5.5.56-MariaDB |
+----------------+
1 row in set (0.00 sec)
Connection: close