Raspbian: Aktifkan https di apache
Revision as of 02:57, 12 October 2018 by Onnowpurbo (talk | contribs)
Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL.
Install Apache
instalasi
sudo apt update sudo apt -y install apache2 php php-xmlrpc php-mysql php-gd php-cli php-curl
Aktifkan SSL module
enable
sudo a2enmod ssl sudo service apache2 restart
Buat Self-Signed SSL Certificate
buat
sudo mkdir -p /etc/apache2/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
isi dengan
Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:DKI Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA Organizational Unit Name (eg, section) []:RND Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id Email Address []:onno@organisasi-anda.id
Konfigurasi apache untuk menggunakan SSL
Edit
cd /etc/apache2/sites-available cp default-ssl.conf darmajaya.ac.id-ssl.conf sudo vi /etc/apache2/sites-available/darmajaya.ac.id-ssl.conf
Kalau comment dibuang, akan tampak seperti:
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
Kita perlu mengkonfigurasi
- ServerAdmin
- ServerName
- ServerAlias
- DocumentRoot
- PENTING: lokasi Apache SSL certificate & key
SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Tampilan akhirnya,
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin admin@darmajaya.ac.id ServerName darmajaya.ac.id ServerAlias www.darmajaya.ac.id DocumentRoot /var/www/html/webmirror/www.darmajaya.ac.id/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
Aktifkan SSL Virtual Host
enable
sudo a2ensite darmajaya.ac.id-ssl.conf sudo service apache2 restart
Test Setup
browse ke
https://server_domain_name_or_IP https://192.168.0.100
kemungkinan akan dapat warning apache ssl warning :) ...
Referensi