Yadda za a Kafa Takaddun Shaidar SSL na Apache akan Debian 10
A cikin karuwar fuskokin cyberattacks da karya doka, tabbatar da gidan yanar gizonku shine babban fifiko a kare kanku da baƙi na rukunin yanar gizo daga masu fashin kwamfuta. A cikin wannan darasin, zamu bincika yadda zaka iya saita Takaddun Shafin SSL kyauta ta amfani da Let's Encrypt SSL for Apache on Debian 10.
Bari mu Encrypt kyauta ce ta SSL kyauta da muka rubuta ta Let's Encrypt authority wanda ke aiki na kwanaki 90 kawai amma ana iya sabunta shi a kowane lokaci.
Kafin mu ci gaba gaba, Mene ne takardar shaidar SSL? Takaddun shaidar SSL takaddun dijital ne wanda ke ɓoye sadarwa tsakanin mai bincike da sabar yanar gizo. Wannan yana ɓoye tabbacin cewa duk bayanin da aka aika zuwa sabar yanar gizo ta sirri ce kuma ta sirri. Ana amfani da takaddun takaddun SSL akan shafukan yanar gizo na e-commerce, rukunin yanar gizo na banki da dandamali aikawa/aika kuɗi kamar su PayPal, Payoneer, da Skrill.
Shafukan yanar gizon da aka tabbatar da SSL suna da alamar kullewa a cikin sandar URL ɗin tare da acronym https (HyperText Transfer Protocol Secure) kamar yadda aka nuna a cikin hoton da ke tafe.
Idan wani shafin ba shi da kariya tare da takardar shaidar SSL, Google zai nuna gargadi\"Ba Amintacce" a gaban adireshin gidan yanar gizon a cikin URL ɗin.
Kafin mu fara, tabbatar da cewa an cika waɗannan bukatun:
- Misali mai gudana na Debian 10 Mafi qarancin Server.
- Misali mai gudana na Gidan yanar gizo na Apache tare da Saitin Yanki akan Debian 10.
- Sunan Cikakken Domainwararren Sunan (FQDN) mai rijista tare da
Arikodin da ke nuna adireshin IP na Debian 10 Linux tsarin akan mai ba da sabis ɗin ku.
Don wannan koyawa, muna da linux-console.net nuna adireshin IP ɗin 192.168.0.104.
Mataki 1: Sanya Certbot a cikin Debian 10
Don farawa, muna buƙatar shigar da Certbot akan misalin Debian 10. Certbot shine software na abokin ciniki ta EFF (Electron Frontier Foundation) wanda ke ɗobo Bari mu Encrypt SSL & saita shi akan sabar yanar gizo.
Don cimma wannan, farkon wuraren ajiyar tsarin.
$ sudo apt update
Na gaba, ƙara ma'aji akan tsarin Debian ɗinka ta amfani da umarnin da ke ƙasa.
$ sudo apt install python-certbot-apache -t buster-backports
Mataki 2: Sami Takaddun Shaidar SSL don Domain
Bayan nasarar shigar da abokin ciniki na certbot, bari mu ci gaba da shigar da takardar shaidar Bari ta Encrypt ta amfani da umarnin da ke ƙasa.
$ sudo certbot --apache -d your_domain -d www.your_domain
Wannan zai nemi adireshin imel ɗin ku kai tsaye kamar yadda aka nuna a ƙasa.
Na gaba, za a sa ka yarda da Sharuɗɗan Sabis. Buga A kuma buga Shigar.
Kari akan haka, za a tambaye ku idan kuna son raba adireshin imel ɗinku tare da tushen EFF kuma karɓar sabuntawar lokaci-lokaci game da aikinsu. Buga Y saika buga Shigar.
Bayan haka, certbot zai tuntuɓi Bari mu ɓoye sabobin kuma mu tabbatar da yankin da kake nema yanki ne mai rijista kuma mai inganci.
Sannan za'a tambaye ku ko kuna son tura duk buƙatun zuwa HTTPS. Saboda muna neman mu ɓoye hanyoyin HTTP, rubuta 2 don turawa kuma danna ENTER.
Kuma a ƙarshe, idan komai ya tafi daidai, zaku sami sanarwar a ƙasa cewa kun sami nasarar kunna yarjejeniyar HTTPS akan sabar yanar gizonku da ranar ƙarewar takardar shaidar SSL ɗin ku.
Mataki na 3: Bada layin HTTPS Akan Firewall
Idan an kunna katangar UFW, kamar yadda ake ba da shawarar koyaushe saboda dalilai na tsaro, kana buƙatar ba da izinin zirga-zirgar HTTPS ta hanyarsa, in ba haka ba, ba za mu iya samun damar shiga rukunin yanar gizonmu ba a kan burauzar yanar gizo.
Tunda HTTPS suna aiki akan tashar 443, buɗe tashar ta hanyar gudu.
$ sudo ufw allow 443/tcp
Na gaba, sake shigar da bangon wuta don aiwatar da canje-canje.
$ sudo ufw reload
Don tabbatarwa idan canje-canje sun fara aiki, gudanar da umarnin da ke ƙasa don bincika matsayin Firewall.
$ sudo ufw status
Kamar yadda kake gani daga fitarwa a sama, an buɗe tashar jiragen ruwa 443.
Mataki na 4: Tabbatar da HTTPS akan Yanar Gizo
Tare da duk abubuwan daidaitawa da aka yi da ƙura, lokaci yayi da za a bincika mu gani idan sabar yanar gizon mu tana amfani da yarjejeniyar https. Fita zuwa burauzar gidan yanar gizon ku kuma rubuta sunan yankin gidan yanar gizon ku a cikin gidan adireshin URL wanda aka biyo baya tare da acronym https
Idan kai ɗan son sani kuma kana son bincika ƙarin bayani game da takardar shaidar SSL, danna alamar alamar kulle kamar yadda aka nuna.
A menu da aka ja, aka nuna zabin ‘Certificate’ ‘Tabbatacce '.
Don bincika ƙarin bayani, danna wannan zaɓin. Fitowa yana bayyana tare da duk cikakkun bayanai gami da Takaddun Shaida (Bari mu Encrypt Authority), kwanan wata da aka bayar da ranar karewa.
Hakanan zaka iya gwada takaddun shaidar shafin SSL akan https://www.ssllabs.com/ssltest/.
Mataki na 5: Duba Sabunta Auto Certbot SSL Certificate
Certbot ta sake sabunta takardar shaidar SSL ta atomatik kwanaki 30 kafin ta ƙare. Don tabbatar da aikin sabuntawa, gudanar da umurnin da ke ƙasa.
$ sudo certbot renew --dry-run
Abubuwan da aka samo a ƙasa yana tabbatar da cewa komai yana da kyau kuma cewa takaddun shaidar SSL zata sabunta ta atomatik kafin kwanakin ƙarewar kwanaki 90.
A ƙarshe mun zo ƙarshen wannan darasin. A cikin wannan darasin, kun koyi yadda ake amintar da sabar yanar gizo ta Apache tare da Let Encrypt free SSL. Idan kuna da wata tsokaci ko tambaya, to ku tuntube mu.