Ubuntu 18.04 Nginx에 SSL 적용하기

By | 2020년 3월 28일
0 Comment
Table of Contents

Ubuntu 18.04 Nginx 에 SSL 적용하기

Let’s Encrypt 에서 제공하는 무료 SSL 인증서를 이용해, Nginx 에 SSL 을 적용합니다.

Certbot 설치

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx

nginx 설정 확인

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/skyer9.pe.kr
sudo vi /etc/nginx/sites-available/skyer9.pe.kr
server {
        listen 80;
        listen [::]:80;

        root /var/www/skyer9.pe.kr/html;
        index index.html index.htm index.nginx-debian.html index.php;

        server_name skyer9.pe.kr www.skyer9.pe.kr m.skyer9.pe.kr;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
}
sudo ln -s /etc/nginx/sites-available/skyer9.pe.kr /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

SSL 인증서 가져오기

sudo certbot --nginx -d skyer9.pe.kr -d www.skyer9.pe.kr -d m.skyer9.pe.kr

......
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): test@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
......
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
......

설정이 자동으로 추가되어 있습니다.

vi /etc/nginx/sites-enabled/skyer9.pe.kr
sudo nginx -t
sudo systemctl reload nginx

브라우저에서 https://www.skyer9.pe.kr 로 접속되는 것을 확인할 수 있습니다.

SSL 자동 갱신

아래 명령으로 인증서 갱신을 시뮬레이션할 수 있습니다.

sudo certbot renew --dry-run

아래 명령으로 실제 인증서 갱신을 크론탭에 등록합니다.

sudo crontab -e
# ┌───────────── min (0 - 59)
# │ ┌────────────── hour (0 - 23)
# │ │ ┌─────────────── day of month (1 - 31)
# │ │ │ ┌──────────────── month (1 - 12)
# │ │ │ │ ┌───────────────── day of week (0 - 6) (0 to 6 are Sunday to
# │ │ │ │ │                  Saturday, or use names; 7 is also Sunday)
# │ │ │ │ │
# │ │ │ │ │
# * * * * *  command to execute
30 4 13 * * /usr/bin/certbot renew --renew-hook="sudo systemctl reload nginx"

아래 명령으로 잔여 인증기간을 확인할 수 있습니다.

sudo certbot certificates
Post Views: 943

답글 남기기