Mepụta ndị ọbịa mepere emepe, akwụkwọ ndekọ aha chebe okwuntughe na asambodo SSL site na iji “Nginx Web Server” na Arch Linux.
Edemede Arch Linux 'LEMP' gara aga kpuchiri ihe ndị bụ isi, site na ịwụnye ọrụ netwọkụ (Nginx, MySQL nchekwa data na PhpMyAdmin) wee hazie obere nchekwa achọrọ maka sava MySQL na PhpMyadmin.
Isiokwu a nwere njikọ chiri anya na ntinye mbụ nke LEMP na Arch Linux, ọ ga-eduzi gị site na ịtọ ntọala ndị dị mgbagwoju anya maka nchịkọta LEMP, karịsịa Nginx nhazi sava weebụ, dị ka ịmepụta Virtual Hosts , jiri Password echebe akwụkwọ ndekọ aha, mepụta ma hazie HTTP Secure Sockets Layer, HTTP enweghị nchebe redirects gaa na HTTPS ga-ewetakwa gị ụfọdụ Bash scripts bara uru nke ahụ. ga-eme ka ọrụ ahụ dị mfe na ịgbalite Virtual Hosts wee mepụta Asambodo SSL na igodo.
Wụnye LEMP na nchekwa data MariaDB na Arch Linux
Kwụpụ 1: Kwado ndị ọbịa mebere na Nginx
Otu n'ime ụzọ kachasị mfe iji mee ka Virtual Hosts na-eji gụnye nkwupụta na isi Nginx nhazi faịlụ, nke na-eme ka ọrụ nke nhazi ndị ọzọ dị mfe ma dị irè n'ihi na ị nwere ike ịmepụta faịlụ dị mfe. maka onye ọbịa ọhụrụ ọ bụla ma mee ka faịlụ nhazi isi dị ọcha.
Usoro a na-arụ ọrụ n'otu ụzọ ahụ dị na Apache Web Server, ihe mbụ ị ga - eme bụ ịkọwapụta ụzọ URI ọhụrụ ebe Nginx kwesịrị ịgụ ntuziaka faịlụ.
1. Ya mere, mepee nginx.conf isi faịlụ dị na /etc/nginx/ usoro ụzọ na na ala, tupu ikpeazụ curly bracket “} >” tinye ụzọ ebe faịlụ nhazi ndị ọbịa mebere n'ọdịnihu ga-ebi.
$ sudo nano /etc/nginx/nginx.conf
N'okpuru gbakwunye nkwupụta na-esonụ.
include /etc/nginx/sites-enabled/*.conf;
Ntuziaka a na-agwa Nginx na ọ kwesịrị ịgụ faịlụ niile dị na /etc/nginx/sites-enabled/ nke na-eji ndọtị .conf mechie.
2. Nzọụkwụ ọzọ bụ ịmepụta saịtị-enyere ndekọ na nke ọzọ, a na-akpọ sites-dị, ebe ị na-echekwa gị niile Virtual Hosts nhazi faịlụ.
$ sudo mkdir /etc/nginx/sites-available /etc/nginx/sites-enabled
3. Ugbu a ọ bụ oge ịmepụta ọhụrụ Virtual Host. Ihe atụ a ga-eji adreesị IP sistemụ dị ka Aha nnabata Virtual, yabụ mepụta faịlụ ọhụrụ akpọrọ name-ip.conf.
sudo nano /etc/nginx/sites-available/name-ip.conf
Tinye ọdịnaya ndị a.
## File content ##
server {
listen 80;
server_name 192.168.1.33;
access_log /var/log/nginx/192.168.1.33.access.log;
error_log /var/log/nginx/192.168.1.33.error.log;
root /srv/http;
location / {
index index.html index.htm index.php;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
location ~ \.php$ {
#fastcgi_pass 127.0.0.1:9000; (depending on your php-fpm socket configuration)
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
}
Ntuziaka na-eme ka Virtual Host rụọ ọrụ bụ nkwupụta server_name n'okpuru ọdụ ụgbọ mmiri. Ọzọkwa, ntụziaka ọzọ dị mkpa ebe a bụ nkwupụta mgbọrọgwụ nke na-atụ aka Nginx Virtual Host iji nye ọdịnaya faịlụ sitere na usoro usoro /srv/http/.
4. Nzọụkwụ ikpeazụ bụ ịmepụta /srv/http/ ndekọ ma mee name-ip.conf nhazi faịlụ maka ịgụ Nginx (iji njikọ ihe atụ), malitegharịa daemon. ime ka nhazi ọhụrụ hụ.
$ sudo mkdir /srv/http/ $ sudo ln -s /etc/nginx/sites-available/name-ip.conf /etc/nginx/sites-enabled/ $ sudo systemctl restart nginx
5. Iji nyochaa ya, rụtụ aka na ihe nchọgharị gị na adreesị IP Arch system na ị ga-ahụ na ọdịnaya weebụ dị iche na http://localhost. N'ebe a, agbakwunyere m obere edemede php nke na-enyochakwa nhazi FastCGI PHP dị ka nseta ihuenyo dị n'okpuru.
$ sudo nano /srv/http/info.php
## File content ## <?php phpinfo(); ?>
6. Ụzọ ọzọ m mepụtara onwe m iji mee ka ma ọ bụ gbanyụọ Virtual Hosts na Nginx bụ ihe mara mma na nke sitere na Apache a2eniste script.
Iji usoro a mepee editọ faịlụ wee mepụta faịlụ ọhụrụ, nke a na-akpọ n2ensite, n'okporo ụzọ $HOME gị nwere ọdịnaya dị n'okpuru, mee ka ọ rụọ ọrụ, jiri ohere mgbọrọgwụ mee ya. wee gafere dị ka nhọrọ n'aha ọhụrụ Virtual Host na-enweghị .conf agwụ ( dejupụta n'efu iji gbanwee ya dịka mkpa gị siri dị).
$ sudo nano n2ensite
## File content ##
#!/bin/bash
if test -d /etc/nginx/sites-available && test -d /etc/nginx/sites-enabled ; then
echo "-----------------------------------------------"
else
mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled
fi
avail=/etc/nginx/sites-available/$1.conf
enabled=/etc/nginx/sites-enabled/
site=`ls /etc/nginx/sites-available/`
if [ "$#" != "1" ]; then
echo "Use script: n2ensite virtual_site"
echo -e "\nAvailable virtual hosts:\n$site"
exit 0
else
if test -e $avail; then
sudo ln -s $avail $enabled
else
echo -e "$avail virtual host does not exist! Please create one!\n$site"
exit 0
fi
if test -e $enabled/$1.conf; then
echo "Success!! Now restart nginx server: sudo systemctl restart nginx"
else
echo -e "Virtual host $avail does not exist!\nPlease see available virtual hosts:\n$site"
exit 0
fi
fi
Mee ka ọ dị mfe ma mee ya dị ka ihe ngosi.
$ sudo chmod +x n2ensite $ sudo ./n2ensite your_virtual_host
7. Iji gbanyụọ Virtual Hosts mepụta faịlụ n2dissite ọhụrụ yana ọdịnaya ndị a wee tinye otu ntọala ahụ dị n'elu.
$ sudo nano n2dissite
## File content ##
#!/bin/bash
avail=/etc/nginx/sites-enabled/$1.conf
enabled=/etc/nginx/sites-enabled
site=`ls /etc/nginx/sites-enabled/`
if [ "$#" != "1" ]; then
echo "Use script: n2dissite virtual_site"
echo -e "\nAvailable virtual hosts: \n$site"
exit 0
else
if test -e $avail; then
sudo rm $avail
else
echo -e "$avail virtual host does not exist! Exiting!"
exit 0
fi
if test -e $enabled/$1.conf; then
echo "Error!! Could not remove $avail virtual host!"
else
echo -e "Success! $avail has been removed!\nPlease restart Nginx: sudo systemctl restart nginx"
exit 0
fi
fi
8. Ugbu a, i nwere ike iji nke a abụọ scripts aka ma ọ bụ gbanyụọ ọ bụla Virtual Host ma ọ bụrụ na ị chọrọ itinye ya dị ka usoro wide iwu dị nnọọ detuo ma scripts ka /usr/local/bin/ na mgbe ahụ ị nwere ike. jiri ya na-akọwaghị ụzọ.
$ sudo cp n2ensite n2dissite /usr/local/bin/
Kwụpụ 2: Kwado SSL na ndị ọbịa mebere na Nginx
SSL (Secure Sockets Layer) bụ ụkpụrụ emebere iji zoo njikọ HTTP n'elu netwọkụ ma ọ bụ ịntanetị, nke na-eme ka ebufe data na ọwa echekwara site na iji igodo symmetric/asymmetric cryptography. a na-enye ya na Arch Linux site na ngwugwu OpenSSL.
$ sudo pacman -S openssl
9. Iji mee ka njikọ HTTPS dị na Nginx nke mbụ ị ga-eme bụ ịmepụta igodo ndị ọbịa Virtual. Ọzọkwa, iji mee ka ihe dị mfe, ewepụtala m obere edemede nke na-ewepụta igodo nzuzo na-akpaghị aka na /etc/nginx/ssl ụzọ ndekọ aha, na-eji Virtual Host naming dị ka isi aha.
Mepụta faịlụ aha ya bụ nginx_gen_ssl wee tinye ọdịnaya ndị a.
$ sudo nano nginx_gen_ssl
## File content ## #!/bin/bash mkdir /etc/nginx/ssl cd /etc/nginx/ssl echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Nginx SSL certificate!" read cert openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key chmod 600 $cert.key openssl req -new -key $cert.key -out $cert.csr openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt echo -e " The certificate $cert has been generated!\nPlease link it to nginx ssl available website!" ls -all /etc/nginx/ssl exit 0
10. Mgbe script e kere append execution ikike, na-agba ọsọ ya na-enye gị Asambodo nhọrọ, ihe kasị mkpa bụ Common Aha ubi ( tinye ukara ngalaba aha ebe a) na-ahapụ Password na Nhọrọ Company ubi oghere oghere. .
$ sudo chmod +x nginx_gen_ssl $ sudo ./nginx_gen_ssl
Na njedebe nke ọrụ ịmepụta igodo, a ga-egosipụta ndepụta nwere igodo niile dị n'okpuru ndekọ Nginx ssl.
Ọzọkwa ọ bụrụ na ịchọrọ ka ejiri ederede a dị ka iwu sistemụ, detuo ma ọ bụ bugharịa ya na /usr/local/bin/.
$ sudo mv nginx_gen_ssl /usr/local/bin
11. Mgbe anyị mepụtara igodo dị mkpa maka Nginx SSL Virtual Host, ọ bụ oge ịmepụta faịlụ nhazi nhazi SSL mebere. Jiri otu adreesị IP sistemụ maka Virtual Host dị n'elu na iwu server_name mana, gbanwee aha faịlụ Virtual Host site na itinye ssl tupu .conf, ichetara gị na faịlụ a na-anọchi anya name-ip SSL Virtual Host.
$ sudo nano /etc/nginx/sites-availabe/name-ip-ssl.conf
Na faịlụ a, gbanwee nkwupụta ọdụ ụgbọ mmiri gee ntị gaa na 443 ssl wee weta SSL na akwụkwọ igodo faịlụ ya na ndị emepụtara na mbụ ka ọ dị ka nke dị n'okpuru.
## File content ##
server {
listen 443 ssl;
server_name 192.168.1.33;
ssl_certificate /etc/nginx/ssl/192.168.1.33.crt;
ssl_certificate_key /etc/nginx/ssl/192.168.1.33.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/192.168.1.33-ssl.access.log;
error_log /var/log/nginx/192.168.1.33-ssl.error.log;
root /srv/http;
location / {
index index.html index.htm index.php;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
location ~ \.php$ {
#fastcgi_pass 127.0.0.1:9000; (depending on your php-fpm socket configuration)
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
}
12. Mgbe emechara faịlụ ahụ jiri n2ensite script ma ọ bụ ln ahịrị iwu iji rụọ ọrụ ya (na-emepụta njikọ ihe atụ faịlụ na saịtị-enyere ndekọ. ), wee malitegharịa Nginx daemon ka itinye ntọala.
$ sudo ./n2ensite name-ip-ssl OR $ sudo ln -s /etc/nginx/sites-available/name-ip-ssl.conf /etc/nginx/sites-enabled/ $ sudo systemctl restart nginx
13. Ọzọ rụtụ aka nchọgharị gị na Arch IP URL mana oge a na-eji HTTPS protocol – https://192.168.1.33 on my system- na a Connection Untrusted njehie kwesịrị ịpụta ( Tinye na Kwenye Nchebe Nchekwa ka ịga n'ihu na ibe).
Dị ka ị na-ahụ ugbu a Nginx Virtual Host na-eje ozi otu ọdịnaya dị ka onye ọbịa aha-ip gara aga mana oge a na-eji njikọ echekwara HTTP.
Kwụpụ 3: Nweta PhpMyAdmin site na Virtual Host
Ọ bụrụ na agbanyere Virtual Host na Nginx, anyị enweghịzi ohere ịnweta ọdịnaya ụzọ http://localhost ( localhost na-ejikarị adreesị IP loopback ma ọ bụ adreesị IP sistemụ ma ọ bụrụ na ahazighị ya ọzọ) n'ihi na anyị nwere. jiri Arch system IP dị ka aha nkesa yabụ ụzọ ọdịnaya anyị agbanweela.
14. Ụzọ kachasị mfe iji nweta PhpMyAdmin site na webụ bụ ịmepụta njikọ ihe atụ n'etiti /usr/share/webapps/phpMyAdmin/ ụzọ na ụzọ ọhụrụ anyị akọwapụtara Virtual Host ụzọ. (/srv/http).
$ sudo ln -s /usr/share/webapps/phpMyAdmin/ /srv/http/
15. Mgbe ịmechara iwu a dị n'elu, mee ka ibe gị dị ọhụrụ ma ị ga-ahụ folda ọhụrụ phpMyAdmin pụtara, ma ọ bụrụ na autoindex nkwupụta enyere na Nginx Virtual Host ma ọ bụ tụọ URL gị ozugbo na nchekwa PhpMyAdmin https: //arch_IP/phpMyAdmin.
16. Ọ bụrụ na ị chọrọ sanitize phpMyAdmin eriri na ihe nchọgharị dezie gị mebere ụsụụ ndị agha faịlụ na tinye ndị na-esonụ ọdịnaya n'okpuru ihe nkesa ngọngọ.
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
Kwụpụ 4: Kwado ndekọ echekwara paswọọdụ na Nginx
N'adịghị ka Apache, Nginx na-eji modul HttpAuthBasic iji mee ka Akwụkwọ ndekọ aha echekwara okwuntughe mana ọ naghị enye ngwaọrụ ọ bụla iji mepụta faịlụ ezoro ezo .htpasswd.
17. Iji nweta nchekwa paswọọdụ ndekọ na Nginx na Arch Linux wụnye sava weebụ Apache wee jiri ngwaọrụ ya mepụta faịlụ ezoro ezo .htaccess.
$ sudo pacman -S apache
18. Mgbe i tinyechara Apache mepụta ndekọ ọhụrụ n'okpuru /etc/nginx/ aha ya bụ intuitively passwd ebe a ga-echekwa faịlụ .htpasswd wee jiri htpasswd > iwu na –c gbanye onye ọrụ agbakwunyere nke mbụ ka imepụta faịlụ, yabụ ọ bụrụ na ịchọrọ ịgbakwunye ndị ọrụ jiri htpasswd na-enweghị –c ịgbanwee.
$ sudo mkdir /etc/nginx/passwd $ sudo htpasswd -c /etc/nginx/passwd/.htpasswd first_user $ sudo htpasswd /etc/nginx/passwd/.htpasswd second_user $ sudo htpasswd /etc/nginx/passwd/.htpasswd third_user
19. Iji chebe name-ip-ssl Virtual Host mgbọrọgwụ /srv/http/ jere ozi ụzọ ya na folda ya niile na faịlụ dị n'okpuru ya tinye ntuziaka ndị a n'ime gị. Ihe nkesa nke Virtual Host ngọngọ n'okpuru ntuziaka mgbọrọgwụ wee tụọ ya na ụzọ faịlụ .htpasswd zuru oke.
auth_basic "Restricted Website"; auth_basic_user_file /etc/nginx/passwd/.htpasswd;
20. Mgbe ị malitegharịrị ọrụ Nginx, nweta ume ọhụrụ na Nchọpụta achọrọ popup ga-apụta na-achọ nzere gị.
Ugbu a ị na-eme ka Nginx Password echebe akwụkwọ ndekọ aha nke ọma mana mara na n'otu oge ahụ Apache webụsaịtị arụnyere na sistemụ gị wee hụ na ọ na-anọ nkwarụ na n'ụzọ ọ bụla ebidola ya n'ihi na ọ nwere ike ibute ya. ọdụ ụgbọ mmiri na-emegide Nginx.
Kwụpụ 5: Bugharịa HTTP na HTTPS na Nginx
21. Ọ bụrụ na-amasị gị ka ihe nchọgharị na-emegharị arịrịọ HTTP niile na-enweghị nchebe na-akpaghị aka na protocol HTTPS meghere wee dezie ị bụ na-abụghị ssl Virtual Host wee tinye ntuziaka a n'okpuru server_name ntuziaka. .
rewrite ^ https://$server_name$request_uri? permanent;
Ntọala niile ewepụtara na akụkọ a ebe emere n'okpuru usoro Arch Linux nke na-arụ ọrụ dị ka ihe nkesa, mana ọtụtụ n'ime ha, ọkachasị ndị metụtara faịlụ nhazi Nginx, dị na ọtụtụ sistemụ Linux nwere obere ọdịiche.