Instalasi SSL di Ubuntu Server dengan IP Private

From Dboswiki
Revision as of 00:42, 24 July 2023 by Smpdbos (talk | contribs) (Created page with "sudo apt update sudo apt-get install -y apache2 sudo apt-get install openssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfs...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

sudo apt update

sudo apt-get install -y apache2

sudo apt-get install openssl

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt


Buat file konfigurasi dari parameter apache: 

$ sudo nano /etc/apache2/conf-available/ssl-params.conf , isi dengan:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

Save, exit.

Salin file yang diperlukan: 

$ sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak

Modifikasi default-ssl.conf dari apache: 

$ sudo nano /etc/apache2/sites-available/default-ssl.conf , isi dengan (jika memungkinkan, hapus terlebih dahulu semua konfigurasi yang ada sebelumnya, lalu copas konfigurasi dibawah ini) :

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin [email protected]
                ServerName localhost

                DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on

                SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
                SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

        </VirtualHost>
</IfModule>

Save, exit.

Modifikasi default.conf dari apache dengan merubah ip kalian: 

$ sudo nano /etc/apache2/sites-available/000-default.conf

Tambahkan ini dibawah “VirtualHost” : 

<VirtualHost *:80>

. . .

Redirect “/” “https://ip_lokal_vm_kamu”

. . .

</VirtualHost>

Save,exit.


Lakukan apply dan reload pada apache: 

$ sudo a2enmod ssl

$ sudo a2enmod headers

$ sudo a2ensite default-ssl

$ sudo a2enconf ssl-params

$ sudo apache2ctl configtest

$ sudo /etc/init.d/apache2 reload
ssl
Retrieved from "https://wiki.smpyppksantodonboscofakfak.sch.id/index.php?title=Instalasi_SSL_di_Ubuntu_Server_dengan_IP_Private&oldid=149"