หน้าเว็บ

วันอาทิตย์ที่ 5 เมษายน พ.ศ. 2563

Nextcloud : Nextcloud Secure Apache with Let's Encrypt on Ubuntu And Update Version.

Nextcloud : Nextcloud Secure Apache with Let's Encrypt on Ubuntu And Update Version.

https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-ubuntu-18-04/
1.
  1. sudo apt update
  2. sudo apt install certbot

2.
  1. openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

3.
  1. mkdir -p /var/lib/letsencrypt/.well-known
  2. chgrp www-data /var/lib/letsencrypt
  3. chmod g+s /var/lib/letsencrypt

4.
  1. nano /etc/apache2/conf-available/letsencrypt.conf

insert this.
Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"
<Directory "/var/lib/letsencrypt/">
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>

5.
  1. nano /etc/apache2/conf-available/ssl-params.conf

insert this.
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"

6.
  1. a2enmod ssl
  2. a2enmod headers
  3. a2enconf letsencrypt
  4. a2enconf ssl-params
  5. a2enmod http2
  6. systemctl reload apache2


7.
  1. certbot certonly --agree-tos --email suwit@scivalve.com --webroot -w /var/lib/letsencrypt/ -d nextcloud.scivalve.com.com -d http://www.nextcloud.scivalve.com


8. output show
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-03-12. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

9.
  1. nano /etc/apache2/sites-available/000-default.conf


  1. <VirtualHost *:80>
  2.   ServerName nextcloud.scivalve.com
  3.   ServerAlias http://www.nextcloud.scivalve.com
  4.  
  5.   Redirect permanent / https://nextcloud.scivalve.com/
  6. </VirtualHost>
  7.  
  8. <VirtualHost *:443>
  9.   ServerName nextcloud.scivalve.com
  10.   ServerAlias http://www.nextcloud.scivalve.com
  11.  
  12.   Protocols h2 http:/1.1
  13.  
  14.   <If "%{HTTP_HOST} == 'www.nextcloud.scivalve.com'">
  15.     Redirect permanent / https://nextcloud.scivalve.com/
  16.   </If>
  17.  
  18.   DocumentRoot /var/www/nextcloud
  19.   ErrorLog ${APACHE_LOG_DIR}/nextcloud.scivalve.com-error.log
  20.   CustomLog ${APACHE_LOG_DIR}/nextcloud.scivalve.com-access.log combined
  21.  
  22.   SSLEngine On
  23.   SSLCertificateFile /etc/letsencrypt/live/nextcloud.scivalve.com/fullchain.pem
  24.   SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.scivalve.com/privkey.pem
  25.  
  26.   # Other Apache Configuration
  27.  
  28. </VirtualHost>


10.
  1. systemctl reload apache2

11. SSL Server Test
https://www.ssllabs.com/ssltest/
12. Auto Renew
  1. nano /etc/cron.d/certbot

insert
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew --renew-hook "systemctl reload apache2"

13. Test Run Renew
  1. certbot renew --dry-run


Update Vertion 13 ---> 15
ทำได้โดย Up ทีละ Version จะ Up ข้ามเลยไม่ได้
13 --> 14 --> 15 (ปัจจุบันถึง Version 18 แล้ว)

วิธี Update เข้าชื่อ admin --> Setting --> Overview --> กด check update
ถ้ามี Version ใหม่จะมีให้กด Open Update แล้วทำตามขั้นตอน เลือก Update Web Browser

ต้องดูคำเตือน ด้วย ถ้าไม่มี Update ได้เลยถ้ามีต้องแก้คำเตือนก่อน

ไม่มีความคิดเห็น:

แสดงความคิดเห็น