Ana saita SSL/TLS tare da Nginx kunnawa Ubuntu

Don saita SSL/TLS tare da Nginx akan Ubuntu, zaku iya bin waɗannan matakan:

Mataki 1: Shigar Nginx

Idan ba ka shigar ba Nginx, gudanar da umarni masu zuwa don shigar da shi:

sudo apt update  
sudo apt install nginx

Mataki 2: Shigar OpenSSL

Idan ba ku shigar da OpenSSL ba, shigar da shi ta amfani da umarni mai zuwa:

sudo apt install openssl

Mataki 3: Ƙirƙiri adireshi don fayilolin takardar shaidar SSL

Ƙirƙiri adireshi don adana fayilolin takardar shaidar SSL:

sudo mkdir /etc/nginx/ssl

Mataki 4: Ƙirƙirar takaddun shaidar SSL/TLS masu sanya hannu(Na zaɓi)

Idan ba kwa amfani da takaddun shaida na SSL daga ikon takaddun shaida, zaku iya samar da takaddun sa hannu tare da OpenSSL. Wannan yana da amfani don gwada SSL/TLS a cikin yanayin haɓakawa. Don ƙirƙirar takardar shedar sa hannu, gudanar da umarni masu zuwa:

cd /etc/nginx/ssl  
sudo openssl genrsa -out server.key 2048  
sudo openssl req -new -key server.key -out server.csr  
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt  

Mataki 5: Sanya Nginx don amfani da SSL/TLS

Bude Nginx fayil ɗin daidaitawa don gidan yanar gizon da kuke son kiyayewa:

sudo vi /etc/nginx/sites-available/your_domain

Ƙara layin masu zuwa zuwa fayil ɗin sanyi don kunna SSL:

server {  
    listen 80;  
    server_name your_domain.com www.your_domain.com;  
    return 301 https://$host$request_uri;  
}  
  
server {  
    listen 443 ssl;  
    server_name your_domain.com www.your_domain.com;  
  
    ssl_certificate /etc/nginx/ssl/server.crt;  
    ssl_certificate_key /etc/nginx/ssl/server.key;  
  
    # Additional SSL/TLS options can be added here(optional)  
    ssl_protocols TLSv1.2 TLSv1.3;  
    ssl_prefer_server_ciphers on;  
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';  
      
    # Additional configurations(if needed)  
      
    location / {  
        # Reverse proxy configuration(if needed)  
    }  
}  

Mataki 6: Kunna sanyi kuma sake farawa Nginx

Ƙirƙiri hanyar haɗi ta alama daga fayil ɗin daidaitawa don sites-available ba sites-enabled da damar daidaitawa:

sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/

Bincika idan Nginx tsarin yana da wasu kurakurai:

sudo nginx -t

Idan babu kurakurai, sake kunna Nginx sabis ɗin don amfani da sabon saitin:

sudo systemctl restart nginx

Da zarar an gama, gidan yanar gizon ku zai kasance amintattu tare da SSL/TLS. Lura cewa yin amfani da takaddun shaida mai sanya hannu zai haifar da gargaɗin mai bincike game da takaddun shaida marasa amana. Don samun amintaccen takardar shaidar SSL/TLS, kuna buƙatar siya ko samun takardar shedar kyauta daga ikon takaddun shaida.