Cara Install HTTPS di localhost Nginx

Sebelumnya saya sudah menulis tentang Cara Install HTTPS di localhost dengan menggunakan Apache web server. Karena banyak permintaan versi Nginx maka saya buatkan lagi tutorial tersendiri. Yang berbeda hanyalah install Nginx dan konfigurasi untuk SSL.

Install HTTPS di localhost (Nginx) Linux

Tutorial ini menggunakan:

OS Linux Ubuntu 16.04 64-bit
brew
mkcert
Nginx
Mozilla Firefox

Install brew

mkcert diinstall via brew package manager. Install brew terlebih dahulu, baca tutorial Cara Install brew di Linux.

Install mkcert

Install paket dependensi.

$ sudo apt-get install libnss3-tools

1	$ sudo apt-get install libnss3-tools

Install mkcert via brew.

$ brew install mkcert

1	$ brew install mkcert

Hasilnya

Updating Homebrew...
==> Downloading https://linuxbrew.bintray.com/bottles/mkcert-1.2.0.x86_64_linux.bottle.tar.gz
######################################################################## 100.0%
==> Pouring mkcert-1.2.0.x86_64_linux.bottle.tar.gz
/home/linuxbrew/.linuxbrew/Cellar/mkcert/1.2.0: 6 files, 4.3MB

Updating Homebrew...

==> Downloading https://linuxbrew.bintray.com/bottles/mkcert-1.2.0.x86_64_linux.bottle.tar.gz

######################################################################## 100.0%

==> Pouring mkcert-1.2.0.x86_64_linux.bottle.tar.gz

/home/linuxbrew/.linuxbrew/Cellar/mkcert/1.2.0: 6 files, 4.3MB

Install Certificate Authority (CA).

$ mkcert -install

1	$ mkcert -install

Hasilnya

Created a new local CA at "/home/musa/.local/share/mkcert"
[sudo] password for musa: 
The local CA is now installed in the system trust store!
The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)!
The local CA is now installed in Java's trust store!

Created a new local CA at "/home/musa/.local/share/mkcert"

[sudo] password for musa:

The local CA is now installed in the system trust store!

The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)!

The local CA is now installed in Java's trust store!

Selanjutnya membuat certificate untuk localhost

$ mkcert localhost

1	$ mkcert localhost

Hasilnya

Using the local CA at "/home/musa/.local/share/mkcert"

Created a new certificate valid for the following names
 - "localhost"

The certificate is at "./localhost.pem" and the key at "./localhost-key.pem"

Using the local CA at "/home/musa/.local/share/mkcert"

Created a new certificate valid for the following names

- "localhost"

The certificate is at "./localhost.pem" and the key at "./localhost-key.pem"

Terdapat dua file yang dihasilkan, certificate localhost.pem dan key localhost-key.pem. Semuanya berada di folder tempat menjalankan perintah.

Konfigurasi Nginx untuk HTTPS

Install Nginx

$ sudo apt-get install nginx

1	$ sudo apt-get install nginx

Memindahkan certificate dan key.

$ sudo mv localhost.pem /etc/ssl/certs
$ sudo mv localhost-key.pem /etc/ssl/private

1 2	$ sudo mv localhost.pem /etc/ssl/certs $ sudo mv localhost-key.pem /etc/ssl/private

Konfigurasi server block localhost untuk port 443 (HTTPS).

$ sudo nano /etc/nginx/sites-available/default

1	$ sudo nano /etc/nginx/sites-available/default

Cari opsi certificate dan ubah seperti di bawah ini

# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/ssl/certs/localhost.pem;
ssl_certificate_key /etc/ssl/private/localhost-key.pem;

# SSL configuration

listen 443 ssl default_server;

listen [::]:443 ssl default_server;

ssl_certificate /etc/ssl/certs/localhost.pem;

ssl_certificate_key /etc/ssl/private/localhost-key.pem;

Start Nginx

$ sudo systemctl start nginx
$ sudo systemctl status nginx

1 2	$ sudo systemctl start nginx $ sudo systemctl status nginx

Pengujian

Akses https://localhost di browser, hasilnya seperti gambar di bawah ini.

Cara Install HTTPS di localhost Nginx — Mozilla Firefox – https localhost Nginx

HTTPS untuk Custom Server Block

Membuat certificate untuk virtualhost musaamin.oksip.

$ mkcert musaamin.oksip

1	$ mkcert musaamin.oksip

Hasilnya

Using the local CA at "/home/musa/.local/share/mkcert"

Created a new certificate valid for the following names
 - "musaamin.oksip"

The certificate is at "./musaamin.oksip.pem" and the key at "./musaamin.oksip-key.pem"

Using the local CA at "/home/musa/.local/share/mkcert"

Created a new certificate valid for the following names

- "musaamin.oksip"

The certificate is at "./musaamin.oksip.pem" and the key at "./musaamin.oksip-key.pem"

Memindahkan certificate.

$ sudo mv musaamin.oksip.pem /etc/ssl/certs 
$ sudo mv musaamin.oksip-key.pem /etc/ssl/private

1 2	$ sudo mv musaamin.oksip.pem /etc/ssl/certs $ sudo mv musaamin.oksip-key.pem /etc/ssl/private

Membuat folder untuk virtualhost musaamin.oksip.

$ sudo mkdir /var/www/html/musaamin.oksip

1	$ sudo mkdir /var/www/html/musaamin.oksip

Buat file index.html.

$ sudo nano /var/www/html/musaamin.oksip/index.html

1	$ sudo nano /var/www/html/musaamin.oksip/index.html

Isinya

musaamin.oksip

1	musaamin.oksip

Membuat konfigurasi server block di Nginx.

$ sudo nano /etc/nginx/sites-available/musaamin.oksip.conf

1	$ sudo nano /etc/nginx/sites-available/musaamin.oksip.conf

Isinya

server {
    listen 80;
    server_name musaamin.oksip www.musaamin.oksip; 

    root /var/www/html/musaamin.oksip;
    index index.html index.htm;

    location / {
            try_files $uri $uri/ =404;
    }        

    listen 443 ssl;
    ssl_certificate /etc/ssl/certs/musaamin.oksip.pem;
    ssl_certificate_key /etc/ssl/private/musaamin.oksip-key.pem

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }

    access_log /var/log/nginx/musaamin.oksip.access.log;
    error_log /var/log/nginx/musaamin.oksip.error.log;
}

server {

listen 80;

server_name musaamin.oksip www.musaamin.oksip;

root /var/www/html/musaamin.oksip;

index index.html index.htm;

location / {

try_files $uri $uri/ =404;

}

listen 443 ssl;

ssl_certificate /etc/ssl/certs/musaamin.oksip.pem;

ssl_certificate_key /etc/ssl/private/musaamin.oksip-key.pem

if ($scheme != "https") {

return 301 https://$host$request_uri;

}

access_log /var/log/nginx/musaamin.oksip.access.log;

error_log /var/log/nginx/musaamin.oksip.error.log;

}

Mengaktifkan server block musaamin.oksip.

$ sudo ln -s /etc/nginx/sites-available/musaamin.oksip.conf /etc/nginx/sites-enabled/
$ sudo systemctl restart
$ sudo systemctl status

$ sudo ln -s /etc/nginx/sites-available/musaamin.oksip.conf /etc/nginx/sites-enabled/

$ sudo systemctl restart

$ sudo systemctl status

Memasukkan host musaamin.oksip ke dalam konfigurasi hosts.

$ sudo nano /etc/hosts

1	$ sudo nano /etc/hosts

Tambahkan

127.0.0.1		musaamin.oksip

1	127.0.0.1 musaamin.oksip

Pengujian, akses http://musaamin.oksip, harus redirect ke https://musaamin.oksip sesuai dengan konfigurasi pada server block Nginx.

Selamat mencoba 🙂

One comment

Irfan Fauzi
12 February 2019 / 08:41 Reply
mas saya mau tanya
bisakah tutorial ini saya terapin di server local saya yang dimana server tersebut di panggil via IP privat.?
di office saya punya server local bigbluebutton v2.0, di setting menggunakan ip privat (192.168.1.10) tapi untuk bisa mengakses audio n videonya harus pke ssl/HTTPS..
apa localhostnya saya udah dengan IP kali ya..?

Cara Install HTTPS di localhost Nginx

Install HTTPS di localhost (Nginx) Linux

Install brew

Install mkcert

Konfigurasi Nginx untuk HTTPS

Pengujian

HTTPS untuk Custom Server Block

How to Deploy Rust Web Application on Ubuntu

Cara Deploy Rust Web App di Ubuntu

How to Deploy Go Web Application on Ubuntu

Cara Deploy Go Web App di Ubuntu

How to Install Directus on Ubuntu 24.04

Cara Install aaPanel Hosting Control Panel

Cara Setting Load Balancing dengan Nginx

Cara Install CKAN untuk Open Data Portal di Ubuntu 20.04

Review VPS Vultr • Gratis Saldo $100

Cara Install dan Setting DNS Server di CentOS 7 pada Jaringan LAN

One comment

Leave a ReplyCancel Reply