Apache 2.4 VirtualHost, HTTPS 설정

-- 기본 페이지 사용안함
# cd /etc/apache2/sites-available
# vi 000-default.conf
<VirtualHost *:80>
    Redirect 404 /
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# systemctl reload apache2
-- 가상호스트 추가, 활성화
# cd /etc/apache2/sites-available
# vi quota.kr.conf
<VirtualHost *:80>
    ServerName quota.kr
    DocumentRoot /data/web/quota.kr/
    <Directory /data/web/quota.kr/>
        Options FollowSymLinks
        AllowOverride All
        require all granted
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/quota.kr-error.log
    CustomLog ${APACHE_LOG_DIR}/quota.kr-access.log combined
</VirtualHost>
# a2ensite quota.kr.conf
# systemctl reload apache2​
-- Let's Encrypt 설치, SSL인증서 설치
# apt install letsencrypt
# certbot certonly -d quota.kr --webroot -w /data/web/quota.kr/

-- 가상호스트 HTTPS 설정
# cd /etc/apache2/sites-available
# vi quota.kr.conf
<VirtualHost *:443>
    ServerName quota.kr
    DocumentRoot /data/web/quota.kr/
    <Directory /data/web/quota.kr/>
        Options FollowSymLinks
        AllowOverride All
        require all granted
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/quota.kr-error.log
    CustomLog ${APACHE_LOG_DIR}/quota.kr-access.log combined

    Header always set Strict-Transport-Security "max-age=31536000"
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder on
    SSLCertificateFile "/etc/letsencrypt/live/quota.kr/cert.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/quota.kr/privkey.pem"
    SSLCertificateChainFile "/etc/letsencrypt/live/quota.kr/chain.pem"
</VirtualHost>
# systemctl reload apache2

-- HTTP > HTTPS 설정
# cd /etc/apache2/sites-available
# vi quota.kr.conf
<VirtualHost *:80>
    ... 
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteRule ^ - [E=protossl]
        RewriteCond %{HTTPS} on
        RewriteRule ^ - [E=protossl:s]
        RewriteCond %{HTTPS} !=on
        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    </IfModule>
</VirtualHost>
# systemctl reload apache2

-- -- Let's Encrypt SSL 인증서 갱신
# certbot renew
# certbot certonly -d quota.kr --webroot -w /data/web/quota.kr/

댓글(0)