Konfigurasi Openssl Nginx Di Centos7
Konfigurasi OpenSSL Nginx di CentOS7 - HTTPS sudah menjadi standard security pada world wide web (www). HTTPS memakai transport layer SSL (Socker Secure Layer) atau TLS (Transport Layer Security) dengan melaksanakan enkripsi data antara web server dengan browser.
Baca Juga:
Install Nginx Source di CentOS7
Konfigurasi WebDav Nginx di CentOS7
Masih melanjutkan artikel yang sebelumnya, Kali ini www.dimasrio.com akan membahas bagimana mengaktifkan module ssl pada nginx.
Enable SSL di Nginx
Disini kita akan install openssl via source.
wget https://www.openssl.org/source/openssl-1.0.2n.tar.gzExtract archive dan compile source openssl.
tar -zxvf openssl-10.2n.tar.gzBuat ssl cert dan key ssl, sebagai pola aku akan menciptakan ssl untuk domain dimzrio.com.
cd openssl-10.2n
./config --prefix=/opt/openssl
make
make install
mkdir /opt/nginx/sslOutput:
/opt/openssl/bin/openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /opt/nginx/ssl/nginx.key -out /opt/nginx/ssl/nginx.crt
-----Selanjutnya recompile nginx dengan mengaktifkan module ssl.
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI Jakarta
Locality Name (eg, city) []:Cipinang
Organization Name (eg, company) [Internet Widgits Pty Ltd]:dimzrio tutorials
Organizational Unit Name (eg, section) []:dimzrio
Common Name (e.g. server FQDN or YOUR name) []:dimzrio.com
Email Address []:nginx@dimzrio.com
./configure --prefix=/opt/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=nginx --group=nginx --with-threads --with-file-aio --with-http_sub_module --with-http_geoip_module --with-http_dav_module --with-stream --with-http_v2_module --with-stream_ssl_module --with-http_ssl_module --with-openssl=/root/source/openssl-1.0.2nSetelah module ssl terinstall.
make
make install
/opt/nginx/sbin/nginx -VOutput:
...
built with OpenSSL 1.0.2n 7 Dec 2017
TLS SNI support enabled
...
Setting SSL pada Nginx
Setup nginx.conf menyerupai di bawah ini.
nano /opt/nginx/conf/nginx.confContent:
user nginx;Buat vhosts untuk dimzrio.com.
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
include vhosts/*.conf;
}
mkdir /opt/nginx/conf/vhostsContent:
nano /opt/nginx/conf/vhosts/dimzrio-com.conf
server {Jalankan service nginx.
listen 80;
listen 443 ssl http2;
access_log /var/log/nginx/dimzrio-access.log main;
error_log /var/log/nginx/dimzrio-error.log;
server_name dimzrio.com;
# SSL Config #
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /opt/nginx/ssl/nginx.crt;
ssl_certificate_key /opt/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_session_cache shared:TLS:10m;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_prefer_server_ciphers on;
location / {
index index.html;
root /opt/nginx/html;
}
}
/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.confSelanjutnya test dengan browser https://dimzrio.com.
Jika sudah sanggup di akses, maka ssl sudah aktif.
Demikian tutorial nginx mengenai enable ssl di nginx dengan openssl. Semoga bermanfaat bagi kita semua dan selamat mencoba..!!! Sumber http://www.dimasrio.com/
