apache에 다수 보안 인증서 설정 Linux



한 대의 apache 서버에 여러개의 보안 인증서 설정하려면,

예) 443, 444, 445  3개의 포트를 사용


1. httpd.conf에 포트 열기

Listen 444
Listen 445

>> 443 포트는 openssl 모듈로 열리기에 위에 추가할 필요 없다!


2. 방화벽(iptables) 열기

# Web
iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 444 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 445 -m state --state ESTABLISHED,RELATED -j ACCEPT


3. VirtualHost 설정

<VirtualHost *:80>
        AddDefaultCharset   UTF-8
        ServerAdmin         jonny@mog.kr
        DocumentRoot        /home/html/test.co.kr/html
        ServerName          test.co.kr
#       ServerAlias         blog.test.co.kr
        ErrorLog            "|/usr/local/apache2/bin/rotatelogs -l /home/html/test.co.kr/logs/error-%Y-%m-%d.log 86400"
        CustomLog           "|/usr/local/apache2/bin/rotatelogs -l /home/html/test.co.kr/logs/access-%Y-%m-%d.log 86400" combined
        DirectoryIndex      index.html index.php


        RewriteEngine On
#       RewriteLog                      /home/html/test.co.kr/logs/rewrite1.log
#       RewriteLogLevel         3
        RewriteCond %{REQUEST_METHOD} ^TRACE
        RewriteRule .* - [F]

        RewriteRule CVS/(.*)$ /error/error_404.do [PT]

>> 기존에 443이 돌고 있고 추가로 444를 적용한다면 아래와 같이 :444를 붙혀줘야 기존 443 포트로 안갑니다.(기존 443으로 돌고 있는 곳은 아래와 같이 안붙혀도 됨!)

        RewriteRule ^/login https://test.co.kr:444/login [L]
        RewriteRule ^/login/ https://test.co.kr:444/login/ [L]
        RewriteRule ^/member/(.+)$ https://test.co.kr:444/member/$1 [L]
        RewriteRule ^/plugins/MOG_TeamJoin/(.+)$ https://test.co.kr:444/plugins/MOG_TeamJoin/$1 [L]

    <Directory /home/html/test.co.kr/html>
                Allow from all
                Options FollowSymLinks
                AllowOverride FileInfo
    </Directory>

# PHP 5
# Apache 2.0 mod_php5.c
# Apache 2.2 php5_module

    <IfModule mod_php5.c>
                php_value magic_quotes_gpc Off
                AddType application/x-httpd-php .do .php
    </IfModule>

</VirtualHost>

<VirtualHost *:444>
        AddDefaultCharset   UTF-8
        ServerAdmin         jonny@mog.kr
        DocumentRoot        /home/html/test.co.kr/html
        ServerName          test.co.kr
        ErrorLog            "|/usr/local/apache2/bin/rotatelogs -l /home/html/test.co.kr/logs/error-%Y-%m-%d.log 86400"
        CustomLog           "|/usr/local/apache2/bin/rotatelogs -l /home/html/test.co.kr/logs/access-%Y-%m-%d.log 86400" combined
        DirectoryIndex      index.html index.php

        RewriteEngine On
#       RewriteLog                      /home/html/test.co.kr/logs/rewrite1.log
#       RewriteLogLevel         3
        RewriteCond %{REQUEST_METHOD} ^TRACE
        RewriteRule .* - [F]

        RewriteRule ^/rewrite.php /rewrite.php [PT,L]
        RewriteRule ^/login$    /login [L]

        RewriteRule ^/skin/test/(.+)$       /skin/test/$1 [L]
        RewriteRule ^/style/(.+)$       /style/$1 [L]
        RewriteRule ^/script/(.+)$      /script/$1 [L]
        RewriteRule ^/login/(.+)$       /login/$1 [L]
        RewriteRule ^/member/(.+)$      /member/$1 [L]
        RewriteRule ^/plugins/MOG_TeamJoin/(.+)$        /plugins/MOG_TeamJoin/$1 [L]

        RewriteRule ^/(.+)$     http://test.co.kr/$1 [L]
        RewriteRule ^/$ http://test.co.kr/ [L]

    <Directory /home/html/test.co.kr/html>
                Allow from all
                Options FollowSymLinks
                AllowOverride FileInfo
    </Directory>

# PHP 5
# Apache 2.0 mod_php5.c
# Apache 2.2 php5_module

    <IfModule mod_php5.c>
                php_value magic_quotes_gpc Off
                AddType application/x-httpd-php .do .php
    </IfModule>

        <IfDefine SSL>
                SSLEngine on
                SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

                SSLCertificateFile      /home/html/test.co.kr/config/ssl/cert.crt
                SSLCertificateKeyFile   /home/html/test.co.kr/config/ssl/ssl2010.key
                SSLCertificateChainFile /home/html/test.co.kr/config/ssl/chain.crt

                SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        </IfDefine>
</VirtualHost>


4. 아파치 재시작

# /usr/local/apache2/bin/apachectl startssl





덧글

댓글 입력 영역



통계 위젯 (블랙)

18
90
353737

이 이글루를 링크한 사람 (화이트)

2

google

구글_이글루스_사이드