“Membuat Virtual Hosts, Password Protect Directories dan SSL Certificates menggunakan “Nginx Web Server” di Arch Linux”
Pengantar
Topik ini sangat terkait dengan Instalasi LEMP sebelumnya di Arch Linux dan akan memandu Anda melalui pengaturan konfigurasi yang lebih kompleks untuk tumpukan LEMP, terutama konfigurasi server web Nginx, seperti membuat Host Virtual, menggunakan Direktori yang Dilindungi Kata Sandi, membuat dan mengonfigurasi HTTP Secure Sockets Layer, HTTP tidak aman dialihkan ke HTTPS dan juga akan memberi Anda beberapa skrip Bash berguna yang akan memudahkan pekerjaan dalam mengaktifkan Host Virtual dan menghasilkan Sertifikat dan Kunci SSL.
Enable Virtual Hosts pada Nginx
- edit nginx
$ sudo nano /etc/nginx/nginx.conf - pada bagian bawah tambahkan command berikut include /etc/nginx/sites-enabled/*.conf;
- membuat directory
$ sudo mkdir /etc/nginx/sites-available /etc/nginx/sites-enabled sudo nano /etc/nginx/sites-available/name-ip.conf ## File content ## server { listen 80; server_name 192.168.1.33; access_log /var/log/nginx/192.168.1.33.access.log; error_log /var/log/nginx/192.168.1.33.error.log; root /srv/http; location / { index index.html index.htm index.php; autoindex on; autoindex_exact_size off; autoindex_localtime on; } location /phpmyadmin { rewrite ^/* /phpMyAdmin last; } location ~ \.php$ { #fastcgi_pass 127.0.0.1:9000; (depending on your php-fpm socket configuration) fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; include fastcgi.conf; } }
- buat sym link
$ sudo mkdir /srv/http/ $ sudo ln -s /etc/nginx/sites-available/name-ip.conf /etc/nginx/sites-enabled/ $ sudo systemctl restart nginx
- test php
$ sudo nano /srv/http/info.php ## File content ## <?php phpinfo(); ?> - akses web http://IPADDR/info.php - setup n2ensite $ sudo nano n2ensite ## File content ## #!/bin/bash if test -d /etc/nginx/sites-available && test -d /etc/nginx/sites-enabled ; then echo "-----------------------------------------------" else mkdir /etc/nginx/sites-available mkdir /etc/nginx/sites-enabled fi avail=/etc/nginx/sites-available/$1.conf enabled=/etc/nginx/sites-enabled/ site=`ls /etc/nginx/sites-available/` if [ "$#" != "1" ]; then echo "Use script: n2ensite virtual_site" echo -e "\nAvailable virtual hosts:\n$site" exit 0 else if test -e $avail; then sudo ln -s $avail $enabled else echo -e "$avail virtual host does not exist! Please create one!\n$site" exit 0 fi if test -e $enabled/$1.conf; then echo "Success!! Now restart nginx server: sudo systemctl restart nginx" else echo -e "Virtual host $avail does not exist!\nPlease see available virtual hosts:\n$site" exit 0 fi fi $ sudo chmod +x n2ensite $ sudo ./n2ensite your_virtual_host - disable virtualhost n2dissite $ sudo nano n2dissite ## File content ## #!/bin/bash avail=/etc/nginx/sites-enabled/$1.conf enabled=/etc/nginx/sites-enabled site=`ls /etc/nginx/sites-enabled/` if [ "$#" != "1" ]; then echo "Use script: n2dissite virtual_site" echo -e "\nAvailable virtual hosts: \n$site" exit 0 else if test -e $avail; then sudo rm $avail else echo -e "$avail virtual host does not exist! Exiting!" exit 0 fi if test -e $enabled/$1.conf; then echo "Error!! Could not remove $avail virtual host!" else echo -e "Success! $avail has been removed!\nPlease restart Nginx: sudo systemctl restart nginx" exit 0 fi fi
- Cara enable via script virtualhost
$ sudo cp n2ensite n2dissite /usr/local/bin/
Enable SSL dengan Virtual Hosts pada Nginx
- Install SSL
$ sudo pacman -S openssl
- buat https
$ sudo nano nginx_gen_ssl ## File content ## #!/bin/bash mkdir /etc/nginx/ssl cd /etc/nginx/ssl echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Nginx SSL certificate!" read cert openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key chmod 600 $cert.key openssl req -new -key $cert.key -out $cert.csr openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt echo -e " The certificate $cert has been generated!\nPlease link it to nginx ssl available website!" ls -all /etc/nginx/ssl exit 0 $ sudo chmod +x nginx_gen_ssl $ sudo ./nginx_gen_ssl $ sudo mv nginx_gen_ssl /usr/local/bin $ sudo nano /etc/nginx/sites-availabe/name-ip-ssl.conf ## File content ## server { listen 443 ssl; server_name 192.168.1.33; ssl_certificate /etc/nginx/ssl/192.168.1.33.crt; ssl_certificate_key /etc/nginx/ssl/192.168.1.33.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; access_log /var/log/nginx/192.168.1.33-ssl.access.log; error_log /var/log/nginx/192.168.1.33-ssl.error.log; root /srv/http; location / { index index.html index.htm index.php; autoindex on; autoindex_exact_size off; autoindex_localtime on; } location /phpmyadmin { rewrite ^/* /phpMyAdmin last; } location ~ \.php$ { #fastcgi_pass 127.0.0.1:9000; (depending on your php-fpm socket configuration) fastcgi_pass unix:/run/php-fpm/php-fpm.sock; fastcgi_index index.php; include fastcgi.conf; } } $ sudo ./n2ensite name-ip-ssl OR $ sudo ln -s /etc/nginx/sites-available/name-ip-ssl.conf /etc/nginx/sites-enabled/ $ sudo systemctl restart nginx
Access PhpMyAdmin via Virtual Host
$ sudo ln -s /usr/share/webapps/phpMyAdmin/ /srv/http/
- tambahkan di nginx config
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
- akses browser
http://IPADDR/phpMyAdmin
Enable Password Protected Directory pada Nginx
$ sudo pacman -S apache $ sudo mkdir /etc/nginx/passwd $ sudo htpasswd -c /etc/nginx/passwd/.htpasswd first_user $ sudo htpasswd /etc/nginx/passwd/.htpasswd second_user $ sudo htpasswd /etc/nginx/passwd/.htpasswd third_user
- tambahkan command di nginx
auth_basic "Restricted Website"; auth_basic_user_file /etc/nginx/passwd/.htpasswd;
Redirect HTTP ke HTTPS pada Nginx
rewrite ^ https://$server_name$request_uri? permanent;
Penutup
Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Membuat Virtual Hosts, Password Protect Directories dan SSL Certificates menggunakan “Nginx Web Server” di Arch Linux. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.
(Visited 199 times, 1 visits today)
Related Posts:
