Raspbian: Aktifkan https di apache

From OnnoWiki
Revision as of 08:13, 18 December 2018 by Onnowpurbo (talk | contribs) (→‎Aktifkan SSL Virtual Host)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04


Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL.

Install Apache

instalasi 

sudo apt update
sudo apt -y install apache2 php php-xmlrpc php-mysql php-gd php-cli php-curl


Aktifkan SSL module

enable 

sudo a2enmod ssl
sudo service apache2 restart


Buat Self-Signed SSL Certificate

buat 

sudo mkdir -p /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

isi dengan 

Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA
Organizational Unit Name (eg, section) []:RND
Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id
Email Address []:onno@organisasi-anda.id

Konfigurasi apache untuk menggunakan SSL

Edit 

cd /etc/apache2/sites-available
cp default-ssl.conf darmajaya.ac.id-ssl.conf
sudo vi /etc/apache2/sites-available/darmajaya.ac.id-ssl.conf

Kalau comment dibuang, akan tampak seperti: 

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Kita perlu mengkonfigurasi

  • ServerAdmin
  • ServerName
  • ServerAlias
  • DocumentRoot
  • PENTING: lokasi Apache SSL certificate & key
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Tampilan akhirnya, 

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@darmajaya.ac.id
        ServerName darmajaya.ac.id
        ServerAlias www.darmajaya.ac.id
        DocumentRoot /var/www/html/webmirror/www.darmajaya.ac.id/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Aktifkan SSL Virtual Host

enable 

sudo a2ensite darmajaya.ac.id-ssl.conf
sudo service apache2 restart
sudo systemctl reload apache2

Test Setup

browse ke 

https://server_domain_name_or_IP
https://192.168.0.100

kemungkinan akan dapat warning apache ssl warning :) ...


Referensi


Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Raspbian:_Aktifkan_https_di_apache&oldid=53261"