Amintaccen Apache tare da Bari Mu Encrypt Certificate akan Rocky Linux

A cikin jagoranmu na baya, mun bi ku ta hanyar daidaita runduna kama-da-wane ta Apache idan kuna buƙatar ɗaukar rukunin gidajen yanar gizo da yawa akan sabar guda ɗaya.

Amma ba kawai ya ƙare a can ba. Tsaron gidan yanar gizon yanzu shine ɗayan mafi girman damuwa a cikin mafi yawan ƙungiyoyi da masu amfani gabaɗaya ta fuskar haɓaka barazanar yanar gizo. Akwai hanyoyi da yawa na kiyaye gidan yanar gizon ku. Ɗaya daga cikin hanyoyin farko na aiwatar da wasu kariya ta asali daga hackers ita ce ɓoye rukunin yanar gizon ku ta amfani da takardar shaidar SSL/TLS.

Takaddun shaida ta SSL/TLS ita ce takardar shaidar sirri da ke tabbatar da asalin gidan yanar gizon ku kuma yana ɓoye bayanan da aka musanya tsakanin mai binciken mai amfani da sabar gidan yanar gizo.

A taƙaice, rukunin yanar gizonku yana canzawa daga amfani da ka'idar HTTP wanda ke aika bayanai a cikin rubutu a sarari zuwa HTTPS (HTTP Secure) wanda ke ɓoye bayanan. Ba tare da ɓoyewa ba, masu kutse za su iya samun sauƙin riƙe bayanan sirri kamar sunayen masu amfani da kalmomin shiga ta hanyar sauraren bayanan da aka yi musayar tsakanin sabar gidan yanar gizo da mai lilo.

Ba da dadewa ba, Google ya yi wani batu na faɗakar da masu amfani da ke ziyartar wuraren da ba a ɓoye ba ta hanyar sanya alamar 'Ba amintacce' akan mashigin URL. Wannan shine son masu amfani da haɗarin da ke tattare da su yayin binciken rukunin yanar gizon.

Idan kai mai gidan yanar gizon ne, tabbas ba za ka so ka sanya abokan cinikinka da maziyartan gidan yanar gizon cikin haɗarin samun bayanansu na sirri ga masu satar bayanai ba. A saboda wannan dalili ne shigar da takardar shaidar SSL akan sabar gidan yanar gizon ku muhimmin mataki ne don tabbatar da rukunin yanar gizon ku.

A cikin wannan jagorar, za mu nuna muku yadda ake amintaccen sabar yanar gizo ta Apache akan Rocky Linux 8 ta amfani da Lets Encrypt SSL Certificate.

Don yin aiki, kuna buƙatar sanya yankinku ya nuna zuwa adireshin IP na Jama'a na gidan yanar gizon ku. Don haka, kuna buƙatar zuwa kan gidan yanar gizon ku kuma tabbatar da sunan yankin yana nuna IP na sabar gidan yanar gizon ku.

Anan, muna da yankin tecmint.info da aka yi nuni zuwa ga adireshin IP na jama'a na sabar mu ta zahiri.

Mataki 1: Sanya EPEL Repo a cikin Rocky Linux

Muna farawa ta hanyar shigar da abubuwan da ake buƙata waɗanda zasu tabbatar da fa'ida akan hanya. Za mu shigar da ma'ajin EPEL da kunshin mod_ssl wanda shine tsarin tsaro don uwar garken HTTP Apache wanda ke ba da cryptography mai ƙarfi ta hanyar yin amfani da ka'idojin SSL/TLS ta amfani da OpenSSL.

$ sudo dnf install epel-release mod_ssl

Mataki 2: Sanya Certbot a cikin Rocky Linux

Yanzu bari mu shigar da Certbot - abokin ciniki ne wanda ke ɗaukar takardar shaidar SSL daga ikon Bari Mu Encrypt kuma yana sarrafa shigarwa da tsarin sa. Wannan yana kawar da zafi da sauri na cika dukkan tsari da hannu.

$ sudo dnf install certbot python3-certbot-apache 

An shigar da Certbot cikakke kuma an tsara shi sosai.

Mataki 3: Shigar da takardar shaidar SSL don Apache a cikin Rocky Linux

Mataki na ƙarshe shine dawo da shigar da Mu Encrypt SSL Certificate. Don cimma wannan, gudanar da umarni:

$ sudo certbot --apache

Wannan yana saita jerin faɗakarwa. Da farko, za a buƙaci ka samar da adireshin imel ɗin ku. Na gaba, shiga cikin Sharuɗɗan Sabis a cikin URL ɗin da aka bayar kuma danna Y don yarda da Sharuɗɗan, sannan danna ENTER.

Bayan haka, za a tambaye ku idan kuna son raba adireshin imel ɗin ku tare da EFF (Electronic Frontier Foundation) wanda shine abokin kafa na Let's Encrypt.

Ta hanyar raba adireshin imel ɗin ku, zaku shiga cikin labarai, yaƙin neman zaɓe, da sauran sabuntawa game da ƙungiyar. Idan kun gamsu da samar da adireshin imel ɗin ku, danna Y, in ba haka ba, danna N kuma danna ENTER.

Da sauri na gaba zai samar da jerin yankuna dangane da tsarin sabar gidan yanar gizon ku kuma ya tambaye ku wanda kuka fi so don kunna HTTPS akansa. Kuna iya zaɓar ko dai 1 ko 2. Amma don daidaituwa, kawai danna ENTER don kunna HTTPS zuwa duk wuraren.

Certbot zai kammala shigarwa da daidaitawar Bari mu Encrypt da adana maɓallan tsaro a cikin /etc/letsencrypt/live/yourdomain/ hanya.

Idan komai ya tafi bisa tsari, za ku sami abin da aka fitar.

Mataki 4: Sabunta SSL Takaddun shaida ta atomatik don Apache a cikin Rocky Linux

Certbot yana ba da rubutun sabunta takardar shaidar 'yan kwanaki kafin ƙarewar ta. Kuna iya yin busasshen gudu don gwada rubutun kamar yadda aka nuna.

$ sudo certbot renew --dry-run

Yanzu, don sarrafa sabuntawar takaddun shaida ta hanyar rubutun, shirya crontab.

$ crontab -e

Ƙayyade aikin cron da aka nuna kuma ajiye canje-canje.

0 * * * * /usr/sbin/certbot-auto renew

Mataki 4: Tabbatar da Takaddun shaida na Apache SSL a Rocky Linux

Don tabbatar da cewa an rufaffen rukunin yanar gizon ku, kawai je zuwa burauzar ku kuma sake shigar da gidan yanar gizon ku. A wannan karon, yakamata ku ga gunkin maɓalli kafin URL ɗin gidan yanar gizon.

Don tattara ƙarin cikakkun bayanai, danna gunkin kuma danna kan zaɓin 'Takaddun shaida' a cikin menu wanda ya bayyana.

Wannan yana cika duk bayanan takaddun kamar yadda aka bayar.

Kuna iya gwada ƙarfin takaddun ku ta hanyar zuwa Gwajin Labs na SSL. Samar da URL ɗin gidan yanar gizon ko sunan yanki kuma danna ENTER.

Ya kamata ku sami ƙimar A kamar yadda aka nuna anan.

Idan kun zo wannan nisa, to ya kamata ku kasance cikin matsayi don ɓoye sabar gidan yanar gizon ku ta Apache ta amfani da Takaddun shaida ta Bari Mu Encrypt SSL ta hanyar ba da damar abokin ciniki na Certbot daga EFF.