close

Inasanidi SSL/TLS ikiwa Nginx imewashwa CentOS

Ili kusanidi SSL/TLS na Nginx on CentOS, unaweza kufuata hatua hizi:

Hatua ya 1: Sakinisha Nginx

Ikiwa haujaisakinisha Nginx, endesha amri ifuatayo ili kuisakinisha:

sudo yum install nginx

Hatua ya 2: Sakinisha OpenSSL

Ikiwa huna OpenSSL iliyosakinishwa, isakinishe kwa kutumia amri ifuatayo:

sudo yum install openssl

Hatua ya 3: Unda saraka kwa faili za cheti cha SSL

Unda saraka ili kuhifadhi faili za cheti cha SSL:

sudo mkdir /etc/nginx/ssl

Hatua ya 4: Tengeneza vyeti vya SSL/TLS vilivyojiandikisha(Si lazima)

Ikiwa hutumii vyeti vya SSL kutoka kwa mamlaka ya cheti, unaweza kuzalisha vyeti vya kujiandikisha na OpenSSL. Hii ni muhimu kwa kujaribu SSL/TLS katika mazingira ya usanidi. Ili kuunda cheti cha kujiandikisha, endesha amri zifuatazo:

cd /etc/nginx/ssl  
sudo openssl genrsa -out server.key 2048  
sudo openssl req -new -key server.key -out server.csr  
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Hatua ya 5: Sanidi Nginx ili kutumia SSL/TLS

Fungua Nginx faili ya usanidi ya tovuti unayotaka kulinda:

sudo vi /etc/nginx/conf.d/your_domain.conf

Ongeza mistari ifuatayo kwenye faili ya usanidi ili kuwezesha SSL:

server {  
    listen 80;  
    server_name your_domain.com www.your_domain.com;  
    return 301 https://$host$request_uri;  
}  
  
server {  
    listen 443 ssl;  
    server_name your_domain.com www.your_domain.com;  
  
    ssl_certificate /etc/nginx/ssl/server.crt;  
    ssl_certificate_key /etc/nginx/ssl/server.key;  
  
    # Additional SSL/TLS options can be added here(optional)  
    ssl_protocols TLSv1.2 TLSv1.3;  
    ssl_prefer_server_ciphers on;  
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';  
      
    # Additional configurations(if needed)  
      
    location / {  
        # Reverse proxy configuration(if needed)  
    }  
}

Hatua ya 6: Jaribu na uanze upya Nginx

Angalia ikiwa Nginx usanidi una makosa yoyote:

sudo nginx -t

Ikiwa hakuna makosa, anzisha tena Nginx huduma ili kutumia usanidi mpya:

sudo systemctl restart nginx

Baada ya kukamilika, tovuti yako italindwa na SSL/TLS. Kumbuka kuwa kutumia vyeti vya kujiandikisha kutasababisha onyo la kivinjari kuhusu vyeti visivyoaminika. Ili kuwa na cheti cha SSL/TLS kinachoaminika, unahitaji kununua au kupata cheti bila malipo kutoka kwa mamlaka ya cheti.