<\/p>\n
Apache\u306e\u540d\u524d\u30d9\u30fc\u30b9\u306e\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u3092\u8a2d\u5b9a\u3057\u30661\u3064\u306e\u30b5\u30fc\u30d0\u30fc\u3067\uff12\u3064\u306eWEB\u30b5\u30a4\u30c8\u3092\u904b\u7528\u3057\u307e\u3059\u3002<\/p>\n
\u203bCentOS7\u95a2\u9023\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u30fb\u8a2d\u5b9a\u306b\u3064\u3044\u3066\u306f\u300cCentOS\u3067\u81ea\u5b85\u30b5\u30fc\u30d0\u30fc\u69d8<\/a>\u300d\u3092\u53c2\u8003\u306b\u81ea\u5206\u306e\u74b0\u5883\u306b\u5408\u308f\u305b\u3066\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n WEB\u30b5\u30a4\u30c8\uff11\u3092http:\/\/main-server.com\u3001DocumentRoot\u3092\/var\/www\/html\/main\u3001 \u25cf\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u672a\u5b9a\u7fa9\u30db\u30b9\u30c8\u540d\u3067\u30a2\u30af\u30bb\u30b9\u6642\u306b\u30a2\u30af\u30bb\u30b9\u3092\u62d2\u5426\u3059\u308b\u672a\u5b9a\u7fa9\u30db\u30b9\u30c8\u7528\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u4f5c\u6210 <VirtualHost *:80> \u25cfmain-server.com\u7528\u306e\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u4f5c\u6210 <VirtualHost *:80> \u25cfsecond-server.com\u7528\u306e\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u4f5c\u6210 <VirtualHost *:80> \u25cf\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u8a2d\u5b9a\u6709\u52b9\u5316 <\/p>\n \uff1c\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u306eSSL\u8a2d\u5b9a\uff1e<\/p>\n \u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u3067\u904b\u7528\u3057\u3066\u3044\u308b2\u3064\uff08\u4ee5\u4e0a\uff09\u306e\u30b5\u30a4\u30c8\u3092SSL\u5316\u3059\u308b\u5834\u5408\u306e\u8a2d\u5b9a\u3067\u3059\u3002 \u203bLET’S ENCRYPT\u306e\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u3001mod_ssl\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306b\u3064\u3044\u3066\u306f \u25cfssl.conf\u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u7de8\u96c6\uff08\u5fc5\u8981\u306a\u90e8\u5206\u306e\u307f\u629c\u304d\u51fa\u3057\u3066\u3044\u307e\u3059\uff09 #<VirtualHost _default_:443>\u3000\u3000\u2190\uff03\u3092\u4ed8\u3051\u3066\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8 ###main.server.com\u306e\u8a2d\u5b9a###<\/strong> DocumentRoot “\/var\/www\/html\/main” ErrorLog logs\/ssl_error_log SSLEngine on<\/p>\n SSLProtocol all -SSLv2 -SSLv3<\/p>\n SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA<\/p>\n SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+ SSLCertificateFile \/etc\/letsencrypt\/live\/main-server.com\/cert.pem<\/p>\n SSLCertificateKeyFile \/etc\/letsencrypt\/live\/main-server.com\/privkey.pem<\/p>\n SSLCertificateChainFile \/etc\/letsencrypt\/live\/main-server.com\/chain.pem<\/p>\n <Files ~ “\\.(cgi|shtml|phtml|php3?)$”> BrowserMatch “MSIE [2-5]” \\ CustomLog logs\/ssl_request_log \\ Header always set Strict-Transport-Security \u201cmax-age=15768000\u201d ###second-server.com\u306e\u8a2d\u5b9a###<\/strong> ServerName second-server.com:443 ErrorLog logs\/ssl_second_error_log SSLEngine on<\/p>\n SSLProtocol all -SSLv2 -SSLv3<\/p>\n SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA<\/p>\n SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+ SSLCertificateFile \/etc\/letsencrypt\/live\/second-server.com\/cert.pem<\/p>\n SSLCertificateKeyFile \/etc\/letsencrypt\/live\/second-server.com\/privkey.pem<\/p>\n SSLCertificateChainFile \/etc\/letsencrypt\/live\/second-server.com\/chain.pem<\/p>\n <Files ~ “\\.(cgi|shtml|phtml|php3?)$”> BrowserMatch “MSIE [2-5]” \\ CustomLog logs\/ssl_request_log \\ Header always set Strict-Transport-Security \u201cmax-age=15768000\u201d \u203bhttps:\/\/www.second-server.com\u4f7f\u7528\u6642\u306f\u4ee5\u4e0b\u3082\u8ffd\u8a18<\/strong><\/p>\n <VirtualHost *:443><\/p>\n ServerName www.second-server.com:443 ErrorLog logs\/ssl_second_error_log SSLEngine on<\/p>\n SSLProtocol all -SSLv2 -SSLv3<\/p>\n SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA<\/p>\n SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+ SSLCertificateFile \/etc\/letsencrypt\/live\/second-server.com\/cert.pem<\/p>\n SSLCertificateKeyFile \/etc\/letsencrypt\/live\/second-server.com\/privkey.pem<\/p>\n SSLCertificateChainFile \/etc\/letsencrypt\/live\/second-server.com\/chain.pem<\/p>\n <Files ~ “\\.(cgi|shtml|phtml|php3?)$”> BrowserMatch “MSIE [2-5]” \\ CustomLog logs\/ssl_request_log \\ Header always set Strict-Transport-Security \u201cmax-age=15768000\u201d \u25cfSSL\u8a2d\u5b9a\u6709\u52b9\u5316 <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Apache\u306e\u540d\u524d\u30d9\u30fc\u30b9\u306e\u30d0\u30fc\u30c1\u30e3\u30eb\u30db\u30b9\u30c8\u3092\u8a2d\u5b9a\u3057\u30661\u3064\u306e\u30b5\u30fc\u30d0\u30fc\u3067\uff12\u3064\u306eWEB\u30b5\u30a4\u30c8\u3092\u904b\u7528\u3057\u307e\u3059\u3002 \u203bCentOS7\u95a2\u9023\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u30fb\u8a2d\u5b9a\u306b\u3064\u3044\u3066\u306f\u300cCentOS\u3067\u81ea\u5b85\u30b5\u30fc\u30d0\u30fc\u69d8\u300d\u3092\u53c2\u8003\u306b\u81ea\u5206\u306e\u74b0\u5883\u306b\u5408 … \u7d9a\u304d\u3092\u8aad\u3080
\nWEB\u30b5\u30a4\u30c8\uff12\u3092http:\/\/second-server.com\u3001DocumentRoot\u3092\/var\/www\/html\/second\u3068\u3057\u307e\u3059\u3002<\/p>\n
\n# vi \/etc\/httpd\/conf.d\/virtualhost-00.conf<\/p>\n
\nServerName any
\n<Location \/>
\nRequire all denied
\n<\/Location>
\n<\/VirtualHost><\/p>\n
\n# vi \/etc\/httpd\/conf.d\/main-server.com.conf<\/p>\n
\nServerName main-server.com
\nDocumentRoot \/var\/www\/html\/main
\n<\/VirtualHost><\/p>\n
\n# vi \/etc\/httpd\/conf.d\/second-server.com.conf<\/p>\n
\nServerName second-server.com
\nDocumentRoot \/var\/www\/html\/second
\nErrorLog logs\/second-server-error_log
\nCustomLog logs\/second-server-access_log combined env=!no_log
\n<\/VirtualHost><\/p>\n
\nsystemctl restart httpd<\/p>\n
\nmain.server.com\u3001second-server.com\u5171\u306bcertbot\u306b\u3088\u308b\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u6e08\u307f\u3068\u3057\u3066\u8a18\u8ff0\u3057\u307e\u3059\u3002<\/p>\n
\n\u300ccertbot\u3092\u4f7f\u3063\u3066WEB\u30b5\u30fc\u30d0\u30fc\u3092SSL\u5316<\/a>\u300d\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n
\n# vi \/etc\/httpd\/conf.d\/ssl.conf<\/p>\n
\nNameVirtualHost *:443
\nSSLStrictSNIVHostCheck off<\/p>\n
\n<VirtualHost *:443><\/p>\n
\nServerName main-server.com:443<\/p>\n
\nTransferLog logs\/ssl_access_log
\nLogLevel warn<\/p>\n
\nAES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+
\n3DES:!aNULL:!MD5:!DSS
\n\uff08SSLCipherSuite\u304b\u3089:!DSS\u307e\u30671\u884c\u3067\u8a18\u8ff0\uff09
\nSSLHonorCipherOrder on<\/p>\n
\nSSLOptions +StdEnvVars
\n<\/Files>
\n<Directory “\/var\/www\/cgi-bin”>
\nSSLOptions +StdEnvVars
\n<\/Directory><\/p>\n
\nnokeepalive ssl-unclean-shutdown \\
\ndowngrade-1.0 force-response-1.0<\/p>\n
\n“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\”%r\\” %b”<\/p>\n
\n<\/VirtualHost><\/p>\n
\n<VirtualHost *:443><\/p>\n
\nDocumentRoot \/var\/www\/html\/second<\/p>\n
\nTransferLog logs\/ssl_second_access_log
\nLogLevel warn<\/p>\n
\nAES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+
\n3DES:!aNULL:!MD5:!DSS
\n\uff08SSLCipherSuite\u304b\u3089:!DSS\u307e\u30671\u884c\u3067\u8a18\u8ff0\uff09
\nSSLHonorCipherOrder on<\/p>\n
\nSSLOptions +StdEnvVars
\n<\/Files>
\n<Directory “\/var\/www\/cgi-bin”>
\nSSLOptions +StdEnvVars
\n<\/Directory><\/p>\n
\nnokeepalive ssl-unclean-shutdown \\
\ndowngrade-1.0 force-response-1.0<\/p>\n
\n“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\”%r\\” %b”<\/p>\n
\n<\/VirtualHost><\/p>\n
\nDocumentRoot \/var\/www\/html\/second<\/p>\n
\nTransferLog logs\/ssl_second_access_log
\nLogLevel warn<\/p>\n
\nAES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+
\n3DES:!aNULL:!MD5:!DSS
\n\uff08SSLCipherSuite\u304b\u3089:!DSS\u307e\u30671\u884c\u3067\u8a18\u8ff0\uff09
\nSSLHonorCipherOrder on<\/p>\n
\nSSLOptions +StdEnvVars
\n<\/Files>
\n<Directory “\/var\/www\/cgi-bin”>
\nSSLOptions +StdEnvVars
\n<\/Directory><\/p>\n
\nnokeepalive ssl-unclean-shutdown \\
\ndowngrade-1.0 force-response-1.0<\/p>\n
\n“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\”%r\\” %b”<\/p>\n
\n<\/VirtualHost><\/p>\n
\nsystemctl restart httpd<\/p>\n