Difference between revisions of "Apache: aktifkan HTTPS"

From OnnoWiki
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
 
sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
  
ntroduction
 
  
TLS, or transport layer security, and its predecessor SSL, secure sockets layer, are secure protocols created in order to place normal traffic in a protected, encrypted wrapper.
+
Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. Berikut ini adalah caranya di Ubuntu 16.04.
 
 
These protocols allow traffic to be sent safely between remote parties without the possibility of the traffic being intercepted and read by someone in the middle. They are also instrumental in validating the identity of domains and servers throughout the internet by establishing a server as trusted and genuine by a certificate authority.
 
 
 
In this guide, we'll cover how to create a self-signed SSL certificate for Apache on an Ubuntu 14.04 server, which will allow you to encrypt traffic to your server. While this does not provide the benefit of third party validation of your server's identity, it fulfills the requirements of those simply wanting to transfer information securely.
 
 
 
Note: You may want to consider using Let's Encrypt instead of a self-signed certificate. Let's Encrypt is a new certificate authority that issues free SSL/TLS certificates that are trusted in most web browsers. Check out the tutorial to get started: How To Secure Apache with Let's Encrypt on Ubuntu 14.04
 
Prerequisites
 
 
 
Before you begin, you should have some configuration already taken care of.
 
 
 
We will be operating as a non-root user with sudo privileges in this guide. You can set one up by following steps 1-4 in our Ubuntu 14.04 initial server setup guide.
 
  
 
==Install Apache==
 
==Install Apache==
Line 20: Line 8:
 
instalasi
 
instalasi
  
  sudo apt-get update
+
  sudo apt update
  sudo apt-get install apache2
+
  sudo apt -y install apache2
  
  
Line 69: Line 57:
 
==Konfigurasi apache untuk menggunakan SSL==
 
==Konfigurasi apache untuk menggunakan SSL==
  
 +
Edit
  
 
+
cd /etc/apache2/sites-available
The key and certificate will be created and placed in your /etc/apache2/ssl directory.
+
cp default-ssl.conf default-ssl.conf.asli
Step Three — Configure Apache to Use SSL
 
 
 
Now that we have our certificate and key available, we can configure Apache to use these files in a virtual host file. You can learn more about how to set up Apache virtual hosts here.
 
 
 
Instead of basing our configuration file off of the 000-default.conf file in the sites-available subdirectory, we're going to base this configuration on the default-ssl.conf file that contains some default SSL configuration.
 
 
 
Open the file with root privileges now:
 
 
 
 
  sudo vi /etc/apache2/sites-available/default-ssl.conf
 
  sudo vi /etc/apache2/sites-available/default-ssl.conf
  
With the comments removed, the file looks something like this:
+
Kalau comment dibuang, akan tampak seperti:
  
 
  <IfModule mod_ssl.c>
 
  <IfModule mod_ssl.c>
Line 112: Line 93:
 
* ServerAlias
 
* ServerAlias
 
* DocumentRoot
 
* DocumentRoot
* lokasi Apache SSL certificate & key
+
* '''PENTING:''' lokasi Apache SSL certificate & key
 +
 
 +
SSLCertificateFile /etc/apache2/ssl/apache.crt
 +
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
  
 
Tampilan akhirnya,
 
Tampilan akhirnya,
Line 139: Line 123:
 
     </VirtualHost>
 
     </VirtualHost>
 
  </IfModule>
 
  </IfModule>
 
  
 
==Aktifkan SSL Virtual Host==
 
==Aktifkan SSL Virtual Host==
Line 150: Line 133:
  
 
  sudo service apache2 restart
 
  sudo service apache2 restart
 
+
sudo systemctl reload apache2
  
 
==Test Setup==
 
==Test Setup==
Line 157: Line 140:
  
 
  https://server_domain_name_or_IP
 
  https://server_domain_name_or_IP
 +
https://192.168.0.100
  
 
kemungkinan akan dapat warning apache ssl warning :) ...
 
kemungkinan akan dapat warning apache ssl warning :) ...
 
  
 
==Referensi==
 
==Referensi==
  
 
* https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
 
* https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Latest revision as of 08:28, 18 December 2018

sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04


Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL. Berikut ini adalah caranya di Ubuntu 16.04.

Install Apache

instalasi 

sudo apt update
sudo apt -y install apache2


Aktifkan SSL module

enable 

sudo a2enmod ssl

restart apache 

sudo service apache2 restart


Buat Self-Signed SSL Certificate

buat folder 

sudo mkdir /etc/apache2/ssl

buat certificate 

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

isi dengan 

Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA
Organizational Unit Name (eg, section) []:RND
Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id
Email Address []:onno@organisasi-anda.id

Beberapa informasi tambahan

  • openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
  • req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
  • -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
  • -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
  • -days 365: This specifies that the certificate we are creating will be valid for one year.
  • -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
  • -keyout: This parameter names the output file for the private key file that is being created.
  • -out: This option names the output file for the certificate that we are generating.


Konfigurasi apache untuk menggunakan SSL

Edit 

cd /etc/apache2/sites-available
cp default-ssl.conf default-ssl.conf.asli
sudo vi /etc/apache2/sites-available/default-ssl.conf

Kalau comment dibuang, akan tampak seperti: 

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Kita perlu mengkonfigurasi

  • ServerAdmin
  • ServerName
  • ServerAlias
  • DocumentRoot
  • PENTING: lokasi Apache SSL certificate & key
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Tampilan akhirnya, 

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@example.com
        ServerName your_domain.com
        ServerAlias www.your_domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Aktifkan SSL Virtual Host

enable 

sudo a2ensite default-ssl.conf

restart 

sudo service apache2 restart
sudo systemctl reload apache2

Test Setup

browse ke 

https://server_domain_name_or_IP
https://192.168.0.100

kemungkinan akan dapat warning apache ssl warning :) ...

Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Apache:_aktifkan_HTTPS&oldid=53262"