Package
apt install -y apache2
DMZSRV
scp 10.0.0.1:/ca/cacert.pem /var/www/html/SubCA.crt
scp 10.0.0.1:/ca/crl/crl.pem /var/www/html/SubCA.crl
cd /etc/apache2/site-available
cp 000-default.conf dmzsrv.conf
vi dmzsrv.conf
### vi ###
<VirtualHost *:80>
ServerName ca.skill39.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
### vi ###
systemctl restart apache2
INTSRV
echo "main web service" > /var/www/html/index.html
cd /etc/apache2/site-available
cp 000-default.conf intsrv.conf
vi intsrv.conf
### vi ###
<VirtualHost *:80>
ServerName www.skill39.local
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
### vi ###
systemctl restart apache2
PUBSRV
echo "public web service" > /var/www/html/index.html
cp /ca/cacert.pem /var/www/html/RootCA.crt
cp /ca/crl/crl.pem /var/www/html/RootCA.crl
cd /etc/apache2/site-available
cp 000-default.conf pubsrv.conf
vi pubsrv.conf
### vi ###
<VirtualHost *:80>
ServerName ca.public.net
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName www.public.net
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
### vi ###
systemctl restart apache2
SITE1SRV
a2enmod ldap authnz_ldap ssl
echo "site1 web service" > /var/www/html/index.html
mkdir /var/www/ldap
echo "site1 auth web service" > /var/www/ldap/index.html
scp 10.0.0.1:/etc/ssl/chain.crt /etc/ssl/ca.crt
scp 10.0.0.1:/ca/certs/wild* /etc/ssl
cd /etc/apache2/sites-available
cp default-ssl.conf ssl.conf
cp 000-default.conf ldap.conf
cd ../sites-enabled
a2ensite ssl ldap
ls -al
vi ssl.conf
### vi ###
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
<VirtualHost *:443>
# ServerAdmin 삭제
ServerName site1.skill39.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/wild.crt
SSLCertificateKeyFile /etc/ssl/wild.key
SSLCertificateChainFile /etc/ssl/ca.crt # 주석 제거
# 나머지 전체 삭제
</VirtualHost>
### vi ###
vi ldap.conf
### vi ###
<VirtualHost *:80>
ServerName site1.skill39.local
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR/access.log combined
<Directory /var/www/ldap>
AuthType Basic
AuthName "LDAP Authentication"
AuthBasicProvider ldap
AuthLDAPURL "ldaps://ldap.skill39.local:636/ou=site1,dc=skill39,dc=local?sAMAccountName?sub?(objectClass=*)"
Require valid-user
</Dircetory>
</VirtualHost>
### vi ###
systemctl restart apache2
SITE2SRV
a2enmod ldap authnz_ldap ssl
echo "site1 web service" > /var/www/html/index.html
mkdir /var/www/ldap
echo "site1 auth web service" > /var/www/ldap/index.html
scp 10.0.0.1:/etc/ssl/chain.crt /etc/ssl/ca.crt
scp 10.0.0.1:/ca/certs/wild* /etc/ssl
cd /etc/apache2/sites-available
cp default-ssl.conf ssl.conf
cp 000-default.conf ldap.conf
cd ../sites-enabled
a2ensite ssl ldap
ls -al
vi ssl.conf
### vi ###
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
<VirtualHost *:443>
# ServerAdmin 삭제
ServerName site2.skill39.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/wild.crt
SSLCertificateKeyFile /etc/ssl/wild.key
SSLCertificateChainFile /etc/ssl/ca.crt # 주석 제거
# 나머지 전체 삭제
</VirtualHost>
### vi ###
vi ldap.conf
### vi ###
<VirtualHost *:80>
ServerName site2.skill39.local
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/ldap>
AuthType Basic
AuthName "LDAP Authentication"
AuthBasicProvider ldap
AuthLDAPURL "ldaps://ldap.skill39.local:636/ou=site2,dc=skill39,dc=local?sAMAccountName?sub?(objectClass=*)"
Require valid-user
</Dircetory>
</VirtualHost>
### vi ###
systemctl restart apache2