Yadda za a Amince Apache tare da Kyautar Ba da damar Encrypt SSL Certificate akan Ubuntu da Debian
Kuna da sabon sunan yanki mai rijista kuma sabar gidan yanar gizon ku tana aiki tare da Takaddun Sa hannu na SSL wanda kuka bayar wanda ke haifar da ciwon kai ga abokan cinikin ku yayin da suke ziyartar yankin saboda kurakuran da aka samar? Kuna da iyakanceccen kasafin kuɗi kuma ba za ku iya siyan takaddun shaida da amintaccen CA ya bayar? Wannan shine lokacin da Bari mu Encrypt software ya shigo cikin fage kuma yana adana ranar.
Idan kuna neman shigar Bari mu Encrypt don Apache ko Nginx akan RHEL, CentOS, Fedora ko Ubuntu da Debian, bi waɗannan jagororin da ke ƙasa:
Bari mu Encrypt ita ce Hukumar Takaddun shaida (CA) wacce ke ba ku damar samun takaddun shaida na SSL/TLS da ake buƙata don sabar ku ta yi aiki amintacciya, ta samar da ƙwarewar bincike mai sauƙi ga masu amfani da ku, ba tare da kurakurai ba.
Duk matakan da ake buƙata don samar da takaddun shaida, galibi, ana sarrafa su ne don sabar gidan yanar gizo ta Apache. Koyaya, duk da software ɗin sabar gidan yanar gizon ku, dole ne a yi wasu matakai da hannu kuma dole ne a shigar da takaddun takaddun da hannu, musamman idan abun cikin gidan yanar gizon ku ya kasance ta hanyar Nginx daemon.
Wannan koyawa za ta jagorance ku kan yadda za ku iya shigar da software na Bari mu Encrypt akan Ubuntu ko Debian, samarwa da samun takaddun shaida kyauta don yankinku da kuma yadda zaku iya shigar da takardar shaidar da hannu a cikin Apache da sabar gidan yanar gizo na Nginx.
- Sunan yanki mai rijista na jama'a mai inganci
Arikodin don nuna baya zuwa ga Adireshin IP na waje na sabar. Idan uwar garken naka yana bayan Tacewar zaɓi ɗauki matakan da suka dace don tabbatar da cewa uwar garken naka yana da isashen kalma daga intanit ta ƙara ƙa'idodin tura tashar jiragen ruwa a gefen hanyar sadarwa. - Sabar yanar gizo ta Apache da aka shigar tare da shigar da tsarin SSL kuma an kunna hosting na kama-da-wane, idan kun dauki bakuncin yankuna da yawa ko yanki.
Mataki 1: Shigar Apache kuma kunna Module SSL
1. Idan ba ku riga an shigar da sabar gidan yanar gizon Apache akan injin ku ba da umarni mai zuwa don shigar da apache daemon.
$ sudo apt-get install apache2
2. Ƙaddamar da tsarin SSL don uwar garken gidan yanar gizon Apache akan Ubuntu ko Debian yana da sauƙi. Kunna samfurin SSL kuma kunna Apache tsoho uwar garken SSL ta hanyar ba da umarnin da ke ƙasa:
$ sudo a2enmod ssl $ sudo a2ensite default-ssl.conf $ sudo service apache2 restart or $ sudo systemctl restart apache2.service
Masu ziyara yanzu suna iya samun dama ga sunan yankinku ta hanyar HTTPS. Koyaya, saboda takardar shedar sa hannun uwar garken ku ba ta amintacciyar ikon takaddun shaida za a nuna faɗakarwar kuskure akan masu binciken su kamar yadda aka kwatanta a hoton da ke ƙasa.
https://yourdomain.com
Mataki 2: Shigar Kyauta Bari Mu Encrypt Client
3. Domin shigar da software Let's Encrypt akan uwar garken ku kuna buƙatar shigar da kunshin git akan tsarin ku. Ba da umarni mai zuwa don shigar da software git:
$ sudo apt-get -y install git
4. Na gaba, zaɓi shugabanci daga tsarin tsarin ku inda kuke son clone Let's Encrypt git repository. A cikin wannan koyawa za mu yi amfani da /usr/local/ directory a matsayin hanyar shigarwa don Mu Encrypt.
Canja zuwa /usr/local directory kuma shigar da abokin ciniki na letsencrypt ta hanyar ba da umarni masu zuwa:
$ cd /usr/local $ sudo git clone https://github.com/letsencrypt/letsencrypt
Mataki 4: Ƙirƙirar Takaddun shaida na SSL don Apache
5. Tsarin samun Takaddun shaida na SSL don Apache an sarrafa shi ta atomatik godiya ga plugin Apache. Ƙirƙirar takardar shaidar ta hanyar ba da umarni mai zuwa a kan sunan yankinku. Bada sunan yankinku azaman ma'auni ga tutar -d.
$ cd /usr/local/letsencrypt $ sudo ./letsencrypt-auto --apache -d your_domain.tld
Misali, idan kuna buƙatar takaddun shaida don aiki akan yankuna da yawa ko ƙananan yanki ƙara su duka ta amfani da alamar -d ga kowane ƙarin ingantaccen bayanan DNS bayan sunan yankin tushe.
$ sudo ./letsencrypt-auto --apache -d your_domain.tld -d www. your_domain.tld
6. Yarda da lasisi, shigar da adireshin imel don murmurewa kuma zaɓi ko abokan ciniki za su iya bincika yankinku ta amfani da ka'idojin HTTP guda biyu (amintacce da marasa tsaro) ko tura duk buƙatun marasa aminci zuwa HTTPS.
7. Bayan an gama shigarwa cikin nasara an nuna saƙon taya murna a kan na'urar daukar hotan takardu yana sanar da ku game da ranar karewa da kuma yadda za ku iya gwada tsarin kamar yadda aka kwatanta a kan hotunan kariyar kwamfuta.
Yanzu ya kamata ku sami damar nemo fayilolin takaddun ku a /etc/letsencrypt/live directory tare da jerin kundin adireshi mai sauƙi.
$ sudo ls /etc/letsencrypt/live
8. A ƙarshe, don tabbatar da matsayin SSL Certificate ɗin ku ziyarci hanyar haɗin da ke biyowa. Sauya sunan yankin daidai.
https://www.ssllabs.com/ssltest/analyze.html?d=your_domain.tld&latest
Har ila yau, baƙi yanzu za su iya shiga sunan yankinku ta amfani da ka'idar HTTPS ba tare da wani kuskure ya bayyana a cikin masu binciken gidan yanar gizon su ba.
Mataki 4: Sabunta atomatik Yana ba da damar ɓoye takaddun shaida
9. Ta hanyar tsoho, takaddun shaida da ikon Let's Encrypt ya bayar yana aiki na kwanaki 90. Domin sabunta takardar shaidar kafin ranar karewa dole ne ka sake gudanar da abokin ciniki da hannu ta amfani da ainihin tutoci da sigogi kamar yadda a baya.
$ sudo ./letsencrypt-auto --apache -d your_domain.tld
Ko kuma idan akwai ƙananan yankuna masu yawa:
$ sudo ./letsencrypt-auto --apache -d your_domain.tld -d www. your_domain.tld
10. The takardar shaidar sabunta tsari za a iya sarrafa kansa gudu a kasa da 30 kwanaki kafin ranar karewa ta amfani da Linux jadawalin cron daemon.
$ sudo crontab -e
Ƙara umarni mai zuwa a ƙarshen fayil ɗin crontab ta amfani da layi ɗaya kawai:
0 1 1 */2 * cd /usr/local/letsencrypt && ./letsencrypt-auto certonly --apache --renew-by-default --apache -d domain.tld >> /var/log/domain.tld-renew.log 2>&1
11. Ana iya samun cikakkun bayanai game da fayil ɗin daidaitawar yanki na sabuntawa don software na Let's Encrypt a cikin /etc/letsencrypt/renewal/ directory.
$ cat /etc/letsencrypt/renewal/caeszar.tk.conf
Hakanan yakamata ku duba fayil ɗin /etc/letsencrypt/options-ssl-apache.conf don duba sabon fayil ɗin SSL na uwar garken gidan yanar gizo na Apache.
12. Har ila yau, Bari mu ɓoye kayan aikin apache yana canza wasu fayiloli a cikin saitunan uwar garken yanar gizon ku. Domin bincika fayilolin da aka gyara, jera abubuwan da ke cikin kundin adireshi /etc/apache2/sites-enabled directory.
# ls /etc/apache2/sites-enabled/ # sudo cat /etc/apache2/sites-enabled/000-default-le-ssl.conf
Wannan ke nan a yanzu! A jerin koyawa na gaba za su tattauna yadda zaku iya samu da shigar da takardar shaidar Mu Encrypt don uwar garken gidan yanar gizo na Nginx akan Ubuntu da Debian da kuma akan CentOS.