- 위 메뉴박스를 선택 후 메뉴얼대로 진행
Certbot으로부터 서버인증 받기
- 포트포워딩 설정
- 외부 80 → 내부 80
- 80 포트는 다른 서비스가 점유하지 않도록 열어두기
sudo certbot certonly --standalone-
이메일 입력
-
agree
Please read the Terms of Service at <https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>. You must agree in order to register with the ACME server at <https://acme-v01.api.letsencrypt.org/directory> ------------------------------------------------------------------------------- (A)gree/(C)ancel: A -
Yes
------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Y -
도메인 입력
-
/etc/letsencrypt 디렉토리의 생성된 인증서 확인
- /etc/letsencrypt/fullchain.pem
- /etc/letsencrypt/privkey.pem
-
인증서 형식 PKCS2으로 변경
sudo openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name ttp -CAfile chain.pem -caname root
keystore.p12 옮기기
-
스프링 프로젝트
-
main 서버
Tomcat 설정
-
/opt/tomcat/latest/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/letsencrypt/keystore.p12" keystorePass="blind42#Blind42" />
포트포워딩 다시 설정
- 외부 80 → 8080
- 외부 443 → 8433
war파일 업데이트
tomcat 재시작
systemctl restart tomcat