G. Instalasi dan konfigurasi WEB Server

 

  1. Prerequisites (Prasyarat)
    1. Topologi Jaringan

      Gambar Topologi Jaringan

       

    2. Konfigurasi Server dan Client

      Konfigurasi Server :
      --------------------------------------------------
      - Sistem Operasi        : Linux Debian (10/11)
      - IP Address NIC 1      : DHCP Internet
      - Gateway               : DHCP Internet
      
      - Hostname              : ns100             (Gantilah angka 100 dengan nomer absen anda masing-masing)
      - Domain                : sekolah100.sch.id (Gantilah angka 100 dengan nomer absen anda masing-masing)
      - IP Address NIC 2      : 192.168.100.1/24  (Gantilah angka 100 dengan nomer absen anda masing-masing)
      
      
      Konfigurasi Client :
      --------------------------------------------------
      - Sistem Operasi        : Windows
      - IP Address            : DHCP

     

  2. Seting Server

      1. DHCP Server

        Pastikan instalasi dan konfigurasi DHCP server sudah berjalan dengan baik

      2. DNS Server

        Pastikan instalasi dan konfigurasi DNS server sudah berjalan dengan baik

     

    1. Instalasi dan Konfigurasi Web Server

      • Install paket Web Server

        Login sebagai user root

        login as: root
        This email address is being protected from spambots. You need JavaScript enabled to view it..1's password:
        
        Linux ns100 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2022-01-12) x86_64
        
        The programs included with the Debian GNU/Linux system are free software;
        the exact distribution terms for each program are described in the
        individual files in /usr/share/doc/*/copyright.

         

        Lakukan update dan upgrade debian Buster

        root@ns100:~# apt update
        Get:1 http://mirror.smkn1klaten.sch.id/debian buster InRelease [122 kB]
        Get:2 http://mirror.smkn1klaten.sch.id/debian buster-updates InRelease [51.9 kB]
        Get:3 http://mirror.smkn1klaten.sch.id/debian-security buster/updates InRelease [65.4 kB]
        Ign:7 http://mirror.smkn1klaten.sch.id/debian buster/main amd64 Packages
        Fetched 23.0 MB in 15s (1,528 kB/s)
        Reading package lists... Done
        Building dependency tree
        Reading state information... Done
        25 packages can be upgraded. Run 'apt list --upgradable' to see them.
        N: Repository 'http://mirror.smkn1klaten.sch.id/debian buster InRelease' changed its 'Version' value from '10.10' to '10.11'
        N: Repository 'http://mirror.smkn1klaten.sch.id/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
        N: Repository 'http://mirror.smkn1klaten.sch.id/debian buster-updates InRelease' changed its 'Suite' value from 'stable-updates' to 'oldstable-updates'
        N: Repository 'http://mirror.smkn1klaten.sch.id/debian-security buster/updates I nRelease' changed its 'Suite' value from 'stable' to 'oldstable'
        

         

        root@ns100:~# apt upgrade  
        Reading package lists... Done
        Building dependency tree
        Reading state information... Done
        Calculating upgrade... Done
        The following NEW packages will be installed:
          linux-image-4.19.0-18-amd64
        The following packages will be upgraded:
          base-files bind9 bind9-host bind9utils debconf debconf-i18n distro-info-data dnsutils krb5-locales
          libbind9-161 libdns-export1104 libdns1104 libgssapi-krb5-2 libicu63 libirs-export161 libirs161
          libisc-export1100 libisc1100 libisccc161 libisccfg-export163 libisccfg163 libk5crypto3 libkrb5-3
          libkrb5support0 liblwres161 libssl1.1 linux-image-amd64 openssl python3-debconf tzdata
        30 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
        Need to get 67.1 MB of archives.
        After this operation, 270 MB of additional disk space will be used.
        Do you want to continue? [Y/n] y
        Get:1 http://mirror.smkn1klaten.sch.id/debian buster/main amd64 base-files amd64 10.3+deb10u11 [69.9 kB]
        Get:2 http://mirror.smkn1klaten.sch.id/debian buster/main amd64 debconf-i18n all 1.5.71+deb10u1 [206 kB]
        Get:3 http://mirror.smkn1klaten.sch.id/debian buster/main amd64 python3-debconf all 1.5.71+deb10u1 [4,028 B]
        Preparing to unpack .../17-krb5-locales_1.17-3+deb10u3_all.deb ...
        Unpacking distro-info-data (0.41+deb10u4) over (0.41+deb10u3) ...
        Preparing to unpack .../19-libisc-export1100_1%3a9.11.5.P4+dfsg-5.1+deb10u6_amd64.deb ...
        Unpacking libisc-export1100:amd64 (1:9.11.5.P4+dfsg-5.1+deb10u6) over (1:9.11.5.P4+dfsg-5.1+deb10u5) ...
        
        Progress: [ 48%] [#########################################.............................................]
        Setting up bind9 (1:9.11.5.P4+dfsg-5.1+deb10u6) ...
        bind9-pkcs11.service is a disabled or a static unit not running, not starting it.
        bind9-resolvconf.service is a disabled or a static unit not running, not starting it.
        Processing triggers for libc-bin (2.28-10) ...
        root@ns100:~#
        

         

        Instal paket Web server

        root@ns100:~# apt install apache2 php
        Reading package lists... Done
        Building dependency tree
        Reading state information... Done
        The following package was automatically installed and is no longer required:
          linux-image-4.19.0-11-amd64
        Use 'apt autoremove' to remove it.
        The following additional packages will be installed:
          apache2-bin apache2-data apache2-utils libapache2-mod-php7.3 libapr1
          php7.3-common php7.3-json php7.3-opcache php7.3-readline psmisc ssl-cert
        0 upgraded, 24 newly installed, 0 to remove and 0 not upgraded.
        Need to get 7,266 kB of archives.
        After this operation, 28.2 MB of additional disk space will be used.
        Do you want to continue? [Y/n] y
        Get:1 http://mirror.smkn1klaten.sch.id/debian buster/main amd64 libapr1 amd64 1.6.5-1+b1 [102 kB]
        Get:2 http://mirror.smkn1klaten.sch.id/debian buster/main amd64 libaprutil1 amd64 1.6.1-4 [91.8 kB]
        Creating config file /etc/php/7.3/mods-available/readline.ini with new version
        Setting up apache2-bin (2.4.38-3+deb10u7) ...
        update-alternatives: using /usr/bin/phar.phar7.3 to provide /usr/bin/phar.phar (phar.phar) in auto mode
        Creating config file /etc/php/7.3/cli/php.ini with new version
        
        Progress: [ 90%] [#############################################################################.........]
        Creating config file /etc/php/7.3/apache2/php.ini with new version
        Module mpm_event disabled.
        Enabling module mpm_prefork.
        apache2_switch_mpm Switch to prefork
        Setting up php7.3 (7.3.31-1~deb10u1) ...
        Setting up php (2:7.3+69) ...
        Processing triggers for man-db (2.8.5-2) ...
        Processing triggers for libc-bin (2.28-10) ...
        root@ns100:~#
        

         

      • Konfigurasi HTTP

        Seting VirtualHost

        root@ns100:~# cd /etc/apache2/sites-available/
        
        root@ns100:/etc/apache2/sites-available# ls
        000-default.conf  default-ssl.conf
        
        root@ns100:/etc/apache2/sites-available# cp 000-default.conf sekolah100.conf
        

         

                                    
        root@ns100:/etc/apache2/sites-available# nano sekolah100.conf
        
        < *:80>
                # The ServerName directive sets the request scheme, hostname and port that
                # value is not decisive as it is used as a last resort host regardless.
                # However, you must set it for any further virtual host explicitly.
                #ServerName www.example.com
        
                ServerName sekolah100.sch.id
                ServerAlias www.sekolah100.sch.id
                ServerAdmin This email address is being protected from spambots. You need JavaScript enabled to view it.
                DocumentRoot /var/www/html/http
        
                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # modules, e.g.
                #LogLevel info ssl:warn
        
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
        
                # For most configuration files from conf-available/, which are
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf
        </VirtualHost>
        
        # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
        
        

        Jangan lupa untuk menyimpan perubahan konfigurasi dengan menekan Ctrl+x kemudian tekan y lalu Enter

        root@ns100:/etc/apache2/sites-available# mkdir /var/www/html/http
        
        root@ns100:/etc/apache2/sites-available# nano /var/www/html/http/index.html
        
        <p><h1>HTTP</h1></p>
        <p><h2>http://192.168.100.1</h2></p>
        <p><h2>http://sekolah100.sch.id</h2></p>
          
        
        root@ns100:/etc/apache2/sites-available# a2dissite 000-default.conf
        Site 000-default disabled.
        To activate the new configuration, you need to run:
          systemctl reload apache2
        
        root@ns100:/etc/apache2/sites-available# a2ensite sekolah100.conf
        Enabling site sekolah100.
        To activate the new configuration, you need to run:
          systemctl reload apache2
        
        root@ns100:/etc/apache2/sites-available# /etc/init.d/apache2 restart
        [ ok ] Restarting apache2 (via systemctl): apache2.service.
        

       

      • Pengujian Web Server (HTTP) di client

        Gbr.06 Web Server (HTTP)mengunakan IP Address

         

        Gbr.07 Web Server (HTTP)mengunakan Nama Domain

         

      • Konfigurasi HTTPS

        root@ns100:/etc/apache2/sites-available# cd /etc/ssl/private/
        
        root@ns100:/etc/ssl/private# openssl genrsa -aes128 -out sekolah100.key 2048
        Generating RSA private key, 2048 bit long modulus (2 primes)
        ........................................................................+++++
        ...................................+++++
        e is 65537 (0x010001)
        Enter pass phrase for sekolah100.key: root123
        Verifying - Enter pass phrase for sekolah100.key: root123
        
        root@ns100:/etc/ssl/private# openssl rsa -in sekolah100.key -out sekolah100.key
        Enter pass phrase for sekolah100.key: root123
        writing RSA key
        
        root@ns100:/etc/ssl/private# openssl req -new -days 365 -key sekolah100.key -out sekolah100.csr
        Ignoring -days; not generating a certificate
        You are about to be asked to enter information that will be incorporated
        into your certificate request.
        What you are about to enter is what is called a Distinguished Name or a DN.
        There are quite a few fields but you can leave some blank
        For some fields there will be a default value,
        If you enter '.', the field will be left blank.
        -----
        Country Name (2 letter code) [AU]:ID
        State or Province Name (full name) [Some-State]:JAWA TENGAH
        Locality Name (eg, city) []:KLATEN
        Organization Name (eg, company) [Internet Widgits Pty Ltd]:SMKN 1 KLATEN
        Organizational Unit Name (eg, section) []:TKJ
        Common Name (e.g. server FQDN or YOUR name) []:sekolah100.sch.id
        Email Address []:This email address is being protected from spambots. You need JavaScript enabled to view it.
        
        Please enter the following 'extra' attributes
        to be sent with your certificate request
        A challenge password []:Tekan Enter saja
        An optional company name []:Tekan Enter saja
        
        root@ns100:/etc/ssl/private# openssl x509 -in sekolah100.csr -out sekolah100.crt -req -signkey sekolah100.key -days 365
        Signature ok
        subject=C = ID, ST = JAWA TENGAH, L = KLATEN, O = SMKN 1 KLATEN, OU = TKJ, CN = sekolah100.sch.id, emailAddress = This email address is being protected from spambots. You need JavaScript enabled to view it.
        Getting Private key
        
        root@ns100:/etc/ssl/private# chmod 400 sekolah100.*
        
        root@ns100:/etc/ssl/private# cd /etc/apache2/sites-available/
        
        root@ns100:/etc/apache2/sites-available# ls
        000-default.conf  default-ssl.conf  sekolah100.conf
        
        root@ns100:/etc/apache2/sites-available# cp default-ssl.conf sekolah100-ssl.conf
        
        root@ns100:/etc/apache2/sites-available# nano sekolah100-ssl.conf
        < mod_ssl.c>
                < _default_:443>
                
                        ServerAdmin This email address is being protected from spambots. You need JavaScript enabled to view it.
                        ServerName sekolah100.sch.id
                        ServerAlias www.sekolah100.sch.id
                        
                        DocumentRoot /var/www/html/https
        
                        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                        # error, crit, alert, emerg.
        
                        #   SSL Engine Switch:
                        #   Enable/Disable SSL for this virtual host.
                        SSLEngine on
        
                        #   A self-signed (snakeoil) certificate can be created by installing
                        #   the ssl-cert package. See
                        #   /usr/share/doc/apache2/README.Debian.gz for more info.
                        #   If both key and certificate are stored in the same file, only the
                        #   SSLCertificateFile directive is needed.
                        #SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
                        #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        
                        SSLCertificateFile      /etc/ssl/private/sekolah100.crt
                        SSLCertificateKeyFile /etc/ssl/private/sekolah100.key
        
                        #   SSL Protocol Adjustments:
                        #               downgrade-1.0 force-response-1.0
        
                </VirtualHost>
        </IfModule>
        
        # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
        
        root@ns100:/etc/apache2/sites-available# mkdir /var/www/html/https
        
        root@ns100:/etc/apache2/sites-available# nano /var/www/html/https/index.html
        
        <p></p>
        <div align="center">
          <p>ini adalah halaman HTTPS</p>
          <p><h1><marquee>HTTPS</marquee></h1></p>
          <p><h2>https://192.168.100.1</h2></p>
          <p><h2>https://sekolah100.sch.id</h2></p>
        </div>
        
        
        root@ns100:/etc/apache2/sites-available# a2enmod ssl
        Considering dependency setenvif for ssl:
        Module setenvif already enabled
        Considering dependency mime for ssl:
        Module mime already enabled
        Considering dependency socache_shmcb for ssl:
        Enabling module socache_shmcb.
        Enabling module ssl.
        See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
        To activate the new configuration, you need to run:
          systemctl restart apache2
        
        root@ns100:/etc/apache2/sites-available# a2ensite sekolah100-ssl.conf
        Enabling site sekolah100-ssl.
        To activate the new configuration, you need to run:
          systemctl reload apache2
        
        root@ns100:/etc/apache2/sites-available# /etc/init.d/apache2 restart
        [ ok ] Restarting apache2 (via systemctl): apache2.service.
        

         

      • Pengujian Web Server (HTTPS) di client

        Gbr.08 Web Server (HTTPS) mengunakan IP Address

         

        Gbr.09 Web Server (HTTPS)mengunakan mengunakan IP Address

         

        Gbr.10 Web Server (HTTPS)mengunakan mengunakan IP Address

         

        Gbr.11 Web Server (HTTPS)mengunakan mengunakan IP Address

         

        Gbr.12 Web Server (HTTPS)mengunakan Nama Domain

         

    2. Kesimpulan

      Selamat! akhirnya kita telah belajar dan berhasil melakukan instalasi dan konfigurasi Web Server (HTTP dan HTTPS)