s-hiroshi.com
にサブドメインblog
を追加してblog.s-hiroshi.com
をSSL化する。
https://certbot.eff.org/lets-encrypt/ubuntubionic-apache
基本的には上述の方法で自動化されるが、手動で設定するときは以下を作業する。
blog
をCNAMに登録a2ensite
でサイトを有効化サブドメインblog
をCNAMに登録
mkdir -p /var/www/html/blog.s-hiroshi.com/current/web/.well-known/acme-challenge
/etc/apache2/sites-available/blog.s-hiroshi.com.conf
<Directory />
AllowOverride None
</Directory>
<Directory "/var/www/html/blog.s-hiroshi.com/current/web">
AllowOverride All
Options -Indexes +FollowSymLinks
</Directory>
+ <Directory "/var/www/html/blog.s-hiroshi.com/current/web/.well-known/acme-challenge">
+ Allow from all
+ Satisfy any
+ </Directory>
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
<VirtualHost *:80>
ServerName blog.s-hiroshi.com
DocumentRoot /var/www/html/blog.s-hiroshi.com/current/web
</VirtualHost>
$ a2ensite blog.s-hiroshi.com.conf
$ certbot certonly --agree-tos --webroot -w /var/www/html/blog.s-hiroshi.com/current/web -d blog.s-hiroshi.com
blog.s-hirosih.com.conf
にSSL設定を追記<Directory />
AllowOverride None
</Directory>
<Directory "/var/www/html/blog.s-hiroshi.com/current/web">
AllowOverride All
Options -Indexes +FollowSymLinks
</Directory>
<Directory "/var/www/html/blog.s-hiroshi.com/current/web/.well-known/acme-challenge">
Allow from all
Satisfy any
</Directory>
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
+ <IfModule mod_ssl.c>
+ <VirtualHost *:443>
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/blog.s-hiroshi.com/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/blog.s-hiroshi.com/privkey.pem
+ BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+ <FilesMatch \.php$>
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+
+ DocumentRoot /var/www/html/blog.s-hiroshi.com/current/web
+ ServerName blog.s-hiroshi.com
+ ErrorLog ${APACHE_LOG_DIR}blog.s-hiroshi.com.error.log
+ CustomLog ${APACHE_LOG_DIR}/blog.s-hiroshi.com.access.log common
+ CustomLog ${APACHE_LOG_DIR}/blog.s-hiroshi.com.request_uri.log request_uri
+
+ # mod_auth_openidc
+ # OIDCRedirectURI https://blog.s-hiroshi.com/redirect_uri
+ </VirtualHost>
+ </IfModule>
<VirtualHost *:80>
ServerName blog.s-hiroshi.com
- DocumentRoot /var/www/html/blog.s-hiroshi.com/current/web
+ RedirectMatch (.*) https://blog.s-hiroshi.com$1
</VirtualHost>
$ sudo systemctl reload apache2
$ sudo certbot renew --dry-run