Difference between revisions of "Raspbian: Aktifkan https di apache"

Latest revision as of 08:13, 18 December 2018

sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL.

Install Apache

instalasi

sudo apt update
sudo apt -y install apache2 php php-xmlrpc php-mysql php-gd php-cli php-curl

Aktifkan SSL module

enable

sudo a2enmod ssl
sudo service apache2 restart

Buat Self-Signed SSL Certificate

buat

sudo mkdir -p /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

isi dengan

Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA
Organizational Unit Name (eg, section) []:RND
Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id
Email Address []:onno@organisasi-anda.id

Konfigurasi apache untuk menggunakan SSL

Edit

cd /etc/apache2/sites-available
cp default-ssl.conf darmajaya.ac.id-ssl.conf
sudo vi /etc/apache2/sites-available/darmajaya.ac.id-ssl.conf

Kalau comment dibuang, akan tampak seperti:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Kita perlu mengkonfigurasi

ServerAdmin
ServerName
ServerAlias
DocumentRoot
PENTING: lokasi Apache SSL certificate & key

SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Tampilan akhirnya,

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@darmajaya.ac.id
        ServerName darmajaya.ac.id
        ServerAlias www.darmajaya.ac.id
        DocumentRoot /var/www/html/webmirror/www.darmajaya.ac.id/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Aktifkan SSL Virtual Host

enable

sudo a2ensite darmajaya.ac.id-ssl.conf
sudo service apache2 restart
sudo systemctl reload apache2

Test Setup

browse ke

https://server_domain_name_or_IP
https://192.168.0.100

kemungkinan akan dapat warning apache ssl warning :) ...

Referensi

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Pranala Menarik

Internet Offline

@@ Line 2: / Line 2: @@
-Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. Berikut ini adalah caranya di Ubuntu 16.04.
+Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL.
 ==Install Apache==
@@ Line 9: / Line 9: @@
   sudo apt update
-  sudo apt -y install apache2
+  sudo apt -y install apache2 php php-xmlrpc php-mysql php-gd php-cli php-curl
@@ Line 17: / Line 17: @@
   sudo a2enmod ssl
-restart apache
   sudo service apache2 restart
@@ Line 25: / Line 22: @@
 ==Buat Self-Signed SSL Certificate==
-buat folder
+buat
- sudo mkdir /etc/apache2/ssl
-buat certificate
+ sudo mkdir -p /etc/apache2/ssl
   sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
@@ Line 42: / Line 36: @@
   Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id
   Email Address []:onno@organisasi-anda.id
-Beberapa informasi tambahan
-* openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
-* req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
-* -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
-* -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
-* -days 365: This specifies that the certificate we are creating will be valid for one year.
-* -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
-* -keyout: This parameter names the output file for the private key file that is being created.
-* -out: This option names the output file for the certificate that we are generating.
 ==Konfigurasi apache untuk menggunakan SSL==
@@ Line 60: / Line 42: @@
   cd /etc/apache2/sites-available
-  cp default-ssl.conf default-ssl.conf.asli
+  cp default-ssl.conf darmajaya.ac.id-ssl.conf
-  sudo vi /etc/apache2/sites-available/default-ssl.conf
+  sudo vi /etc/apache2/sites-available/darmajaya.ac.id-ssl.conf
 Kalau comment dibuang, akan tampak seperti:
@@ Line 102: / Line 84: @@
   <IfModule mod_ssl.c>
       <VirtualHost _default_:443>
-          ServerAdmin admin@example.com
+          ServerAdmin admin@darmajaya.ac.id
-          ServerName your_domain.com
+          ServerName darmajaya.ac.id
-          ServerAlias www.your_domain.com
+          ServerAlias www.darmajaya.ac.id
-          DocumentRoot /var/www/html
+          DocumentRoot /var/www/html/webmirror/www.darmajaya.ac.id/
           ErrorLog ${APACHE_LOG_DIR}/error.log
           CustomLog ${APACHE_LOG_DIR}/access.log combined
@@ Line 128: / Line 110: @@
 enable
-  sudo a2ensite default-ssl.conf
+  sudo a2ensite darmajaya.ac.id-ssl.conf
-restart
   sudo service apache2 restart
+ sudo systemctl reload apache2
 ==Test Setup==
@@ Line 143: / Line 122: @@
 kemungkinan akan dapat warning apache ssl warning :) ...
 ==Referensi==