12. SSL VirtualHost 설정

coldplayer83 2024. 8. 8. 13:28
cd ${DOMAIN_HOME}/config/fmwconfig/components/OHS/${component_name}


기존 ssl.conf 파일을 백업하고 아래와 같이 수정하여 작성


SSLSessionCache None 추가

각 <VirtualHost>의 <IfModule ossl_module> ~ </IfModule> 뒤에 ServerName 추가

WebLogic 연동 설정인 <IfModule weblogic_module> ~ </IfModule> 추가



# Oracle HTTP Server mod_ossl configuration file: ssl.conf        #

# The Listen directive below has a comment preceding it that is used
# by tooling which updates the configuration.  Do not delete the comment.
#[Listen] OHS_SSL_PORT
Listen 4443
SSLSessionCache None

<IfModule ossl_module>
##  SSL Global Context
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.

#   Some MIME-types for downloading Certificates and CRLs
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl    .crl

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use, second the expiring timeout (in seconds) and third
#   the mutex to be used.
    SSLSessionCache "shmcb:${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs/ssl_scache(512000)"
    SSLSessionCacheTimeout  300
    <IfModule !mpm_winnt_module>
      Mutex pthread ssl-cache

## SSL Virtual Host Context
#[VirtualHost] OHS_SSL_VH
<VirtualHost *:4443> 
  <IfModule ossl_module>
   #  SSL Engine Switch:
   #  Enable/Disable SSL for this virtual host.
   SSLEngine on

   #  Client Authentication (Type):
   #  Client certificate verification type and depth.  Types are
   #  none, optional and require.
   SSLVerifyClient None

   #  SSL Protocol Support:
   #  Configure usable SSL/TLS protocol versions.
   SSLProtocol TLSv1.2
   # Option to prefer the server's cipher preference order 
   SSLHonorCipherOrder on

   #  SSL Cipher Suite:
   #  List the ciphers that the client is permitted to negotiate.

   # SSL Certificate Revocation List Check
   # Valid values are On and Off
   SSLCRLCheck Off

   #Path to the wallet
   SSLWallet "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/keystores/default"
   <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars

   <Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">
      SSLOptions +StdEnvVars

   BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
   ServerName abc.co.kr
   ErrorLog "||${PRODUCT_HOME}/bin/odl_rotatelogs /logs/web/ssl/web_error_log"
   CustomLog "||${PRODUCT_HOME}/bin/odl_rotatelogs /logs/web/ssl/web_access_log 43200" common
   <IfModule weblogic_module>
         MatchExpression *.jsp
         Debug OFF
         Idempotent OFF
         DynamicServerList OFF
         DebugConfigInfo ON
         WLIOTimeoutSecs 900
         ConnectTimeoutSecs 20
         ConnectRetrySecs 2

