Yadda ake Saita HTTPS (Takaddun shaida SSL) don Aminta Shiga PhpMyAdmin


Don gabatar da wannan tukwici, bari mu ɓata zirga-zirgar HTTP tsakanin injin abokin ciniki da uwar garken Debian 8 inda muka yi kuskure mara laifi don shiga ta amfani da tushen bayanan mai amfani da bayanan a cikin labarinmu na ƙarshe a: Canja da Amintaccen Default PhpMyAdmin Login URL

Kamar yadda muka ambata a tukwici na baya, kar a yi ƙoƙarin yin wannan tukuna idan ba kwa son fallasa bayanan shaidarku. Don fara shakar zirga-zirga, mun buga wannan umarni kuma mun danna Shigar:

# tcpdump port http -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --line-buffered -B20

Ba zai dauki lokaci mai tsawo ba mu gane cewa an aika da sunan mai amfani da kalmar sirri ta waya a cikin tsarin rubutu a sarari, kamar yadda kuke gani a cikin tarkacen fitarwa na tcpdump a hoton da ke ƙasa.

Da fatan za a lura cewa mun ɓoye ɓangaren tushen kalmar sirri tare da alamar shuɗi akansa:

Don guje wa wannan, bari mu kiyaye shafin shiga tare da takaddun shaida. Don yin wannan, shigar mod_ssl kunshin akan tushen rarrabawar CentOS.

# yum install mod_ssl

Kodayake za mu yi amfani da hanyar Debian/Ubuntu da sunaye, hanya iri ɗaya tana aiki ga CentOS da RHEL idan kun maye gurbin umarni da hanyoyin da ke ƙasa tare da daidaitattun CentOS.

Ƙirƙiri adireshi don adana maɓalli da takaddun shaida:

# mkdir /etc/apache2/ssl    [On Debian/Ubuntu based systems]
# mkdir /etc/httpd/ssl      [On CentOS based systems]

Ƙirƙiri maɓalli da takaddun shaida:

----------- On Debian/Ubuntu based systems ----------- 
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

----------- On CentOS based systems ----------- 
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
........................+++
.....................................................+++
writing new private key to '/etc/httpd/ssl/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Maharashtra
Locality Name (eg, city) [Default City]:Mumbai
Organization Name (eg, company) [Default Company Ltd]:TecMint
Organizational Unit Name (eg, section) []:TecMint
Common Name (eg, your name or your server's hostname) []:TecMint
Email Address []:[email 

Na gaba, tabbatar da maɓalli da takaddun shaida.

# cd /etc/apache2/ssl/   [On Debian/Ubuntu based systems]
# cd /etc/httpd/ssl/     [On CentOS based systems]
# ls -l

total 8
-rw-r--r--. 1 root root 1424 Sep  7 15:19 apache.crt
-rw-r--r--. 1 root root 1704 Sep  7 15:19 apache.key

A cikin Debian/Ubuntu, tabbatar cewa Apache yana sauraron tashar jiragen ruwa 443 don tsohuwar rukunin yanar gizon (/etc/apache2/sites-available/000-default.conf) kuma ƙara layin 3 SSL a cikin sanarwar VirtualHost:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

A cikin rarraba tushen CentOS, gaya wa Apache don sauraron tashar jiragen ruwa 443 kuma nemi umarnin Saurari a /etc/httpd/conf/httpd.conf kuma ƙara layin da ke sama a ƙasansa.

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

Ajiye canje-canje, loda tsarin SSL Apache akan rarrabawar Debian/Ubuntu (a cikin CentOS ana loda wannan ta atomatik lokacin da kuka shigar mod_ssl a baya):

# a2enmod ssl

Tilasta phpmyadmin don amfani da SSL, tabbatar cewa layin yana nan a /etc/phpmyadmin/config.inc.php ko /etc/phpMyAdmin/config.inc.php fayil:

$cfg['ForceSSL'] = true;

kuma zata sake kunna sabar gidan yanar gizo:

# systemctl restart apache2   [On Debian/Ubuntu based systems]
# systemctl restart httpd     [On Debian/Ubuntu based systems]

Bayan haka, kaddamar da burauzar gidan yanar gizon ku kuma buga https:///my (koyi yadda ake canza URL ɗin shiga PhpMyAdmin) kamar yadda aka nuna a ƙasa.

Muhimmi: Lura cewa kawai yana cewa haɗin ba shi da tsaro saboda muna amfani da takardar shedar sa hannu. Danna kan Babba kuma tabbatar da keɓantawar tsaro:

Bayan tabbatar da keɓantawar tsaro, kuma kafin shiga, bari mu fara ɓata zirga-zirgar HTTP da HTTPS:

# tcpdump port http or port https -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --line-buffered -B20

Sannan shiga ta amfani da takaddun shaida iri ɗaya kamar a baya. Mai shakar zirga-zirga zai kama gibberish kawai a mafi kyau:

Shi ke nan a yanzu, a cikin labarin na gaba za mu raba ku don taƙaita damar PhpMyAdmin tare da sunan mai amfani/kalmar wucewa, har sai kun kasance cikin sauraron Tecmint.