LoginSignup
4
2

More than 3 years have passed since last update.

@MoraCyulu

【Ubuntu 20.04 LTS】Dynmapをリバースプロキシでhttps化

Last updated at Posted at 2020-06-17

修正

  • 2020/07/20
    • certbotの脱字を修正しました
  • 2020/06/17
    • 修正しました
  • 2020/06/17
    • 記載している内容に誤りがあったので解決でき次第書き直します。
    • 該当内容 -> Dynmapのアドレス部分

初めに

自分の鯖運営用で備忘録として残しているものです。
初心者が頭を悩ませながらなんとかできた内容なので間違いだらけかもしれません。
その点ご了承ください。
参考(ほぼすべてパクり気味)にしたページの方に詳しく乗っていますのでそちらの方をお勧めします。

certbotはこちら

対象

  • MinecraftのプラグインであるDynmapをhttpsにしたい
  • リバースプロキシだけでも使いたい

実施環境

  • OS Ubuntu 20.04 LTS
  • サーバの80,443を事前にポート開放
  • ドメインはDDNSを使用
  • Dynmapで8123を使用

Apache

Apacheインストール

$ sudo apt install apache2

Let's Encryptでhttps対応(certbot使用)

ユニバーサルリポジトリ有効化

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo apt-get update

certbotインストール

$ sudo apt-get install certbot python3-certbot-apache

SSl証明書初期設定

$ sudo certbot --apache

このあとメールアドレスやドメイン名を聞かれるのでそれぞれ入れていく
httpsの強制はどちらでもいいが私は強制で進めます

自動更新設定

$ sudo certbot renew --dry-run

Apache2 リバースプロキシ

mod_proxy mod_proxy_httpを有効化

$ sudo a2enmod proxy_http

mod_sslを有効化(httpsを利用する場合)

$ sudo a2enmod ssl

設定ファイルをコピー

$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/my-proxy.conf
$ sudo cp /etc/apache2/sites-available/000-default-le-ssl.conf /etc/apache2/sites-available/my-proxy-ssl.conf

my-proxyやmyproxy-sslの部分は自分が分かれば何でもいい

設定書き換え

my-proxy.confを書き換え

$ sudo nano /etc/apache2/sites-available/my-proxy.conf

nanoでもvimでもお好きな方をどうぞ

<VirtualHost *:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =[ドメイン名に変更されてるはず]
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

    #この下2行追加 複数の場合は各自増やす
    ProxyPass /dynmap/ http://localhost:8123/
    ProxyPassReverse /dynmap/ htttp://localhost:8123/
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

my-proxy-ssl.confを書き換え

$ sudo nano /etc/apache2/sites-available/my-proxy-ssl.conf

nanoでもvimでもお好きな方をどうぞ

<IfModule mod_ssl.c>
<VirtualHost *:443>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf


ServerName [ドメイン名に変更されてるはず]
SSLCertificateFile /etc/letsencrypt/live/[ドメイン名に変更されてるはず]/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/[ドメイン名に変更されてるはず]/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

#この下2行追加 複数の場合は各自増やす
ProxyPass /dynmap/ http://localhost:8123/
ProxyPassReverse /dynmap/ http://localhost:8123/
</VirtualHost>
</IfModule>

my-proxy.confを有効化

$ sudo a2ensite my-proxy

my-proxy-ssl.confを有効化

$ sudo a2ensite my-proxy-ssl

000-default.confを無効化

$ sudo a2dissite 000-default

000-default-le-ssl.confを無効化

$ sudo a2dissite 000-default-le-ssl

Apache再起動

 sudo systemctl restart apache2

ここまで読んでいただきありがとうございました。

4
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
4
2