Raspbian: Aktifkan https di apache

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

sumber: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL.

Install Apache

instalasi

sudo apt update
sudo apt -y install apache2 php php-xmlrpc php-mysql php-gd php-cli php-curl

Aktifkan SSL module

enable

sudo a2enmod ssl
sudo service apache2 restart

Buat Self-Signed SSL Certificate

buat

sudo mkdir -p /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

isi dengan

Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA
Organizational Unit Name (eg, section) []:RND
Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id
Email Address []:onno@organisasi-anda.id

Konfigurasi apache untuk menggunakan SSL

Edit

cd /etc/apache2/sites-available
cp default-ssl.conf darmajaya.ac.id-ssl.conf
sudo vi /etc/apache2/sites-available/darmajaya.ac.id-ssl.conf

Kalau comment dibuang, akan tampak seperti:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Kita perlu mengkonfigurasi

ServerAdmin
ServerName
ServerAlias
DocumentRoot
PENTING: lokasi Apache SSL certificate & key

SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Tampilan akhirnya,

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@darmajaya.ac.id
        ServerName darmajaya.ac.id
        ServerAlias www.darmajaya.ac.id
        DocumentRoot /var/www/html/webmirror/www.darmajaya.ac.id/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Aktifkan SSL Virtual Host

enable

sudo a2ensite darmajaya.ac.id-ssl.conf
sudo service apache2 restart
sudo systemctl reload apache2

Test Setup

browse ke

https://server_domain_name_or_IP
https://192.168.0.100

kemungkinan akan dapat warning apache ssl warning :) ...

Referensi

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Pranala Menarik

Internet Offline