Raspbian: Aktifkan https di apache
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Agar komunikasi dapat dilakukan dengan aman kita perlu meng-enkripsi komunikasi menggunakan TLS/SSL.
Install Apache
instalasi
sudo apt update sudo apt -y install apache2 php php-xmlrpc php-mysql php-gd php-cli php-curl
Aktifkan SSL module
enable
sudo a2enmod ssl sudo service apache2 restart
Buat Self-Signed SSL Certificate
buat
sudo mkdir -p /etc/apache2/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
isi dengan
Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:DKI Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:ORGANISASI-ANDA Organizational Unit Name (eg, section) []:RND Common Name (e.g. server FQDN or YOUR name) []:organisasi-anda.id Email Address []:onno@organisasi-anda.id
Konfigurasi apache untuk menggunakan SSL
Edit
cd /etc/apache2/sites-available cp default-ssl.conf darmajaya.ac.id-ssl.conf sudo vi /etc/apache2/sites-available/darmajaya.ac.id-ssl.conf
Kalau comment dibuang, akan tampak seperti:
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
Kita perlu mengkonfigurasi
- ServerAdmin
- ServerName
- ServerAlias
- DocumentRoot
- PENTING: lokasi Apache SSL certificate & key
SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Tampilan akhirnya,
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin admin@darmajaya.ac.id ServerName darmajaya.ac.id ServerAlias www.darmajaya.ac.id DocumentRoot /var/www/html/webmirror/www.darmajaya.ac.id/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
Aktifkan SSL Virtual Host
enable
sudo a2ensite darmajaya.ac.id-ssl.conf sudo service apache2 restart sudo systemctl reload apache2
Test Setup
browse ke
https://server_domain_name_or_IP https://192.168.0.100
kemungkinan akan dapat warning apache ssl warning :) ...
Referensi