Panduan kali ini merupakan kelanjutan dari panduan sebelumnya tentang bagaimana cara instalasi Magento Pada CentOS 7.

Sebelum memasang SSL pada Magento, Anda perlu mengetahui terlebih dahulu web server yang Anda gunakan, disini saya menggunakan Nginx.

SSL yang akan saya gunakan saat ini yaitu SSL Let’s Encrypt dari certbot

Tahapan Instalasi SSL Let’s Encrypt

Pertama yang harus Anda lakukan yaitu mengakses server web magento Anda terlebih dahulu, kemudian jalankan perintah berikut

[[email protected] ~]# yum -y install yum-utils

Instalasi certbot dengan cara menjalankan perintah berikut

[[email protected] ~]#
[[email protected] ~]# yum install certbot python2-certbot-nginx -y

Jika sudah, silakan jalankan perintah berikut, untuk instalasi certbot ke domain utama (magento) Anda

[[email protected] ~]#
[[email protected] ~]# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Starting new HTTPS connection (1): supporters.eff.org

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: hamim.web.id
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for hamim.web.id
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/magento.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/magento.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://hamim.web.id

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=hamim.web.id
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/hamim.web.id/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/hamim.web.id/privkey.pem
   Your cert will expire on 2020-02-22. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 - We were unable to subscribe you the EFF mailing list because your
   e-mail address appears to be invalid. You can try again later by
   visiting https://act.eff.org.
[[email protected] ~]# 

Certbot akan membuat secara otomatis untuk konfigurasi SSL di virtualblock Nginx Anda sebagai berikut

[[email protected] ~]#
[[email protected] ~]# cat /etc/nginx/conf.d/magento.conf 
upstream fastcgi_backend {
  server unix:/run/php-fpm/php-fpm.sock;
}

server {
  server_name hamim.web.id;
  set $MAGE_ROOT /usr/share/nginx/html/magento2;
  include /usr/share/nginx/html/magento2/nginx.conf.sample;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/hamim.web.id/fullchain.pem; # managed by Certbot  
    ssl_certificate_key /etc/letsencrypt/live/hamim.web.id/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = hamim.web.id) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



  listen 80;
  server_name hamim.web.id;
    return 404; # managed by Certbot


}[[email protected] ~]#

Selanjutnya setup auto renewal SSL Lets encryp dengan cara membuat cron job, silakan jalankan perintah berikut

[[email protected] ~]# echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/null
[[email protected] ~]#

Saat ini domain hamim.web.id (Magento) telah terpasang SSL Lets encrypt sebagai berikut

Namun disaat Anda ingin login ke Admin Magento maka Magento tidak dapat diakses dan akan muncul pesan error sebagai berikut

Bagaimana cara mengatasinya?

Cara mengatasinya Anda dapat menyesuaikan base URL di sisi database Magento Anda, karena sebelumnya base URL yang digunakan yaitu protokol HTTP bukan HTTPS, berikut tahapannya.

Pertama silakan login ke server database Magento Anda, dan login ke root database Anda,

[[email protected] ~]# 
[[email protected] ~]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 701
Server version: 5.6.46 MySQL Community Server (GPL)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.  

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Lihat databases Magento Anda,

mysql> show databases;
+--------------------+  
| Database           |  
+--------------------+  
| information_schema |  
| magento            |  
| mysql              |  
| performance_schema |  
+--------------------+  
4 rows in set (0.00 sec)

mysql>

Akses database Magento,

mysql> use magento;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A    

Database changed
mysql>

Jalankan perintah berikut untuk melihat base url Magento,

mysql>
mysql> select * from core_config_data;
+-----------+---------+----------+-------------------------------------------------------------+-------------------------------------------+---------------------+
| config_id | scope   | scope_id | path                                                        | value                                     | updated_at          |
+-----------+---------+----------+-------------------------------------------------------------+-------------------------------------------+---------------------+
|         1 | default |        0 | web/seo/use_rewrites                                        | 1                                         | 2019-11-24 12:19:25 |
|         2 | default |        0 | web/unsecure/base_url                                       | http://hamim.web.id/                      | 2019-11-24 12:19:26 |
|         3 | default |        0 | web/secure/base_url                                         | https://hamim.web.id/                     | 2019-11-24 12:19:26 |
|         4 | default |        0 | general/locale/code                                         | en_US                                     | 2019-11-24 12:19:27 |
|         5 | default |        0 | web/secure/use_in_frontend                                  | NULL                                      | 2019-11-24 12:19:27 |
|         6 | default |        0 | web/secure/use_in_adminhtml                                 | NULL                                      | 2019-11-24 12:19:28 |
|         7 | default |        0 | general/locale/timezone                                     | UTC                                       | 2019-11-24 12:19:29 |
|         8 | default |        0 | currency/options/base                                       | IDR                                       | 2019-11-24 12:19:30 |
|         9 | default |        0 | currency/options/default                                    | IDR                                       | 2019-11-24 12:19:30 |
|        10 | default |        0 | currency/options/allow                                      | IDR                                       | 2019-11-24 12:19:31 |
|        11 | default |        0 | general/region/display_all                                  | 1                                         | 2019-11-24 12:19:41 |
|        12 | default |        0 | general/region/state_required                               | AT,BR,CA,CH,EE,ES,FI,LT,LV,RO,US,HR,IN,AU | 2019-11-24 12:19:43 |
|        13 | default |        0 | catalog/category/root_id                                    | 2                                         | 2019-11-24 12:19:51 |
|        14 | default |        0 | payment/authorizenet_acceptjs/cctypes                       | AE,VI,MC,DI,JCB,DN                        | 2019-11-24 12:20:00 |
|        15 | default |        0 | payment/authorizenet_acceptjs/order_status                  | processing                                | 2019-11-24 12:20:00 |
|        16 | default |        0 | payment/authorizenet_acceptjs/payment_action                | authorize                                 | 2019-11-24 12:20:00 |
|        17 | default |        0 | payment/authorizenet_acceptjs/currency                      | USD                                       | 2019-11-24 12:20:00 |
|        18 | default |        0 | analytics/subscription/enabled                              | 1                                         | 2019-11-24 12:20:00 |
|        19 | default |        0 | crontab/default/jobs/analytics_subscribe/schedule/cron_expr | 0 * * * *                                 | 2019-11-24 12:20:00 |
|        20 | default |        0 | system/full_page_cache/varnish/access_list                  | localhost                                 | 2019-11-24 12:54:37 |
|        21 | default |        0 | system/full_page_cache/varnish/backend_host                 | localhost                                 | 2019-11-24 12:54:37 |
|        22 | default |        0 | system/full_page_cache/varnish/backend_port                 | 8080                                      | 2019-11-24 12:54:37 |
|        23 | default |        0 | system/full_page_cache/varnish/grace_period                 | 300                                       | 2019-11-24 12:54:37 |
+-----------+---------+----------+-------------------------------------------------------------+-------------------------------------------+---------------------+
23 rows in set (0.00 sec)

mysql>

Silakan ubah web/unsecure/base_url yang masih menggunakan protokol http ubah menjadi https dengan cara menjalankan perintah

mysql> update core_config_data set value = 'https://hamim.web.id' where path = 'web/unsecure/base_url';
Query OK, 1 row affected (0.01 sec)     
Rows matched: 1  Changed: 1  Warnings: 0

mysql>

Hasilnya saat ini sudah menggunakan protokol https semua sebagai berikut:

mysql> select * from core_config_data;
+-----------+---------+----------+-------------------------------------------------------------+-------------------------------------------+---------------------+
| config_id | scope   | scope_id | path                                                        | value                                     | updated_at          |
+-----------+---------+----------+-------------------------------------------------------------+-------------------------------------------+---------------------+
|         1 | default |        0 | web/seo/use_rewrites                                        | 1                                         | 2019-11-24 12:19:25 |
|         2 | default |        0 | web/unsecure/base_url                                       | https://hamim.web.id                      | 2019-11-24 13:53:42 |
|         3 | default |        0 | web/secure/base_url                                         | https://hamim.web.id/                     | 2019-11-24 12:19:26 |
|         4 | default |        0 | general/locale/code                                         | en_US                                     | 2019-11-24 12:19:27 |
|         5 | default |        0 | web/secure/use_in_frontend                                  | NULL                                      | 2019-11-24 12:19:27 |
|         6 | default |        0 | web/secure/use_in_adminhtml                                 | NULL                                      | 2019-11-24 12:19:28 |
|         7 | default |        0 | general/locale/timezone                                     | UTC                                       | 2019-11-24 12:19:29 |
|         8 | default |        0 | currency/options/base                                       | IDR                                       | 2019-11-24 12:19:30 |
|         9 | default |        0 | currency/options/default                                    | IDR                                       | 2019-11-24 12:19:30 |
|        10 | default |        0 | currency/options/allow                                      | IDR                                       | 2019-11-24 12:19:31 |
|        11 | default |        0 | general/region/display_all                                  | 1                                         | 2019-11-24 12:19:41 |
|        12 | default |        0 | general/region/state_required                               | AT,BR,CA,CH,EE,ES,FI,LT,LV,RO,US,HR,IN,AU | 2019-11-24 12:19:43 |
|        13 | default |        0 | catalog/category/root_id                                    | 2                                         | 2019-11-24 12:19:51 |
|        14 | default |        0 | payment/authorizenet_acceptjs/cctypes                       | AE,VI,MC,DI,JCB,DN                        | 2019-11-24 12:20:00 |
|        15 | default |        0 | payment/authorizenet_acceptjs/order_status                  | processing                                | 2019-11-24 12:20:00 |
|        16 | default |        0 | payment/authorizenet_acceptjs/payment_action                | authorize                                 | 2019-11-24 12:20:00 |
|        17 | default |        0 | payment/authorizenet_acceptjs/currency                      | USD                                       | 2019-11-24 12:20:00 |
|        18 | default |        0 | analytics/subscription/enabled                              | 1                                         | 2019-11-24 12:20:00 |
|        19 | default |        0 | crontab/default/jobs/analytics_subscribe/schedule/cron_expr | 0 * * * *                                 | 2019-11-24 12:20:00 |
|        20 | default |        0 | system/full_page_cache/varnish/access_list                  | localhost                                 | 2019-11-24 12:54:37 |
|        21 | default |        0 | system/full_page_cache/varnish/backend_host                 | localhost                                 | 2019-11-24 12:54:37 |
|        22 | default |        0 | system/full_page_cache/varnish/backend_port                 | 8080                                      | 2019-11-24 12:54:37 |
|        23 | default |        0 | system/full_page_cache/varnish/grace_period                 | 300                                       | 2019-11-24 12:54:37 |
+-----------+---------+----------+-------------------------------------------------------------+-------------------------------------------+---------------------+
23 rows in set (0.00 sec)

Langkah selanjutnya yaitu login ke server web Magento dan silakan clear cache pada Magento sebagai berikut

[[email protected] ~]# 
[[email protected] ~]# cd /usr/share/nginx/html/magento2/
[[email protected] magento2]# 
[[email protected] magento2]# php bin/magento cache:clean
Cleaned cache types:
config
layout
block_html
collections
reflection
db_ddl
eav
customer_notification
config_integration
config_integration_api
full_page
config_webservice
translate
[[email protected] magento2]#

Hasilnya saat ini Admin Magento sudah dapat diakses dengan normal kembali.

Silakan coba login terlebih dahulu ke Admin Magento Anda sebagai berikut

Saat ini instalasi SSL telah berhasi. Sekian panduan terkait installasi SSL Lets entcryp pada Megento 2 Di CentOS 7.

See You >.<