Yadda zaka amintar da Nginx tare da Saka Encrypt akan CentOS 8

An kafa shi a watan Afrilu 2016 ta Gidauniyar Electron Frontier Foundation (EFF), Bari mu Encrypt kyauta ne da takaddar takaddama ta atomatik wanda ke ba da ɓoye TLS don shafukan yanar gizo kwata-kwata kwata-kwata.

Manufar Let Encrypt takardar shaidar ita ce ta atomatik tabbatarwa, ƙirƙira, sa hannu tare da sabuntawar atomatik na takardar shaidar tsaro. Wannan takaddun shaida yana ba da damar haɗin ɓoye zuwa masu amfani da yanar gizo ta amfani da yarjejeniyar HTTPS a cikin sauƙi, ba tare da matsala ba tare da wani rikitarwa. Takaddar takaddar tana aiki ne kawai don kwanaki 90 wanda za'a kunna autorenewal.

Shawara Karanta: Yadda za a Amintar Apache tare da Bari mu Encrypt SSL Certificate a kan CentOS 8

A cikin wannan labarin, zamu nuna yadda zaku girka Bari mu Encrypt don samun takardar shaidar SSL kyauta don amintar da sabar yanar gizo ta Nginx akan CentOS 8 (umarnin iri ɗaya kuma yana aiki akan RHEL 8). Haka nan za mu bayyana muku yadda za ku sabunta takardar shaidar SSL ta atomatik.

Kafin mu ci gaba don tabbatar da cewa kuna da waɗannan masu biyo baya.

1. Cikakken Domainwararren Sunan Yanki (FQDN) yana nuni zuwa keɓaɓɓen adireshin IP na mai amfani da yanar gizo. Wannan yana buƙatar daidaitawa a cikin yankin abokin ciniki na mai ba da sabis na yanar gizo na DNS. Don wannan darasin, muna amfani da sunan yankin linuxtechwhiz wanda ke nuna adireshin IP 34.70.245.117.

2. Hakanan zaka iya tabbatar da hakan ta hanyar aiwatar da duba gaba ta amfani da umarnin tono kamar yadda aka nuna.

$ dig linuxtechwhiz.info

3. Nginx an shigar dashi kuma yana gudana akan yanar gizo. Kuna iya tabbatar da wannan ta hanyar shiga cikin tashar kuma kunna umarnin da ke ƙasa. Idan ba'a shigar Nginx ba, bi labarin mu don Shigar Nginx akan CentOS 8.

$ sudo systemctl status nginx

4. Hakanan zaka iya tabbatarwa ta ziyartar URL na sabar yanar gizo akan burauzar yanar gizo.

http://server-IP-or-hostname

Daga URL, zamu iya gani sarai cewa rukunin yanar gizon bashi da tsaro, kuma saboda haka ba'a ɓoye shi ba. Wannan yana nuna cewa duk wasu buƙatun da aka gabatar ga mai siyarwar yanar gizo na iya shiga cikin wannan wanda ya haɗa da bayanai masu mahimmanci da sirri kamar sunayen masu amfani, kalmomin shiga, lambobin tsaro na zamantakewa, da bayanan katin kuɗi don ambaci kaɗan.

Yanzu bari hannayen mu suyi datti mu girka Bari mu Encrypt.

Mataki 1. Sanya Certbot a cikin CentOS 8

Don shigar da takardar shaidar Bari mu Encrypt, da farko-duk kuna buƙatar shigar da certbot. Wannan babban abokin ciniki ne wanda zai ɗebo takardar shaidar tsaro daga Let Encrypt Authority kuma zai baka damar sarrafa aikin tabbatarwa da daidaitawar takardar shaidar don amfani da yanar gizo.

Zazzage certbot ta amfani da umarnin curl.

$ sudo curl -O https://dl.eff.org/certbot-auto

Next, matsar da takardar shaidar zuwa/usr/na gida/bin directory.

$ sudo mv certbot-auto /usr/local/bin/certbot-auto

Na gaba, sanya izinin fayil zuwa fayil ɗin certbot kamar yadda aka nuna.

$ chmod 0755 /usr/local/bin/certbot-auto

Mataki 2. Sanya Nginx Server Block

Ginin uwar garke a cikin Nginx yayi daidai da mai masaukin baki a Apache. Kafa sabin tubalan ba wai kawai yana ba ka damar kafa rukunin yanar gizo masu yawa a cikin sabar ɗaya ba amma kuma yana ba da damar certbot don tabbatar da mallakar yankin ga Hukumar Shaida - CA.

Don ƙirƙirar toshe sabar, kunna umarnin da aka nuna.

$ sudo vim /etc/nginx/conf.d/www.linuxtechwhiz.info

Tabbatar maye gurbin sunan yankin tare da sunan yankin ku. Sannan liƙa sanyi a ƙasa.

server {
   server_name www.linuxtechwhiz.info;
   root /opt/nginx/www.linuxtechwhiz.info;

   location / {
       index index.html index.htm index.php;
   }

   access_log /var/log/nginx/www.linuxtechwhiz.info.access.log;
   error_log /var/log/nginx/www.linuxtechwhiz.info.error.log;

   location ~ \.php$ {
      include /etc/nginx/fastcgi_params;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   }
}

Adana fayil ɗin kuma fita daga editan rubutu.

Mataki na 3: Shigar da Takaddun shaida a kan CentOS 8

Yanzu yi amfani da umarnin certbot don ƙaddamar da ɗorawa da daidaitawa na Let encryption takardar shaidar tsaro.

$ sudo /usr/local/bin/certbot-auto --nginx

Wannan umarnin zaiyi aiki da shigar da fakitin Python da yawa da dogaro kamar yadda aka nuna.

Wannan zai biyo baya ta hanzari mai ma'amala kamar yadda aka nuna:

Idan komai ya tafi daidai, yakamata ku sami damar ganin saƙon taya murna a ƙarshen.

Don tabbatar da cewa shafin Nginx ɗinku rufaffen abu ne, sake shigar da shafin yanar gizon kuma ku lura da alamar makullin a farkon URL ɗin. Wannan yana nuna cewa an amintar da rukunin yanar gizon ta hanyar amfani da boye-boye na SSL/TLS.

Don samun ƙarin bayani game da takardar shaidar tsaro, danna alamar alamar kulle kuma zaɓi zaɓi 'Takaddun shaida'.

Informationarin bayani game da takardar shaidar tsaro za a nuna kamar yadda aka nuna a ƙasa.

Allyari, don gwada ƙarfin takardar shaidar tsaro, fita zuwa https://www.ssllabs.com/ssltest/ kuma sami cikakken bincike da zurfin bincike game da matsayin takardar shaidar tsaro.

Mataki na 4. Sabunta Takaddun shaida na Bari

Kamar yadda muka gani a baya, takardar shaidar tsaro tana aiki ne kawai na tsawon kwanaki 90 kuma ana buƙatar sabunta shi kafin ƙarewar.

Kuna iya canzawa ko gwada tsarin sabunta takardar shaidar ta hanyar aiwatar da umurnin:

$ sudo /usr/local/bin/certbot-auto renew --dry-run

Wannan ya kunshi wannan koyawa akan amintar da Nginx tare da Let Encrypt akan CentOS 8. Bari mu Encrypt ya ba da ingantacciyar hanyar da babu matsala don tabbatar da gidan yanar gizo na Nginx ɗin sa wanda in ba haka ba zai zama rikitaccen al'amari da za a yi da hannu ba.

Ya kamata rukunin yanar gizonku ya zama cikakke a yanzu. Bayan 'yan makonni zuwa ranar karewar takardar shaidar, EFF za ta faɗakar da ku ta hanyar imel don sabunta takardar shaidar don kauce wa katsewa da zai iya faruwa saboda takardar shaidar da ta ƙare. Wannan duk samari ne na yau!