20220413 - 나만의 도메인과 NGINX 웹 서버로 APEX 서비스 접속하기

사전 준비 : 도메인과 공용 IP 그리고 프록시 컴퓨트 인스턴스

(OS 이미지는 Oracle-Linux-7.9-aarch64-2021.10.20-0 사용)

1. root 사용자로 전환하여 최신 패키지들로 업데이트

sudo su -

yum update -y

yum install -y yum-utils

2. nginx repository 설정 후 설치

vi /etc/yum.repos.d/nginx.repo

[nginx-stable]

name=nginx stable repo

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=1

enabled=1

gpgkey=https://nginx.org/keys/nginx_signing.key

module_hotfixes=true

[nginx-mainline]

name=nginx mainline repo

baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/

gpgcheck=1

enabled=0

gpgkey=https://nginx.org/keys/nginx_signing.key

module_hotfixes=true

yum install -y nginx

3. nginx 설치 후 상태 확인 및 서비스 시작

ps -ef | grep nginx

systemctl start nginx

systemctl status nginx

systemctl enable nginx

ps -ef | grep nginx

4. http, https 서비스를 위한 방화벽 오픈

firewall-cmd --permanent --list-all --zone=public

firewall-cmd --permanent --zone=public --add-service=http

firewall-cmd --permanent --zone=public --add-service=https

firewall-cmd --reload

firewall-cmd --permanent --list-all --zone=public

5. 해당 도메인 웹 서비스에 대한 설정

vi /etc/nginx/conf.d/oraclecloudapex.com.conf

server {

    listen         80;

    listen         [::]:80;

    server_name    oraclecloudapex.com www.oraclecloudapex.com;

    root           /usr/share/nginx/html/oraclecloudapex.com;

    index          index.html;

    try_files $uri /index.html;

}

6. 웹 서비스 기본 페이지 생성

mkdir /usr/share/nginx/html/oraclecloudapex.com

vi /usr/share/nginx/html/oraclecloudapex.com/index.html

Hello!!

nginx -s reload

nginx -t

7. (무료) SSL 인증 발급을 위한 패키지 설치 및 SSL 인증서 발급

cd /tmp

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

ls *.rpm

yum install -y epel-release-latest-7.noarch.rpm

yum install -y certbot python2-certbot-nginx

certbot --nginx -d oraclecloudapex.com -d www.oraclecloudapex.com --register-unsafely-without-email

8. 해당 웹 서비스 설정 파일에 APEX 서비스 고유 URL redirection 추가

vi /etc/nginx/conf.d/oraclecloudapex.com.conf

/* Adding ================>>> */

  location / {

    rewrite ^/$ /ords/f?p=xxxxx:xxxx permanent;

  }

  location /ords/ {

    proxy_pass https://yourapexserviceurl.com/ords/;

    proxy_set_header Origin "" ;

    proxy_set_header X-Forwarded-Host $host:$server_port;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_connect_timeout       600;

    proxy_send_timeout          600;

    proxy_read_timeout          600;

    send_timeout                600;

  }

  location /i/ {

    proxy_pass https://yourapexserviceurl.com/i/;

    proxy_set_header X-Forwarded-Host $host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  }

서비스 다시 로드

nginx -s reload

nginx -t

참고

테스트를 위해 최신 OL8 에 설치한 후 Gateway 에러 때문에 이틀을 맘고생 했네요.

Oracle-Linux-8.5-aarch64-2022.03.17-1

결국에는 강화된 보안 때문이었음.

vi /etc/selinux/config

SELINUX=disabled

==============

(Oracle Linux8) 7. (무료) SSL 인증 발급을 위한 패키지 설치 및 SSL 인증서 발급

cd /tmp

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

ls *.rpm

yum install -y epel-release-latest-8.noarch.rpm

yum install -y certbot python3-certbot-nginx

certbot --nginx -d oraclecloudapex.com -d www.oraclecloudapex.com --register-unsafely-without-email

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Requesting a certificate for oraclecloudapex.com and www.oraclecloudapex.com

Successfully received certificate.

Certificate is saved at: /etc/letsencrypt/live/oraclecloudapex.com/fullchain.pem

Key is saved at:         /etc/letsencrypt/live/oraclecloudapex.com/privkey.pem

This certificate expires on 2023-12-25.

These files will be updated when the certificate renews.

Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate

Successfully deployed certificate for oraclecloudapex.com to /etc/nginx/conf.d/oraclecloudapex.com.conf

Successfully deployed certificate for www.oraclecloudapex.com to /etc/nginx/conf.d/oraclecloudapex.com.conf

Congratulations! You have successfully enabled HTTPS on https://oraclecloudapex.com and https://www.oraclecloudapex.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you like Certbot, please consider supporting our work by:

 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

 * Donating to EFF:                    https://eff.org/donate-le

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -