티스토리 뷰

1. sudo apt update && sudo apt install apache2

 

2. iptables 설정 수정

sudo vi /etc/iptables/rules.v4

-A INPUT -i ens3 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i ens3 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

sudo service iptables restart

 

3. apache 설정 수정

sudo vi /etc/apache2/apache2.conf

ServerName localhost (뭐 도메인명 같은거 해도됨)

 

4. VirtualHost 설정 먼저 해주면 뒤에 인증서 생성 때 자동으로 도메인들 불러옴

sudo vi /etc/apache2/sites-available/000-default.conf

 

 

5. ssl설정 (letsencrypt)

sudo service apache2 stop

sudo apt-get install software-properties-common (생략)
sudo apt-get install certbot python3-certbot-apache

 

sudo certbot --apache (이후 내용은 검색 참고)

(여기서 도메인 명을 아파치 설정파일에서 자동으로 긁어오는듯. 없는 호스트네임이 있으면 오류)

 

여기까지 하면

/etc/apache2/sites-available/000-default-le-ssl.conf 파일 자동으로 생성됨

인증서 파일은  /etc/letsencrypt/live/ 폴더 참고

 

6. certbot을 통한 ssl 자동갱신

sudo certbot renew --dry-run

 

참고.

https://certbot.eff.org/

 

Certbot

Different Internet services are distinguished by using different TCP port numbers. Unencrypted HTTP normally uses TCP port 80, while encrypted HTTPS normally uses TCP port 443. To use certbot –webroot, certbot –apache, or certbot –nginx, you should h

certbot.eff.org

 

ssl와일드카드 참고사항

 

Generate free Wildcard Certificates using Let’s Encrypt (Certbot) on Ubuntu 18.04 | Website for Students

This brief tutorial shows students and new users how to generate free wildcard SSL/TLS certificates using Let’s Encrypt (Certbot) on Ubuntu 16.04 | 18.04 LTS… Let’s Encrypt is a certificate…

websiteforstudents.com

 

아래 설정은 추가적인 참고.

<Directory />
        Options FollowSymLinks
        AllowOverride None
        #Require all denied
</Directory>

 

<Directory /var/www/html>
        #Options Indexes FollowSymLinks
        #AllowOverride None
        #Require all granted
        Options Indexes FollowSymLinks IncludesNoEXEC
        AllowOverride all
        Require all granted
        Order allow,deny
        Allow from all
        Deny from env=NoAccess

        DirectoryIndex index.html index.php

</Directory>

DirectoryIndex index.html index.php

 

<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

# deny file, folder start with dot
<DirectoryMatch "^\.|\/\.">
    Require all denied
</DirectoryMatch>

# deny (log file, binary, certificate, shell script, sql dump file) access.
<FilesMatch "\.(?i:log|binary|pem|enc|crt|conf|cnf|sql|sh|key|yml|lock|gitignore)$">
    Require all denied
</FilesMatch>

# deny access.
<FilesMatch "(?i:composer\.json|contributing\.md|license\.txt|readme\.rst|readme\.md|readme\.txt|copyright|artisan|gulpfile\.js|package\.json|phpunit\.xml|access_log|error_log|gruntfile\.js|bower\.json|changelog\.md|console|legalnotice|license|security\.md|privacy\.md)$">
    Require all denied
</FilesMatch>

# Allow Lets Encrypt Domain Validation Program
<DirectoryMatch "\.well-known/acme-challenge/">
    Require all granted
</DirectoryMatch>

# Block .php file inside upload folder. uploads(wp), files(drupal), data(gnuboard).
<DirectoryMatch "/(uploads|default/files|data|wp-content/themes)/">
    <FilesMatch ".+\.php$">
        Require all denied
    </FilesMatch>
</DirectoryMatch>

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

댓글
댓글쓰기 폼