Apache ti o ni aabo pẹlu Jẹ ki Encrypt SSL Certificate on CentOS 8


Ni ifipamo olupin ayelujara rẹ nigbagbogbo jẹ ọkan ninu awọn ifosiwewe bọtini ti o yẹ ki o ronu ṣaaju lilọ laaye pẹlu oju opo wẹẹbu rẹ. Ijẹrisi aabo jẹ pataki fun aabo ijabọ ti a firanṣẹ lati awọn aṣawakiri wẹẹbu si awọn olupin wẹẹbu ati ni ṣiṣe bẹ, yoo fun awọn olumulo ni iyanju lati ṣe paṣipaarọ data pẹlu oju opo wẹẹbu rẹ ni imọ kikun pe ijabọ ti a fi ranṣẹ ni aabo.

Ni ọpọlọpọ awọn ọran, awọn iwe-ẹri aabo ni a san fun ati tunse lododun. Jẹ ki Encrypt ijẹrisi jẹ ọfẹ, ṣii ati aṣẹ ijẹrisi adaṣe ti o le lo lati encrypt aaye rẹ. Ijẹrisi naa pari lẹhin gbogbo ọjọ 90 ati isọdọtun-aifọwọyi ni idiyele rara.

Iṣeduro Kika: Bii o ṣe le ni aabo Nginx pẹlu Jẹ ki Encrypt lori CentOS 8

Ninu àpilẹkọ yii, a yoo fihan ọ bi o ṣe le fi sori ẹrọ Jẹ ki Encrypt Ijẹrisi pẹlu Certbot fun olupin ayelujara Apache ati lẹhinna, tunto ijẹrisi lati tunse laifọwọyi ni CentOS 8.

Ṣaaju ki o to bẹrẹ, rii daju pe o ni atẹle ni aye:

1. Apeere ti olupin CentOS 8 pẹlu olupin ayelujara Apache HTTP ti fi sori ẹrọ ati ṣiṣe. O le jẹrisi pe olupin ayelujara apache rẹ ti wa ni ṣiṣiṣẹ.

$ sudo dnf install httpd
$ sudo systemctl status httpd

2. Orukọ Aṣẹ Ti o pe Ni kikun (FQDN) ti o tọka si adirẹsi IP gbangba ti olupin ayelujara rẹ lori olupese iṣẹ gbigba wẹẹbu DNS rẹ. Fun itọsọna yii, a yoo lo linuxtechwhiz.info ntokasi si olupin olupin IP 34.67.63.136 .

Igbesẹ 1. Fi Certbot sii ni CentOS 8

Certbot jẹ alabara ti o ṣe adaṣe fifi sori ẹrọ ti ijẹrisi aabo. O mu ijẹrisi naa lati Jẹ ki a parokọ aṣẹ ati fi ranṣẹ lori olupin ayelujara rẹ laisi pupọ ti wahala.

Certbot jẹ ọfẹ ọfẹ ati pe yoo jẹ ki o fi sori ẹrọ ijẹrisi naa ni ọna ibaraenisọrọ nipa ṣiṣe awọn ilana ti o da lori iṣeto ni olupin rẹ wẹẹbu.

Ṣaaju ki o to ṣe igbasilẹ certbot, akọkọ, fi awọn idii sii ti o ṣe pataki fun iṣeto ti asopọ ti paroko.

$ sudo dnf install mod_ssl openssl

Ṣe igbasilẹ certbot nipa lilo pipaṣẹ curl.

$ sudo curl -O https://dl.eff.org/certbot-auto

Nigbamii, gbe faili certbot si itọsọna /usr/agbegbe/bin ki o fi awọn igbanilaaye faili ṣiṣẹ.

$ sudo mv certbot-auto /usr/local/bin
$ sudo chmod 755 /usr/local/bin/certbot-auto

Igbesẹ 2: Ṣẹda Gbalejo foju kan Afun

Igbese ti yoo tẹle yoo jẹ lati ṣẹda faili alejo gbigba foju kan fun agbegbe wa - linuxtechwhiz.info . Bẹrẹ nipa ṣiṣẹda akọkọ gbongbo iwe ibi ti iwọ yoo gbe awọn faili HTML rẹ si.

$ sudo mkdir /var/www/linuxtechwhiz.info.conf

Ṣẹda idanwo index.html faili bi o ti han.

$ sudo echo “<h1>Welcome to Apache HTTP server</h1>” > /var/www/linuxtechwhiz.info/index.html

Nigbamii, ṣẹda faili alejo gbigba foju bi o ti han.

$ sudo vim /etc/httpd/conf.d/linuxtechwhiz.info

Fi iṣeto ni isalẹ.

<VirtualHost *:443>
  ServerName linuxtechwhiz.info
  ServerAlias www.linuxtechwhiz.info
  DocumentRoot /var/www/linuxtechwhiz.info/
  <Directory /var/www/linuxtechwhiz.info/>
      Options -Indexes +FollowSymLinks
      AllowOverride All
  </Directory>
  ErrorLog /var/log/httpd/www.linuxtechwhiz.info-error.log
  CustomLog /var/log/httpd/www.linuxtechwhiz.info-access.log combined
</VirtualHost>

Fipamọ ki o jade.

Fi awọn igbanilaaye si gbongbo Iwe-ipamọ bi o ti han.

$ sudo chown -R apache:apache /var/www/linuxtechwhiz.info

Fun awọn ayipada lati wa si ipa, tun bẹrẹ iṣẹ Apache.

$ sudo systemctl restart httpd

Igbesẹ 3: Fi sori ẹrọ Jẹ ki Encrypt SSL Certificate on CentOS 8

Bayi ṣiṣe certbot bi o ṣe han lati bẹrẹ fifi sori ẹrọ ti Jẹ ki Encrypt ijẹrisi.

$ sudo /usr/local/bin/certbot-auto --apache

Nọmba awọn idii Python ni yoo fi sori ẹrọ ti o han ni isalẹ.

Lẹhin fifi sori awọn idii naa ṣaṣeyọri, certbot yoo ṣe ifilọlẹ igba ila-aṣẹ ibanisọrọ kan ti yoo ṣe itọsọna fun ọ pẹlu fifi sori ẹrọ ti Jẹ ki Encrypt ijẹrisi.

Ti gbogbo rẹ ba lọ daradara, o yẹ ki o gba ifiranṣẹ ikini kan ni ipari ti o sọ fun ọ pe aaye rẹ ti ni aabo nipa lilo iwe-ẹri Jẹ ki Encrypt. Ijẹrisi ijẹrisi rẹ yoo tun han - eyiti o jẹ igbagbogbo lẹhin awọn ọjọ 90 lẹhin imuṣiṣẹ.

Bayi pada sẹhin si faili alejo gbigba foju rẹ ki o fi awọn ila atẹle ti iṣeto sii.

SSLEngine On
 SSLCertificateFile    /etc/letsencrypt/live/linuxtechwhiz.info/fullchain.pem
 SSLCertificateKeyFile  /etc/letsencrypt/live/linuxtechwhiz.info/privkey.pem

Fipamọ ki o jade.

Iṣeto ogun olupin foju Apache yoo wo nkan bi eleyi:

<VirtualHost *:443>
  ServerName linuxtechwhiz.info
  ServerAlias www.linuxtechwhiz.info
  DocumentRoot /var/www/linuxtechwhiz.info/
  <Directory /var/www/linuxtechwhiz.info/>
      Options -Indexes +FollowSymLinks
      AllowOverride All
  </Directory>
  ErrorLog /var/log/httpd/www.linuxtechwhiz.info-error.log
  CustomLog /var/log/httpd/www.linuxtechwhiz.info-access.log combined

 SSLEngine On
 SSLCertificateFile    /etc/letsencrypt/live/linuxtechwhiz.info/fullchain.pem
 SSLCertificateKeyFile  /etc/letsencrypt/live/linuxtechwhiz.info/privkey.pem
</VirtualHost>

Lekan si, tun bẹrẹ Apache.

$ sudo systemctl restart httpd

Igbesẹ 4: Ṣiṣayẹwo naa Jẹ ki Encrypt SSL Certificate

Lati rii daju pe ohun gbogbo n ṣiṣẹ, ṣe ifilọlẹ aṣawakiri rẹ ki o ṣabẹwo si adiresi IP olupin rẹ. O yẹ ki o wo aami titiipa bayi ni ibẹrẹ URL naa.

Lati gba awọn alaye diẹ sii, tẹ lori aami titiipa & tẹ lori aṣayan 'Ijẹrisi' lori akojọ aṣayan fifalẹ ti o han.

Awọn alaye ijẹrisi naa yoo han lori window agbejade ti n bọ.

Pẹlupẹlu, o le idanwo olupin rẹ ni https://www.ssllabs.com/ssltest/ ati pe aaye rẹ yẹ ki o gba aami 'A' bi a ti han.

Igbesẹ 5: Tunse-Aifọwọyi Jẹ ki Encrypt SSL Certificate

Jẹ ki Encrypt wulo nikan fun ọjọ 90 nikan. Nigbagbogbo, ilana isọdọtun ni ṣiṣe nipasẹ package certbot eyiti o ṣe afikun iwe isọdọtun si itọsọna /etc/cron.d. Iwe afọwọkọ naa n ṣiṣẹ lẹẹmeji lojumọ ati pe yoo tunse eyikeyi ijẹrisi laifọwọyi laarin awọn ọjọ 30 ti ipari.

Lati ṣe idanwo ilana isọdọtun-adaṣe, ṣe idanwo ṣiṣe gbigbẹ pẹlu certbot.

$ sudo /usr/local/bin/certbot-auto renew --dry-run

Ti ko ba ni awọn aṣiṣe, lẹhinna o tumọ si pe o dara lati lọ.

Eyi mu wa de opin itọsọna yii. Ninu itọsọna yii, a ṣe afihan bi o ṣe le lo certbot lati fi sori ẹrọ ati tunto iwe-ẹri Jẹ ki Encrypt lori Apache webserver ti n ṣiṣẹ lori eto CentOS 8 kan.