location ~ /\.ht {
deny all;
}
access_log /var/log/nginx/web.defnex.com_access.log;
error_log /var/log/nginx/web.defnex.com_error.log warn;
}
Setelah selesai tes konfigurasi Nginx
nginx -t
dan hasilnya
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Lakukan restart Nginx
systemctl restart nginx
systemctl status nginx
Lakukan verifikasi Nginx reverse proxy dengan mengakses http://web.defnex.com/info.php
7.Install dan Konfigurasi mod_rpaf
Install paket yang dibutuhkan untuk build module
apt install unzip build-essential apache2-dev -y
Lalu lakukan Download source code mod_rpaf dari GitHub
wget https://github.com/gnif/mod_rpaf/archive/stable.zip -O mod_rpaf.zip
Kemudian Extract file mod_rpaf.zip
unzip mod_rpaf.zip
Dan lakukan Compile mod_rpaf
cd mod_rpaf-stable
make
make install
Setelah selesai langkah selanjutnya buat file rpaf.load
vim /etc/apache2/mods-available/rpaf.load
Memasukkan konfigurasi load module
LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so
Selanjutnya buat file konfigurasi rpaf.conf
vim /etc/apache2/mods-available/rpaf.conf
Memasukkan konfigurasi module, RPAF_ProxyIPs diisi dengan IP_SERVER
<IfModule mod_rpaf.c>
RPAF_Enable On
RPAF_Header X-Real-Ip
RPAF_ProxyIPs 178.128.212.251
RPAF_SetHostName On
RPAF_SetHTTPS On
RPAF_SetPort On
</IfModule>
Selanjutnya aktifkan module rpaf
a2enmod rpaf
Lakukan tes konfigurasi Apache
apachectl -t
Setelah selesai restart Apache
systemctl restart apache2
Browse http://web.defnex.com/info.php, cek REMOTE_ADDR, harus berisi Public IP address dari komputer visitor
8.Setting HTTPS
Install SSL Let’s Encrypt untuk mengaktifkan HTTPS
cd
add-apt-repository ppa:certbot/certbot
apt install python-certbot-nginx -y
Generate SSL untuk subdomain web.defnex.com yang berada di Nginx
certbot --nginx -d web.defnex.com
Masukkan alamat email
urgent renewal and security notices) (Enter 'c' to cancel): [email protected]
Setujui ToS
Please read the Terms of Service at https://letsencrypt.org/documents/ LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A
Persetujuan untuk dikirimi informasi mengenai Let’s Encrypt, bisa jawab Y atau N.
Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N
Sertifikat SSL dibuat, mengubah dan menambahkan konfigurasi virtual host untuk SSL.
Obtaining a new certificate Performing the following challenges: http-01 challenge for web.defnex.com
Kemudian pilih 2 untuk redirect HTTP ke HTTPS.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Install SSL untuk web.defnex.com selesai
Congratulations! You have successfully enabled https://web.defnex.com
Sertifikat SSL hanya berlaku selama 90 hari, renew untuk memperbarui sertifikat SSL
cerbot renew
Browse https://web.defnex.com/info.php, cek $_SERVER[‘SERVER_PORT’] dan $_SERVER[‘HTTPS’]
9.Blokir Akses Langsung ke Apache
Blokir akses langsung ke Apache pada port 8080 dengan menggunakan iptables.
Format rule firewall, ganti IP_SERVER
iptables -I INPUT -p tcp --dport 8080 ! -s IP_SERVER -j REJECT --reject-with tcp-reset
IP_SERVER menggunakan 178.128.212.251
iptables -I INPUT -p tcp --dport 8080 ! -s 178.128.212.251 -j REJECT --reject-with tcp-reset
Tes iptables rule dengan mengakses http://web.defnex.com:8080, hasilnya ERR_CONNECTION_RESET
Selesai Selamat mencoba
Semoga artikel ini membantu anda lebih memahami Reverse Proxy. Jangan sungkan tinggalkan komentar di bawah jika anda memiliki pertanyaan. Sampai jumpa di artikel selanjutnya.
