[그누6실서비스] 8/8 - APACHE SSL 인증서 생성 정보
[그누6실서비스] 8/8 - APACHE SSL 인증서 생성본문
APACHE SSL 인증서 생성 (Let’s Encrypt)
root@sirsoft-235928:/etc/apache2/sites-enabled# apt install certbot python3-certbot-apache
Reading package lists... Done
...
No VM guests are running outdated hypervisor (qemu) binaries on this host.
root@sirsoft-235928:/etc/apache2/sites-enabled# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: g6.gnuboard.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Certificate not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/g6.gnuboard.com.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate
Successfully deployed certificate for g6.gnuboard.com to /etc/apache2/sites-enabled/g6.gnuboard.com-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://g6.gnuboard.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@sirsoft-235928:/etc/apache2/sites-enabled# ll
total 16
drwxr-xr-x 2 root root 4096 Jan 18 14:17 ./
drwxr-xr-x 8 root root 4096 Jan 18 14:17 ../
lrwxrwxrwx 1 root root 35 Jan 18 13:55 000-default.conf -> ../sites-available/000-default.conf
-rw-r--r-- 1 root root 491 Jan 18 14:17 g6.gnuboard.com-le-ssl.conf
-rw-r--r-- 1 root root 397 Jan 18 14:17 g6.gnuboard.com.conf
root@sirsoft-235928:/etc/apache2/sites-enabled# systemctl restart apache2
g6.gnuboard.com.conf 확인
<VirtualHost *:80>
ServerName g6.gnuboard.com
ServerAdmin *** 개인정보보호를 위한 이메일주소 노출방지 ***
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# 프록시 설정
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
# 헤더 전달
RequestHeader set X-Real-IP expr=%{REMOTE_ADDR}
RequestHeader set X-Forwarded-For expr=%{REMOTE_ADDR}
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
RewriteEngine on
RewriteCond %{SERVER_NAME} =g6.gnuboard.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
g6.gnuboard.com-le-ssl.conf 확인
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName g6.gnuboard.com
ServerAdmin *** 개인정보보호를 위한 이메일주소 노출방지 ***
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# 프록시 설정
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
# 헤더 전달
RequestHeader set X-Real-IP expr=%{REMOTE_ADDR}
RequestHeader set X-Forwarded-For expr=%{REMOTE_ADDR}
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
SSLCertificateFile /etc/letsencrypt/live/g6.gnuboard.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/g6.gnuboard.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
- 끝 -
!-->!-->!-->
추천
2
2
댓글 3개
혹시 그누보드 QA - 도메인 연결 오류 (sir.kr)
위와 같은 문제가 생기시는 분들은 아래 방법을 시도해 보세요.
# 프록시 설정
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
1. conf 파일 2개 모두 "ProxyPreserveHost On"을 추가해 주세요.
2. 관리자 설정에서 "캐시파일 일괄삭제"를 진행해 주세요.
@부산곰돌이 수정해 놓겠습니다. 알려주셔서 감사합니다.
오호! ProxyPreserveHost를 이용하는 방법도 있었네요.
왜 이걸 진작에 못봤지....^^;;