- vpc 생성
- 서브넷 생성
- 인터넷 게이트웨이 생성
- 라우팅 테이블 생성
- 보안 그룹 생성
인스턴스 생성 (2개, 1개는 bastion, 1개는 프라이빗)
- 키페어 생성
프라이빗
- 웹서버
- nfs 파일 교환 서버
====================
VPC 설계 →
Bastion Host 생성 →
서버 인스턴스 생성 →
클라이언트 인스턴스 생성 →
보안 그룹 설정 →
NFS 구성 →
로드 밸런서/도메인 설정 →
동작 확인
================================================
작업 시작을 위한 체크리스트
IAM 사용자/그룹 설계 및 권한 정책 구상
AWS 콘솔에서 IAM, VPC, EC2, 보안 그룹, 로드 밸런서 등 실습
각 단계별 스크린샷 및 설명 정리
파워포인트 파일에 과정 및 결과물 정리
제출 전 파일명, 형식, 기재사항 재확인
scp -i "C:\Users\4gl\Downloads\projectkey.pem" "C:\Users\4gl\Downloads\projectkey.pem" ec2-user@43.202.6.230:/home/ec2-user/
파워쉘에서 기본 홈디렉터리로 옮긴 후 다시 옮김
mv projectkey.pem /root/.ssh
sudo su -
cd .ssh
vi config
Host bastion
Hostname 43.202.6.230
User ec2-user
IdentityFile ~/.ssh/projectkey.pem
Host server
Hostname 10.0.70.110
User ec2-user
IdentityFile ~/.ssh/projectkey.pem
ProxyCommand ssh bastion -W %h:%p
---
- name: Install Wordpress
hosts: localhost
connection: local
become: yes
vars:
db_name: wpdb
db_user: wpuser
db_password: 1234
wp_dir: /var/www/html/wordpress
tasks:
- name: install packages
dnf:
name:
- httpd
- php
- php-gd
- php-xml
- php-mbstring
- php-json
- php-mysqlnd
- php-fpm
- mariadb105-server
- wget
- unzip
state: present
- name: start and enable services
systemd:
name: "{{ item }}"
state: started
enabled: yes
loop:
- httpd
- mariadb
- name: create database and user
shell: |
mysql -u root -e "
create database if not exists wpdb;
create user if not exists wpuser@localhost IDENTIFIED BY '1234';
grant all on wpdb.* to wpuser@localhost;
flush privileges;
"
- name: download wordpress
get_url:
url: https://wordpress.org/latest.zip
dest: /tmp/wordpress.zip
- name: unzip wordpress
unarchive:
src: /tmp/wordpress.zip
dest: /var/www/html/
remote_src: yes
- name: copy wp-config.php
copy:
src: "{{ wp_dir }}/wp-config-sample.php"
dest: "{{ wp_dir }}/wp-config.php"
remote_src: yes
- name: db_name
lineinfile:
path: "{{ wp_dir }}/wp-config.php"
regexp: "^define\\( 'DB_NAME'"
line: "define( 'DB_NAME', '{{ db_name }}' );"
- name: db_username
lineinfile:
path: "{{ wp_dir }}/wp-config.php"
regexp: "^define\\( 'DB_USER'"
line: "define( 'DB_USER', '{{ db_user }}' );"
- name: db_password
lineinfile:
path: "{{ wp_dir }}/wp-config.php"
regexp: "^define\\( 'DB_PASSWORD'"
line: "define( 'DB_PASSWORD', '{{ db_password }}' );"
- name: restart httpd
systemd:
name: httpd
state: restarted---
- name: setting nfs
hosts: localhost
connection: local
become: yes
vars:
db_name: wpdb
db_user: wpuser
db_password: 1234
wp_dir: /var/www/html/wordpress
tasks:
- name: install packages
dnf:
name:
- rpcbind
- nfs-utils
state: present
- name: start and enable services
systemd:
name: "{{ item }}"
state: started
enabled: yes
loop:
- rpcbind
- nfs-server
- name: Create NFS export directory
file:
path: /nfs
state: directory
owner: root
group: root
mode: '0777'
- name: Configure /etc/exports for NFS
copy:
dest: /etc/exports
content: |
/nfs 192.168.111.0/24(rw,no_root_squash,sync)
owner: root
group: root
mode: '0644'
- name: Open firewall for NFS services
firewalld:
service: "{{ item }}"
permanent: yes
state: enabled
loop:
- nfs
- mountd
- rpc-bind
- name: Reload firewalld
firewalld:
state: reloaded
- name: Restart nfs-server
systemd:
name: nfs-server
state: restarted
- name: Export NFS shares
command: exportfs -ra
- name: Show export list (for debug)
command: exportfs -v
register: exportfs_output
- name: Print export list
debug:
var: exportfs_output.stdout---
- name: Install Nextcloud
hosts: localhost
connection: local
become: yes
vars:
nextcloud_url: "https://download.nextcloud.com/server/releases/latest.tar.bz2"
install_dir: "/var/www/html/nextcloud"
db_name: ncdb
db_user: ncuser
db_password: 1234
tasks:
- name: Install Nextcloud
get_url:
url: "{{ nextcloud_url }}"
dest: "/tmp/latest.tar.bz2"
- name: Unzip Nextcloud
unarchive:
src: "/tmp/latest.tar.bz2"
dest: "/var/www/html"
remote_src: yes
creates: "{{ install_dir }}"
- name: chown Nextcloud
file:
path: "{{ install_dir }}"
owner: apache
group: apache
recurse: yes
- name: restart httpd
systemd:
name: httpd
state: restarted
- name: create database and user
shell: |
mysql -u root -e "
create database if not exists {{ db_name }};
create user if not exists {{ db_user }}@localhost IDENTIFIED BY '{{ db_password }}';
grant all on {{ db_name }}.* to {{ db_user }}@localhost;
flush privileges;
"
오늘도 하나씩 해결해 나가자!