https://wiki.smpyppksantodonboscofakfak.sch.id/index.php?action=history&feed=atom&title=Instalasi_SSL_di_Ubuntu_Server_dengan_IP_Private
Instalasi SSL di Ubuntu Server dengan IP Private - Revision history
2026-05-10T14:33:55Z
Revision history for this page on the wiki
MediaWiki 1.43.1
https://wiki.smpyppksantodonboscofakfak.sch.id/index.php?title=Instalasi_SSL_di_Ubuntu_Server_dengan_IP_Private&diff=149&oldid=prev
Smpdbos: Created page with "sudo apt update sudo apt-get install -y apache2 sudo apt-get install openssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfs..."
2023-07-24T00:42:05Z
<p>Created page with "sudo apt update sudo apt-get install -y apache2 sudo apt-get install openssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfs..."</p>
<p><b>New page</b></p><div>sudo apt update<br />
<br />
sudo apt-get install -y apache2 <br />
<br />
sudo apt-get install openssl<br />
<br />
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt<br />
<br />
<br />
Buat file konfigurasi dari parameter apache:<br />
$ sudo nano /etc/apache2/conf-available/ssl-params.conf , isi dengan:<br />
<br />
<code>SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH<br />
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLHonorCipherOrder On<br />
# Disable preloading HSTS for now. You can use the commented out header line that includes<br />
# the "preload" directive if you understand the implications.<br />
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"<br />
Header always set X-Frame-Options DENY<br />
Header always set X-Content-Type-Options nosniff<br />
# Requires Apache >= 2.4<br />
SSLCompression off<br />
SSLUseStapling on<br />
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"<br />
# Requires Apache >= 2.4.11<br />
SSLSessionTickets Off</code><br />
Save, exit.<br />
<br />
Salin file yang diperlukan:<br />
$ sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak<br />
Modifikasi default-ssl.conf dari apache:<br />
$ sudo nano /etc/apache2/sites-available/default-ssl.conf , isi dengan (jika memungkinkan, hapus terlebih dahulu semua konfigurasi yang ada sebelumnya, lalu copas konfigurasi dibawah ini) :<br />
<br />
<code><IfModule mod_ssl.c><br />
<VirtualHost _default_:443><br />
ServerAdmin admin@local.com<br />
ServerName localhost<br />
<br />
DocumentRoot /var/www/html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/error.log<br />
CustomLog ${APACHE_LOG_DIR}/access.log combined<br />
<br />
SSLEngine on<br />
<br />
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt<br />
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key<br />
<br />
<FilesMatch "\.(cgi|shtml|phtml|php)$"><br />
SSLOptions +StdEnvVars<br />
</FilesMatch><br />
<Directory /usr/lib/cgi-bin><br />
SSLOptions +StdEnvVars<br />
</Directory><br />
<br />
</VirtualHost><br />
</IfModule></code><br />
Save, exit.<br />
<br />
Modifikasi default.conf dari apache dengan merubah ip kalian:<br />
$ sudo nano /etc/apache2/sites-available/000-default.conf<br />
Tambahkan ini dibawah “VirtualHost” :<br />
<VirtualHost *:80><br />
<br />
. . .<br />
<br />
Redirect “/” “<nowiki>https://ip_lokal_vm_kamu”</nowiki><br />
<br />
. . .<br />
<br />
</VirtualHost><br />
Save,exit.<br />
<br />
<br />
<br />
Lakukan apply dan reload pada apache:<br />
$ sudo a2enmod ssl<br />
<br />
$ sudo a2enmod headers<br />
<br />
$ sudo a2ensite default-ssl<br />
<br />
$ sudo a2enconf ssl-params<br />
<br />
$ sudo apache2ctl configtest<br />
<br />
$ sudo /etc/init.d/apache2 reload<br />
[[File:Ssl.png|thumb|ssl]]</div>
Smpdbos