Don saita SSL/TLS tare da Nginx akan CentOS, zaku iya bin waɗannan matakan:
Mataki 1: Shigar Nginx
Idan ba ka shigar ba Nginx, gudanar da umarni mai zuwa don shigar da shi:
sudo yum install nginx
Mataki 2: Shigar OpenSSL
Idan ba ku shigar da OpenSSL ba, shigar da shi ta amfani da umarni mai zuwa:
sudo yum install openssl
Mataki 3: Ƙirƙiri adireshi don fayilolin takardar shaidar SSL
Ƙirƙiri adireshi don adana fayilolin takardar shaidar SSL:
sudo mkdir /etc/nginx/ssl
Mataki 4: Ƙirƙirar takaddun shaidar SSL/TLS masu sanya hannu(Na zaɓi)
Idan ba kwa amfani da takaddun shaida na SSL daga ikon takaddun shaida, zaku iya samar da takaddun sa hannu tare da OpenSSL. Wannan yana da amfani don gwada SSL/TLS a cikin yanayin haɓakawa. Don ƙirƙirar takardar shedar sa hannu, gudanar da umarni masu zuwa:
cd /etc/nginx/ssl
sudo openssl genrsa -out server.key 2048
sudo openssl req -new -key server.key -out server.csr
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Mataki 5: Sanya Nginx don amfani da SSL/TLS
Bude Nginx fayil ɗin daidaitawa don gidan yanar gizon da kuke son kiyayewa:
sudo vi /etc/nginx/conf.d/your_domain.conf
Ƙara layin masu zuwa zuwa fayil ɗin sanyi don kunna SSL:
server {
listen 80;
server_name your_domain.com www.your_domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name your_domain.com www.your_domain.com;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# Additional SSL/TLS options can be added here(optional)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# Additional configurations(if needed)
location / {
# Reverse proxy configuration(if needed)
}
}
Mataki na 6: Gwada kuma sake farawa Nginx
Bincika idan Nginx tsarin yana da wasu kurakurai:
sudo nginx -t
Idan babu kurakurai, sake kunna Nginx sabis ɗin don amfani da sabon saitin:
sudo systemctl restart nginx
Da zarar an gama, gidan yanar gizon ku zai kasance amintattu tare da SSL/TLS. Lura cewa yin amfani da takaddun shaida mai sanya hannu zai haifar da gargaɗin mai bincike game da takaddun shaida marasa amana. Don samun amintaccen takardar shaidar SSL/TLS, kuna buƙatar siya ko samun takardar shedar kyauta daga ikon takaddun shaida.