事象発生日:2018-10-02
記事公開日:2018-10-01
アクセス数:8172
Ubuntu Server + Apache2.4系で,名前ベースバーチャルホスト(1つのサーバー,IPで複数ドメインを運用する技術)の設定を行った.
もちろんSSL対応で.
トップ画像の出典はこちら.
現在,このブログを運用しているサーバーでは,このHPしか動いていない.
急遽,別ドメインのHPが必要になったので,複数ドメインを1つのサーバーで運用できるように設定した.
用いた技術は,名前ベースバーチャルホスト (Name-based Virtual Host) である.
なお,設定前までのHTTPサーバーの設定は,
で設定したものである.
Ubuntu Server 16.04.2 LTS
Apache 2.4.18
ddclient version 3.8.2
certbot 0.26.1
すでにこのサーバー上では,
で設定したDDNSのIP更新ddclientが動いている.
その設定を追記する形で,2つのドメインを並列してDDNS運用できるようにする.
Google Domainsで取得した.
ドメインは,official-alonza.com.
ddclientで,名前ベースバーチャルホストのための複数ドメイン設定をした.
$ sudo nano /etc/ddclient.conf # ddclient.confを編集し,以下のように新しいドメイン情報を追記 $ sudo cat /etc/ddclient.conf # Configuration file for ddclient generated by debconf # # /etc/ddclient.conf protocol=dyndns2 ssl=yes use=web, web=checkip.dynu.com/, web-skip='IP Address' server=domains.google.com login=**************** password='****************' meltingrabbit.com # add on 2018.10.01 # for ALonza HP server=domains.google.com login=**************** password='****************' official-alonza.com # 設定ファイルをもとに,DDNS更新を実行 $ sudo ddclient -daemon=0 -verbose CONNECT: checkip.dynu.com CONNECTED: using HTTP SENDING: GET / HTTP/1.0 SENDING: Host: checkip.dynu.com SENDING: User-Agent: ddclient/3.8.2 SENDING: Connection: close SENDING: RECEIVE: HTTP/1.1 200 OK RECEIVE: Date: Mon, 01 Oct 2018 10:33:54 GMT RECEIVE: Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 RECEIVE: X-Powered-By: PHP/5.4.16 RECEIVE: Content-Length: 34 RECEIVE: Connection: close RECEIVE: Content-Type: text/html; charset=UTF-8 RECEIVE: RECEIVE: Current IP Address: ***.***.***.*** SUCCESS: meltingrabbit.com: skipped: IP address was already set to ***.***.***.***. INFO: forcing updating official-alonza.com because no cached entry exists. INFO: setting IP address to ***.***.***.*** for official-alonza.com UPDATE: updating official-alonza.com CONNECT: domains.google.com CONNECTED: using SSL SENDING: GET /nic/update?system=dyndns&hostname=official-alonza.com&myip=***.***.***.*** HTTP/1.0 SENDING: Host: domains.google.com SENDING: Authorization: Basic ******************************************** SENDING: User-Agent: ddclient/3.8.2 SENDING: Connection: close SENDING: RECEIVE: HTTP/1.0 200 OK RECEIVE: Strict-Transport-Security: max-age=31536000; includeSubDomains RECEIVE: Content-Type: text/plain; charset=utf-8 RECEIVE: P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." RECEIVE: Date: Mon, 01 Oct 2018 10:30:42 GMT RECEIVE: Expires: Mon, 01 Oct 2018 10:30:42 GMT RECEIVE: Cache-Control: private, max-age=0 RECEIVE: X-Content-Type-Options: nosniff RECEIVE: X-Frame-Options: SAMEORIGIN RECEIVE: X-XSS-Protection: 1; mode=block RECEIVE: Server: GSE RECEIVE: Set-Cookie: NID=************************************************************************************************************************************;Domain=.google.com;Path=/;Expires=Tue, 02-Apr-2019 10:30:42 GMT;HttpOnly RECEIVE: Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35" RECEIVE: Accept-Ranges: none RECEIVE: Vary: Accept-Encoding RECEIVE: RECEIVE: good ***.***.***.*** SUCCESS: updating official-alonza.com: good: IP address set to ***.***.***.***
Google DomainsでIP更新が確認できれば問題ない.
apache2.confでHPのドキュメントルートのアクセス設定を行い,
000-default.confでバーチャルホストを設定する.
$ cd /etc/apache2/
$ sudo nano apache2.conf
# webのドキュメントルートの設定
# 次のdiffを追加
$ diff apache2.conf apache2.conf_2018.10.02
174,184d173
< # add on 2018.10.01
< # for ALonza HP
< <Directory /${web_root_path}>
< # Options Indexes FollowSymLinks
< # Options -Indexes FollowSymLinks
< Options Includes ExecCGI FollowSymLinks
< # AllowOverride None
< AllowOverride All
< Require all granted
< </Directory>
<
$ cd sites-available/
$ sudo nano 000-default.conf
$ diff 000-default.conf 000-default.conf_2018.10.02
74,87d73
< <VirtualHost *:80>
< # ServerName www.example.com
< ServerName official-alonza.com
<
< # ServerAdmin webmaster@localhost
< ServerAdmin melting.rabbit.mr@gmail.com
< DocumentRoot /${web_root_path}
<
< #LogLevel info ssl:warn
< ErrorLog ${APACHE_LOG_DIR}/error.log
< CustomLog ${APACHE_LOG_DIR}/access.log combined
< </VirtualHost>
<
$ sudo /etc/init.d/apache2 restart
すでにこのサーバー上では,
で設定したSSL HPが動いている.
それに並列する形でSSL証明証を発行・保存・運用できるようにする.
Let's encryptでSSL証明証を発行する.
$ sudo certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: meltingrabbit.com 2: official-alonza.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 2 Obtaining a new certificate Performing the following challenges: http-01 challenge for official-alonza.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/default-ssl.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://official-alonza.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=official-alonza.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/official-alonza.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/official-alonza.com/privkey.pem Your cert will expire on 2018-12-30. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Apache側のSSLでのバーチャルホストの設定と,非https接続時のリダイレクト設定を施す.
$ cd /etc/apache2/sites-available/
$ sudo nano default-ssl.conf
# 下のdiffを追記
$ diff -c default-ssl.conf default-ssl.conf_2018.10.02
*** default-ssl.conf 2018-10-01 22:04:29.156804350 +0900
--- default-ssl.conf_2018.10.02 2018-10-01 19:58:51.182413359 +0900
***************
*** 176,205 ****
</VirtualHost>
-
- # add on 2018.10.02
- # for alonza hp
- <VirtualHost *:443>
- ServerName official-alonza.com
- ServerAdmin melting.rabbit.mr@gmail.com
-
- DocumentRoot /${web_root_path}
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
-
- SSLEngine on
-
- <FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
- </FilesMatch>
- <Directory /usr/lib/cgi-bin>
- SSLOptions +StdEnvVars
- </Directory>
- SSLCertificateFile /etc/letsencrypt/live/official-alonza.com/fullchain.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/official-alonza.com/privkey.pem
- Include /etc/letsencrypt/options-ssl-apache.conf
- </VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- 175,180 ----
$ sudo nano 000-default.conf
# 以下を追記
# RewriteEngine On
# RewriteRule ^/(.*)$ https://official-alonza.com/$1 [R=301,L]
$ sudo /etc/init.d/apache2 restart
それぞれのドメインでアクセスし,表示されているコンテンツが切り替わっていればOK.
また,httpでアクセスすると,httpsへリダイレクトすることも確認できる.
| Apache HTTP サーバ バージョン 2.4. 名前ベースのバーチャルホスト. Retrieved October 2, 2018, from https://httpd.apache.org/docs/2.4/ja/vhosts/name-based.html |
名前
Email (※公開されることはありません)
コメント