https://xetown.com/slope/9778 글을 보고 열심히 셋팅했는데,
root@#cimplesoft:~# /etc/init.d -bash: /etc/init.d: Is a directory root@#cimplesoft:~# /etc/init.d/apache2 start * Starting Apache httpd web server apache2 [Wed Apr 26 09:13:17.649383 2017] [so:warn] [pid 1743] AH01574: module ssl_module is already loaded, skipping [Wed Apr 26 09:13:17.649552 2017] [so:warn] [pid 1743] AH01574: module socache_shmcb_module is already loaded, skipping Action 'start' failed.
이런 식으로 에러가 나오는데요. 어떻게 수정해야 될 지 모르겠네요.
error.log에는 이렇게 남아있습니다.
[Wed Apr 26 08:30:44.094769 2017] [ssl:emerg] [pid 31168] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/apache2/logs/example.com-ssl_error_log for more information
<VirtualHost *:443> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin [email protected] DocumentRoot /var/www/html ServerName "funnyxe.com" ServerAlias "www.funnyxe.com" # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf <Directory "/var/www/html"> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> SSLEngine on SSLCertificateFile /var/www/ssl/funnyxe.com.crt SSLCertificateKeyFile /var/www/ssl/funnyxe.com.key SSLCertificateChainFile /var/www/ssl/funnyxe.pem </VirtualHost>
위 소스는 우분투 16.04에서 기본적으로 제공하는 000-default.conf를 수정해서 만들었습니다ㅜㅜ
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
위 세 개 옵션을 추가해보세요.
인증서 파일들은 www 디렉토리 안에 넣지 말고 다른 곳에 옮겨서 사용하세요.
https://mozilla.github.io/server-side-tls/ssl-config-generator/
위 링크에서 간단한 ssl 옵션을 웹서버와 버전별로 생성할 수 있어요.
https://wiki.mozilla.org/Security/Server_Side_TLS
위 링크에서 브라우저 호환성에 따른 SSLCipherSuite 옵션을 볼 수 있어요.