firewall Nat IPマスカレード設定

【20240119　追記】

nmcli c add type ethernet ifname enp1s0 con-name "ngw_external" ethernet.mtu 1500

nmcli c add type ethernet ifname enp2s0 con-name "ngw_internal" ethernet.mtu 1500

nmcli c mod ngw_external ipv4.addresses 10.0.0.201/24
nmcli c mod ngw_external ipv4.method manual
nmcli c mod ngw_external connection.autoconnect yes

nmcli c mod ngw_internal ipv4.addresses 10.0.0.201/24
nmcli c mod ngw_internal ipv4.method manual
nmcli c mod ngw_internal connection.autoconnect yes

nmcli connection modify ngw_external connection.zone external
nmcli connection modify ngw_internal connection.zone internal

firewall-cmd --zone=external --add-masquerade --permanent

以下不要かも？

# firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o enp7s0 -j MASQUERADE
# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp6s0 -o enp7s0 -j ACCEPT
# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp7s0 -o enp6s0 -m state --state RELATED,ESTABLISHED -j ACCEPT

確認。

firewall-cmd --list-all --permanent --zone=external

これも忘れないように。

#  firewall-cmd --add-port=10050/tcp --zone=internal  --permanent

# firewall-cmd --reload

# firewall-cmd --zone=internal --list-all

---------------------前の記載-----------------------------------------

# nmcli c

NAME                        UUID                                                                            TYPE            DEVICE
internet                   d42fca83-c673-4621-b7c8-ce144ed2e37e    ethernet    enp1s0
vlan_dmz                0a7a0428-15de-41c6-8143-ea8ea2684f25   ethernet    enp4s0
vlan_dmz_front   a26299af-62df-45c6-bcfc-1cbd57484981      ethernet    enp3s0
vlan_monitor        38836aef-a8c5-4903-9c65-eca6f6831c43      ethernet    enp2s0

# nmcli d
DEVICE TYPE STATE CONNECTION
enp1s0 ethernet      接続済み internet
enp2s0 ethernet      接続済み vlan_monitor
enp3s0 ethernet      接続済み vlan_dmz_front
enp4s0 ethernet      接続済み vlan_dmz
lo             loopback    管理無し --

          

# firewall-cmd --get-active-zone
public
interfaces: enp1s0 enp2s0 enp3s0 enp4s0

# nmcli connection modify vlan_dmz connection.zone internal

# nmcli connection modify vlan_dmz_front connection.zone external

# firewall-cmd --get-active-zone
external
      interfaces: enp3s0
internal
      interfaces: enp4s0
public
      interfaces: enp1s0 enp2s0

【IPマスカレード】

# /etc/sysctl.conf
net.ipv4.ip_forward=1
# sysctl -p

# cat /proc/sys/net/ipv4/ip_forward
# firewall-cmd --zone=external --add-masquerade --permanent       # マスカレード設定
success
# firewall-cmd --zone=external --query-masquerade                                      # 確認
yes

# firewall-cmd --list-all  --zone=external

external (active)

  target: default

  icmp-block-inversion: no

  interfaces: enp3s0

  sources: 

  services: ssh

  ports: 

  protocols: 

  forward: no

  masquerade: yes

  forward-ports: 

  source-ports: 

  icmp-blocks: 

  rich rules: 

# firewall-cmd --zone=external --add-forward-port=port=18080:proto=tcp:toport=80:toaddr=192.168.31.254  --permanent

# firewall-cmd --zone=external --add-forward-port=port=28080:proto=tcp:toport=80:toaddr=192.168.31.102 --permanent

# firewall-cmd --reload

# firewall-cmd --zone=external --list-all

external (active)

  target: default

  icmp-block-inversion: no

  interfaces: enp3s0

  sources: 

  services: ssh

  ports: 

  protocols: 

  forward: no

  masquerade: yes

  forward-ports: 

port=28080:proto=tcp:toport=80:toaddr=192.168.31.102

port=18080:proto=tcp:toport=80:toaddr=192.168.31.254

  source-ports: 

  icmp-blocks: 

  rich rules: 

# firewall-cmd --list-all-zones                               # 全てのzoneを表示

# firewall-cmd --get-default-zone                       # defaultで設定されるzone

# firewall-cmd --get-services                                 # 設定できるサービス一覧

# firewall-cmd --set-default-zone=block         # default zoneの変更

#  firewall-cmd --direct --get-all-rules

firewall-cmd --get-zones　                             　ゾーン一覧

firewall-cmd --list-all-zone          　                   すべてのゾーン

firewall-cmd --get-active-zone  　                    現在のゾーンとそれに紐付くインターフェイス
firewall-cmd --get-default-zone 　                   デフォルトゾーン確認

firewall-cmd --set-default-zone=external　デフォルトゾーンの変更

firewall-cmd --list-all　　                                    デフォルトゾーンの設定を表示

firewall-cmd --list-all --zone=external

firewall-cmd --get-services　　                        定義されているサービス一覧
firewall-cmd --list-service --zone=external  externalゾーンに適用されているサービス
firewall-cmd --add-service=ftp --zone=external　　 externalゾーンにftpサービスを加える
firewall-cmd --add-service=ftp --zone=external --permanent  恒久的に加える
firewall-cmd --reload　　firewalldに設定を再読み込みさせる

firewall-cmd --list-ports --zone=external　　 externalゾーンで公開されているポート。
firewall-cmd --add-port=10050-10051/tcp --zone=external --permanent　公開ポートの追加
firewall-cmd --reload

# systemctl restart NetworkManager

poundでロードバランサを構築してみた。(ELB)

【rocky linux9 追記　20240119】

# dnf config-manager --set-enabled crb
# dnf install epel-release

※ epel　有効／無効
# dnf config-manager --enable epel
# dnf config-manager --disable epel ＊ default

※ Rocky Linux9は、現在のところPoundをサポートしていなかった。

     Rocky Linux8で実施。

---------------------Rocky linux 8 ---------------------------------

# dnf --enablerepo=epel install Pound
# pound -V
starting...
Version 2.8-patrodyne-20191230
Configuration switches:
Exiting...

# vi /etc/pound.cfg

User "pound"
Group "pound"
Control "/var/lib/pound/pound.cfg"

LogLevel     1

Alive        10

Daemon       1

LogFacility  daemon

Client       300

TimeOut      3600

Threads       256

ListenHTTP
  Address 0.0.0.0
  Port 80

  Err414 "/var/www/Err414"

  Err500 "/var/www/Err500"

  Err501 "/var/www/Err501"

  Err503 "/var/www/Err503"

End

ListenHTTPS
  Address 0.0.0.0
  Port 443
  Cert "/etc/pki/tls/certs/pound.pem"
End
Service
  BackEnd
    Address 192.168.21.101
    Port 80
  End
  BackEnd
    Address 192.168.21.102
    Port 80
  End

  Session

    Type    COOKIE

    ID      "sessionid"

    TTL     120

  End

End

# pound -c -v

# firewall-cmd --add-service=http --zone=public --permanent

# firewall-cmd --add-service=https --zone=public --permanent

# firewall-cmd --reload

# systemctl start pound
# systemctl enable pound

# systemctl status pound

● pound.service - Pound Reverse Proxy And Load-balancer

   Loaded: loaded (/usr/lib/systemd/system/pound.service; enabled; vendor preset: disabled)

   Active: active (running) since Mon 2022-05-30 08:30:51 JST; 58min ago

  Process: 1069 ExecStart=/usr/sbin/pound (code=exited, status=0/SUCCESS)

 Main PID: 1111 (pound)

    Tasks: 132 (limit: 11272)

   Memory: 36.0M

   CGroup: /system.slice/pound.service

           ├─1111 /usr/sbin/pound

           └─1112 /usr/sbin/pound

 5月 30 09:22:28 elb_web pound[1112]: 192.168.20.2 GET /assets/images/menu/enter2.png HTTP/1.1 - HTTP/1.1 200 OK

 5月 30 09:22:28 elb_web pound[1112]: 192.168.20.2 GET /assets/images/menu/acount2-1.png HTTP/1.1 - HTTP/1.1 200 OK

 5月 30 09:22:28 elb_web pound[1112]: 192.168.20.2 GET /assets/images/menu/setup.png HTTP/1.1 - HTTP/1.1 200 OK

 5月 30 09:22:28 elb_web pound[1112]: 192.168.20.2 GET /assets/images/menu/log2.png HTTP/1.1 - HTTP/1.1 200 OK

 5月 30 09:22:28 elb_web pound[1112]: 192.168.20.2 GET /assets/images/menu/exit2.png HTTP/1.1 - HTTP/1.1 200 OK

 5月 30 09:22:28 elb_web pound[1112]: 192.168.20.2 GET /assets/vendor/fonts/inter/Inter-Bold.woff2?v=3.13 HTTP/1.1 - HTTP/1.1 200 OK

 5月 30 09:22:32 elb_web pound[1112]: 192.168.20.2 GET /test/logout/?jump= HTTP/1.1 - HTTP/1.1 200 OK

 5月 30 09:22:34 elb_web pound[1112]: 192.168.20.2 GET /test/top/ HTTP/1.1 - HTTP/1.1 302 Found

 5月 30 09:22:34 elb_web pound[1112]: 192.168.20.2 GET /test/login/?next=/test/top/ HTTP/1.1 - HTTP/1.1 200 OK

 5月 30 09:22:37 elb_web pound[1112]: 192.168.20.2 GET /test/login/?next=/test/top/ HTTP/1.1 - HTTP/1.1 200 OK

※ マニュアル（https://linux.die.net/man/8/pound）

Zabbix6.0LTSのインストール

 Rocky linux8.5 にZabbix6.0インストール

【php 7.4 インストール】

# dnf module list php

# dnf module enable php:7.4 -y

# dnf install php

# php -v

# rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-6.0-1.el8.noarch.rpm

# dnf clean all
# dnf install zabbix-server-mysql zabbix-web-mysql zabbix-apache-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent2 zabbix-web-japanese

# dnf remove mysql*

# dnf remove Mariadb*
# dnf install MariaDB

# vi  /etc/my.cnf.d/server.cnf 

[mariadb]

character-set-server=utf8

[mariadb-10.7]

character-set-server=utf8

# systemctl start mariadb

# systemctl enable mariadb

# mysql -uroot

mysql> alter user root@localhost identified by 'password';

mysql> quit;

# mysql -uroot -p
password
mysql> create database zabbix character set utf8mb4 collate utf8mb4_bin;
mysql> create user zabbix@localhost identified by 'password';
mysql> grant all privileges on zabbix.* to zabbix@localhost;

mysql> flush privileges;
mysql> quit;

# zcat /usr/share/doc/zabbix-sql-scripts/mysql/server.sql.gz | mysql -uzabbix -p password
※ERROR 1046 (3D000) at line 1: No database selected
→zcatで展開し、先頭に"use zabbix"を追加。

# vi /etc/zabbix/zabbix_server.conf
DBPassword=password

# vi /etc/php-fpm.d/zabbix.conf
php_value[date.timezone] = Asia/Tokyo

# firewall-cmd --add-service=mysql --zone=public --permanent

# firewall-cmd --add-service=http --zone=public --permanent

# firewall-cmd --add-port=10050/tcp --zone=public --permanent

# firewall-cmd --add-port=10051/tcp --zone=public --permanent

# firewall-cmd --reload

# systemctl restart zabbix-server zabbix-agent2 httpd php-fpm
# systemctl enable zabbix-server zabbix-agent2 httpd php-fpm

※ selinux わすれずに！！

# journalctl -xe

【フロントエンドの設定】

http://localhost/zabbix/setup.php
user: Admin
password: zabbix

default user name is Admin,

                password zabbix.

【背景イメージの登録】

管理→ユーザ→ユーザの作成
管理→一般設定→表示設定→イメージ→タイプ→背景
【スクリプトの登録】 （コマンドの登録）
管理→スクリプト→スクリプトの作成
【ダッシュボードへのお気に入り登録】
「マップ」「スクリプト」の一覧から該当項目を選択して★マークでお気に入入りに登録。

【ERROR】　Zabbixサーバーの起動  いいえ

「Zabbixサーバーの起動　はい 」にならない。

※　IPv6でアクセスしていると思われる。

# vi /etc/hosts 

# :::1 localhost

※ GUI　PHP　設定変更

#  vi  /etc/zabbix/web/zabbix.conf.php

$ZBX_SERVER                     = '10.0.19.119';

※　結局、/etc/resolv.confが悪さしていた！！

【 zabbixクライアントの設定 （zabbix-agent2）】

( 20240118 追記　rocky linuix9 ）

# dnf install https://repo.zabbix.com/zabbix/6.4/rhel/9/x86_64/zabbix-agent2-6.4.10-release1.el9.x86_64.rpm

# vi /etc/zabbix/zabbix_agent2.d/plugins.d/z99-local.conf <<__EOF__

LogFileSize=1

Server=10.0.19.119

ServerActive=10.0.19.119:10051

Hostname=AMI-ROCKY-20G

#HostMetadata=Rockylinux

HostMetadataItem=system.uname

ControlSocket=/run/zabbix/agent.sock

AllowKey=system.run[*]

__EOF__

# setsebool -P httpd_can_connect_zabbix on

# setsebool -P httpd_can_connect_zabbix on

#  setsebool -P zabbix_run_sudo  on

#  semanage boolean -l | grep zabbix

httpd_can_connect_zabbix       (オン   ,   オン)  httpd が can connect zabbix できるようにします

zabbix_can_network             (オン   ,   オン)  zabbix が can network できるようにします

zabbix_run_sudo                (オン   ,   オン)  zabbix が run sudo できるようにします

※ AllowKeyを設定した場合は、下記も設定

# visudo

# Allows zabbix to run all commands without password.

zabbix ALL=NOPASSWD: ALL

# usermod -aG wheel zabbix
# vi /etc/sudoers.d/zabbix <<__EOF__
zabbix ALL=(root)NOPASSWD: /etc/init.d/apache restart
Defaults 　　　　requiretty
Defaults:root 　　!requiretty
Defaults 　　　　requiretty
Defaults:%wheel !requiretty

__EOF__

# firewall-cmd --add-port=10050/tcp --zone=public
# firewall-cmd --runtime-to-permanent

# systemctl restart zabbix-agent2

------------------------------ 旧 -----------------------------

# dnf install https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-agent2-6.0.3-1.el8.x86_64.rpm

#  vi /etc/zabbix/zabbix_agent2.conf

PidFile=/var/run/zabbix/zabbix_agent2.pid

LogFile=/var/log/zabbix/zabbix_agent2.log

LogFileSize=1

Server=192.168.254.254

ServerActive=192.168.254.254:10051

Hostname=zabbix60

HostMetadata=Rockylinux

HostMetadataItem=system.uname

Include=/etc/zabbix/zabbix_agent2.d/*.conf

ControlSocket=/tmp/agent.sock

AllowKey=system.run[*]

※ AllowKeyを設定した場合は、下記も設定

# visudo

# Allows zabbix to run all commands without password.

zabbix ALL=NOPASSWD: ALL

  

# semanage boolean -l | grep zabbix

httpd_can_connect_zabbix       (オフ   ,   オフ)  Allow httpd to can connect zabbix

zabbix_can_network                     (オフ   ,   オフ)  Allow zabbix to can network

zabbix_run_sudo                             (オフ   ,   オフ)  Allow zabbix to run sudo

# setsebool -P httpd_can_connect_zabbix on

#setsebool -P httpd_can_connect_zabbix on
# setsebool -P zabbix_run_sudo  on

# firewall-cmd --add-port=10050/tcp --zone=public --permanent
# firewall-cmd --reload

# systemctl restart zabbix-agent2

# nmap localhost -p 1-20000

# dnf install zabbix-get

Zabbix エージェントの動作確認

# zabbix_get -s 192.168.254.254 -k agent.version

6.0.3

  

#  usermod -aG wheel zabbix

# vi /etc/sudoers.d/zabbix

zabbix ALL=(root)NOPASSWD:/usr/bin/nmap

Defaults                     requiretty

Defaults:root         !requiretty

Defaults                     requiretty

Defaults:%wheel  !requiretty

      

AlmaLinux or Rocky Linux へのマイグレーション

TO AlmaLinux
https://github.com/AlmaLinux/almalinux-deploy
# curl -O https://raw.githubusercontent.com/AlmaLinux/almalinux-deploy/master/almalinux-deploy.sh
# bash ./almalinux-deploy.sh
# dnf -y distro-sync

TO Rocky Linux
https://docs.rockylinux.org/guides/migrate2rocky/
# curl https://raw.githubusercontent.com/rocky-linux/rocky-tools/main/migrate2rocky/migrate2rocky.sh -o migrate2rocky.sh
# bash ./migrate2rocky.sh -r
# dnf -y distro-sync

# export HTTP_PROXY=http://192.168.100.254:3128

# export HTTPS_PROXY=http://192.168.100.254:3128

ネットワーク設定他

# /etc/fstab
# Created by anaconda on Sat Nov 14 23:13:46 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/cl-root / xfs defaults 0 0
UUID=c72f5956-86d1-4c0f-ad6e-2df2d4dbc925 /boot ext4 defaults 1 2
/dev/mapper/cl-swap swap swap defaults 0 0
/dev/vdb1 /u01 xfs defaults

timedatectl set-timezone Asia/Tokyo

nmcli d
nmcli c

nmcli general hostname firewall
nmcli c delete internet
nmcli c add type ethernet ifname enp1s0 con-name "internet" ethernet.mtu 1500
nmcli c mod internet ipv4.method auto
nmcli c mod internet connection.autoconnect yes
nmcli c up internet

VLAN=vlan_monitor
VLAN_IP=192.168.254.220/24
nmcli c delete $VLAN
nmcli c add type ethernet ifname enp2s0 con-name "$VLAN"
nmcli c mod $VLAN ipv4.addresses $VLAN_IP
nmcli c mod $VLAN ipv4.method manual
nmcli c mod $VLAN connection.autoconnect yes
nmcli c mod $VLAN ipv4.dns 8.8.8.8
nmcli c mod $VLAN ipv4.gateway 192.168.254.254
nmcli c up $VLAN

VLAN=vlan_global
VLAN_IP1=192.168.220.101/24
VLAN_IP2=192.168.220.102/24
VLAN_IP3=192.168.220.103/24

VLAN_IP4=192.168.220.104/24
nmcli c delete internet_global
nmcli c add type ethernet ifname enp3s0 con-name "$VLAN"
nmcli c mod $VLAN ipv4.addresses $VLAN_IP1
nmcli c mod $VLAN +ipv4.addresses $VLAN_IP2
nmcli c mod $VLAN +ipv4.addresses $VLAN_IP3

nmcli c mod $VLAN +ipv4.addresses $VLAN_IP4
nmcli c mod $VLAN ipv4.method manual
nmcli c mod $VLAN connection.autoconnect yes
nmcli c up $VLAN

VLAN=vlan_api_front
VLAN_IP=192.168.10.2/24
nmcli c delete $VLAN
nmcli c add type ethernet ifname enp4s0 con-name "$VLAN"
nmcli c mod $VLAN ipv4.addresses $VLAN_IP
nmcli c mod $VLAN ipv4.method manual
nmcli c mod $VLAN connection.autoconnect yes
nmcli c up $VLAN

VLAN=vlan_web_front
VLAN_IP=192.168.20.2/24
nmcli c delete $VLAN
nmcli c add type ethernet ifname enp5s0 con-name "$VLAN"
nmcli c mod $VLAN ipv4.addresses $VLAN_IP
nmcli c mod $VLAN ipv4.method manual
nmcli c mod $VLAN connection.autoconnect yes
nmcli c up $VLAN

VLAN=vlan_dmz_front
VLAN_IP=192.168.30.2/24
nmcli c delete $VLAN
nmcli c add type ethernet ifname enp6s0 con-name "$VLAN"
nmcli c mod $VLAN ipv4.addresses $VLAN_IP
nmcli c mod $VLAN ipv4.method manual
nmcli c mod $VLAN connection.autoconnect yes
nmcli c up $VLAN

# systemctl restart NetworkManager
# ip addr show

Cisco PacketTracer インストール

 https://skillsforall.com/resources/lab-downloads

から、windows版をダウンロード。

ID／PW必要。

Rocky Linux 8.5 インストール

https://rockylinux.org/download
Rocky-8.5-x86_64-dvd1.iso

# timedatectl set-timezone Asia/Tokyo

# gpg --quiet --show-keys /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial

# dnf update

# dnf repolist all

# dnf install gnome-tweaks

拡張機能 all on

# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

# dnf --enablerepo=epel install clamav clamav-scanner-systemd clamav-update

# vi /etc/yum.repos.d/google-chrome.repo

[google-chrome]

name=google-chrome

baseurl=http://dl.google.com/linux/chrome/rpm/stable/$basearch

enabled=1

gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
# dnf update
# dnf install google-chrome-stable

# dnf install amdgpu-install-21.50.2.50002-1.el8.noarch.rpm

# dnf install sshpass

# dnf install xfreerdp

# dnf install setroubleshoot

・その他

【dbeaver】

# rpm -Uvh dbeaver-ce-22.0.2-stable.x86_64.rpm

【vscode】

#  rpm --import https://packages.microsoft.com/keys/microsoft.asc

# vi /etc/yum.repos.d/vscode.repo

[code]

name=Visual Studio Code

baseurl=https://packages.microsoft.com/yumrepos/vscode

enabled=1

gpgcheck=1

gpgkey=https://packages.microsoft.com/keys/microsoft.asc

# dnf install code

日本語化：拡張機能→Japanese Language Pack for Visual studio Code

【libreoffice】

下記からダウンロード

https://ja.libreoffice.org/download/download/?type=rpm-x86_64&version=7.3.2&lang=ja

LibreOffice_7.3.2_Linux_x86-64_rpm.tar.gz

LibreOffice_7.3.2_Linux_x86-64_rpm_helppack_ja.tar.gz

LibreOffice_7.3.2_Linux_x86-64_rpm_langpack_ja.tar.gz

# tar xvzf LibreOffice_7.3.2_Linux_x86-64_rpm.tar.gz

# tar xvzf LibreOffice_7.3.2_Linux_x86-64_rpm_helppack_ja.tar.gz

# tar xvzf LibreOffice_7.3.2_Linux_x86-64_rpm_langpack_ja.tar.gz

# cd LibreOffice_7.3.2.2_Linux_x86-64_rpm/RPMS

# dnf install *.rpm

# cd LibreOffice_7.3.2.2_Linux_x86-64_rpm_langpack_ja/RPMS

# dnf install *.rpm

# cd LibreOffice_7.3.2.2_Linux_x86-64_rpm_helppack_ja/RPMS

# dnf install *.rpm

【gimp/xsane】

# dnf install gimp xsane xsane-gimp

https://wasurenaiyounikaitoko.blogspot.com/search?q=gimp

【ntfs】

# dnf install  ntfs-3g ntfsprogs

【zoom】

https://zoom.us/download?os=linux

# dnf install zoom_x86_64.rpm

Home画面の右上の自アカウントをクリックし、[Help] -> [Switch Languages] -> [日本語]

【dnf】

# vi /etc/yum.conf

proxy=http://192.168.100.254:3128

【HTTP_PROXY】

# vi /etc/profile.d/sh.local

PROXY_URL="proxy.server.world:3128"

or

PROXY_URL=http://192.168.254.254:3128

export HTTP_PROXY=$PROXY_URL

export HTTPS_PROXY=$PROXY_URL

export FTP_PROXY=$PROXY_URL

export http_proxy=$PROXY_URL

export https_proxy=$PROXY_URL

export ftp_proxy=$PROXY_URL

【zabbix client】

https://wasurenaiyounikaitoko.blogspot.com/search?q=zabbix5

【Django/python】

※ RuntimeError: The 'apxs' command appears not to be installed or is not executable.

# dnf install httpd httpd-devel

# mkdir /var/www/wsgi

# firewall-cmd --add-service=http --zone=public --permanent

# firewall-cmd --reload

# vi /etc/httpd/conf.modules.d/20-wsgi.conf
LoadModule wsgi_module /var/www/wsgi/test/myenv/venv36-d324/lib/python3.6/site-packages/mod_wsgi/server/mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so

# vi /etc/httpd/conf.d/wsgi.conf

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
WSGIApplicationGroup %{GLOBAL}
WSGISocketPrefix /var/run/wsgi
WSGIDaemonProcess test user=apache group=apache processes=1 threads=100 maximum-requests=10000 \
home=/var/www/wsgi/test \
python-home=/var/www/wsgi/test/myenv/venv36-d324 \
python-path=/var/www/wsgi/test/django:/var/www/wsgi/test/myenv/venv36-d324/lib/python3.6/site-packages \
lang=ja_JP.utf8
WSGIScriptAlias /test /var/www/wsgi/test/Config/wsgi.py process-group=test
Alias /assets/ /var/www/wsgi/test/assets/
Alias /media/ /var/www/wsgi/test/media/
WSGIPassAuthorization on
<Location /test>
WSGIProcessGroup test
</Location>

# vi /etc/httpd/conf/httpd.conf

ServerName websv1:80

※ configure: error: no acceptable C compiler found in $PATH

※ RuntimeError: Failed to build APR.

※ sh: make: コマンドが見つかりません

# dnf install gcc make

※ OSError: mysql_config not found

# dnf remove mysql*

# dnf remove Mariadb*

# curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash

# dnf  install MariaDB-client MariaDB-common MariaDB-devel MariaDB-shared

※ MySQLdb/_mysql.c:46:10: 致命的エラー: Python.h: そのようなファイルやディレクトリはありません

# dnf install python36-devel

※  Unable to find zbar shared library

# dnf install zbar

※ /var/www/wsgi/にpyton仮想環境構築

# mkdir /var/log/python

# chown  apache:apache /var/log/python

# httpd -t

# systemctl start httpd

# systemctl enable httpd

※mod_wsgi-py36.cpython-36m-x86_64-linux-gnu.so がロードできない。

     →setenforce 0 (暫定）