Ili kusanidi SSL/TLS na Nginx on Ubuntu, unaweza kufuata hatua hizi:
Hatua ya 1: Sakinisha Nginx
Ikiwa haujaisakinisha Nginx, endesha amri zifuatazo ili kuisakinisha:
sudo apt update
sudo apt install nginx
Hatua ya 2: Sakinisha OpenSSL
Ikiwa huna OpenSSL iliyosakinishwa, isakinishe kwa kutumia amri ifuatayo:
sudo apt install openssl
Hatua ya 3: Unda saraka kwa faili za cheti cha SSL
Unda saraka ili kuhifadhi faili za cheti cha SSL:
sudo mkdir /etc/nginx/ssl
Hatua ya 4: Tengeneza vyeti vya SSL/TLS vilivyojiandikisha(Si lazima)
Ikiwa hutumii vyeti vya SSL kutoka kwa mamlaka ya cheti, unaweza kuzalisha vyeti vya kujiandikisha na OpenSSL. Hii ni muhimu kwa kujaribu SSL/TLS katika mazingira ya usanidi. Ili kuunda cheti cha kujiandikisha, endesha amri zifuatazo:
cd /etc/nginx/ssl
sudo openssl genrsa -out server.key 2048
sudo openssl req -new -key server.key -out server.csr
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Hatua ya 5: Sanidi Nginx ili kutumia SSL/TLS
Fungua Nginx faili ya usanidi ya tovuti unayotaka kulinda:
sudo vi /etc/nginx/sites-available/your_domain
Ongeza mistari ifuatayo kwenye faili ya usanidi ili kuwezesha SSL:
server {
listen 80;
server_name your_domain.com www.your_domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name your_domain.com www.your_domain.com;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# Additional SSL/TLS options can be added here(optional)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# Additional configurations(if needed)
location / {
# Reverse proxy configuration(if needed)
}
}
Hatua ya 6: Wezesha usanidi na uanze upya Nginx
Unda kiunga cha mfano kutoka kwa faili ya usanidi ili sites-available kuwezesha sites-enabled usanidi:
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
Angalia ikiwa Nginx usanidi una makosa yoyote:
sudo nginx -t
Ikiwa hakuna makosa, anzisha tena Nginx huduma ili kutumia usanidi mpya:
sudo systemctl restart nginx
Baada ya kukamilika, tovuti yako italindwa na SSL/TLS. Kumbuka kuwa kutumia vyeti vya kujiandikisha kutasababisha onyo la kivinjari kuhusu vyeti visivyoaminika. Ili kuwa na cheti cha SSL/TLS kinachoaminika, unahitaji kununua au kupata cheti bila malipo kutoka kwa mamlaka ya cheti.