[Ubuntu] ¾ÆÆÄÄ¡ + ÅèĹ ¿¬µ¿µÈ »óÅ¿¡¼ OpenSSL Àû¿ë
¾ÆÆÄÄ¡¿Í ÅèĹÀÌ ¿¬µ¿µÈ »óÅ¿¡¼ OpenSSLÀ» Àû¿ëÇÒ °ÍÀÌ´Ù. ¾ÆÆÄÄ¡ ¼³Ä¡ ¹× ÅèĹ ¿¬µ¿¿¡ ´ëÇؼ´Â ¾Æ·¡ÀÇ ¸µÅ©¸¦ Âü°íÇÏ¸é µÈ´Ù.
¡á °ü·Ã±Û
OpenSSL ¼³Ä¡ ¹× ÀÎÁõ¼ »ý¼º
OpenSSL ¼³Ä¡ ¹× ÀÎÁõ¼ »ý¼º¿¡ °üÇÑ ºÎºÐÀº ¾Æ·¡ ¸µÅ©·Î µé¾î°¡ OpenSSL ¼³Ä¡ ¹× ÀÎÁõ¼ »ý¼º ºÎºÐÀ» Âü°íÇÏ¸é µÈ´Ù.
¡á °ü·Ã±Û
OpenSSL Àû¿ë
1. SSL µð·ºÅ丮 »ý¼º ¹× ÀÎÁõ¼ º¹»ç
°ü¸®ÀÇ ÆíÀǸ¦ À§ÇØ ssl ÀÎÁõ¼¸¦ ¸ð¾ÆµÑ µð·ºÅ丮¸¦ »ý¼ºÇÑ´Ù.
[mgt@localserver: ~$] sudo mkdir /etc/apache2/ssl |
»ý¼ºÇÑ µð·ºÅ丮·Î ÀÎÁõ¼¸¦ º¹»çÇÑ´Ù.
[mgt@localserver: ~$] sudo cp server.crt /etc/apache2/ssl/server.crt [mgt@localserver: ~$] sudo cp server.csr /etc/apache2/ssl/server.csr [mgt@localserver: ~$] sudo cp server.key /etc/apache2/ssl/server.key |
2. SSL ¸ðµâ È°¼º
ApacheÀÇ SSL ¸ðµâÀ» È°¼ºÈÇÑ´Ù. À̶§ ¾ÆÆÄÄ¡¸¦ Àç½ÃÀÛ Ç϶ó´Â ¸Þ½ÃÁö°¡ ³ª¿À´Âµ¥, ÀÏ´Ü ¹«½ÃÇÑ´Ù.
[mgt@localserver: ~$] sudo a2enmod ssl Considering dependency setenvif for ssl: Module setenvif already enabled Considering dependency mime for ssl: Module mime already enabled Considering dependency socache_shmcb for ssl: Enabling module socache_shmcb. Enabling module ssl. See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates. To activate the new configuration, you need to run: service apache2 restart |
3. /etc/apache2/ports.conf ÆÄÀÏ ¼öÁ¤
¾Æ·¡ ³»¿ëÀ» ports.conf ÆÄÀÏ¿¡ Ãß°¡ÇÑ´Ù.
[mgt@localserver: ~$] sudo nano /etc/apache2/ports.conf # ³»¿ëÃß°¡ <IfModule mod_ssl.c> Listen 443 </IfModule> |
ports.conf ÆÄÀÏ¿¡ ³»¿ë Ãß°¡
4. default-ssl.conf ÆÄÀÏÀ» º¹»ç
default-ssl.conf ÆÄÀÏÀ» º¹»çÇؼ board-ssl.conf·Î À̸§À» º¯°æÇÏ¿´´Ù. º¹»çÇÑ ÆÄÀϸíÀº º»ÀÎÀÌ ¾Ë±â ½±°Ô Á¤ÇÏ¸é µÈ´Ù. (ex, µµ¸ÞÀθíÀ¸·Î)
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/board-ssl.conf |
5. º¹»çÇÑ ÆÄÀÏ ¼öÁ¤
À§¿¡¼ º¹»çÇÑ ÆÄÀÏÀ» ¼öÁ¤ÇÑ´Ù.
[mgt@localserver: ~$] sudo nano /etc/apache2/sites-available/board-ssl.conf # ÇØ´ç ºÎºÐ ¼öÁ¤ SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key |
Ç¥½ÃµÈ ºÎºÐÀ» ¼öÁ¤ÇÑ ¸ð½À
´ÙÀ½À¸·Î ¾Æ·¡ »çÁø¿¡ Ç¥½ÃÇÑ ºÎºÐÀÇ ÁÖ¼®(#)À» Á¦°ÅÇÑ´Ù.
6. 000-default.conf (¾ÆÆÄÄ¡ ¼³Á¤ÆÄÀÏ) ¼öÁ¤
¾ÆÆÄÄ¡ ±âº» ¼³Á¤ ÆÄÀÏÀÎ 000-default.conf ¿¡ SSL ³»¿ëÀ» Ãß°¡ÇÑ´Ù.
[mgt@localserver: ~$] sudo nano /etc/apache2/sites-available/000-default.conf |
# <VirtualHost *:80> ÅÂ±× ¾È¿¡ Ãß°¡ RedirectPermanent / https://¾ÆÀÌÇÇ ÁÖ¼Ò # 000-default.conf ¿¡ Ãß°¡ <VirtualHost *:443> ServerAdmin webmaster@localhost #DocumentRoot /var/www/html DocumentRoot /var/lib/tomcat8/webapps/ROOT/ JkMount /* tomcat1 SSLEngine on SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> |
<VirtualHost *:80> ű׿¡ Ãß°¡ÇÑ RedirectPermanent / https://192.168.137.128 ºÎºÐÀº HTTP·Î ¿¬°á ½Ã ÀÚµ¿À¸·Î HTTPS·Î ¿¬°áµÇµµ·Ï ¼³Á¤ÇÏ´Â ºÎºÐÀÌ´Ù.
·ÎÄÃÀÏ °æ¿ì https://127.0.0.1 À» ÀûÀ¸¸é µÇ°í, µµ¸ÞÀÎÀ» »ç¿ë ÁßÀ̶ó¸é https://µµ¸ÞÀÎ À» ÀûÀ¸¸é µÈ´Ù.
<VirtualHost *:443> ÅÂ±× ºÎºÐÀº HTTPS ¿¬°á¿¡ °üÇÑ ºÎºÐÀÌ´Ù. À§¿¡¼´Â DocumentRoot¿¡ ÅèĹÀÇ ¹èÆ÷ °æ·Î¸¦ ÀÔ·ÂÇصР»óÅÂÀε¥, ÅèĹ¿¡ ¹èÆ÷¸¦ ÇÏÁö ¾Ê¾Ò´Ù¸é, /var/www/ssl ÀÌ·± ½ÄÀ¸·Î ÀÓÀÇÀÇ µð·ºÅ丮¸¦ ¸¸µé°í °Å±â¿¡ html ÆÄÀÏÀ» ¸¸µé¾î µÐ´Ù. ±×¸®°í ±× °æ·Î¸¦ DocumentRoot¿¡ Àû¾îµÎ¸é µÈ´Ù.
Ex) DocumentRoot /var/www/ssl |
JkMount ºÎºÐÀº ¾Æ·¡ÀÇ ÅèĹ ¿¬µ¿±ÛÀ» Âü°íÇÏ¸é µÈ´Ù.
7. board-ssl È°¼ºÈ
[mgt@localserver: ~$] sudo a2ensite board-ssl Enabling site board-ssl. To activate the new configuration, you need to run: service apache2 reload |
8. ¹æȺ® ¼³Á¤
¹æȺ®¿¡ OpenSSLÀÇ Æ÷Æ®ÀÎ 443 Æ÷Æ®·Î Á¢¼ÓÀ» Çã¿ëÇϵµ·Ï º¯°æÇÑ´Ù
[mgt@localserver: ~$] sudo ufw allow 443/tcp Rule added Rule added (v6) |
¹æȺ® ¼³Á¤À» ÇÏ°í 443Æ÷Æ®¸¦ È®ÀÎÇغ¸ÀÚ.
[mgt@localserver: ~$] netstat -lnp | grep 443 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp6 0 0 :::443 :::* LISTEN - tcp6 0 0 :::443 :::* LISTEN - tcp6 0 0 :::443 :::* LISTEN - |
[mgt@localserver: ~$] sudo /etc/init.d/apache2 restart [ ok ] Restarting apache2 (via systemctl): apache2.service. |
°³ÀÎ ¼¸íÀ̶ó ½Å·ÚÇÒ ¼ö ¾ø´Ù°í ³ª¿Â´Ù. ÇÏÁö¸¸ º¸¾È Á¢¼ÓÀº Á¤»óÀûÀ¸·Î Àß µÈ´Ù.
¡á Âü°í
Ãâó: https://all-record.tistory.com/190?category=733055 [¼¼»óÀÇ ¸ðµç ±â·Ï]