아파치 도메인 연결

백성현·2021년 7월 26일

Apache

IP접근 차단

cd /etc/apache2/sites-available
echo \
"<VirtualHost *:80>
    ServerName default
    <Location />
        Require all denied
    </Location>
</VirtualHost>" > 000-default.conf

systemctl restart apache2

가상호스트 설정

mkdir -p /data/php/example.com/public

cd /etc/apache2/sites-available
echo \
"<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /data/php/example.com/public/
    <Directory /data/php/example.com/public/>
        Options FollowSymLinks
        AllowOverride All
        require all granted
    </Directory>
    ErrorLog \${APACHE_LOG_DIR}/example.com-error.log
    CustomLog \${APACHE_LOG_DIR}/example.com-access.log combined
</VirtualHost>" > example.com.conf

a2ensite example.com.conf
systemctl restart apache2

Letsencrypt

설치

apt  install letsencrypt

발급

certbot certonly -d example.com -d www.example.com --webroot -w /data/php/example.com/public

갱신

echo \
"# letsencrypt renew
01 4    * * *   root    \`/usr/bin/letsencrypt renew --renew-hook=\"systemctl restart apache2\"\`" >> /etc/crontab

가상호스트 SSL 활성화

cd /etc/apache2/sites-available
echo \
"<VirtualHost *:443>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /data/php/example.com/public/
    <Directory /data/php/example.com/public/>
        Options FollowSymLinks
        AllowOverride All
        require all granted
    </Directory>
    ErrorLog \${APACHE_LOG_DIR}/example.com-error.log
    CustomLog \${APACHE_LOG_DIR}/example.com-access.log combined

    Header always set Strict-Transport-Security \"max-age=300\"
    SSLEngine on
    SSLCertificateFile \"/etc/letsencrypt/live/example.com/cert.pem\"
    SSLCertificateKeyFile \"/etc/letsencrypt/live/example.com/privkey.pem\"
    SSLCertificateChainFile \"/etc/letsencrypt/live/example.com/chain.pem\"
</VirtualHost>" >> example.com.conf

systemctl restart apache2

HTTPS 리다이렉트

cd /etc/apache2/sites-available.conf
vi example.com.conf
###
<VirtualHost *:80>
    ...
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
###

systemctl restart apache2

HTTP/2 적용

a2enmod http2

systemctl restart apache2

백성현

이전 포스트

우분투 20.04 APM 환경 구축

다음 포스트

아파치 도메인 연결

Apache

IP접근 차단

가상호스트 설정

Letsencrypt

설치

발급

갱신

가상호스트 SSL 활성화

HTTPS 리다이렉트

HTTP/2 적용

우분투 20.04 APM 환경 구축

아파치 도메인 연결

0개의 댓글