Difference between revisions of "Raspbian: Aktifkan https di apache"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 2: | Line 2: | ||
| − | Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL | + | Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. |
==Install Apache== | ==Install Apache== | ||
| Line 9: | Line 9: | ||
sudo apt update | sudo apt update | ||
| − | sudo apt -y install apache2 | + | sudo apt -y install apache2 php php-xmlrpc php-mysql php-gd php-cli php-curl |
| Line 17: | Line 17: | ||
sudo a2enmod ssl | sudo a2enmod ssl | ||
| − | |||
| − | |||
| − | |||
sudo service apache2 restart | sudo service apache2 restart | ||
| Line 25: | Line 22: | ||
==Buat Self-Signed SSL Certificate== | ==Buat Self-Signed SSL Certificate== | ||
| − | buat | + | buat |
| − | |||
| − | |||
| − | |||
| − | |||
| + | sudo mkdir -p /etc/apache2/ssl | ||
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt | sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt | ||
| Line 48: | Line 42: | ||
cd /etc/apache2/sites-available | cd /etc/apache2/sites-available | ||
| − | cp default-ssl.conf | + | cp default-ssl.conf darmajaya.ac.id-ssl.conf |
| − | sudo vi /etc/apache2/sites-available/ | + | sudo vi /etc/apache2/sites-available/darmajaya.ac.id-ssl.conf |
Kalau comment dibuang, akan tampak seperti: | Kalau comment dibuang, akan tampak seperti: | ||
| Line 90: | Line 84: | ||
<IfModule mod_ssl.c> | <IfModule mod_ssl.c> | ||
<VirtualHost _default_:443> | <VirtualHost _default_:443> | ||
| − | ServerAdmin admin@ | + | ServerAdmin admin@darmajaya.ac.id |
| − | ServerName | + | ServerName darmajaya.ac.id |
| − | ServerAlias www. | + | ServerAlias www.darmajaya.ac.id |
| − | DocumentRoot /var/www/html | + | DocumentRoot /var/www/html/webmirror/www.darmajaya.ac.id/ |
ErrorLog ${APACHE_LOG_DIR}/error.log | ErrorLog ${APACHE_LOG_DIR}/error.log | ||
CustomLog ${APACHE_LOG_DIR}/access.log combined | CustomLog ${APACHE_LOG_DIR}/access.log combined | ||
| Line 116: | Line 110: | ||
enable | enable | ||
| − | sudo a2ensite | + | sudo a2ensite darmajaya.ac.id-ssl.conf |
| − | |||
| − | |||
| − | |||
sudo service apache2 restart | sudo service apache2 restart | ||
| − | + | sudo systemctl reload apache2 | |
==Test Setup== | ==Test Setup== | ||
| Line 131: | Line 122: | ||
kemungkinan akan dapat warning apache ssl warning :) ... | kemungkinan akan dapat warning apache ssl warning :) ... | ||
| + | |||
==Referensi== | ==Referensi== | ||
Latest revision as of 08:13, 18 December 2018
Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL.
Install Apache
instalasi
sudo apt update sudo apt -y install apache2 php php-xmlrpc php-mysql php-gd php-cli php-curl
Aktifkan SSL module
enable
sudo a2enmod ssl sudo service apache2 restart
Buat Self-Signed SSL Certificate
buat
sudo mkdir -p /etc/apache2/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
isi dengan
Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:DKI Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA Organizational Unit Name (eg, section) []:RND Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id Email Address []:onno@organisasi-anda.id
Konfigurasi apache untuk menggunakan SSL
Edit
cd /etc/apache2/sites-available cp default-ssl.conf darmajaya.ac.id-ssl.conf sudo vi /etc/apache2/sites-available/darmajaya.ac.id-ssl.conf
Kalau comment dibuang, akan tampak seperti:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
Kita perlu mengkonfigurasi
- ServerAdmin
- ServerName
- ServerAlias
- DocumentRoot
- PENTING: lokasi Apache SSL certificate & key
SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Tampilan akhirnya,
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin admin@darmajaya.ac.id
ServerName darmajaya.ac.id
ServerAlias www.darmajaya.ac.id
DocumentRoot /var/www/html/webmirror/www.darmajaya.ac.id/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
Aktifkan SSL Virtual Host
enable
sudo a2ensite darmajaya.ac.id-ssl.conf sudo service apache2 restart sudo systemctl reload apache2
Test Setup
browse ke
https://server_domain_name_or_IP https://192.168.0.100
kemungkinan akan dapat warning apache ssl warning :) ...
Referensi