Nextcloud : Nextcloud Secure Apache with Let's Encrypt on Ubuntu And Update Version.
https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-ubuntu-18-04/1.
- sudo apt update
- sudo apt install certbot
2.
- openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
3.
- mkdir -p /var/lib/letsencrypt/.well-known
- chgrp www-data /var/lib/letsencrypt
- chmod g+s /var/lib/letsencrypt
4.
- nano /etc/apache2/conf-available/letsencrypt.conf
insert this.
Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"
<Directory "/var/lib/letsencrypt/">
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
5.
- nano /etc/apache2/conf-available/ssl-params.conf
insert this.
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
6.
- a2enmod ssl
- a2enmod headers
- a2enconf letsencrypt
- a2enconf ssl-params
- a2enmod http2
- systemctl reload apache2
7.
8. output show
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-03-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt:
https://letsencrypt.org/donate Donating to EFF:
https://eff.org/donate-le
9.
- nano /etc/apache2/sites-available/000-default.conf
- <VirtualHost *:80>
- ServerName nextcloud.scivalve.com
- ServerAlias http://www.nextcloud.scivalve.com
-
- Redirect permanent / https://nextcloud.scivalve.com/
- </VirtualHost>
-
- <VirtualHost *:443>
- ServerName nextcloud.scivalve.com
- ServerAlias http://www.nextcloud.scivalve.com
-
- Protocols h2 http:/1.1
-
- <If "%{HTTP_HOST} == 'www.nextcloud.scivalve.com'">
- Redirect permanent / https://nextcloud.scivalve.com/
- </If>
-
- DocumentRoot /var/www/nextcloud
- ErrorLog ${APACHE_LOG_DIR}/nextcloud.scivalve.com-error.log
- CustomLog ${APACHE_LOG_DIR}/nextcloud.scivalve.com-access.log combined
-
- SSLEngine On
- SSLCertificateFile /etc/letsencrypt/live/nextcloud.scivalve.com/fullchain.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.scivalve.com/privkey.pem
-
- # Other Apache Configuration
-
- </VirtualHost>
10.
11. SSL Server Test
https://www.ssllabs.com/ssltest/12. Auto Renew
insert
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --renew-hook "systemctl reload apache2"
13. Test Run Renew
- certbot renew --dry-run
Update Vertion 13 ---> 15ทำได้โดย Up ทีละ Version จะ Up ข้ามเลยไม่ได้
13 --> 14 --> 15 (ปัจจุบันถึง Version 18 แล้ว)
วิธี Update เข้าชื่อ admin --> Setting --> Overview --> กด check update
ถ้ามี Version ใหม่จะมีให้กด Open Update แล้วทำตามขั้นตอน เลือก Update Web Browser
ต้องดูคำเตือน ด้วย ถ้าไม่มี Update ได้เลยถ้ามีต้องแก้คำเตือนก่อน
