Otu esi echekwa Nginx na Lets Encrypt na CentOS 8

Tọrọ ntọala na Eprel 2016 site na Electronic Frontier Foundation (EFF), Ka anyị Encrypt bụ akwụkwọ dijitalụ efu na akpaaka nke na-enye nzuzo nzuzo TLS maka weebụsaịtị na enweghị ọnụ ahịa ọ bụla.

Ebumnobi nke akwụkwọ ikike ka anyị ezoro ezo bụ imeziwanye nkwado, imepụta, bịanyere aka na ya yana nwekwaa nkwalite nke asambodo nchekwa ahụ. Asambodo a na-enyere njikọ ezoro ezo na sava weebụ site na iji protocol HTTPS n'ụzọ dị mfe, enweghị nsogbu n'enweghị mgbagwoju anya ọ bụla. Asambodo ahụ dị irè naanị ụbọchị 90 nke enwere ike ịgbalite autorenewal.

Akwadoro Gụọ: Otu esi echekwa Apache na Ka anyị zoo Asambodo SSL na CentOS 8

N'isiokwu a, anyị ga-egosi otu ị ga-esi wụnye Let's Encrypt iji nweta akwụkwọ SSL n'efu iji chekwaa sava weebụ Nginx na CentOS 8 (otu ntụziaka ahụ na-arụkwa ọrụ na RHEL 8). Anyị ga-akọwara gị otu esi emeghari asambodo SSL gị na-akpaghị aka.

Tupu anyị aga n'ihu iji hụ na ị nwere ihe ndị a na nlele.

1. Aha ngalaba ruru eru zuru oke (FQDN) na-atụ aka na adreesị IP raara onwe ya nye nke sava weebụ. Ekwesịrị ịhazi nke a na mpaghara ndị ahịa nke ndị na-eweta webụsaịtị DNS gị. Maka nkuzi a, anyị na-eji ngalaba aha linuxtechwhiz nke na-atụ aka na adreesị IP 34.70.245.117.

2. Ị nwekwara ike kwado nke a site n'ịme nleba anya n'ihu site na iji iwu egwu egwu dị ka egosiri.

$ dig linuxtechwhiz.info

3. Nginx arụnyere ma na-agba ọsọ na sava weebụ. Ị nwere ike kwado nke a site n'ịbanye na njedebe ma na-agba ọsọ iwu dị n'okpuru. Ọ bụrụ na etinyeghị Nginx, soro akụkọ anyị ka ịwụnye Nginx na CentOS 8.

$ sudo systemctl status nginx

4. Ị nwekwara ike nyochaa site na ịga na URL nke sava weebụ na ihe nchọgharị weebụ.

http://server-IP-or-hostname

Site na URL, anyị nwere ike ịhụ nke ọma na saịtị ahụ adịghị echekwa, ya mere ọ bụghị ezoro ezo. Nke a na-egosi na arịrịọ ọ bụla a na-arịọ webserver nwere ike ịnabata na nke a gụnyere ozi dị oke egwu na nzuzo dị ka aha njirimara, okwuntughe, nọmba nchekwa ọha na ozi kaadị kredit iji kpọtụrụ ole na ole.

Ugbu a, ka anyị kpochaa aka anyị ma wụnye Let's Encrypt.

Nzọụkwụ 1. Wụnye Certbot na CentOS 8

Iji wụnye asambodo Let's Encrypt, ị ga-ebu ụzọ tinye certbot. Nke a bụ ngwa ahịa nwere ike ị nweta asambodo nchekwa n'aka Let's Encrypt Authority wee nye gị ohere ịmezi nkwado na nhazi nke asambodo maka sava weebụ.

Budata certbot site na iji iwu curl.

$ sudo curl -O https://dl.eff.org/certbot-auto

Ọzọ, bugharịa akwụkwọ ahụ gaa na /usr/local/bin directory.

$ sudo mv certbot-auto /usr/local/bin/certbot-auto

Na-esote, kenye ikike faịlụ na faịlụ certbot dịka egosiri.

$ chmod 0755 /usr/local/bin/certbot-auto

Nzọụkwụ 2. Hazie Nginx Server Block

Ihe nkesa nkesa na Nginx bụ ihe kwekọrọ na onye nnabata mebere na Apache. Ịtọlite ihe nkesa nkesa ọ bụghị naanị na-enye gị ohere ịtọlite ọtụtụ weebụsaịtị n'otu ihe nkesa kamakwa na-enye ohere ka certbot gosipụta ikike nke ngalaba ahụ na Asambodo Asambodo - CA.

Iji mepụta ngọngọ nkesa, mee iwu egosiri.

$ sudo vim /etc/nginx/conf.d/www.linuxtechwhiz.info

Jide n'aka na ị ga-eji aha ngalaba nke gị dochie ngalaba aha. Mgbe ahụ mado nhazi n'okpuru.

server {
   server_name www.linuxtechwhiz.info;
   root /opt/nginx/www.linuxtechwhiz.info;

   location / {
       index index.html index.htm index.php;
   }

   access_log /var/log/nginx/www.linuxtechwhiz.info.access.log;
   error_log /var/log/nginx/www.linuxtechwhiz.info.error.log;

   location ~ \.php$ {
      include /etc/nginx/fastcgi_params;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   }
}

Chekwaa faịlụ wee pụọ na ndezi ederede.

Kwụpụ 3: Wụnye Asambodo Encrypt na CentOS 8

Ugbu a jiri iwu certbot bido weta na nhazi nke akwụkwọ nchekwa Let's Encrypt.

$ sudo /usr/local/bin/certbot-auto --nginx

Iwu a ga-agba ọsọ ma wụnye ọtụtụ ngwugwu Python na ndabere ha dị ka egosiri.

Nke a ga-emesịa soro ngwa mkparịta ụka dịka egosiri:

Ọ bụrụ na ihe niile gara nke ọma, ị ga-enwe ike ịhụ ozi ekele na njedebe.

Iji gosi na ezoro ezoro saịtị Nginx gị, bugharịa ibe weebụ wee hụ akara mkpọchi na mmalite URL. Nke a na-egosi na echekwara saịtị ahụ site na iji ihe nzuzo SSL/TLS.

Iji nweta ozi ndị ọzọ gbasara asambodo nchekwa ahụ, pịa akara mkpọchi wee họrọ nhọrọ 'Asambodo'.

A ga-egosipụta ozi ndị ọzọ gbasara asambodo nchekwa dịka egosiri n'okpuru.

Na mgbakwunye, iji nwalee ike nke akwụkwọ nchekwa ahụ, gaa na https://www.ssllabs.com/ssltest/ wee chọta nyocha nke ziri ezi na nke miri emi nke ọkwa asambodo nchekwa.

Nzọụkwụ 4. Ime ọhụrụ ka anyị encrypt Asambodo

Dị ka anyị hụrụ na mbụ, akwụkwọ nchekwa ahụ dị irè naanị maka ụbọchị 90 ma ọ dị mkpa ka emegharịa ya tupu njedebe.

Ị nwere ike ịmegharị ma ọ bụ nwalee usoro mmeghari akwụkwọ site na iji iwu a:

$ sudo /usr/local/bin/certbot-auto renew --dry-run

Nke a na-ekpuchi nkuzi a na ịchekwa Nginx na Let's Encrypt na CentOS 8. Let's Encrypt na-enye ụzọ dị irè na nke na-enweghị nsogbu iji chekwaa sava weebụ Nginx gị nke ga-abụ ihe mgbagwoju anya iji aka mee.

Ekwesịrị izobe saịtị gị nke ọma ugbu a. A izu ole na ole ka akwụkwọ si ngafe ụbọchị, EFF ga-amarakwa gị site email ka emeohuru akwụkwọ ikike zere nkwụsịtụ nwere ike ibili n'ihi ihe kubie ume akwụkwọ. Nke ahụ bụ ụmụ okorobịa taa!