http.conf / vhost.conf 설정 SSL 적용을 위한 설정.
--- /etc/http/conf/httpd.conf
ServerRoot "/etc/httpd"
Listen 80
Listen 443 https
# 필요한 모듈을 로드합니다.
LoadModule ssl_module modules/mod_ssl.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule alias_module modules/mod_alias.so
LoadModule mime_module modules/mod_mime.so
Include conf.modules.d/*.conf
IncludeOptional conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName mavencloudlearning.com:80
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/vhosts.conf
-----------------------------------------------------------------------------------------
--- /etc/httpd/conf.d/vhosts.conf
# SSL 전역 설정
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
# 포트 80을 청취하고 HTTP 트래픽을 HTTPS로 리디렉션하는 설정
<VirtualHost *:80>
ServerName mavencloudlearning.com
ServerAlias http://www.mavencloudlearning.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ErrorLog logs/mavencloudlearning.com-error_log
CustomLog logs/mavencloudlearning.com-access_log common
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>
# 포트 443을 청취하고 HTTPS 트래픽을 처리하는 설정
<VirtualHost *:443>
ServerName mavencloudlearning.com
ServerAlias http://www.mavencloudlearning.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/mavencloudlearning.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/mavencloudlearning.com.key
SSLCertificateChainFile /etc/pki/tls/certs/chain.crt
ErrorLog logs/mavencloudlearning.com-error_log
CustomLog logs/mavencloudlearning.com-access_log common
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>