Yadda ake Shigar da Takaddun Shafin SSL kyauta don Nginx akan Debian 10
Lokacin kafa gidan yanar gizo, ɗayan mahimman abubuwan da yakamata ku tuna shine tsaron shafinku. Takaddun shaida na SSL takaddun dijital ne wanda ke ɓoye bayanan da aka aiko daga burauzar mai amfani zuwa sabar yanar gizo. Wannan hanyar, bayanan da aka aiko amintattu ne kuma masu aminci daga masu fashin kwamfuta waɗanda ke amfani da mayukan fakiti kamar Wireshark don yin katsewa da sauraren saƙonninku.
Shafaffen shafin yana da alamar kullewa a cikin sandar URL tare da acronym https kamar yadda aka nuna a cikin hoton da ke tafe.
Shafin da ba a ɓoye ba galibi yana da sanarwar\"Ba amintacce '' a sandar URL.
Kafin mu fara, tabbatar da cewa an cika waɗannan bukatun:
- Misali mai gudana na Debian 10 Mafi qarancin Server.
- Misali mai gudana na Nginx Web Server tare da Saitin Yanki akan Debian 10.
- Sunan Cikakken Domainwararren Sunan (FQDN) mai rijista tare da
Arikodin da ke nuna adireshin IP na Debian 10 akan mai ba da yankinku.
Don wannan koyawa, muna da linux-console.net nuna adireshin IP ɗin 192.168.0.104.
A cikin wannan labarin, zamu bincika yadda zaku girka Bari mu Encrypt SSL akan Debian 10 don samun Takaddun Shafin SSL na Kyauta don rukunin yanar gizon Nginx.
Bari mu Encrypt SSL kyauta ce ta kyauta daga EFF (Wutar Lantarki ta Fasaha) wanda ke aiki na tsawon watanni 3 kuma sabuntawar atomatik ya ƙare. Hanya ce mai sauƙi kuma mai arha don ɓoye shafinku idan aljihunku suna da matsi.
Ba tare da bata lokaci ba, bari mu shiga ciki mu girka Bari mu Encrypt akan sabar yanar gizo ta Nginx:
Mataki 1: Sanya Certbot a cikin Debian 10
Don farawa muna buƙatar shigar da Certbot - shine software wanda ke ɗoke Bari mu ɓoye takaddun dijital kuma daga baya mu tura shi akan sabar yanar gizo. Don cim ma wannan, muna buƙatar shigar da kunshin python3-certbot-nginx. Amma kafin muyi haka, bari mu fara sabunta kunshin tsarin.
$ sudo apt update
Mataki na gaba shine shigar da dogaro da kunshin python3-certbot-nginx ke buƙata.
$ sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface
Yanzu bari mu shigar da kunshin python3-certbot-nginx.
$ sudo apt install python3-certbot-nginx
Mataki na 2: Tabbatar da Sanya Hanyar Nginx Server
Don certbot don turawa ta atomatik Bari mu ɓoye takardar shaidar SSL akan sabar yanar gizo ta Nginx, ana buƙatar daidaita sabar sabar. Mun rufe daidaitattun sassan sabar Nginx akan sashin ƙarshe na labarin da ya gabata.
Idan kun bi sosai, ya kamata ku sami toshewar sabar a/sauransu/nginx/shafuka-wadata/some_domain. A halinmu, toshewar sabar Nginx zata kasance
/etc/nginx/sites-available/linux-console.net
Kari akan haka, tabbatar umarnin uwar garken_ yayi daidai da sunan yankinku.
server_name linux-console.net linux-console.net;
Don tabbatar da duk abubuwan Nginx suna cikin tsari, gudu:
$ sudo nginx -t
Sakamakon da ke sama yana nuna cewa duk suna lafiya.
Mataki na 3: Sanya Firewall don buɗe tashar HTTPS
Idan kun daidaita kuma kun kunna, kamar yadda aka ba da shawarar koyaushe, muna buƙatar ba da izinin HTTPS a duk faɗin bango don sabar yanar gizo ta kasance ta isa ga kowa da kowa.
$ sudo ufw allow 'Nginx Full'
Na gaba, sake shigar da bangon wuta don aiwatar da canje-canje.
$ sudo ufw reload
Don tabbatar da cewa mun ba da izinin yarjejeniya ta hanyar Firewall.
$ sudo ufw status
Mataki na 4: Let’saddamar da Bari Mu Encrypt SSL Certificate don Domain
Tare da duk saituna da abubuwan daidaitawa a cikin dubawa, lokaci yayi da za a ɗora da kuma tura Let Encrypt SSL certificate akan shafin yanar gizo.
$ sudo certbot --nginx -d domain-name -d www.domain-name.com
A yanayinmu, zamu samu
$ sudo certbot --nginx -d linux-console.net -d linux-console.net
A mataki na farko, za a sa ka Shigar da adireshin imel ɗinka. Rubuta adireshin ku kuma buga Shigar.
Gaba, za a umarce ku da ku amince da sharuɗɗan sabis. Rubuta A don ci gaba.
Certbot zai ci gaba da neman izininka ta amfani da imel ɗin don aiko muku da sanarwa game da abubuwan da suka faru a cikin EFF. Anan, zaku iya zaɓar shiga ko fita, don shiga, rubuta Y (Ee) sannan ku shiga Shigar. Don ƙin shiga ya buga N (A'a).
Certbot sannan zai tuntuɓi Bari mu ɓoye, zazzage takaddun shaidar SSL kuma tura shi zuwa toshe uwar garken Nginx wanda kuka riga kuka ƙirƙira.
A cikin sashe na gaba, Buga 2 don tura turawan HTTP da aka saba zuwa HTTPS.
Za a tura takardar shaidar zuwa ga Sabis ɗin Nginx kuma za ku karɓi sanarwar taya murna don tabbatar da cewa sabar yanar gizonku yanzu an ɓoye ta amfani da Let's Encrypt SSL.
Mataki 5: Tabbatar da HTTPS akan Gidan yanar gizon Nginx
Don tabbatar da canje-canje ta burauzar gidan yanar gizo, shayar da shafin burauzar ku kuma tabbatar da lura da alamar makulli.
Latsa gunkin kulle-kulle kuma zaɓi zaɓi 'Takaddun shaida' don duba bayanan takardar shaidar SSL.
Duk takaddun shaidar takardar shaidar za a nuna.
Kuna iya kara tabbatar da matsayin sabar gidan yanar gizonku ta hanyar gwada URL ɗin rukunin yanar gizonku a https://www.ssllabs.com/ssltest/. Idan sabar yanar gizo ta ɓoye ta amfani da takardar shaidar SSL, zaka sami maki kamar yadda aka nuna.
Munzo karshen wannan darasin. A cikin jagora, kun koyi yadda ake girka takardar shaidar SSL kyauta don Nginx akan Debian 10.