Server๐Ÿงค

[Server] Https ๋„๋ฉ”์ธ๊ณผ ์„œ๋ธŒ๋„๋ฉ”์ธ์— ์ ์šฉํ•˜๊ธฐ

yujindonut 2022. 3. 30. 02:16
728x90

๐Ÿ‘‰Http

- HyperText Transfer Protocol

- W3 ์ƒ์—์„œ ์ •๋ณด๋ฅผ ์ฃผ๊ณ  ๋ฐ›์„ ์ˆ˜ ์žˆ๋Š” ํ”„๋กœํ† ์ฝœ

- ์ฃผ๋กœ TCP๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  HTTP/3๋ถ€ํ„ฐ๋Š” UDP๋ฅผ ์‚ฌ์šฉํ•˜๋ฉฐ, 80๋ฒˆ ํฌํŠธ๋ฅผ ์‚ฌ์šฉ

- ๋ธŒ๋ผ์šฐ์ €์™€ ์„œ๋ฒ„ ์‚ฌ์ด์— ์ •๋ณด๋ฅผ ํ‰๋ฌธ์œผ๋กœ ์ „์†ก ( ๋„คํŠธ์›Œํฌ์—์„œ ์ „์†ก๋˜๋Š” ์ •๋ณด๋ฅผ ์—ฟ๋ณผ ์ˆ˜ ์žˆ๋‹ค)

๐Ÿ‘‰Http

- HyperText Transfer Protocol over Secure Socket Layer

- TCP/IP 443ํฌํŠธ ์‚ฌ์šฉ

- ๊ธฐ์กด HTTP๋ ˆ์ด์–ด์—์„œ SSL(TLS) ํ”„๋กœํ† ์ฝœ์„ ์–น์–ด ํ‰๋ฌธ ๋ฐ์ดํ„ฐ๋ฅผ ์•”ํ˜ธํ™”ํ•จ

- ์†Œ์ผ“ ํ†ต์‹ ์—์„œ ์ผ๋ฐ˜ ํ…์ŠคํŠธ๋ฅผ ์ด์šฉํ•˜๋Š” ๋Œ€์‹ ์—, SSL์ด๋‚˜ TLS ํ”„๋กœํ† ์ฝœ์„ ํ†ตํ•ด ์„ธ์…˜ ๋ฐ์ดํ„ฐ๋ฅผ ์•”ํ˜ธํ™” -> ๋ฐ์ดํ„ฐ์˜ ์ ์ ˆํ•œ ๋ณดํ˜ธ ๋ณด์žฅ

 

๐ŸŒœ HTTPS๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ์ด์œ 

- ๊ธฐ๋ฐ€์„ฑ : HTTPS๋Š” ์ธํ„ฐ๋„ฅ๊ณผ ๊ฐ™์€ ๊ณต๊ณต ๋งค์ฒด์—์„œ ๋‘ ์ฐธ์—ฌ์ž ๊ฐ„์˜ ํ†ต์‹ ์„ ๋ณดํ˜ธ

- ๋ฌด๊ฒฐ์„ฑ : HTTPS๋Š” ๋ณ€์กฐ๋˜์ง€ ์•Š์€ ์ •๋ณด๋กœ ๋ชฉ์ ์ง€์— ๋„๋‹ฌํ•˜๊ฒŒ ํ•จ

- ์ธ์ฆ : HTTPS๋ฅผ ํ†ตํ•ด ์›น ์‚ฌ์ดํŠธ์˜ ์ง„์œ„ ์—ฌ๋ถ€๋ฅผ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Œ

 

๐ŸŒœHTTPS๋ณด์•ˆ์ด ๋›ฐ์–ด๋‚œ ์ด์œ !

๐Ÿ‘‰SSL(Secure Socket Layer) ์ธ์ฆ์„œ

: ์‚ฌ์šฉ์ž๊ฐ€ ์‚ฌ์ดํŠธ์— ์ œ๊ณตํ•˜๋Š” ์ •๋ณด๋ฅผ ์•”ํ˜ธํ™”ํ•˜๋Š”๋ฐ, ๋ฐ์ดํ„ฐ๋ฅผ ์•”ํ˜ธ๋กœ ๋ฐ”๊ฟ”์ค€๋‹ค!

: ์ „์†ก๋œ ๋ฐ์ดํ„ฐ๋Š” ์ค‘๊ฐ„์—์„œ ๋ˆ„๊ฐ€ ํ›”์ณ๊ฐ€๋”๋ผ๋„ ๋ฐ์ดํ„ฐ๊ฐ€ ์•”ํ˜ธํ™” ๋˜์–ด ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ํ•ด๋…ํ•  ์ˆ˜ ์—†๋‹ค.

: TLS(Transport Layer Security)์˜ ๊ณผ๊ฑฐ ๋ช…์นญ

๐Ÿ‘‰ TLS๋Š” SSL 3.0์„ ๊ธฐ์ดˆํ•ด์„œ IETF๊ฐ€ ๋งŒ๋“  ํ”„๋กœํ† ์ฝœ๋กœ ์ด๋Š” SSL 3.0์„ ๋ณด๋‹ค ์•ˆ์ „ํ•˜๊ฒŒ ํ•˜๊ณ  ํ”„๋กœํ† ์ฝœ์˜ ์ŠคํŽ™์„ ๋” ์ •ํ™•ํ•˜๊ณ  ์•ˆ์ •์„ฑ์„ ๋†’์ด๋Š” ๋ชฉ์ ์œผ๋กœ ๊ณ ์•ˆ๋จ.

๐Ÿ‘‰Let's Encrypt

Let's Encrypt๋Š” ๋ฌด๋ฃŒ์˜ TLS/SSL ์ธ์ฆ์„œ๋ฅผ ์‰ฝ๊ฒŒ ๊ฐ€์ ธ์˜ค๊ณ  ์„ค์น˜ํ•  ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์„ ์ œ๊ณตํ•˜๋Š” 

CA(์ธ์ฆ ๊ธฐ๊ด€)์œผ๋กœ, ์›น ์„œ๋ฒ„์—์„œ ์•”ํ˜ธํ™”๋œ HTTPS๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๊ฒŒ ๋„์™€์ค€๋‹ค.

์‚ฌ์šฉ์ž์—๊ฒŒ Certbot๋ผ๋Š” ์†Œํ”„ํŠธ์›จ์–ด๋ฅผ ์ œ๊ณตํ•จ์œผ๋กœ์จ ๊ตฌํ˜„ํ•  ์ˆ˜ ์žˆ๊ฒŒ ๋„์™€์ค€๋‹ค.

1. Certbot ์„ค์น˜

Certbot๋ฅผ ์œ„ํ•œ repository(์ €์žฅ์†Œ)๋ฅผ ์ถ”๊ฐ€

$ sudo apt update
$ sudo apt upgrade
$ sudo add-apt-repository ppa:certbot/certbot

 

Certbot์˜ Nginx ํŒจํ‚ค์ง€๋ฅผ ์„ค์น˜

$ sudo apt install python-certbot-nginx

 

2. Nginx Configuration ์„ค์ •

Nginx ๊ธฐ๋ณธ ์„ค์ • ํŒŒ์ผ์— ๋“ค์–ด๊ฐ€์„œ ์ธ์ฆ์„œ๋ฅผ ์ ์šฉํ•  ๋„๋ฉ”์ธ ์ด๋ฆ„์„ ์„ค์ •

$ sudo vim /etc/nginx/sites-available/default

๋ณ€๊ฒฝ์„ ํ•˜๊ณ  ํ…Œ์ŠคํŠธ๋ฅผ ์ง„ํ–‰

$ sudo nginx -t

Nginx๋ฅผ ๋‹ค์‹œ ๋กœ๋“œ

sudo systemctl reload nginx

 

3. ๋ฐฉํ™”๋ฒฝ์˜ HTTPS ํ—ˆ์šฉ

Ubuntu๋Š” ๊ธฐ๋ณธ์ ์œผ๋กœ ufw๋ผ๋Š” ๊ธฐ๋ณธ์ ์ธ ๋ฐฉํ™”๋ฒฝ์„ ๊ฐ€์ง€๊ณ  ์žˆ๋‹ค๊ณ  ํ•œ๋‹ค.

HTTPS์— ๋Œ€ํ•œ ๋ฐฉํ™”๋ฒฝ ํ—ˆ์šฉ ์„ค์ •์ด ํ•„์š”ํ•œ๋ฐ, AWS EC2 ์ธ์Šคํ„ด์Šค์˜ ๊ฒฝ์šฐ๋Š” ๊ธฐ๋ณธ์œผ๋กœ ๋ฐฉํ™”๋ฒฝ์ด

๋น„ํ™œ์„ฑํ™”๋˜์–ด ์žˆ๋‹ค๊ณ  ํ•จ.

$ sudo ufw status

1 : HTTP ์—ฐ๊ฒฐ์„ HTTPS๋กœ ๋ฆฌ๋‹ค์ด๋ ‰ํŠธ ํ•˜์ง€ ์•Š์Œ

2 : HTTP์—ฐ๊ฒฐ์„ HTTPS๋กœ ๋ฆฌ๋‹ค์ด๋ ‰ํŠธํ•จ

๐Ÿ‘‰ 2 ์„ ํƒ

๋„๋ฉ”์ธ์— ๋Œ€ํ•œ ์„œ๋ฒ„๋ฅผ ํ…Œ์ŠคํŠธ๋ฅผ ํ•  ์ˆ˜ ์žˆ๋Š” url

4. SSL Lab Server Test๋กœ ์ด๋™ํ•˜์—ฌ ํ…Œ์ŠคํŠธ

www.ssllabs.com/ssltest/

 

SSL Server Test (Powered by Qualys SSL Labs)

SSL Server Test This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or

www.ssllabs.com

์˜ค๋ฅ˜๊ฐ€ ๋‚œ๋‹ค!!

--> SSL์ด ์‚ฌ์šฉํ•˜๋Š” HTTPS์— ๋Œ€ํ•œ ํฌํŠธํฌ์›Œ๋”ฉ์„ ์•ˆํ•ด์ฃผ์—ˆ๊ธฐ ๋•Œ๋ฌธ์—

๐Ÿ‘‰์ธ์Šคํ„ด์Šค๋ฅผ ์ƒ์„ฑํ–ˆ๋˜ aws๋กœ ๊ฐ€์„œ ๋ณด์•ˆ์„ค์ •์œผ๋กœ ๋“ค์–ด๊ฐ€์„œ 443์— ๋Œ€ํ•œ ํฌํŠธ๋ฅผ ์—ด์–ด์ค€๋‹ค.

 

๋‹ค์‹œ www.ssllabs.com/ssltest/ ์—ฌ๊ธฐ๋กœ ๋“ค์–ด๊ฐ€์„œ ๊ฒ€์‚ฌ!

 

SSL Server Test (Powered by Qualys SSL Labs)

SSL Server Test This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or

www.ssllabs.com

 

5. Certbot ์ž๋™ ๊ฐฑ์‹  ํ™•์ธ

์˜ค๋ฅ˜๊ฐ€ ๋‚˜์ง€ ์•Š๊ณ  ๋ชจ๋“  ์„ค์ •์ด ์ž˜ ์™„๋ฃŒ๋˜์—ˆ๋‹ค!

 

๐Ÿ‘‰Nginx์˜ ์„œ๋ฒ„๋ฅผ restart 

$ sudo service nginx restart

 

 

์ฃผ์†Œ์ฐฝ์— yujindonut.shop์œผ๋กœ ์น˜๋ฉด https://๋กœ ์ ์šฉ์ด ๋˜์–ด์žˆ๋Š”๊ฒƒ์„ ์ž˜ ์•Œ ์ˆ˜ ์žˆ๋‹ค.

 

 

์ฐธ๊ณ 

๋”๋ณด๊ธฐ

https://luminitworld.tistory.com/85

 

2-6 AWS์— Let's Encrypt๋กœ HTTPS ์ ์šฉํ•˜๊ธฐ

ํ˜„์žฌ AWS์˜ ์„œ๋ฒ„ ํ™˜๊ฒฝ์€ ๋‹ค์Œ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์šด์˜์ฒด์ œ : Ubuntu 18.04 (LTS) ์›น์„œ๋ฒ„ : Nginx BL : PHP DBMS : MySQL ์›น ์„œ๋ฒ„์— ๊ธฐ๋ณธ์ ์ธ ๋ถ€๋ถ„์„ ๊ตฌ์ถ•ํ–ˆ์œผ๋‹ˆ ์ด์ œ ๋ณด์•ˆ ๋ถ€๋ถ„์„ ์‹ ๊ฒฝ ์จ๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค. HTTP(Hypertext Tr..

luminitworld.tistory.com

https://hyeran-story.tistory.com/159

 

HTTP vs. HTTPS (HTTP์™€ HTTPS ์ฐจ์ด์ )

HTTPS๋Š” HTTP์—์„œ ๋ณด์•ˆ์ด ๊ฐ•ํ™”๋œ ํ”„๋กœํ† ์ฝœ์ด๋‹ค.. ์ด์ •๋„ ๋ฐ–์— ๋ชจ๋ฅด๋Š” ์ƒํƒœ์˜€๋Š”๋ฐ ์–˜๋„ค๋ฅผ ์ข€ ๋” ์ž์„ธํžˆ ์•Œ ํ•„์š”์„ฑ์„ ๋Š๊ปด์„œ ์•Œ์•„๋ณด๊ณ ์ž ํ•œ๋‹คโ—๏ธ๐Ÿ‘ฉ๐Ÿป‍๐Ÿ’ป HTTP HyperText Transfer Protocol W3 ์ƒ์—์„œ ์ •๋ณด

hyeran-story.tistory.com

 

 

728x90