LINUX
2019.02.15 / 19:08

[Ubuntu] ġ + Ĺ ¿ OpenSSL

hanulbit
õ 2

ġ Ĺ ¿ OpenSSL ̴. ġ ġ Ĺ ؼ Ʒ ũ ϸ ȴ.






OpenSSL ġ



OpenSSL ġ κ Ʒ ũ   OpenSSL ġ   κ ϸ ȴ. 






OpenSSL



1. SSL 丮


Ǹ ssl Ƶ 丮 Ѵ. 


[mgt@localserver: ~$sudo mkdir /etc/apache2/ssl



丮 Ѵ.


[mgt@localserver: ~$sudo cp server.crt /etc/apache2/ssl/server.crt
[mgt@localserver: ~$sudo cp server.csr /etc/apache2/ssl/server.csr
[mgt@localserver: ~$sudo cp server.key /etc/apache2/ssl/server.key




2. SSL Ȱ


Apache SSL ȰȭѴ. ̶ ġ ϶ ޽ µ, ϴ Ѵ.


[mgt@localserver: ~$sudo a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart




3. /etc/apache2/ports.conf


Ʒ ports.conf Ͽ ߰Ѵ.


[mgt@localserver: ~$sudo nano /etc/apache2/ports.conf
 
# ߰
<IfModule mod_ssl.c>
    Listen 443
</IfModule>




ports.conf Ͽ ߰



4. default-ssl.conf


default-ssl.conf ؼ board-ssl.conf ̸ Ͽ. ϸ ˱ ϸ ȴ. (ex, θ)


sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/board-ssl.conf




5.


Ѵ.


[mgt@localserver: ~$sudo nano /etc/apache2/sites-available/board-ssl.conf
 
# ش κ 
SSLCertificateFile /etc/apache2/ssl/server.crt 
SSLCertificateKeyFile /etc/apache2/ssl/server.key






ǥõ κ



Ʒ ǥ κ ּ(#) Ѵ.





6. 000-default.conf (ġ )


ġ ⺻ 000-default.conf SSL ߰Ѵ.


[mgt@localserver: ~$sudo nano /etc/apache2/sites-available/000-default.conf



# <VirtualHost *:80> ± ȿ ߰
RedirectPermanent / https:// ּ
 
 
# 000-default.conf  ߰
<VirtualHost *:443>
 
        ServerAdmin webmaster@localhost
        #DocumentRoot /var/www/html
        DocumentRoot /var/lib/tomcat8/webapps/ROOT/
 
        JkMount /* tomcat1
 
        SSLEngine on 
        SSLCertificateFile /etc/apache2/ssl/server.crt 
        SSLCertificateKeyFile /etc/apache2/ssl/server.key
 
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
 
</VirtualHost>






<VirtualHost *:80> ±׿ ߰ RedirectPermanent / https://192.168.137.128 κ HTTP  ڵ HTTPS ǵ ϴ κ̴.


https://127.0.0.1  ǰ,   ̶ https://  ȴ.



<VirtualHost *:443> ± κ HTTPS ῡ κ̴. DocumentRoot Ĺ θ Էص ε, Ĺ ʾҴٸ, /var/www/ssl ̷ 丮 ű⿡ html д. ׸ θ DocumentRoot θ ȴ.


Ex) DocumentRoot /var/www/ssl



JkMount κ Ʒ Ĺ ϸ ȴ.





7. board-ssl Ȱȭ


[mgt@localserver: ~$sudo a2ensite board-ssl
Enabling site board-ssl.
To activate the new configuration, you need to run:
  service apache2 reload




8. ȭ


ȭ OpenSSL Ʈ 443 Ʈ ϵ Ѵ


[mgt@localserver: ~$sudo ufw allow 443/tcp
Rule added
Rule added (v6)



ȭ ϰ 443Ʈ Ȯغ.


[mgt@localserver: ~$] netstat  -lnp  | grep 443
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp6       0      0 :::443                  :::*                    LISTEN      -
tcp6       0      0 :::443                  :::*                    LISTEN      -
tcp6       0      0 :::443                  :::*                    LISTEN      -




9.  ġ

[mgt@localserver: ~$sudo /etc/init.d/apache2 restart
[ ok ] Restarting apache2 (via systemctl): apache2.service.




10. Ʈ

ġ https:// ּ Ǵ https://127.0.0.1( = https://localhost ϴ.) ԷѴ.





̶ ŷ ٰ ´. ȴ. 








ó: https://all-record.tistory.com/190?category=733055 [ ]