Chuẩn bị
– Cấu hình [mod_http2] để sử dụng HTTP/2
– Cài server web như bài: Cài đặt Apache2 trên Ubuntu 22.04: Virtual Hostings
root@ATMA-Ubuntu22:~# hostnamectl set-hostname srv.dinhducthanh.com root@ATMA-Ubuntu22:~# timedatectl set-timezone Asia/Ho_Chi_Minh root@ATMA-Ubuntu22:~# reboot
+ Install Apache2
root@srv:~# apt -y install apache2
+ Cấu hình Apache2.
root@srv:~# vi /etc/apache2/conf-enabled/security.conf # line 25 : thay đổi ServerTokens Prod root@srv:~# vi /etc/apache2/apache2.conf # line 70 : thêm chỉ định server name ServerName srv.dinhducthanh.com root@srv:~# vi /etc/apache2/sites-enabled/000-default.conf # line 11 : thay đổi email của webmaster ServerAdmin admin@dinhducthanh.com
+ Restart dịch vụ Apache2
root@srv:~# systemctl restart apache2
+ tạo virtualhost
root@srv:~# vi /etc/apache2/sites-available/node1.dinhducthanh.com.conf <VirtualHost *:80> DocumentRoot /var/www/node1.dinhducthanh.com ServerName node1.dinhducthanh.com ServerAdmin webmaster@node1.dinhducthanh.com ErrorLog /var/log/apache2/node1.dinhducthanh.com.error.log CustomLog /var/log/apache2/node1.dinhducthanh.com.access.log combined </VirtualHost> root@srv:~# a2ensite node1.dinhducthanh.com root@srv:~# systemctl reload apache2
+ Tạo trang test
root@srv:~# mkdir /var/www/node1.dinhducthanh.com root@srv:~# vi /var/www/node1.dinhducthanh.com/index.html <html> <body> <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;"> NODE1.DINHDUCTHANH.COM Test Page </div> </body> </html>
– Cấu hình cài đặt SSL/TLS: Cài đặt Apache2 trên Ubuntu 22.04: Cấu hình SSL/TLS. (nhiều trình duyệt Web chỉ hỗ trợ HTTP/2 trên kết nối HTTPS)
+ Nhận cert từ letsencrypt
root@srv:~# apt -y install certbot root@srv:~# certbot certonly --webroot -w /var/www/node1.dinhducthanh.com -d node1.dinhducthanh.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): thanhdd.noc@gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N Account registered. Requesting a certificate for node1.dinhducthanh.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/node1.dinhducthanh.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/node1.dinhducthanh.com/privkey.pem This certificate expires on 2024-08-29. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Kiểm tra các cert nhận được
root@srv:~# ls /etc/letsencrypt/live/
– Kích hoạt SSL
root@srv:~# a2ensite default-ssl root@srv:~# a2enmod ssl root@srv:~# systemctl restart apache2
Configure [mod_http2]
– Có thể thiết lập nó cho từng virtual hosting
# cấu hình [mod_http2] cho bất kỳ web virtual hosting nào bạn muốn đặt root@srv:~# vi /etc/apache2/sites-enabled/node1.dinhducthanh.com.conf # thêm dòng [Protocols ***] <VirtualHost *:443> Protocols h2 http/1.1 DocumentRoot /var/www/node1.dinhducthanh.com ServerName node1.dinhducthanh.com:443 ServerAdmin webmaster@node1.dinhducthanh.com ErrorLog /var/log/apache2/node1.dinhducthanh.com_ssl_error_log CustomLog /var/log/apache2/node1.dinhducthanh.com_ssl_access_log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/node1.dinhducthanh.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/node1.dinhducthanh.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/node1.dinhducthanh.com/chain.pem </VirtualHost> <Directory "/var/www/node1.dinhducthanh.com"> Options FollowSymLinks AllowOverride All Require all granted </Directory>
root@srv:~# a2enmod http2 Enabling module http2. To activate the new configuration, you need to run: systemctl restart apache2 root@srv:~# systemctl restart apache2
Kiểm tra
– Xác nhận truy cập, nếu OK [HTTP/2] sẽ hiển thị
root@srv:~# curl -I https://node1.dinhducthanh.com/
HTTP/2 200
last-modified: Sat, 01 Jun 2024 06:47:47 GMT
etag: "99-619ce7a5c497c"
accept-ranges: bytes
content-length: 153
vary: Accept-Encoding
content-type: text/html
date: Sat, 01 Jun 2024 07:03:30 GMT
server: Apache
– Có thể thấy HTTP/2 trong tiêu đề phản hồi khi truy cập trình duyệt Web. Ví dụ dưới đây là trên Google Chrome.
Nếu HTTP/2 được bật, [Protocol] trong tiêu đề phản hồi sẽ chuyển thành [h2] như sau.
