티스토리 뷰
1. sudo apt update && sudo apt install apache2
2. iptables 설정 수정
sudo vi /etc/iptables/rules.v4
-A INPUT -i ens3 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i ens3 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo service iptables restart
3. apache 설정 수정
sudo vi /etc/apache2/apache2.conf
ServerName localhost (뭐 도메인명 같은거 해도됨)
4. VirtualHost 설정 먼저 해주면 뒤에 인증서 생성 때 자동으로 도메인들 불러옴
sudo vi /etc/apache2/sites-available/000-default.conf
5. ssl설정 (letsencrypt)
sudo service apache2 stop
sudo apt-get install software-properties-common (생략)
sudo apt-get install certbot python3-certbot-apache
sudo certbot --apache (이후 내용은 검색 참고)
(여기서 도메인 명을 아파치 설정파일에서 자동으로 긁어오는듯. 없는 호스트네임이 있으면 오류)
여기까지 하면
/etc/apache2/sites-available/000-default-le-ssl.conf 파일 자동으로 생성됨
인증서 파일은 /etc/letsencrypt/live/ 폴더 참고
6. certbot을 통한 ssl 자동갱신
sudo certbot renew --dry-run
참고.
Certbot
Different Internet services are distinguished by using different TCP port numbers. Unencrypted HTTP normally uses TCP port 80, while encrypted HTTPS normally uses TCP port 443. To use certbot –webroot, certbot –apache, or certbot –nginx, you should h
certbot.eff.org
Generate free Wildcard Certificates using Let’s Encrypt (Certbot) on Ubuntu 18.04 | Website for Students
This brief tutorial shows students and new users how to generate free wildcard SSL/TLS certificates using Let’s Encrypt (Certbot) on Ubuntu 16.04 | 18.04 LTS… Let’s Encrypt is a certificate…
websiteforstudents.com
아래 설정은 추가적인 참고.
<Directory />
Options FollowSymLinks
AllowOverride None
#Require all denied
</Directory>
<Directory /var/www/html>
#Options Indexes FollowSymLinks
#AllowOverride None
#Require all granted
Options Indexes FollowSymLinks IncludesNoEXEC
AllowOverride all
Require all granted
Order allow,deny
Allow from all
Deny from env=NoAccess
DirectoryIndex index.html index.php
</Directory>
DirectoryIndex index.html index.php
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
# deny file, folder start with dot
<DirectoryMatch "^\.|\/\.">
Require all denied
</DirectoryMatch>
# deny (log file, binary, certificate, shell script, sql dump file) access.
<FilesMatch "\.(?i:log|binary|pem|enc|crt|conf|cnf|sql|sh|key|yml|lock|gitignore)$">
Require all denied
</FilesMatch>
# deny access.
<FilesMatch "(?i:composer\.json|contributing\.md|license\.txt|readme\.rst|readme\.md|readme\.txt|copyright|artisan|gulpfile\.js|package\.json|phpunit\.xml|access_log|error_log|gruntfile\.js|bower\.json|changelog\.md|console|legalnotice|license|security\.md|privacy\.md)$">
Require all denied
</FilesMatch>
# Allow Lets Encrypt Domain Validation Program
<DirectoryMatch "\.well-known/acme-challenge/">
Require all granted
</DirectoryMatch>
# Block .php file inside upload folder. uploads(wp), files(drupal), data(gnuboard).
<DirectoryMatch "/(uploads|default/files|data|wp-content/themes)/">
<FilesMatch ".+\.php$">
Require all denied
</FilesMatch>
</DirectoryMatch>
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
- Total
- Today
- Yesterday
- 데이트라고는
- 리눅스
- 아파치
- UTF8
- 부팅소리
- 프린터용어
- 우분투20.04
- 별드라이버
- 빅서베타테스터
- 터미널 서비스
- 맥미니
- MySQL
- Linux
- macos
- 파이어폭스
- HTML
- 분해의
- BigSur
- 맥미니2014
- WiFi
- php
- 리눅스에서
- Apache
- 빅서정식
- 조립은
- tar
- vi
- mysqldump
- 업데이트밖엔
- 컴맹모여라
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |