[그누6실서비스] 8/8 - APACHE SSL 인증서 생성

APACHE SSL 인증서 생성 (Let’s Encrypt)

[code]

root@sirsoft-235928:/etc/apache2/sites-enabled# apt install certbot python3-certbot-apache
Reading package lists... Done
...
No VM guests are running outdated hypervisor (qemu) binaries on this host.

root@sirsoft-235928:/etc/apache2/sites-enabled# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: g6.gnuboard.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/g6.gnuboard.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate
Successfully deployed certificate for g6.gnuboard.com to /etc/apache2/sites-enabled/g6.gnuboard.com-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://g6.gnuboard.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

root@sirsoft-235928:/etc/apache2/sites-enabled# ll
total 16
drwxr-xr-x 2 root root 4096 Jan 18 14:17 ./
drwxr-xr-x 8 root root 4096 Jan 18 14:17 ../
lrwxrwxrwx 1 root root   35 Jan 18 13:55 000-default.conf -> ../sites-available/000-default.conf
-rw-r--r-- 1 root root  491 Jan 18 14:17 g6.gnuboard.com-le-ssl.conf
-rw-r--r-- 1 root root  397 Jan 18 14:17 g6.gnuboard.com.conf

root@sirsoft-235928:/etc/apache2/sites-enabled# systemctl restart apache2
[/code]

g6.gnuboard.com.conf 확인

[code]

<VirtualHost *:80>
        ServerName g6.gnuboard.com
        ServerAdmin account@gnuboard.com

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # 프록시 설정

        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:8000/
        ProxyPassReverse / http://127.0.0.1:8000/

        # 헤더 전달
        RequestHeader set X-Real-IP expr=%{REMOTE_ADDR}
        RequestHeader set X-Forwarded-For expr=%{REMOTE_ADDR}
        RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =g6.gnuboard.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
[/code]

g6.gnuboard.com-le-ssl.conf 확인
[code]

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName g6.gnuboard.com
        ServerAdmin account@gnuboard.com

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # 프록시 설정

        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:8000/
        ProxyPassReverse / http://127.0.0.1:8000/

        # 헤더 전달
        RequestHeader set X-Real-IP expr=%{REMOTE_ADDR}
        RequestHeader set X-Forwarded-For expr=%{REMOTE_ADDR}
        RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}

SSLCertificateFile /etc/letsencrypt/live/g6.gnuboard.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/g6.gnuboard.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
[/code]

- 끝 -