Belajar Membuat Web Server Sederhana dan Virtual Hosting

Web Server

Web Server adalah sebuah perangkat Lunak server yang berfungsi menerima permintaan HTTP atau HTTPS dari klien yang dikenal dengan Browser Web HTML. Web Server yang terkenal diantaranya adalah Apache dan Microsoft Internet Information Service (IIS). Apache merupakan server web antar platform, sedangkan IIS hanya dapat beroperasi di sistem operasi windows. dan mengirimkan kembali hasilnya dalam bentuk halaman-halaman web yang umumnya berbentuk dokumen

Virtual hosting

Virtual hosting adalah sebuah metode untuk hosting beberapa nama domain alamt IP . Hal ini memungkinkan satu mesin untuk berbagi sumber daya, seperti siklus memori dan prosesor, menggunakan sumber daya yang lebih efisien.

Membuat Web Server

Pada tutorial ini kita akan membuat web Server sederhana pada linux Ubuntu 9.10 dan menggunakan aplikasi Apache2.

Sebelum mulai untuk membuat web server, pastikan bahwa DNS dan apache2 telah terisnstall dengan baik pada ubuntu 9.10 kita. jika DNS belum dibuat anda bisa melihat tutorialnya disini. untuk mengecek apakah apache2 sudah terinstall atau belum gunakan perintah dpkg -l | grep apache. Jika apache2 belum terinstall gunakan perintah ini apt-get install apache2.

Proses selanjutnya adalah mengedit tampilan file index.html. file ini merupakan tampilan yang akan muncul ketika ketika mengakses alamt localhost. dengan merubah ini dari file ini kita bisa merubah tampilannya. caranya : ketik Nano /var/www/index.html.

file ini berisi script HTML, jadi harus dirubah dengan script HTML juga. jika anda menguasai pemograman HTML, anda bisa membuat tampilan yang lebih bagus lagi.

untuk melihat hasilnya, buka browser anda kemudian masukkan  alamat berikuthttp://www.diono.com/ ( ini alamat dns yang sudah saya buat )

selanjutnya kita akan membuat sub dari web kita. pertama, kita buat dulu folder di dalam folder /var/www/coba (coba adalah folder yang kita tambahkan ). caranyamkdir /var/www/coba. Kemudian edit file index.html di folder tersebut, caranyanano /var/www/coba/index.html.

untuk melihat hasilnya, pada browser anda ketikkan http://www.diono.com/coba. hasilnya

Membuat Virtual Hosting

  • untuk membuat virtual hosting, pertama kita rubah isi pada folder nano /etc/bind/db.diono.com. pada file tersebut tambahkan nama virtual hosting yang diinginkan beserta IPnya ( sama dengan IP DNS ).
  • kemudian menambahkan directory baru di /var/www dengan cara : mkdir /var/www/diono
  • selanjutnya  copy file yang berada di /etc/apache2/sites-available/default /etc/apache2/sites-available/diono dengan cara ;
    sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/diono
  • Edit file tersebut  dengan cara :
    nano /etc/apache2/sites-available/diono. Pada folder tersebut akan muncul tampilan seperti di bawah. lakukan pengubahan pada bagian yang di cetak tebal

ServerAdmin webmaster@localhost
ServerName diono.com
DocumentRoot /var/www/labjartel

Options FollowSymLinks
AllowOverride None

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all

lalu simpan.

  • kemudian aktifkan file konfigurasi virtual host tersebut dengan cara : a2ensite diono
  • restart apache dengan perintah : /etc/init.d/apache2 restart
  • untuk melihat hasilnya, pada browser masukkan alamat ini :http://diono.diono.com/

hasilnya

HTTPS

https adalah versi aman dari HTTP, protokol komunikasi dari world wide web. Ditemukan oleh netscape Communications Corporation untuk menyediakan autentikasi dan komunikasi tersandi dan penggunaan dalam komersi elektris.

Selain menggunakan komunikasi plain text, HTTPS menyandikan data sesi menggunakan protokol SSL (secure socket layer) atau protokol TLS (transport layer security). Kedua protokol tersebut memberikan perlindungan yang memadai dari serangan eavesdroppers, dan man in the middle attacks. Pada umumnya port HTTPS adalah 443.

Tingkat keamanan tergantung pada ketepatan dalam mengimplementasikan pada browser web dan perangkat lunak server dan didukung oleh algorithma penyandian yang aktual.

Konfigurasi HTTPS pada Ubuntu 9.10

HTTPS menyandikan data sesi menggunakan protokol SSL (secure socket layer) atau protokol TLS (transport layer security). Di sini protokol yang digunakan adalah SSL. Pertama kita harus pastikan DNS kita bisa digunakan. Di sini saya menggunakan DNShttp://www.ria.com. setelah itu Kita Konfigurasi protokol SSL

  • aktifkan modul SSL dengan perintah : a2enmod ssl
  • restart Apache : /etc/init.d/apache2 restart
  • kemudian buat direktory pada /var/www/http://www.ria.com dengan perintah :mkdir /var/www/http://www.ria.com
  • apache memiliki default template pada SSL nya. kita copy default template tersebut dari /etc/apache2/sites-available/default-ssl sebagai template DNS kita http://www.ria.com caranya : cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/http://www.ria.com-ssl
  • edit isi /etc/apache2/sites-available/http://www.ria.com-ssl
pada bagian virtualhost masukkan IP DNS kita
ubah juga pada bagian serveradmin, server name dan document rootnya berdasarkan konfigurasi yang telah dilakukan.
<IfModule mod_ssl.c>
<VirtualHost xxx.xxx.xxx.xxx:443>
        ServerAdmin webmaster@ria.com
        ServerName www.ria.com:443
        DocumentRoot /var/www/www.ria.com
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/www.hostmauritius.com/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
        ErrorLog /var/log/apache2/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog /var/log/apache2/ssl_access.log combined
        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                Order deny,allow
                Deny from all
                Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the
        #   concatenation of PEM encoded CA certificates which form the
        #   certificate chain for the server certificate. Alternatively
        #   the referenced file can be the same as SSLCertificateFile
        #   when the CA certificates are directly appended to the server
        #   certificate for convinience.
        #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
        #   Certificate Authority (CA):
        #   Set the CA certificate verification path where to find CA
        #   certificates for client authentication or alternatively one
        #   huge file containing all of them (file must be PEM encoded)
        #   Note: Inside SSLCACertificatePath you need hash symlinks
        #         to point to the certificate files. Use the provided
        #         Makefile to update the hash symlinks after changes.
        #SSLCACertificatePath /etc/ssl/certs/
        #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
        #   Certificate Revocation Lists (CRL):
        #   Set the CA revocation path where to find CA CRLs for client
        #   authentication or alternatively one huge file containing all
        #   of them (file must be PEM encoded)
        #   Note: Inside SSLCARevocationPath you need hash symlinks
        #         to point to the certificate files. Use the provided
        #         Makefile to update the hash symlinks after changes.
        #SSLCARevocationPath /etc/apache2/ssl.crl/
        #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
        #   Client Authentication (Type):
        #   Client certificate verification type and depth.  Types are
        #   none, optional, require and optional_no_ca.  Depth is a
        #   number which specifies how deeply to verify the certificate
        #   issuer chain before deciding the certificate is not valid.
        #SSLVerifyClient require
        #SSLVerifyDepth  10
        #   Access Control:
        #   With SSLRequire you can do per-directory access control based
        #   on arbitrary complex boolean expressions containing server
        #   variable checks and other lookup directives.  The syntax is a
        #   mixture between C and Perl.  See the mod_ssl documentation
        #   for more details.
        #<Location />
        #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
        #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
        #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
        #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
        #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
        #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
        #</Location>
        #   SSL Engine Options:
        #   Set various options for the SSL engine.
        #   o FakeBasicAuth:
        #     Translate the client X.509 into a Basic Authorisation.  This means that
        #     the standard Auth/DBMAuth methods can be used for access control.  The
        #     user name is the `one line' version of the client's X.509 certificate.
        #     Note that no password is obtained from the user. Every entry in the user
        #     file needs this password: `xxj31ZMTZzkVA'.
        #   o ExportCertData:
        #     This exports two additional environment variables: SSL_CLIENT_CERT and
        #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
        #     server (always existing) and the client (only existing when client
        #     authentication is used). This can be used to import the certificates
        #     into CGI scripts.
        #   o StdEnvVars:
        #     This exports the standard SSL/TLS related `SSL_*' environment variables.
        #     Per default this exportation is switched off for performance reasons,
        #     because the extraction step is an expensive operation and is usually
        #     useless for serving static content. So one usually enables the
        #     exportation for CGI and SSI requests only.
        #   o StrictRequire:
        #     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
        #     under a "Satisfy any" situation, i.e. when it applies access is denied
        #     and no other module can change it.
        #   o OptRenegotiate:
        #     This enables optimized SSL connection renegotiation handling when SSL
        #     directives are used in per-directory context.
        #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
        #   SSL Protocol Adjustments:
        #   The safe and default but still SSL/TLS standard compliant shutdown
        #   approach is that mod_ssl sends the close notify alert but doesn't wait for
        #   the close notify alert from client. When you need a different shutdown
        #   approach you can use one of the following variables:
        #   o ssl-unclean-shutdown:
        #     This forces an unclean shutdown when the connection is closed, i.e. no
        #     SSL close notify alert is send or allowed to received.  This violates
        #     the SSL/TLS standard but is needed for some brain-dead browsers. Use
        #     this when you receive I/O errors because of the standard approach where
        #     mod_ssl sends the close notify alert.
        #   o ssl-accurate-shutdown:
        #     This forces an accurate shutdown when the connection is closed, i.e. a
        #     SSL close notify alert is send and mod_ssl waits for the close notify
        #     alert of the client. This is 100% SSL/TLS standard compliant, but in
        #     practice often causes hanging connections with brain-dead browsers. Use
        #     this only for browsers where you know that their SSL implementation
        #     works correctly.
        #   Notice: Most problems of broken clients are also related to the HTTP
        #   keep-alive facility, so you usually additionally want to disable
        #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
        #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
        #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
        #   "force-response-1.0" for this.
        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>

Referensi ke 1

Referensi ke 2

 

Iklan

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google+

You are commenting using your Google+ account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

w

Connecting to %s