{"id":311,"date":"2020-03-28T15:05:24","date_gmt":"2020-03-28T06:05:24","guid":{"rendered":"http:\/\/www.skyer9.pe.kr\/wordpress\/?p=311"},"modified":"2020-03-28T23:48:26","modified_gmt":"2020-03-28T14:48:26","slug":"ubuntu-18-04-nginx%ec%97%90-ssl-%ec%a0%81%ec%9a%a9%ed%95%98%ea%b8%b0","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=311","title":{"rendered":"Ubuntu 18.04 Nginx\uc5d0 SSL \uc801\uc6a9\ud558\uae30"},"content":{"rendered":"

Ubuntu 18.04 Nginx \uc5d0 SSL \uc801\uc6a9\ud558\uae30<\/h1>\n

Let’s Encrypt \uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \ubb34\ub8cc SSL \uc778\uc99d\uc11c\ub97c \uc774\uc6a9\ud574, Nginx \uc5d0 SSL \uc744 \uc801\uc6a9\ud569\ub2c8\ub2e4.<\/p>\n

Certbot \uc124\uce58<\/h2>\n
sudo add-apt-repository ppa:certbot\/certbot\nsudo apt install python-certbot-nginx<\/code><\/pre>\n
nginx \uc124\uc815 \ud655\uc778<\/h2>\n
sudo cp \/etc\/nginx\/sites-available\/default \/etc\/nginx\/sites-available\/skyer9.pe.kr\nsudo vi \/etc\/nginx\/sites-available\/skyer9.pe.kr<\/code><\/pre>\n
server {\n        listen 80;\n        listen [::]:80;\n\n        root \/var\/www\/skyer9.pe.kr\/html;\n        index index.html index.htm index.nginx-debian.html index.php;\n\n        server_name skyer9.pe.kr www.skyer9.pe.kr m.skyer9.pe.kr;\n\n        location \/ {\n                try_files $uri $uri\/ =404;\n        }\n\n        location ~ \\.php$ {\n                include snippets\/fastcgi-php.conf;\n                fastcgi_pass unix:\/var\/run\/php\/php7.2-fpm.sock;\n        }\n}<\/code><\/pre>\n
sudo ln -s \/etc\/nginx\/sites-available\/skyer9.pe.kr \/etc\/nginx\/sites-enabled\/\nsudo nginx -t\nsudo systemctl reload nginx<\/code><\/pre>\n
SSL \uc778\uc99d\uc11c \uac00\uc838\uc624\uae30<\/h2>\n
sudo certbot --nginx -d skyer9.pe.kr -d www.skyer9.pe.kr -d m.skyer9.pe.kr\n\n......\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\ncancel): test@gmail.com\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:\/\/acme-v02.api.letsencrypt.org\/directory\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(A)gree\/(C)ancel: A\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about our work\nencrypting the web, EFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: N\n......\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 1\n......<\/code><\/pre>\n
\uc124\uc815\uc774 \uc790\ub3d9\uc73c\ub85c \ucd94\uac00\ub418\uc5b4 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
vi \/etc\/nginx\/sites-enabled\/skyer9.pe.kr\nsudo nginx -t\nsudo systemctl reload nginx<\/code><\/pre>\n
\ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c https:\/\/www.skyer9.pe.kr<\/a> \ub85c \uc811\uc18d\ub418\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
SSL \uc790\ub3d9 \uac31\uc2e0<\/h2>\n
\uc544\ub798 \uba85\ub839\uc73c\ub85c \uc778\uc99d\uc11c \uac31\uc2e0\uc744 \uc2dc\ubbac\ub808\uc774\uc158\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
sudo certbot renew --dry-run<\/code><\/pre>\n
\uc544\ub798 \uba85\ub839\uc73c\ub85c \uc2e4\uc81c \uc778\uc99d\uc11c \uac31\uc2e0\uc744 \ud06c\ub860\ud0ed\uc5d0 \ub4f1\ub85d\ud569\ub2c8\ub2e4.<\/p>\n
sudo crontab -e\n# \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 min (0 - 59)\n# \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 hour (0 - 23)\n# \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 day of month (1 - 31)\n# \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 month (1 - 12)\n# \u2502 \u2502 \u2502 \u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 day of week (0 - 6) (0 to 6 are Sunday to\n# \u2502 \u2502 \u2502 \u2502 \u2502                  Saturday, or use names; 7 is also Sunday)\n# \u2502 \u2502 \u2502 \u2502 \u2502\n# \u2502 \u2502 \u2502 \u2502 \u2502\n# * * * * *  command to execute\n30 4 13 * * \/usr\/bin\/certbot renew --renew-hook="sudo systemctl reload nginx"<\/code><\/pre>\n
\uc544\ub798 \uba85\ub839\uc73c\ub85c \uc794\uc5ec \uc778\uc99d\uae30\uac04\uc744 \ud655\uc778\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
sudo certbot certificates<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Ubuntu 18.04 Nginx \uc5d0 SSL \uc801\uc6a9\ud558\uae30 Let’s Encrypt \uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \ubb34\ub8cc SSL \uc778\uc99d\uc11c\ub97c \uc774\uc6a9\ud574, Nginx \uc5d0 SSL \uc744 \uc801\uc6a9\ud569\ub2c8\ub2e4. Certbot \uc124\uce58 sudo add-apt-repository ppa:certbot\/certbot sudo apt install python-certbot-nginx nginx \uc124\uc815 \ud655\uc778 sudo cp \/etc\/nginx\/sites-available\/default \/etc\/nginx\/sites-available\/skyer9.pe.kr sudo vi \/etc\/nginx\/sites-available\/skyer9.pe.kr server { listen 80; listen [::]:80; root \/var\/www\/skyer9.pe.kr\/html; index index.html index.htm index.nginx-debian.html index.php; server_name skyer9.pe.kr www.skyer9.pe.kr m.skyer9.pe.kr;\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-311","post","type-post","status-publish","format-standard","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=311"}],"version-history":[{"count":11,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/311\/revisions"}],"predecessor-version":[{"id":353,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/311\/revisions\/353"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}