{"id":122,"date":"2016-10-26T15:19:57","date_gmt":"2016-10-26T06:19:57","guid":{"rendered":"http:\/\/jook.pe.kr\/?p=122"},"modified":"2016-10-26T15:19:57","modified_gmt":"2016-10-26T06:19:57","slug":"%eb%b3%b4%ec%95%88-%ec%84%9c%eb%b2%84ssl-%ea%b5%ac%ec%b6%95%ed%95%98%ea%b8%b0-apache-2-2","status":"publish","type":"post","link":"http:\/\/jook.pe.kr\/?p=122","title":{"rendered":"\ubcf4\uc548 \uc11c\ubc84(SSL) \uad6c\ucd95\ud558\uae30 &#8211; apache 2.2"},"content":{"rendered":"<p>\ubcf4\uc548 \uc11c\ubc84(SSL) \uad6c\ucd95\ud558\uae30 &#8211; apache 2.2.4<\/p>\n<p>\uc544\ud30c\uce58 2.x\uc758 \uacbd\uc6b0\ub294 1.3\uacfc\ub294 \ub2ec\ub9ac mod_ssl\uc744 \ubcc4\ub3c4\ub85c \ucd94\uac00\ud574\uc11c \uc124\uce58\ud560 \ud544\uc694\uac00 \uc5c6\ub2e4.<br \/>\napache2.x \ubc84\uc804 \uc790\uccb4\uc5d0 \ubaa8\ub4c8\uc774 \ud3ec\ud568\ub418\uc5b4 \uc788\uae30 \ub54c\ubb38\uc5d0 apache \uc124\uce58\uc2dc\uc5d0 &#8211;enable-ssl \uc635\uc158\ub9cc \ucd94\uac00\ud574\uc11c \uc0ac\uc6a9\ud558\uba74 \ub41c\ub2e4.<\/p>\n<p>mysql, gd, imap\ub4f1\uc758 \ud328\ud0a4\uc9c0\ub294 \uc774\ubbf8 \uae54\ub824 \uc788\ub294 \uc0c1\ud0dc\uc774\uba70, \ubaa8\ub4e0 \ud328\ud0a4\uc9c0\ub294 \/usr\/local\/src\/ \ub514\ub809\ud1a0\ub9ac \uc548\uc5d0 \ub2e4\uc6b4\ub85c\ub4dc \ubc1b\uc740 \uc0c1\ud0dc\ub85c \uc124\uce58\ub97c \uc2dc\uc791\ud55c\ub2e4.<\/p>\n<p>1. \uc18c\uc2a4\ub97c \ub2e4\uc6b4 \ubc1b\uc740 \ub514\ub809\ud1a0\ub9ac\ub85c \uc774\ub3d9<\/p>\n<p>[root@jook.pe.kr root]# cd \/usr\/local\/src<\/p>\n<p>2. \uc555\ucd95 \ud480\uae30<\/p>\n<p>[root@jook.pe.kr src]# tar xvzf httpd-2.2.4.tar.gz<br \/>\n[root@jook.pe.kr src]# tar xvzfp php-5.2.3.tar.tar<br \/>\n[root@jook.pe.kr src]# tar xvzf ZendOptimizer-2.6.2-linux-glibc21-i386.tar.gz<\/p>\n<p>3. apache \uc124\uce58<\/p>\n<p>[root@jook.pe.kr src]# cd httpd-2.2.4<br \/>\n[root@jook.pe.kr httpd-2.2.4]# .\/configure &#8211;prefix=\/usr\/local\/apache2 &#8211;enable-module=so &#8211;enable-shared=max &#8211;enable-rewrite &#8211;enable-ssl<br \/>\n[root@jook.pe.kr httpd-2.2.4]# make<br \/>\n[root@jook.pe.kr httpd-2.2.4]# make install<\/p>\n<p>4. PHP \uc124\uce58 (DB,imap,gd,apache)<\/p>\n<p>&#8211; \uc544\ub798\uc758 \uc635\uc158\uc744 \ubaa8\ub450 \uc801\uc6a9\ud558\uc5ec php\ub97c \uc124\uce58 \ud560 \uacbd\uc6b0\ub294 \uba87\uba87 \ud328\ud0a4\uc9c0\uac00 \uc124\uce58\ub418\uc5b4 \uc788\uc9c0 \uc54a\uc544 \uc5d0\ub7ec\uac00 \ubc1c\uc0dd\ud558\uac8c \ub41c\ub2e4. php-5.2.3\ubc84\uc804\uc758 \uacbd\uc6b0\ub294 libxml2, libxml2-devel \ud328\ud0a4\uc9c0\uc758 \ubc84\uc804\ubb38\uc81c\ub85c \uc124\uce58\uac00 \ub418\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 \ud328\ud0a4\uc9c0 \ubc84\uc804\uc744 \uc5c5\uadf8\ub808\uc774\ub4dc \ud55c\ub2e4.(http:\/\/rpmfind.net \uc5d0\uc11c OS\uc5d0 \ub9de\ub294 \ucd5c\uc2e0 \ud328\ud0a4\uc9c0\ub97c \ucc3e\uc544\uc11c \uc124\uce58\ud55c\ub2e4)<br \/>\n\uadf8\ub9ac\uace0, freetype, libjpeg, libpng\ub4f1\uc758 \ub77c\uc774\ube0c\ub7ec\ub9ac\uc640 \uad00\ub828\ub41c \uc5d0\ub7ec\uba54\uc9c0\uc2dc\uac00 \ubc1c\uacac\ub418\uba74 freetype-devel, libjpeg-devel, libpng-devel \ud328\ud0a4\uc9c0\ub97c \ucd94\uac00\ub85c \uc124\uce58\ud558\uace0 php\uc124\uce58\ub97c \uc9c4\ud589\ud55c\ub2e4.<\/p>\n<p>[root@jook.pe.kr httpd-2.2.4]# cd \/usr\/local\/src\/php-5.2.3<br \/>\n[root@jook.pe.kr php-5.2.3]# .\/configure &#8211;prefix=\/usr\/local\/php &#8211;with-mysql=\/usr\/local\/mysql &#8211;with-apxs2=\/usr\/local\/apache2\/bin\/apxs &#8211;enable-sysvshm=yes &#8211;enable-sysvsem=yes &#8211;enable-debug=no &#8211;enable-track-vars=yes &#8211;enable-url-fopen-wrapper=yes &#8211;with-ttf &#8211;with-png-dir=\/usr &#8211;with-zlib-dir &#8211;with-jpeg-dir=\/usr &#8211;with-gdbm=\/usr &#8211;enable-ftp &#8211;with-tiff-dir=\/usr &#8211;enable-memory-limit &#8211;enable-mbstring &#8211;with-expat-dir=\/usr &#8211;enable-sockets &#8211;enable-wddx &#8211;with-freetype-dir=\/usr &#8211;enable-bcmath &#8211;enable-mbstr-enc-trans &#8211;enable-mbregex &#8211;enable-exif &#8211;with-gd &#8211;enable-gd-native-ttf &#8211;enable-gd-imgstrttf &#8211;enable-calendar &#8211;with-openssl=\/usr<br \/>\n[root@jook.pe.kr php-5.2.3]# make<br \/>\n[root@jook.pe.kr php-5.2.3]# make install<br \/>\n[root@jook.pe.kr php-5.2.3]# cp php.ini-dist \/usr\/local\/php\/lib\/php.ini<\/p>\n<p>5. ZendOptimizer \uc124\uce58<\/p>\n<p>[root@jook.pe.kr php-5.2.3]# cd \/usr\/local\/src\/ZendOptimizer-2.6.2-linux-glibc21-i386<br \/>\n[root@jook.pe.kr ZendOptimizer-2.6.2-linux-glibc21-i386]# sh install.sh<\/p>\n<p>&#8211; install.sh \ud30c\uc77c\uc744 \uc2e4\ud589\ud55c \ud6c4 apache\uc640 php\uad00\ub828\ub41c \uc815\ubcf4\ub97c \uc785\ub825\ud55c \ud6c4 \uc124\uce58\ub97c \uc644\ub8cc\ud55c\ub2e4.<\/p>\n<p>6. httpd.conf \ud30c\uc77c \uc218\uc815\ud6c4 apache \ub9ac\uc2a4\ud0c0\ud2b8<\/p>\n<p>&#8211; httpd.conf \ud30c\uc77c\uc5d0 php\uac00 \uc778\uc2dd\ub418\ub3c4\ub85d \uc544\ub798 \uad6c\ubb38\uc744 \ucd94\uac00\ud55c\ub2e4.<\/p>\n<p>#################################################<br \/>\nAddType application\/x-httpd-php .php .html .htm<br \/>\nAddType application\/x-httpd-php-source .phps<br \/>\n#################################################<\/p>\n<p>&#8211; httpd.conf \uc218\uc815\ud6c4 apache \ub370\ubaac\uc740 \uc7ac\uc2e4\ud589\ud55c\ub2e4. ssl \uc11c\ubc84\ub85c \uc2dc\uc791\ud558\uae30 \uc704\ud574\uc11c startssl \uba85\ub839\uc73c\ub85c \uc2dc\uc791.<\/p>\n<p>[root@jook.pe.kr ZendOptimizer-2.6.2-linux-glibc21-i386]# cd \/usr\/local\/apache2\/conf<br \/>\n[root@jook.pe.kr conf]# \/usr\/local\/apache\/bin\/apachectl stop<br \/>\n[root@jook.pe.kr conf]# \/usr\/local\/apache\/bin\/apachectl startssl<\/p>\n<p>7. key \ud30c\uc77c \uc0dd\uc131 \ubc0f csr \ucf54\ub4dc \uc0dd\uc131<\/p>\n<p>&#8211; key \ud30c\uc77c \uc0dd\uc131<\/p>\n<p>[root@jook.pe.kr conf]# openssl genrsa 1024 &gt; jook.pe.kr.key<br \/>\nGenerating RSA private key, 1024 bit long modulus<br \/>\n&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;++++++<br \/>\n&#8230;&#8230;&#8230;&#8230;&#8230;.++++++<br \/>\ne is 65537 (0x10001)<\/p>\n<p>&#8211; csr \ucf54\ub4dc \uc0dd\uc131<\/p>\n<p>[root@jook.pe.kr conf]# openssl req -new -key jook.pe.kr.key -out jook.pe.kr.csr<br \/>\nUsing configuration from \/usr\/share\/ssl\/openssl.cnf<br \/>\nYou are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter &#8216;.&#8217;, the field will be left blank.<br \/>\n&#8212;&#8211;<br \/>\nCountry Name (2 letter code) [GB]:KR<br \/>\nState or Province Name (full name) [Berkshire]:Gyunggido<br \/>\nLocality Name (eg, city) [Newbury]:Sungnam<br \/>\nOrganization Name (eg, company) [My Company Ltd]:Hostway IDC<br \/>\nOrganizational Unit Name (eg, section) []:Technical support Team<br \/>\nCommon Name (eg, your name or your server&#8217;s hostname) []:www.jook.pe.kr<br \/>\nEmail Address []:jook@jook.pe.kr<\/p>\n<p>Please enter the following &#8216;extra&#8217; attributes<br \/>\nto be sent with your certificate request<br \/>\nA challenge password []:<br \/>\nAn optional company name []:<\/p>\n<p>&#8211; \uc0dd\uc131\ub41c csr \ucf54\ub4dc \ud655\uc778<\/p>\n<p>[root@jook.pe.kr conf]# cat jook.pe.kr.csr<br \/>\n&#8212;&#8211;BEGIN CERTIFICATE REQUEST&#8212;&#8211;<br \/>\nMIIB4jCCAUsCAQAwgaExCzAJBgNVBAYTAktSMRIwEAYDVQQIEwlHeXVuZ2dpZG8x<br \/>\nEDAOBgNVBAcTB1N1bmduYW0xFDASBgNVBAoTC0hvc3R3YXkgSURDMR8wHQYDVQQL<br \/>\nExZUZWNobmljYWwgc3VwcG9ydCBUZWFtMRUwEwYDVQQDEwxKb28gd29vIGt3b24x<br \/>\nHjAcBgkqhkiG9w0BCQEWD2pvb2tAam9vay5wZS5rcjCBnzANBgkqhkiG9w0BAQEF<br \/>\nAAOBjQAwgYkCgYEA0ZvDHAVHU5xbT\/ZDsAebNPBjRaXAPtmaV\/WEIi4YsYkwBC15<br \/>\nRo\/gsPqNNCe5CJUw+K3qGnhbQI9Nd0\/UKfTn174NSFWUxQv9E1mE4k5xoD\/2T1Jf<br \/>\nTcZ0a0WDjIG\/Xd69D+nkCTDG1ZbQnZ8qq2DcbulbjwD6sB5HTusRVHeIu2sCAwEA<br \/>\nAaAAMA0GCSqGSIb3DQEBBAUAA4GBAEjfawGIByqF+fLLjpeX2XZAIkL0L\/kfOJbs<br \/>\nvuFwVNJuWYiakJF+LJaCz5S40CoZMV\/bD+w+223MVF5KqAKTc6NUBbYGfBvuGTHT<br \/>\nTwLtnTqVBP0Xla0opWZWZ8JbGQJAGd+fxMOfvqx0ES1oPn0J97NpknSOBPOO3Q9s<br \/>\n\/ZA9CUYd<br \/>\n&#8212;&#8211;END CERTIFICATE REQUEST&#8212;&#8211;<br \/>\n[root@jook.pe.kr conf]#<\/p>\n<p>&#8211; csr \ucf54\ub4dc \uc0dd\uc131\uc774 \uc644\ub8cc\ub418\uba74 \uc0dd\uc131\ub41c csr \ucf54\ub4dc\ub97c \uc785\ub825\ud574\uc11c ssl \uc778\uc99d\ud0a4 \ubc1c\uae09\uc5c5\uccb4\uc5d0 \uc778\uc99d\ud0a4 \ubc1c\uae09\uc744 \uc2e0\uccad \ud55c\ub2e4.<\/p>\n<p>8. \uc778\uc99d\uc11c \ubc0f CA \uc778\uc99d\uc11c \uc124\uce58<\/p>\n<p>&#8211; \uc778\uc99d\ud0a4 \ubc1c\uae09 \uc5c5\uccb4\uc5d0\uc11c \uc778\uc99d\ud0a4\ub97c \ubc1c\uae09\ubc1b\uc73c\uba74 www_jook_pe_kr.crt(\uc778\uc99d\uc11c), www_jook_pe_kr.ca-bundle(CA \uc778\uc99d\uc11c)\uc640 \uac19\uc774 \ub450\uac1c\uc758 \uc778\uc99d\uc11c \ud30c\uc77c\uc744 \ubc1c\uae09\ubc1b\uac8c \ub41c\ub2e4.<br \/>\n&#8211; \ub450 \ud30c\uc77c\uc744 \uc11c\ubc84\uc758 \/usr\/local\/apache\/conf \ub514\ub809\ud1a0\ub9ac\uc5d0 \uc5c5\ub85c\ub4dc\ud55c\ub2e4.<\/p>\n<p>9. SSL \uac00\uc0c1\ud638\uc2a4\ud2b8 \uc124\uc815<\/p>\n<p>&#8211; apache2\ub294 httpd.conf \ud30c\uc77c\uc774\uc678\uc5d0 \/usr\/local\/apache2\/conf\/extra\/ \ub514\ub809\ud1a0\ub9ac\uc5d0 \uc788\ub294 \ud30c\uc77c\ub4e4\uc744 include\ud574\uc11c \ucc38\uc870\ud558\ub3c4\ub85d \uc124\uc815\ub418\uc5b4 \uc788\ub2e4. \uac00\uc0c1\ud638\uc2a4\ud2b8 \uc124\uc815\uacfc, ssl \uc124\uc815\uc744 include \ud560\uc218 \uc788\ub3c4\ub85d httpd.conf \ud30c\uc77c\uc5d0\uc11c \uc544\ub798\ubd80\ubd84\uc758 \uc8fc\uc11d\uc744 \ud574\uc81c \ud55c\ub2e4.<\/p>\n<p># Virtual hosts<br \/>\nInclude conf\/extra\/httpd-vhosts.conf<\/p>\n<p># Secure (SSL\/TLS) connections<br \/>\nInclude conf\/extra\/httpd-ssl.conf<\/p>\n<p>&#8211; httpd-vhosts.conf \ud30c\uc77c\uc5d0 \uac00\uc0c1\ud638\uc2a4\ud2b8\ub97c \ucd94\uac00\ud558\uace0 httpd-ssl.conf \ud30c\uc77c\uc5d0 \uc544\ub798\uc640 \uac19\uc740 \ud615\uc2dd\uc73c\ub85c ssl \uac00\uc0c1\ud638\uc2a4\ud2b8\ub97c \ucd94\uac00\ud55c\ub2e4.<\/p>\n<p>##<br \/>\n## SSL Virtual Host Context<br \/>\n##<\/p>\n<p>NameVirtualHost 211.239.151.254:443<br \/>\nDocumentRoot &#8220;\/home\/jook\/public_html&#8221;<br \/>\nServerName www.jook.pe.kr<br \/>\nServerAdmin jook@jook.pe.kr<br \/>\nErrorLog \/usr\/local\/apache2\/logs\/error_log<br \/>\nTransferLog \/usr\/local\/apache2\/logs\/access_log<\/p>\n<p>SSLEngine on<\/p>\n<p>SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL<br \/>\nSSLCertificateFile \/usr\/local\/apache2\/conf\/www_jook_pe_kr.crt<br \/>\nSSLCertificateKeyFile \/usr\/local\/apache2\/conf\/jook.pe.kr.key<br \/>\nSSLCACertificateFile \/usr\/local\/apache2\/conf\/ssl.crt\/www_jook_pe_kr.ca-bundle<\/p>\n<p>&lt;FilesMatch &#8220;.(cgi|shtml|phtml|php)$&#8221;&gt;<br \/>\nSSLOptions +StdEnvVars<\/p>\n<p>&lt;Directory &#8220;\/usr\/local\/apache2\/cgi-bin&#8221;&gt;<br \/>\nSSLOptions +StdEnvVars<\/p>\n<p>BrowserMatch &#8220;.*MSIE.*&#8221;<br \/>\nnokeepalive ssl-unclean-shutdown<br \/>\ndowngrade-1.0 force-response-1.0<\/p>\n<p>CustomLog \/usr\/local\/apache2\/logs\/ssl_request_log<br \/>\n&#8220;%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x &#8220;%r&#8221; %b&#8221;<\/p>\n<p>&nbsp;<\/p>\n<p>10. apache \ub370\ubaac \ub9ac\uc2a4\ud0c0\ud2b8<\/p>\n<p>&#8211; \ubaa8\ub4e0 \uc124\uc815\uc774 \uc644\ub8cc\ub41c \ud6c4 apache \ub370\ubaac\uc744 \ub9ac\uc2a4\ud0c0\ud2b8 \ud558\uace0 https:\/\/\ub3c4\uba54\uc778\uc73c\ub85c \uc0ac\uc774\ud2b8\ub97c \ub744\uc6cc\uc11c \uc778\uc99d\ud0a4\ub97c \ud655\uc778\ud55c\ub2e4.<br \/>\n&#8211; \uc5ec\uae30\uc11c https:\/\/www.jook.pe.kr\uc740 \uc2e4\uc81c\ub85c\ub294 ssl \uc124\uc815\uc774 \ub418\uc5b4 \uc788\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 \uc548\ub728\ub294\uac8c \uc815\uc0c1 ^^<\/p>\n<p>[root@jook.pe.kr conf]# \/usr\/local\/apache\/bin\/apachectl stop<br \/>\n[root@jook.pe.kr conf]# \/usr\/local\/apache\/bin\/apachectl start<\/p>\n<p>&#8211; apache2.x \uc5d0\uc11c\ub294 apachectl startssl\ub85c \uc2e4\ud589\uc744 \ud558\uc9c0 \uc54a\ub294\ub2e4. httpd.conf \ud30c\uc77c\uc5d0\uc11c httpd-ssl.conf \ud30c\uc77c\uc744 include\ud558\ub294 \ubd80\ubd84\uc758 \uc8fc\uc11d\uc744 \ud480\uace0 start \ud558\uac8c\ub418\uba74 \uc790\ub3d9\uc73c\ub85c 443\ud3ec\ud2b8\uae4c\uc9c0 \uc5f4\ub9ac\uac8c \ub418\uba70, ssl \uc11c\ubc84\uac00 \uac00\ub3d9\ub418\uac8c \ub41c\ub2e4.<\/p>\n<p>* csr \ucf54\ub4dc \ud655\uc778 : openssl req -noout -text -in *.csr<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ubcf4\uc548 \uc11c\ubc84(SSL) \uad6c\ucd95\ud558\uae30 &#8211; apache 2.2.4 \uc544\ud30c\uce58 2.x\uc758 \uacbd\uc6b0\ub294 1.3\uacfc\ub294 \ub2ec\ub9ac mod_ssl\uc744 \ubcc4\ub3c4\ub85c \ucd94\uac00\ud574\uc11c \uc124\uce58\ud560 \ud544\uc694\uac00 \uc5c6\ub2e4. apache2.x \ubc84\uc804 \uc790\uccb4\uc5d0<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,5],"tags":[],"_links":{"self":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts\/122"}],"collection":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=122"}],"version-history":[{"count":0,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts\/122\/revisions"}],"wp:attachment":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=122"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}