在Ubuntu 20.04 LTS 架 Apache2 網頁伺服器及 SSL 憑證

做為這個網站的第一篇文章,我想就來寫一篇有關於架網頁伺服器的文章好了。 先來說說我的環境好了,因為不同設備”可能”會產生不一樣的問題:

平台:Google Cloud Platform
機器:f1-micro (1x vCPU、614MB RAM)
磁碟:10GB HDD

首先,先來更新我們的機器

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

那我這邊的做法是採用Certbot的SSL套件並安裝他的Apache 套件

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python3-certbot-apache

在安裝完之後,可以到網域的DNS下設定對應的IP,並開啟該網站 代表你成功一半囉!

001.png

接下來要幫HTTPs開啟防火牆
不過我們必須先開啟UFW防火牆

sudo ufw enable

接下來要把SSH也加進這個防火牆
有兩種寫法,挑一種輸入就好囉

sudo ufw allow ssh
sudo ufw allow 22

也加入Apache吧

sudo ufw allow 'Apache Full'

接著你可以透過輸入以下指令來查看UFW目前狀態

sudo ufw status

你可以得到這樣的結果,就是代表正確囉

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
Apache Full                ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)

接著我們要使用Certbot的套件來取得SSL憑證

sudo certbot --apache -d example.com -d www.example.com

以上的意思就是將example.com以及www.example.com放在我們接下來要建立的憑證裡
接下來他會詢問你以下問題:

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):

輸入你的email,他會在快到期的時候通知你

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: 

要你同意條款,輸入A即可

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: 

問你要不要同意分享你的資料,你可以自行選擇Yes或是No

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):  

問你需不需要自動將HTTP轉址到HTTPs,不需要就輸入1,需要就輸入2
接著你就完成HTTPs的設定啦!

002.png

Apache預設的資料夾是放在/var/www/html底下,只要你把網頁放在這個資料夾下面,就可以正常顯示啦!
那這次的教學就到這邊囉,掰掰!