{"id":8019,"date":"2024-06-01T17:16:18","date_gmt":"2024-06-01T14:16:18","guid":{"rendered":"https:\/\/sunucucozumleri.com\/?p=8019"},"modified":"2024-06-01T17:16:18","modified_gmt":"2024-06-01T14:16:18","slug":"084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi","status":"publish","type":"post","link":"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/","title":{"rendered":"084 &#8211; NGINX ile SSL\/TLS Sertifikas\u0131 Kurulumu ve G\u00fcvenli Web Sunucusu Yap\u0131land\u0131rmas\u0131"},"content":{"rendered":"<p>Web sitenizin g\u00fcvenli\u011fi, kullan\u0131c\u0131lar\u0131n\u0131z\u0131n verilerini korumak ve arama motorlar\u0131nda daha y\u00fcksek s\u0131ralamalar elde etmek i\u00e7in kritik \u00f6neme sahiptir. <strong>NGINX<\/strong> kullanarak <strong>SSL\/TLS sertifikas\u0131<\/strong> kurmak ve g\u00fcvenli bir web sunucusu yap\u0131land\u0131rmak, bu hedeflere ula\u015fman\u0131n etkili bir yoludur. Bu makalede, <strong>NGINX<\/strong> ile <strong>SSL\/TLS<\/strong> sertifikas\u0131n\u0131n nas\u0131l kurulaca\u011f\u0131n\u0131 ve g\u00fcvenli bir web sunucusunun nas\u0131l yap\u0131land\u0131r\u0131laca\u011f\u0131n\u0131 ad\u0131m ad\u0131m anlataca\u011f\u0131z.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Makale \u0130\u00e7eri\u011fi<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\u0130\u00e7indekiler Tablosunu A\u00e7\/Kapat\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#SSLTLS_Nedir\" >SSL\/TLS Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#Neden_SSLTLS_Sertifikasi_Kullanmalisiniz\" >Neden SSL\/TLS Sertifikas\u0131 Kullanmal\u0131s\u0131n\u0131z?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#NGINX_ile_SSLTLS_Sertifikasi_Kurulumu\" >NGINX ile SSL\/TLS Sertifikas\u0131 Kurulumu<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#1_SSLTLS_Sertifikasi_Alma\" >1. SSL\/TLS Sertifikas\u0131 Alma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#2_Sertifikayi_Sunucuya_Yukleme\" >2. Sertifikay\u0131 Sunucuya Y\u00fckleme<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#3_NGINX_Konfigurasyonu\" >3. NGINX Konfig\u00fcrasyonu<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#4_NGINXi_Yeniden_Baslatma\" >4. NGINX&#8217;i Yeniden Ba\u015flatma<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#Guvenli_Web_Sunucusu_Yapilandirmasi\" >G\u00fcvenli Web Sunucusu Yap\u0131land\u0131rmas\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#1_HTTP2_Etkinlestirme\" >1. HTTP\/2 Etkinle\u015ftirme<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#2_Guvenli_SSLTLS_Ayarlari\" >2. G\u00fcvenli SSL\/TLS Ayarlar\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#3_DDoS_Korumasi\" >3. DDoS Korumas\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/sunucucozumleri.com\/blog\/084-nginx-ile-guvenli-web-sunucusu-yapilandirmasi\/#Sonuc\" >Sonu\u00e7<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"SSLTLS_Nedir\"><\/span><strong>SSL\/TLS Nedir?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>SSL (Secure Sockets Layer)<\/strong> ve <strong>TLS (Transport Layer Security)<\/strong>, internet \u00fczerinden iletilen verilerin g\u00fcvenli\u011fini sa\u011flamak i\u00e7in kullan\u0131lan kriptografik protokollerdir. Bu protokoller, web sunucusu ile istemci aras\u0131ndaki verilerin \u015fifrelenmesini sa\u011flar, b\u00f6ylece veriler yetkisiz ki\u015filer taraf\u0131ndan okunamaz.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Neden_SSLTLS_Sertifikasi_Kullanmalisiniz\"><\/span><strong>Neden SSL\/TLS Sertifikas\u0131 Kullanmal\u0131s\u0131n\u0131z?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ol>\n<li><strong>G\u00fcvenlik:<\/strong> SSL\/TLS sertifikalar\u0131, kullan\u0131c\u0131 verilerini korur ve g\u00fcvenli bir ileti\u015fim sa\u011flar.<\/li>\n<li><strong>SEO:<\/strong> Google ve di\u011fer arama motorlar\u0131, HTTPS kullanan siteleri \u00f6d\u00fcllendirir ve arama sonu\u00e7lar\u0131nda daha \u00fcst s\u0131ralarda g\u00f6sterir.<\/li>\n<li><strong>G\u00fcvenilirlik:<\/strong> HTTPS, kullan\u0131c\u0131lar\u0131n\u0131za web sitenizin g\u00fcvenli oldu\u011funu g\u00f6sterir ve g\u00fcven olu\u015fturur.<\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"NGINX_ile_SSLTLS_Sertifikasi_Kurulumu\"><\/span><strong>NGINX ile SSL\/TLS Sertifikas\u0131 Kurulumu<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"1_SSLTLS_Sertifikasi_Alma\"><\/span>1. <strong>SSL\/TLS Sertifikas\u0131 Alma<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u00d6ncelikle, bir SSL\/TLS sertifikas\u0131 alman\u0131z gerekmektedir. Sertifikay\u0131 sa\u011flayan bir\u00e7ok yetkili sertifika otoritesi (CA) bulunmaktad\u0131r, \u00f6rne\u011fin Let\u2019s Encrypt, Comodo, Digicert. \u00dccretsiz bir sertifika i\u00e7in Let\u2019s Encrypt iyi bir tercihtir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"2_Sertifikayi_Sunucuya_Yukleme\"><\/span>2. <strong>Sertifikay\u0131 Sunucuya Y\u00fckleme<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ald\u0131\u011f\u0131n\u0131z sertifikay\u0131 ve \u00f6zel anahtar\u0131 sunucunuza y\u00fckleyin. Genellikle bu dosyalar \u015funlard\u0131r:<\/p>\n<ul>\n<li>Sertifika dosyas\u0131: <code>sunucucozumleri.com.crt<\/code><\/li>\n<li>\u00d6zel anahtar dosyas\u0131: <code>sunucucozumleri<\/code><code>.com.key<\/code><\/li>\n<\/ul>\n<p>Bu dosyalar\u0131 <strong>NGINX<\/strong> konfig\u00fcrasyon dizinine (genellikle <code>\/etc\/nginx\/<\/code>) y\u00fckleyin.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"3_NGINX_Konfigurasyonu\"><\/span>3. <strong>NGINX Konfig\u00fcrasyonu<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>NGINX yap\u0131land\u0131rma dosyas\u0131n\u0131 (genellikle <code>\/etc\/nginx\/sites-available\/default<\/code> veya <code>\/etc\/nginx\/nginx.conf<\/code>) a\u00e7\u0131n ve a\u015fa\u011f\u0131daki ayarlar\u0131 ekleyin veya d\u00fczenleyin:<\/p>\n<div class=\"flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md\"><\/div>\n<blockquote>\n<div>\n<p>server {<br \/>\nlisten 80;<br \/>\nserver_name example.com www.example.com;<br \/>\nreturn 301 https:\/\/$host$request_uri;<br \/>\n}<\/p>\n<p>server {<br \/>\nlisten 443 ssl;<br \/>\nserver_name example.com www.example.com;<\/p>\n<p>ssl_certificate \/etc\/nginx\/example.com.crt;<br \/>\nssl_certificate_key \/etc\/nginx\/example.com.key;<\/p>\n<p>ssl_protocols TLSv1.2 TLSv1.3;<br \/>\nssl_prefer_server_ciphers on;<br \/>\nssl_ciphers &#8216;ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384&#8217;;<\/p>\n<p>root \/var\/www\/html;<br \/>\nindex index.html index.htm index.nginx-debian.html;<\/p>\n<p>location \/ {<br \/>\ntry_files $uri $uri\/ =404;<br \/>\n}<br \/>\n}<\/p>\n<\/div>\n<\/blockquote>\n<div><\/div>\n<p>Bu konfig\u00fcrasyon, HTTP \u00fczerinden gelen t\u00fcm istekleri HTTPS&#8217;e y\u00f6nlendirir ve SSL\/TLS sertifikas\u0131n\u0131 kullanarak g\u00fcvenli ba\u011flant\u0131lar sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"4_NGINXi_Yeniden_Baslatma\"><\/span>4. <strong>NGINX&#8217;i Yeniden Ba\u015flatma<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Yap\u0131land\u0131rma dosyas\u0131n\u0131 kaydettikten sonra, <strong>NGINX<\/strong>&#8216;i yeniden ba\u015flat\u0131n:<\/p>\n<blockquote><p><code class=\"!whitespace-pre hljs language-bash\">sudo systemctl <a href=\"https:\/\/sunucucozumleri.com\/blog\/reboot-ve-restart-arasindaki-farklar-nedir\/\">restart<\/a> nginx<\/code><\/p><\/blockquote>\n<p>Yap\u0131land\u0131rma dosyas\u0131ndaki hatalar\u0131 kontrol etmek i\u00e7in \u015fu komutu kullanabilirsiniz:<\/p>\n<blockquote><p><code class=\"!whitespace-pre hljs language-bash\">sudo nginx -t<\/code><\/p><\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"Guvenli_Web_Sunucusu_Yapilandirmasi\"><\/span><strong>G\u00fcvenli Web Sunucusu Yap\u0131land\u0131rmas\u0131<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"1_HTTP2_Etkinlestirme\"><\/span>1. <strong>HTTP\/2 Etkinle\u015ftirme<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>HTTP\/2, web performans\u0131n\u0131 art\u0131ran ve g\u00fcvenli\u011fi iyile\u015ftiren bir protokold\u00fcr. <strong>NGINX<\/strong> yap\u0131land\u0131rmas\u0131na a\u015fa\u011f\u0131daki sat\u0131r\u0131 ekleyerek HTTP\/2&#8217;yi etkinle\u015ftirin:<\/p>\n<blockquote><p><code class=\"!whitespace-pre hljs language-nginx\">listen 443 ssl http2;<\/code><\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"2_Guvenli_SSLTLS_Ayarlari\"><\/span>2. <strong>G\u00fcvenli SSL\/TLS Ayarlar\u0131<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenli bir SSL\/TLS yap\u0131land\u0131rmas\u0131 i\u00e7in en iyi uygulamalar\u0131 takip edin:<\/p>\n<ul>\n<li>Eski protokolleri devre d\u0131\u015f\u0131 b\u0131rak\u0131n (<code>ssl_protocols TLSv1.2 TLSv1.3;<\/code>).<\/li>\n<li>G\u00fc\u00e7l\u00fc \u015fifreleme y\u00f6ntemlerini kullan\u0131n (<code>ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';<\/code>).<\/li>\n<li><strong>HSTS (HTTP Strict Transport Security)<\/strong> kullanarak HTTPS kullan\u0131m\u0131n\u0131 zorunlu k\u0131l\u0131n:<\/li>\n<\/ul>\n<div class=\"dark bg-gray-950 rounded-md border-[0.5px] border-token-border-medium\">\n<div class=\"flex items-center relative text-token-text-secondary bg-token-main-surface-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md\">\n<p>&nbsp;<\/p>\n<blockquote><p><code class=\"!whitespace-pre hljs language-nginx\">add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;<\/code><\/p><\/blockquote>\n<\/div>\n<\/div>\n<h3><span class=\"ez-toc-section\" id=\"3_DDoS_Korumasi\"><\/span>3. <strong>DDoS Korumas\u0131<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>NGINX<\/strong> ile temel DDoS korumas\u0131 sa\u011flamak i\u00e7in ba\u011flant\u0131 s\u0131n\u0131rlama ve h\u0131z s\u0131n\u0131rlama \u00f6zelliklerini kullan\u0131n:<\/p>\n<blockquote><p>http {<br \/>\nlimit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;<br \/>\nlimit_conn conn_limit_per_ip 10;<\/p>\n<p>limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r\/s;<br \/>\nlimit_req zone=req_limit_per_ip burst=10 nodelay;<\/p>\n<p>&#8230;<br \/>\n}<\/p><\/blockquote>\n<h2><span class=\"ez-toc-section\" id=\"Sonuc\"><\/span><strong>Sonu\u00e7<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>NGINX<\/strong> ile <strong>SSL\/TLS sertifikas\u0131<\/strong> kurmak ve g\u00fcvenli bir web sunucusu yap\u0131land\u0131rmak, web sitenizin g\u00fcvenli\u011fini art\u0131r\u0131r, kullan\u0131c\u0131lar\u0131n\u0131z\u0131n verilerini korur ve arama motoru s\u0131ralamalar\u0131n\u0131z\u0131 iyile\u015ftirir. Bu ad\u0131mlar\u0131 izleyerek, g\u00fcvenli ve performansl\u0131 bir web sunucusu olu\u015fturabilirsiniz.<\/p>\n<p>G\u00fcvenli bir web sitesi, ba\u015far\u0131l\u0131 bir \u00e7evrimi\u00e7i varl\u0131k i\u00e7in kritik \u00f6neme sahiptir. <strong>NGINX<\/strong> ve <strong>SSL\/TLS<\/strong> sertifikalar\u0131 kullanarak web sitenizi g\u00fcvence alt\u0131na al\u0131n ve kullan\u0131c\u0131lar\u0131n\u0131za g\u00fcvenli bir deneyim sunun.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Web sitenizin g\u00fcvenli\u011fi, kullan\u0131c\u0131lar\u0131n\u0131z\u0131n verilerini korumak ve arama motorlar\u0131nda daha y\u00fcksek s\u0131ralamalar elde etmek i\u00e7in kritik \u00f6neme sahiptir. NGINX kullanarak SSL\/TLS sertifikas\u0131 kurmak ve g\u00fcvenli bir web sunucusu yap\u0131land\u0131rmak, bu hedeflere ula\u015fman\u0131n etkili bir yoludur. Bu makalede, NGINX ile SSL\/TLS sertifikas\u0131n\u0131n nas\u0131l kurulaca\u011f\u0131n\u0131 ve g\u00fcvenli bir web sunucusunun nas\u0131l yap\u0131land\u0131r\u0131laca\u011f\u0131n\u0131 ad\u0131m ad\u0131m anlataca\u011f\u0131z. SSL\/TLS Nedir? &hellip;<\/p>\n","protected":false},"author":12,"featured_media":4376,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-8019","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"acf":[],"_links":{"self":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/8019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/comments?post=8019"}],"version-history":[{"count":0,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/8019\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media\/4376"}],"wp:attachment":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media?parent=8019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/categories?post=8019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/tags?post=8019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}