{"id":1828,"date":"2019-09-18T09:04:13","date_gmt":"2019-09-18T15:04:13","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=1828"},"modified":"2021-04-20T10:22:17","modified_gmt":"2021-04-20T16:22:17","slug":"letsencrypt-proxy-sitio-web1-resumen","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=1828","title":{"rendered":"Letsencrypt: PROXY->Sitio web1 RESUMEN"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>En esta gu\u00eda explicamos como vamos a crear un certificado \nletsencrypt en un servidor proxy reverso con apache2 y se lo vamos a \npasar al servidor web1<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Host: PROXY<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Crear hostvirtual<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/XXXX.siua.ac.cr.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Contenido: <a href=\"\/ARCHIVOS\/letsencrypt\/proxy_xxx.siua.ac.cr.conf.php?ip=181.193.87.6&amp;dominio=XXX\" target=\"_blank\" rel=\"noreferrer noopener\">archivo<\/a><br><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">NameVirtualHost 181.193.87.6:80<br><br>&lt;VirtualHost 181.193.87.6:80&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName <strong>XXX<\/strong>.siua.ac.cr<br> ServerAlias www.<strong>XXX<\/strong>.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/<strong>XXX_80<\/strong>.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/<strong>XXX_80<\/strong>.siua.ac.cr-access.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br> #************************************************************************<br> #************************ DATOS DEL REDIRECCIONAMIENTO ****************<br> #************************************************************************<br><br>&lt;\/VirtualHost&gt;<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Habilitamos el sitio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>a2ensite XXX.siua.ac.cr<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Recargamos apache<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl reload apache2<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: DNS1 y Pfsense<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Creamos los dominios XXX.siua.ac.cr y <a href=\"http:\/\/www.XXX.siua.ac.cr\">www.XXX.siua.ac.cr<\/a> a que apunten a 181.193.87.6 y 10.20.200.XXX<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Host:PROXY<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Mandamos a generar el certificado<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>certbot --installer apache<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>RESULTADO<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log<br><br>How would you like to authenticate with the ACME CA?<br>-------------------------------------------------------------------------------<br>1: Apache Web Server plugin - Beta (apache)<br>2: Spin up a temporary webserver (standalone)<br>3: Place files in webroot directory (webroot)<br>-------------------------------------------------------------------------------<br>Select the appropriate number [1-3] then [enter] (press 'c' to cancel): <strong>1<\/strong><br><br><br><br>Which names would you like to activate HTTPS for?<br>-------------------------------------------------------------------------------<br>1: web1.siua.ac.cr<br>2: www.web1.siua.ac.cr<br>-------------------------------------------------------------------------------<br>Select the appropriate numbers separated by commas and\/or spaces, or leave input<br>blank to select all options shown (Enter 'c' to cancel): <strong>1 2<\/strong><br><br>Created an SSL vhost at <strong>\/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/strong><br>Deploying Certificate for <strong>web1.siua.ac.cr<\/strong> to VirtualHost <strong>\/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/strong><br>Enabling available site: <strong>\/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/strong><br>Deploying Certificate for <strong>www.web1.siua.ac.cr<\/strong> to VirtualHost <strong>\/etc\/apache2\/sites-available\/web1.siua.ac.cr-le-ssl.conf<\/strong><br><br>Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.<br>-------------------------------------------------------------------------------<br>1: No redirect - Make no further changes to the webserver configuration.<br>2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for<br>-------------------------------------------------------------------------------<br>Select the appropriate number [1-2] then [enter] (press 'c' to cancel):<strong> 2<\/strong><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos hacer el cambio que las solicitudes 443 tengan su propio log file<\/li><li>Abrimos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/XXX.siua.ac.cr-le-ssl.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Modificamos el archivo para que las solicitudes :443 tengan su propio log y agregamos la redirecci\u00f3n al servidor interno: <a href=\"\/ARCHIVOS\/letsencrypt\/proxy_xxx.siua.ac.cr-le-ssl.conf.php?ip=181.193.87.6&amp;ip2=10.20.200.15&amp;dominio=XXX\" target=\"_blank\" rel=\"noreferrer noopener\">archivo<\/a><br><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;IfModule mod_ssl.c&gt;<br> &lt;VirtualHost 181.193.87.6:443&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName <strong>XXX<\/strong>.siua.ac.cr<br> ServerAlias www.<strong>XXX<\/strong>.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/<strong>XXX_<\/strong><strong>443<\/strong>.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/<strong>XXX_<\/strong><strong>443<\/strong>.siua.ac.cr-acAqu\u00edcess.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br> <strong>#************************************************************************<\/strong><br><strong> #******************* DATOS DEL REDIRECCIONAMIENTO *********************<\/strong><br><strong> #************************************************************************<\/strong><br><strong> ProxyPreserveHost On<\/strong><br><strong> ProxyRequests off<\/strong><br><strong> SSLProxyEngine on<\/strong><br><strong> ProxyPass \/ https:\/\/10.20.200.15\/<\/strong><br><strong> ProxyPassReverse \/ https:\/\/10.20.200.15\/<\/strong><br><br><br> #************************************************************************<br> #******************** DATOS DEL CERTIFICADO ***************************<br> #************************************************************************<br> Include \/etc\/letsencrypt\/options-ssl-apache.conf<br> SSLCertificateFile \/etc\/letsencrypt\/live\/<strong>XXX<\/strong>.siua.ac.cr\/fullchain.pem<br> SSLCertificateKeyFile \/etc\/letsencrypt\/live\/<strong>XXX<\/strong>.siua.ac.cr\/privkey.pem<br> &lt;\/VirtualHost&gt;<br>&lt;\/IfModule&gt;<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Recargamos el servicio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl reload apache2<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: Web1<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Creamos una carpeta dentro de \/etc\/apache2\/certificados con el nombre del dominio \u00ab<strong>XXX<\/strong>.siua.ac.cr\u00bb<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/etc\/apache2\/certificados\/XXX.siua.ac.cr\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora de damos permisos de escritura<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod 777 -R \/etc\/apache2\/certificados\/XXX.siua.ac.cr\/\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: PROXY<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos a copiar los certificados que se encuentra ne le servidor PROXY al servidor XXX<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">scp -P 44 -r \/etc\/letsencrypt\/live\/<strong>XXX<\/strong>.siua.ac.cr\/fullchain.pem <a href=\"mailto:root@10.20.200.15:\/etc\/apache2\/certificados\/web1.siua.ac.cr\/fullchain.pem\">root@<strong>10.20.200.15<\/strong>:\/etc\/apache2\/certificados\/<strong>XXX<\/strong>.siua.ac.cr\/fullchain.pem <\/a><br><br>scp -P 44 -r \/etc\/letsencrypt\/live\/<strong>XXX<\/strong>.siua.ac.cr\/privkey.pem root@<strong>10.20.200.15<\/strong>:\/etc\/apache2\/certificados\/<strong>XXX<\/strong>.siua.ac.cr\/privkey.pem<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">&nbsp;Host: web1<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos hacer que todas las solicitudes :80 se dirijan a :443<\/li><li>Creamos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/XXX.siua.ac.cr.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Contenido: <a href=\"\/ARCHIVOS\/letsencrypt\/web_xxx.siua.ac.cr.conf.php?dominio=xxx\" target=\"_blank\" rel=\"noreferrer noopener\">archivo<\/a><br><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;VirtualHost *:<strong>80<\/strong>&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName <strong>XXX<\/strong>.siua.ac.cr<br> ServerAlias www.<strong>XXX<\/strong>.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/<strong>XXX_80<\/strong>.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/<strong>XXX_80<\/strong>.siua.ac.cr-access.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br> #************************************************************************<br> #************** DATOS DEL REDIRECIONAMIENTO **********************<br> #************************************************************************<br> RedirectMatch permanent ^\/(.*) https:\/\/<strong>XXX<\/strong>.siua.ac.cr\/$1<br><br><br> #************************************************************************<br> #************** DATOS DEL SITIO WEB **********************<br> #************************************************************************<br> DocumentRoot \/var\/www\/html\/Sitios\/index_servidores<br><br>&lt;\/VirtualHost&gt;<\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos el sitio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>a2ensite XXX.siua.ac.cr.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Creamos un archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/XXX.siua.ac.cr-le-ssl.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Contenido: <a href=\"\/ARCHIVOS\/letsencrypt\/web_xxx.siua.ac.cr-le-ssl.conf.php?dominio=xxx\" target=\"_blank\" rel=\"noreferrer noopener\">archivo<\/a><br><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">&lt;IfModule mod_ssl.c&gt;<br><br> #************************************************************************<br> #********************* HTTPS:\/\/WWW.WEB1.SIUA.AC:CR **********************<br> #************************************************************************<br> &lt;VirtualHost *:443&gt;<br> ServerName www.web1.ac.cr<br> RedirectMatch permanent ^\/(.*) https:\/\/web1.siua.ac.cr\/$1<br> #************************************************************************<br> #*************************** DATOS DEL CERTIFICADO **********************<br> #************************************************************************<br> SSLEngine on<br> SSLCertificateFile \/etc\/apache2\/certificados\/web1.siua.ac.cr\/fullchain.pem<br> SSLCertificateKeyFile \/etc\/apache2\/certificados\/web1.siua.ac.cr\/privkey.pem<br> &lt;\/VirtualHost&gt;<br><br> #************************************************************************<br> #************* HTTPS:\/\/WEB1.SIUA.AC:CR ***********************<br> #************************************************************************<br> &lt;VirtualHost *:443&gt;<br><br> #************************************************************************<br> #***************** DATOS DEL SITIO WEB ********************************<br> #************************************************************************<br> ServerName web1.siua.ac.cr<br> ErrorLog \/var\/log\/apache2\/web1_443.siua.ac.cr-error.log<br> CustomLog \/var\/log\/apache2\/web1_443.siua.ac.cr-access.log common<br><br> #************************************************************************<br> #******************** DATOS DEL WEBMASTER *****************************<br> #************************************************************************<br> ServerAdmin interuniversitariadealajuela@gmail.com<br> Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"<br><br><br> #************************************************************************<br> #************** DATOS DEL CERTIFICADO **********************<br> #************************************************************************<br> SSLEngine on<br> SSLCertificateFile \/etc\/apache2\/certificados\/web1.siua.ac.cr\/fullchain.pem<br> SSLCertificateKeyFile \/etc\/apache2\/certificados\/web1.siua.ac.cr\/privkey.pem<br><br> #************************************************************************<br> #************** DATOS DEL SITIO WEB **********************<br> #************************************************************************<br> DocumentRoot \/var\/www\/html\/Sitios\/index_servidores<br> &lt;\/VirtualHost&gt;<br>&lt;\/IfModule&gt;<br><br><br><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos el sitios<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>a2ensite web1.siua.ac.cr-le-ssl.conf <\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Recargamos apache<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl reload apache2<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: PROXY<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos hacer que los certificados se renueven<\/li><li>Abrimos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/root\/ssh-renew.sh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y agregamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">scp -P 44 -r \/etc\/letsencrypt\/live\/web1.siua.ac.cr\/fullchain.pem root@10.20.200.15:\/etc\/apache2\/certificados\/web1.siua.ac.cr\/fullchain.pem <br><br>scp -P 44 -r \/etc\/letsencrypt\/live\/web1.siua.ac.cr\/privkey.pem root@10.20.200.15:\/etc\/apache2\/certificados\/web1.siua.ac.cr\/privkey.pem<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">COMANDOS<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Saber version del cerbot<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt-cache policy certbot | grep -i Installed<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>En esta gu\u00eda explicamos como vamos a crear un certificado letsencrypt en un servidor proxy reverso con apache2 y se lo vamos a pasar al servidor web1 Host: PROXY Crear hostvirtual Contenido: archivo NameVirtualHost 181.193.87.6:80&lt;VirtualHost 181.193.87.6:80&gt; #************************************************************************ #***************** DATOS DEL SITIO WEB ******************************** #************************************************************************ ServerName XXX.siua.ac.cr ServerAlias www.XXX.siua.ac.cr ErrorLog \/var\/log\/apache2\/XXX_80.siua.ac.cr-error.log CustomLog \/var\/log\/apache2\/XXX_80.siua.ac.cr-access.log common #************************************************************************ #******************** [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1829,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[134],"tags":[],"class_list":["post-1828","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-letsencrypt"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1828"}],"version-history":[{"count":3,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1828\/revisions"}],"predecessor-version":[{"id":4628,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/1828\/revisions\/4628"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/media\/1829"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}