[그누6실서비스] 6/8 - NGINX SSL 인증서 생성

NGINX SSL 인증서 생성 (Let’s Encrypt)

[code]

root@sirsoft-235928:/etc/nginx/sites-enabled#apt install certbot python3-certbot-nginx
Reading package lists... Done

...

No VM guests are running outdated hypervisor (qemu) binaries on this host.
 

root@sirsoft-235928:/etc/nginx/sites-enabled# certbot --nginx

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): account@gnuboard.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: g6.gnuboard.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1

Requesting a certificate for g6.gnuboard.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/g6.gnuboard.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/g6.gnuboard.com/privkey.pem
This certificate expires on 2024-04-17.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for g6.gnuboard.com to /etc/nginx/sites-enabled/g6.gnuboard.com.conf
Congratulations! You have successfully enabled HTTPS on https://g6.gnuboard.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[/code]

g6.gnuboard.com.conf 확인

[code]

server {
        server_name g6.gnuboard.com;

        access_log /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log;

        location / {
                proxy_pass http://127.0.0.1:8000;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/g6.gnuboard.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/g6.gnuboard.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = g6.gnuboard.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80;
        server_name g6.gnuboard.com;
    return 404; # managed by Certbot

}
[/code]

다음글에 이어집니다.