๋ฐ์ํ
ssl ์ธ์ฆ์ ๋ฐ๊ธ ๊ณผ์ ์์ ์๋ฌ๊ฐ ๋ฌ๋ค.
ํด๊ฒฐ : 80๋ฒ ํฌํธ๋ฅผ ์ ์ ํ ์ ์๋๋ก ๊ธฐ์กด ์น ํ๋ ์์ํฌ๋ ํน์ ์๋ฒ ํ๋ก๊ทธ๋จ์ ์ข ๋ฃํ๊ธฐ
ubuntu:~$ sudo lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 1031 root 6u IPv4 25900 0t0 TCP *:http (LISTEN)
nginx 1031 root 7u IPv6 25901 0t0 TCP *:http (LISTEN)
nginx 1032 www-data 6u IPv4 25900 0t0 TCP *:http (LISTEN)
nginx 1032 www-data 7u IPv6 25901 0t0 TCP *:http (LISTEN)
ubuntu:~$ kill 1031or
ubuntu:~$ sudo systemctl stop nginx
SSL ์ธ์ฆ์ ๋ฐ๊ธ๋ฐ๊ธฐ (standalone)
ubuntu:~$ sudo apt-get install certbot
ubuntu:~$ sudo certbot certonly --standalone -d ๋๋ฉ์ธ์ฃผ์
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalon
.
.
.
.
.
.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/๋๋ฉ์ธ์ฃผ์/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/green27.duckdns.org/privkey.pem
Your cert will expire on 2022-10-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
# Nginx์ SSL ์ฐ๊ฒฐ
ubuntu:~$ sudo vi /etc/nginx/sites-availables/default
server {
listen 80;
listen [::]:80;
# HTTPS๋ฅผ ์ํ 443 ํฌํธ ๊ฐ๋ฐฉ
listen 443 ssl;
listen [::]:443 ssl;
root /var/www/html;
server_name ๋๋ฉ์ธ์ฃผ์;
#SSL ์ธ์ฆ์๋ฅผ ๋ฃ์ด์ค๋ค.
ssl_certificate /etc/letsencrypt/live/๋๋ฉ์ธ์ฃผ์/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/๋๋ฉ์ธ์ฃผ์/privkey.pem;
location / {
proxy_pass http://localhost:8080;
}
}
# :wq ์ ์ฅํ ๋ฆฌ๋ก๋ฉ
ubuntu:~$ sudo service nginx reload
ubuntu:~$ sudo service nginx restart
300x250
