Navigasi :
Home 
Category Operation System Unix/Linux Membangun WebServer + VirtualHost + SSL [Beginner/Medium] [PART 2]
Category Operation System Unix/Linux Membangun WebServer + VirtualHost + SSL [Beginner/Medium] [PART 2]
A MEDICAL DOCTOR MAKES ONE HEALTHY, THE NATURE CREATES THE HEALTH. (Aristoteles)
| Membangun WebServer + VirtualHost + SSL [Beginner/Medium] [PART 2] |
 |
 |
 |
| Written by Administrator | ||||||||||||||||||||||||||||||||||||||||||
| Wednesday, 02 December 2009 09:29 | ||||||||||||||||||||||||||||||||||||||||||
|
Paket : - httpd [paket webserver] - php [paket module PHP] - php-mbstring [untuk mensuport mbstring PHP, required webmail] - php-pear [untuk mensuport php-pear PHP, required webmail] - mod_ssl [module SSL] Tujuan ditambahkan module SSL : Supaya komunikasi network (login webmail) tidak berupa plain text, jadi walaupun ada penyadapan network, password dan usernamenya di encrypt :) dan memberikan identitas pada site itu asli (bukan phising, scampage). Step 1 : Install Paket. #yum -y install httpd php php-mbstring php-pear mod_ssl Memberi shortcut simbolink command perl. #ln -s /usr/bin/perl /usr/local/bin/perl Step 2 : Configure WebServer (/etc/httpd/conf/httpd.conf). Yang perlu saya rubah : ServerTokens Prod KeepAlive On ServerAdmin administrator@cyber-forensic.org ServerName www.cyber-forensic.org:80 Options Indexes FollowSymLinks ExecCGI (indexes sengaja saya biarkan supaya bisa listing) AllowOverride All # UserDir disable (kasih tanda koment #) UserDir public_html (hilangkan komentnya #) ServerSignature Off # AddDefaultCharset UTF-8 (beri tanda koment) AddHandler cgi-script .cgi .pl (tambahkan CGI agar webserver dapat menangani file CGI) NameVirtualHost *:80 (pastikan tanda koment di ilangkan) Yang perlu saya tambahkan (cukup hilangkan tanda # dan modif seperlunya): <Directory /home/*/public_html> (berlaku untuk semua Vhost) AllowOverride All Options ExecCGI (CGI biar bisa diexekusi) <Limit GET POST OPTIONS> Order allow,deny Allow from all </Limit> <LimitExcept GET POST OPTIONS> Order deny,allow Deny from all </LimitExcept> </Directory> <VirtualHost *:80> DocumentRoot /var/www/html ServerName www.cyber-forensic.org (memberikan nama domain pada VHost ybs) ErrorLog logs/cyber-forensic.org-error_log (mengarahkan lokasi pencatatan error log) CustomLog logs/cyber-forensic.org-access_log common (mengarahkan lokasi pada access file log) SuexecUserGroup webmail webmail </VirtualHost> <VirtualHost *:80> DocumentRoot /home/webmail/public_html ServerName webmail.cyber-forensic.org ErrorLog logs/webmail.cyber-forensic.org-error_log CustomLog logs/webmail.cyber-forensic.org-access_log common </VirtualHost> Step 3 : Membuat sertifikat SSL / Jenis Encrypt. Pindah Direktory (kalau kata orang windows bilang pindah folder :P ) #cd /etc/pki/tls/certs Buat file key. #make cyber-forensic.key proses bla bla bla... Enter pass phrase: (masukin password) Verifying - Enter pass phrase: (masukin password lagi, make sure) Tambahkan keamanan lagi dengan menambahkan RSA buat management file key, mampos dah loe hacker. #openssl rsa -in cyber-forensic.key -out cyber-forensic.key Enter pass phrase for cyber-forensic.key: (masukin password lagi) Membuat file csr nya. #make cyber-forensic.csr Country Name (2 letter code) [GB]: ID (karena saya tinggal di Indonesia) State or Province Name (full name) [Berkshire]: DKI Jakarta Locality Name (eg, city) [Newbury]: Cengkareng Organizational Unit Name (eg, section) []: Cyber Forensic Common Name (eg, your server's hostname) []: www.cyber-forensic.org Email Address []: administrator@cyber-forensic.org A challenge password []: (kosongin aja, ENTER) An optional company name []: (kosongin juga) Membuat sertifikat filenya. #openssl x509 -in cyber-forensic.csr -out cyber-forensic.crt -req -signkey cyber-forensic.key -days 3650 Ubah permissionnya. (-r-------- / utk owner bisa baca) #chmod 400 cyber-forensic.* Step 4 : Konfigurasi SSL (/etc/httpd/conf.d/ssl.conf). Yang perlu saya rubah : DocumentRoot "/var/www/html" (pastikan gk ada tanda #) ServerName www.cyber-forensic.org:443 (nama mesinnya) SSLCertificateFile /etc/pki/tls/certs/cyber-forensic.crt (arahkan ke file crt yg telah dibuat) SSLCertificateKeyFile /etc/pki/tls/certs/cyber-forensic.key (arahkan juga ke file key) Yang perlu saya tambahkan : NameVirtualHost *:443 <VirtualHost *:443> (ubah default menjadi tanda * ) SuexecUserGroup webmail webmail <VirtualHost *:443> DocumentRoot "/home/webmail/public_html" ServerName webmail.cyber-forensic.org:443 ErrorLog logs/webmail.cyber-forensic.org_ssl_error_log TransferLog logs/webmail.cyber-forensic.org_ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/cyber-forensic.crt SSLCertificateKeyFile /etc/pki/tls/certs/cyber-forensic.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> Step 5 : Jalankan service dan Check.    Sumber : http://www.facebook.com/notes.php?id=100000021883343#/note.php?note_id=203131210675
Powered by !JoomlaComment 3.26
3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved." |
||||||||||||||||||||||||||||||||||||||||||
|
|
IP: 38.107.191.85 |
|
Proxy: |
|
Koneksi: |
InfO...!Google Search
Scroll News
Visitor Counter
 | Today | 121 |
 | Yesterday | 384 |
 | This week | 850 |
 | This Month | 3615 |
 | All days | 50103 |
Education Web ID
Chat With Me
Ridwan
Recky
ABD Rahman
Recky
ABD Rahman
Login Form
Who's Online
Now online:
- 16 guests
Latest member:
- neiseremshory