한 대의 apache 서버에 여러개의 보안 인증서 설정하려면,
예) 443, 444, 445 3개의 포트를 사용
1. httpd.conf에 포트 열기
Listen 444
Listen 445
>> 443 포트는 openssl 모듈로 열리기에 위에 추가할 필요 없다!
2. 방화벽(iptables) 열기
# Web
iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 444 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 445 -m state --state ESTABLISHED,RELATED -j ACCEPT
3. VirtualHost 설정
<VirtualHost *:80>
AddDefaultCharset UTF-8
ServerAdmin jonny@mog.kr
DocumentRoot /home/html/test.co.kr/html
ServerName test.co.kr
# ServerAlias blog.test.co.kr
ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /home/html/test.co.kr/logs/error-%Y-%m-%d.log 86400"
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /home/html/test.co.kr/logs/access-%Y-%m-%d.log 86400" combined
DirectoryIndex index.html index.php
RewriteEngine On
# RewriteLog /home/html/test.co.kr/logs/rewrite1.log
# RewriteLogLevel 3
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
RewriteRule CVS/(.*)$ /error/error_404.do [PT]
>> 기존에 443이 돌고 있고 추가로 444를 적용한다면 아래와 같이 :444를 붙혀줘야 기존 443 포트로 안갑니다.(기존 443으로 돌고 있는 곳은 아래와 같이 안붙혀도 됨!)
RewriteRule ^/login https://test.co.kr:444/login [L]
RewriteRule ^/login/ https://test.co.kr:444/login/ [L]
RewriteRule ^/member/(.+)$ https://test.co.kr:444/member/$1 [L]
RewriteRule ^/plugins/MOG_TeamJoin/(.+)$ https://test.co.kr:444/plugins/MOG_TeamJoin/$1 [L]
<Directory /home/html/test.co.kr/html>
Allow from all
Options FollowSymLinks
AllowOverride FileInfo
</Directory>
# PHP 5
# Apache 2.0 mod_php5.c
# Apache 2.2 php5_module
<IfModule mod_php5.c>
php_value magic_quotes_gpc Off
AddType application/x-httpd-php .do .php
</IfModule>
</VirtualHost>
<VirtualHost *:444>
AddDefaultCharset UTF-8
ServerAdmin jonny@mog.kr
DocumentRoot /home/html/test.co.kr/html
ServerName test.co.kr
ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /home/html/test.co.kr/logs/error-%Y-%m-%d.log 86400"
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /home/html/test.co.kr/logs/access-%Y-%m-%d.log 86400" combined
DirectoryIndex index.html index.php
RewriteEngine On
# RewriteLog /home/html/test.co.kr/logs/rewrite1.log
# RewriteLogLevel 3
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
RewriteRule ^/rewrite.php /rewrite.php [PT,L]
RewriteRule ^/login$ /login [L]
RewriteRule ^/skin/test/(.+)$ /skin/test/$1 [L]
RewriteRule ^/style/(.+)$ /style/$1 [L]
RewriteRule ^/script/(.+)$ /script/$1 [L]
RewriteRule ^/login/(.+)$ /login/$1 [L]
RewriteRule ^/member/(.+)$ /member/$1 [L]
RewriteRule ^/plugins/MOG_TeamJoin/(.+)$ /plugins/MOG_TeamJoin/$1 [L]
RewriteRule ^/(.+)$ http://test.co.kr/$1 [L]
RewriteRule ^/$ http://test.co.kr/ [L]
<Directory /home/html/test.co.kr/html>
Allow from all
Options FollowSymLinks
AllowOverride FileInfo
</Directory>
# PHP 5
# Apache 2.0 mod_php5.c
# Apache 2.2 php5_module
<IfModule mod_php5.c>
php_value magic_quotes_gpc Off
AddType application/x-httpd-php .do .php
</IfModule>
<IfDefine SSL>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /home/html/test.co.kr/config/ssl/cert.crt
SSLCertificateKeyFile /home/html/test.co.kr/config/ssl/ssl2010.key
SSLCertificateChainFile /home/html/test.co.kr/config/ssl/chain.crt
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfDefine>
</VirtualHost>
4. 아파치 재시작
# /usr/local/apache2/bin/apachectl startssl
덧글