buypass_SSL인증서
https://www.buypass.com/ssl/resources/go-ssl-technical-specification
CentOS 7 기준
=================================================================
웹홈디렉토리 및 파일만들기
mkdir -p /home/apache/public_html
chmod -R 755 /home/apache/
====================================================================
vi /home/apache/public_html/index.html
====================================================================
Hi 도메인이름쓸꺼임
====================================================================
Virtual Host 설정하기
vi /usr/local/apache/conf/httpd.conf
====================================================================
LoadModule vhost_alias_module modules/mod_vhost_alias.so //주석해제
Include conf/extra/httpd-vhosts.conf
====================================================================
도메인사이트 설정하기
vi /usr/local/apache/conf/extra/httpd-vhosts.conf
====================================================================
<VirtualHost *:80>
DocumentRoot "/home/apache/public_html"
<Directory /home/apache/public_html>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ServerName 도메인이름
ServerAlias www.도메인이름
ErrorLog "logs/도메인이름-error.log"
CustomLog "logs/도메인이름-access.log" common
</VirtualHost>
====================================================================
buypass ssl 설치를 위한 선행 설치
yum install -y epel-release certbot openssl
인증서발급
기본 문법(웹홈 디렉토리가 같지만 도메인이 다를경우)
아래것을 먼저해보고
certbot certonly --webroot --server 'https://api.buypass.com/acme/directory' -m [서버관리자메일] -w [웹홈디렉토리] -d [도메인1] -d [도메인2] --dry-run
이구문이 나온다면 --dry-run을 빼고 하자
IMPORTANT NOTES:
- The dry run was successful.
certbot certonly --webroot --server 'https://api.buypass.com
발급 완료
====================================================================
SSL 적용
vi /usr/local/apache/conf/httpd.conf
====================================================================
주석해제
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf
====================================================================
vi /usr/local/apache/conf/extra/httpd-ssl.conf
====================================================================
####<VirtualHost _default_:443>
####DocumentRoot "/usr/local/apache/htdocs"
####ServerName www.example.com:443
####ServerAdmin you@example.com
####ErrorLog "/usr/local/apache/logs/error_log"
####TransferLog "/usr/local/apache/logs/access_log"
####SSLEngine on
####SSLCertificateFile "/usr/local/apache/conf/server.crt"
####SSLCertificateKeyFile "/usr/local/apache/conf/server.key"
####<FilesMatch "\.(cgi|shtml|phtml|php)$">
#### SSLOptions +StdEnvVars
####</FilesMatch>
####<Directory "/usr/local/apache/cgi-bin">
#### SSLOptions +StdEnvVars
####</Directory>
####BrowserMatch "MSIE [2-5]" \
#### nokeepalive ssl-unclean-shutdown \
#### downgrade-1.0 force-response-1.0
####CustomLog "/usr/local/apache/logs/ssl_request_log" \
#### "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
####</VirtualHost>
위에꺼 싹다 주석처리
아래꺼 추가
<VirtualHost *:443>
DocumentRoot /home/apache/public_html
ServerName 도메인1
ServerAlias 도메인2
ErrorLog "/usr/local/apache/logs/도메인_ssl-error_log"
TransferLog "/usr/local/apache/logs/도메인_ssl-access_log"
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/도메인/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/도메인/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/도메인/fullchain.pem"
</VirtualHost>
====================================================================
/usr/local/apache/bin/apachectl -t
Syntax OK
====================================================================
/etc/init.d/apachectl stop
/etc/init.d/apachectl start
====================================================================
====================================================================
리다이렉트 설정
도메인 주소창에서 칠시 http -> https 로 변환이동하기
vi /usr/local/apache/conf/extra/httpd-vhosts.conf
====================================================================
<VirtualHost *:80>
DocumentRoot "/home/apache/public_html"
<Directory /home/apache/public_html>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ServerName 도메인이름
ServerAlias www.도메인이름
ErrorLog "logs/도메인이름-error.log"
CustomLog "logs/도메인이름-access.log" common
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</VirtualHost>
====================================================================
근데 이거 하고싶은사람만하세요 이거 쓰는순간 http 일반 80포트 못사용함
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
3개중에 아무거나쓰셈 거의다 비슷함
====================================================================
ubuntu 18.04 기준
apt-get install -y apache2*
apt-get install -y certbot openssl
mkdir -p /home/apache/public_html
vi /home/apache/public_html/index.html
====================================================================
Hi ubuntu다
====================================================================
vi /etc/apache2/apache2.conf
====================================================================
<Directory /home/apache/public_html>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
====================================================================
vi /etc/apache2/sites-available/도메인.conf
====================================================================
<VirtualHost *:80>
DocumentRoot /home/apache/public_html
ServerName 도메인
ServerAlias www.도메인
ErrorLog ${APACHE_LOG_DIR}/도메인-error.log
CustomLog ${APACHE_LOG_DIR}/도메인-access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /home/apache/public_html
ServerName 도메인
ServerAlias www.도메인
ErrorLog ${APACHE_LOG_DIR}/ssl-도메인-error.log
CustomLog ${APACHE_LOG_DIR}/ssl-도메인-access.log combined
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/도메인/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/도메인/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/도메인/chain.pem"
</VirtualHost>
</IfModule>
====================================================================
a2ensite 도메인.conf
systemctl reload apache2
a2enmod ssl
source /etc/apache2/envvars
systemctl restart apache2
====================================================================
ls -l /etc/apache2/sites-enabled/도메인.conf
====================================================================
lrwxrwxrwx 1 root root 35 Jan 15 02:12 /etc/apache2/sites-enabled/도메인.conf -> ../sites-available/도메인.conf
====================================================================
certbot certonly --webroot --server 'https://api.buypass.com/acme/directory' -m [님 이메일쓰셈] -w /home/apache/public_html -d [도메인] -d [www.도메인]
====================================================================
systemctl restart apache2
====================================================================
====================================================================
리다이렉트 설정
a2enmod rewrite
====================================================================
vi /etc/apache2/sites-available/도메인.conf
====================================================================
<VirtualHost *:80>
DocumentRoot /home/apache/public_html
ServerName 도메인
ServerAlias www.도메인
ErrorLog ${APACHE_LOG_DIR}/도메인-error.log
CustomLog ${APACHE_LOG_DIR}/도메인-access.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /home/apache/public_html
ServerName 도메인
ServerAlias www.도메인
ErrorLog ${APACHE_LOG_DIR}/ssl-도메인-error.log
CustomLog ${APACHE_LOG_DIR}/ssl-도메인-access.log combined
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/도메인/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/도메인/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/도메인/chain.pem"
</VirtualHost>
</IfModule>
====================================================================
'WEB & WAS > Apache' 카테고리의 다른 글
| Apache 기본페이지 설정 및 디렉토리 리스팅 설정 (0) | 2023.03.09 |
|---|---|
| Apache mod_cband 모듈 추가 설치 (0) | 2023.03.08 |
| Apache의 httpd.conf 지시자 정리 (0) | 2023.03.08 |
| http -> https 리다이렉트 (0) | 2023.03.08 |
| mod_rewrite 실전 2 (0) | 2023.03.08 |
댓글