Thursday, March 28, 2024
Arch linux Nginx SSL Virtual Host

Membuat Virtual Hosts, Password Protect Directories dan SSL Certificates menggunakan “Nginx Web Server” di Arch Linux

SSL

“Membuat Virtual Hosts, Password Protect Directories dan SSL Certificates menggunakan “Nginx Web Server” di Arch Linux”

Pengantar

Topik ini sangat terkait dengan Instalasi LEMP sebelumnya di Arch Linux dan akan memandu Anda melalui pengaturan konfigurasi yang lebih kompleks untuk tumpukan LEMP, terutama konfigurasi server web Nginx, seperti membuat Host Virtual, menggunakan Direktori yang Dilindungi Kata Sandi, membuat dan mengonfigurasi HTTP Secure Sockets Layer, HTTP tidak aman dialihkan ke HTTPS dan juga akan memberi Anda beberapa skrip Bash berguna yang akan memudahkan pekerjaan dalam mengaktifkan Host Virtual dan menghasilkan Sertifikat dan Kunci SSL.

Enable Virtual Hosts pada Nginx

  • edit nginx
$ sudo nano /etc/nginx/nginx.conf

- pada bagian bawah tambahkan command berikut

include /etc/nginx/sites-enabled/*.conf;
  • membuat directory
$ sudo mkdir /etc/nginx/sites-available /etc/nginx/sites-enabled

sudo nano /etc/nginx/sites-available/name-ip.conf

## File content ##

server {
    listen 80;
    server_name 192.168.1.33;

    access_log /var/log/nginx/192.168.1.33.access.log;
    error_log /var/log/nginx/192.168.1.33.error.log;

    root /srv/http;
    location / {
    index index.html index.htm index.php;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
 }
    location /phpmyadmin {
        rewrite ^/* /phpMyAdmin last;
    }

    location ~ \.php$ {
        #fastcgi_pass 127.0.0.1:9000; (depending on your php-fpm socket configuration)
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}
  • buat sym link
$ sudo mkdir /srv/http/
$ sudo ln -s /etc/nginx/sites-available/name-ip.conf /etc/nginx/sites-enabled/
$ sudo systemctl restart nginx
$ sudo nano /srv/http/info.php

## File content ##

<?php
phpinfo();
?>

- akses web

http://IPADDR/info.php

- setup n2ensite

$ sudo nano n2ensite

## File content ##

#!/bin/bash
if test -d /etc/nginx/sites-available && test -d /etc/nginx/sites-enabled  ; then
echo "-----------------------------------------------"
else
mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled
fi

avail=/etc/nginx/sites-available/$1.conf
enabled=/etc/nginx/sites-enabled/
site=`ls /etc/nginx/sites-available/`

if [ "$#" != "1" ]; then
                echo "Use script: n2ensite virtual_site"
                echo -e "\nAvailable virtual hosts:\n$site"
                exit 0
else

if test -e $avail; then
sudo ln -s $avail $enabled
else
echo -e "$avail virtual host does not exist! Please create one!\n$site"
exit 0
fi
if test -e $enabled/$1.conf; then
echo "Success!! Now restart nginx server: sudo systemctl restart nginx"
else
echo  -e "Virtual host $avail does not exist!\nPlease see available virtual hosts:\n$site"
exit 0
fi
fi

$ sudo chmod +x n2ensite
$ sudo ./n2ensite your_virtual_host

- disable virtualhost n2dissite

$ sudo nano n2dissite

## File content ##

#!/bin/bash
avail=/etc/nginx/sites-enabled/$1.conf
enabled=/etc/nginx/sites-enabled
site=`ls /etc/nginx/sites-enabled/`

if [ "$#" != "1" ]; then
                echo "Use script: n2dissite virtual_site"
                echo -e "\nAvailable virtual hosts: \n$site"
                exit 0
else
if test -e $avail; then
sudo rm  $avail
else
echo -e "$avail virtual host does not exist! Exiting!"
exit 0
fi
if test -e $enabled/$1.conf; then
echo "Error!! Could not remove $avail virtual host!"
else
echo  -e "Success! $avail has been removed!\nPlease restart Nginx: sudo systemctl restart nginx"
exit 0
fi
fi
  • Cara enable via script virtualhost
$ sudo cp n2ensite n2dissite /usr/local/bin/

Enable SSL dengan Virtual Hosts pada Nginx

$ sudo pacman -S openssl
  • buat https
$ sudo nano nginx_gen_ssl

## File content ##

#!/bin/bash
mkdir /etc/nginx/ssl
cd /etc/nginx/ssl

echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Nginx  SSL certificate!"
read cert

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key
chmod 600 $cert.key
openssl req -new -key $cert.key -out $cert.csr
openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt

echo -e " The certificate $cert has been generated!\nPlease link it to nginx ssl available website!"
ls -all /etc/nginx/ssl
exit 0


$ sudo chmod +x nginx_gen_ssl
$ sudo ./nginx_gen_ssl

$ sudo mv nginx_gen_ssl  /usr/local/bin

$ sudo nano /etc/nginx/sites-availabe/name-ip-ssl.conf

## File content ##

server {
    listen 443 ssl;
    server_name 192.168.1.33;

       ssl_certificate     /etc/nginx/ssl/192.168.1.33.crt;
       ssl_certificate_key  /etc/nginx/ssl/192.168.1.33.key;

       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m;

       ssl_ciphers  HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers  on;

    access_log /var/log/nginx/192.168.1.33-ssl.access.log;
    error_log /var/log/nginx/192.168.1.33-ssl.error.log;
    root /srv/http;
    location / {
    index index.html index.htm index.php;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
 }
    location /phpmyadmin {
        rewrite ^/* /phpMyAdmin last;
    }
    location ~ \.php$ {
        #fastcgi_pass 127.0.0.1:9000; (depending on your php-fpm socket configuration)
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}

$ sudo ./n2ensite name-ip-ssl
OR
$ sudo ln -s /etc/nginx/sites-available/name-ip-ssl.conf /etc/nginx/sites-enabled/
$ sudo systemctl restart nginx

Access PhpMyAdmin via Virtual Host

$ sudo ln -s /usr/share/webapps/phpMyAdmin/ /srv/http/

- tambahkan di nginx config

location /phpmyadmin {
       rewrite ^/* /phpMyAdmin last;
    }

- akses browser
http://IPADDR/phpMyAdmin

Enable Password Protected Directory pada Nginx

$ sudo pacman -S apache

$ sudo mkdir /etc/nginx/passwd

$ sudo htpasswd -c /etc/nginx/passwd/.htpasswd first_user
$ sudo htpasswd /etc/nginx/passwd/.htpasswd second_user
$ sudo htpasswd /etc/nginx/passwd/.htpasswd third_user
  • tambahkan command di nginx
auth_basic "Restricted Website";
auth_basic_user_file /etc/nginx/passwd/.htpasswd;

Redirect HTTP ke HTTPS pada Nginx

rewrite        ^ https://$server_name$request_uri? permanent;

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Membuat Virtual Hosts, Password Protect Directories dan SSL Certificates menggunakan “Nginx Web Server” di Arch Linux. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.

(Visited 158 times, 1 visits today)

Similar Posts