{"id":4127,"date":"2026-01-04T14:50:50","date_gmt":"2026-01-04T11:50:50","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/cdn-arkasinda-gercek-https-ve-full-strict-ssl-kurulumu\/"},"modified":"2026-01-04T14:50:50","modified_gmt":"2026-01-04T11:50:50","slug":"cdn-arkasinda-gercek-https-ve-full-strict-ssl-kurulumu","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/cdn-arkasinda-gercek-https-ve-full-strict-ssl-kurulumu\/","title":{"rendered":"CDN Arkas\u0131nda Ger\u00e7ek HTTPS ve Full (Strict) SSL Kurulumu"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#CDN_arkasinda_gercek_HTTPS_neden_bu_kadar_kritik\"><span class=\"toc_number toc_depth_1\">1<\/span> CDN arkas\u0131nda ger\u00e7ek HTTPS neden bu kadar kritik?<\/a><\/li><li><a href=\"#Temel_kavramlar_SSL_termination_passthrough_ve_origin_sifreleme\"><span class=\"toc_number toc_depth_1\">2<\/span> Temel kavramlar: SSL termination, passthrough ve origin \u015fifreleme<\/a><ul><li><a href=\"#SSL_Termination_TLS_sonlandirma\"><span class=\"toc_number toc_depth_2\">2.1<\/span> SSL Termination (TLS sonland\u0131rma)<\/a><\/li><li><a href=\"#TLS_Passthrough\"><span class=\"toc_number toc_depth_2\">2.2<\/span> TLS Passthrough<\/a><\/li><li><a href=\"#Origin_sifreleme\"><span class=\"toc_number toc_depth_2\">2.3<\/span> Origin \u015fifreleme<\/a><\/li><\/ul><\/li><li><a href=\"#CDN_SSL_modlari_Flexible_Full_ve_Full_Strict_farki\"><span class=\"toc_number toc_depth_1\">3<\/span> CDN SSL modlar\u0131: Flexible, Full ve Full (Strict) fark\u0131<\/a><ul><li><a href=\"#1_Flexible_esnek_SSL_Kacinilmasi_gereken_mod\"><span class=\"toc_number toc_depth_2\">3.1<\/span> 1. Flexible (esnek) SSL \u2013 Ka\u00e7\u0131n\u0131lmas\u0131 gereken mod<\/a><\/li><li><a href=\"#2_Full_SSL_Sifreli_ama_zayif_dogrulama\"><span class=\"toc_number toc_depth_2\">3.2<\/span> 2. Full SSL \u2013 \u015eifreli ama zay\u0131f do\u011frulama<\/a><\/li><li><a href=\"#3_Full_Strict_SSL_Onerilen_uretim_modu\"><span class=\"toc_number toc_depth_2\">3.3<\/span> 3. Full (Strict) SSL \u2013 \u00d6nerilen \u00fcretim modu<\/a><\/li><\/ul><\/li><li><a href=\"#Origin_sunucuda_dogru_SSLTLS_kurulumu\"><span class=\"toc_number toc_depth_1\">4<\/span> Origin sunucuda do\u011fru SSL\/TLS kurulumu<\/a><ul><li><a href=\"#1_Dogru_sertifika_turunu_secmek\"><span class=\"toc_number toc_depth_2\">4.1<\/span> 1. Do\u011fru sertifika t\u00fcr\u00fcn\u00fc se\u00e7mek<\/a><\/li><li><a href=\"#2_Lets_Encrypt_veya_kurumsal_SSL_kurulumu\"><span class=\"toc_number toc_depth_2\">4.2<\/span> 2. Let\u2019s Encrypt veya kurumsal SSL kurulumu<\/a><\/li><li><a href=\"#3_Nginx_icin_ornek_TLS_yapilandirmasi\"><span class=\"toc_number toc_depth_2\">4.3<\/span> 3. Nginx i\u00e7in \u00f6rnek TLS yap\u0131land\u0131rmas\u0131<\/a><\/li><li><a href=\"#4_Apache_icin_ornek_TLS_yapilandirmasi\"><span class=\"toc_number toc_depth_2\">4.4<\/span> 4. Apache i\u00e7in \u00f6rnek TLS yap\u0131land\u0131rmas\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#CDN_tarafinda_Full_Strict_SSLi_adim_adim_kurmak\"><span class=\"toc_number toc_depth_1\">5<\/span> CDN taraf\u0131nda Full (Strict) SSL\u2019i ad\u0131m ad\u0131m kurmak<\/a><ul><li><a href=\"#1_CDNde_SSL_modunu_Full_Strict_olarak_ayarlayin\"><span class=\"toc_number toc_depth_2\">5.1<\/span> 1. CDN\u2019de SSL modunu Full (Strict) olarak ayarlay\u0131n<\/a><\/li><li><a href=\"#2_Sertifikayi_CDNe_mi_yukleyeceksiniz_CDN_mi_sizin_icin_uretecek\"><span class=\"toc_number toc_depth_2\">5.2<\/span> 2. Sertifikay\u0131 CDN\u2019e mi y\u00fckleyeceksiniz, CDN mi sizin i\u00e7in \u00fcretecek?<\/a><\/li><li><a href=\"#3_HSTS_HTTPHTTPS_yonlendirmeleri_ve_SEO\"><span class=\"toc_number toc_depth_2\">5.3<\/span> 3. HSTS, HTTP\u2192HTTPS y\u00f6nlendirmeleri ve SEO<\/a><\/li><\/ul><\/li><li><a href=\"#Origini_gercekten_korumak_IP_kisitlama_mTLS_ve_Authenticated_Origin_Pulls\"><span class=\"toc_number toc_depth_1\">6<\/span> Origin\u2019i ger\u00e7ekten korumak: IP k\u0131s\u0131tlama, mTLS ve Authenticated Origin Pulls<\/a><ul><li><a href=\"#1_IP_whitelisting_CDN_IPlerine_izin_vermek\"><span class=\"toc_number toc_depth_2\">6.1<\/span> 1. IP whitelisting (CDN IP\u2019lerine izin vermek)<\/a><\/li><li><a href=\"#2_Authenticated_Origin_Pulls_CDN_origin_mTLS\"><span class=\"toc_number toc_depth_2\">6.2<\/span> 2. Authenticated Origin Pulls (CDN \u2192 origin mTLS)<\/a><\/li><li><a href=\"#3_Kendi_mTLS_altyapinizi_kurmak\"><span class=\"toc_number toc_depth_2\">6.3<\/span> 3. Kendi mTLS altyap\u0131n\u0131z\u0131 kurmak<\/a><\/li><\/ul><\/li><li><a href=\"#Gercek_dunya_senaryolari_Hangi_mimaride_ne_yapmak_mantikli\"><span class=\"toc_number toc_depth_1\">7<\/span> Ger\u00e7ek d\u00fcnya senaryolar\u0131: Hangi mimaride ne yapmak mant\u0131kl\u0131?<\/a><ul><li><a href=\"#Senaryo_1_Klasik_WordPress_CDN\"><span class=\"toc_number toc_depth_2\">7.1<\/span> Senaryo 1: Klasik WordPress + CDN<\/a><\/li><li><a href=\"#Senaryo_2_WooCommerce_veya_odeme_alan_eticaret_sitesi\"><span class=\"toc_number toc_depth_2\">7.2<\/span> Senaryo 2: WooCommerce veya \u00f6deme alan e\u2011ticaret sitesi<\/a><\/li><li><a href=\"#Senaryo_3_SaaS_uygulamasi_coklu_domain_ve_otomatik_SSL\"><span class=\"toc_number toc_depth_2\">7.3<\/span> Senaryo 3: SaaS uygulamas\u0131, \u00e7oklu domain ve otomatik SSL<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_altyapisinda_ornek_kurulum_akislari\"><span class=\"toc_number toc_depth_1\">8<\/span> DCHost altyap\u0131s\u0131nda \u00f6rnek kurulum ak\u0131\u015flar\u0131<\/a><ul><li><a href=\"#1_DCHost_paylasimli_hosting_CDN\"><span class=\"toc_number toc_depth_2\">8.1<\/span> 1. DCHost payla\u015f\u0131ml\u0131 hosting + CDN<\/a><\/li><li><a href=\"#2_DCHost_NVMe_VPS_Nginx_CDN\"><span class=\"toc_number toc_depth_2\">8.2<\/span> 2. DCHost NVMe VPS + Nginx + CDN<\/a><\/li><li><a href=\"#3_DCHost_dedicatedcolocation_mTLS_CDN\"><span class=\"toc_number toc_depth_2\">8.3<\/span> 3. DCHost dedicated\/colocation + mTLS + CDN<\/a><\/li><\/ul><\/li><li><a href=\"#Izleme_hata_teshisi_ve_bakim\"><span class=\"toc_number toc_depth_1\">9<\/span> \u0130zleme, hata te\u015fhisi ve bak\u0131m<\/a><ul><li><a href=\"#1_Sertifika_bitis_tarihlerini_otomatik_izleyin\"><span class=\"toc_number toc_depth_2\">9.1<\/span> 1. Sertifika biti\u015f tarihlerini otomatik izleyin<\/a><\/li><li><a href=\"#2_Mixed_content_ve_8220Not_Secure8221_uyarilarini_cozmek\"><span class=\"toc_number toc_depth_2\">9.2<\/span> 2. Mixed content ve &#8220;Not Secure&#8221; uyar\u0131lar\u0131n\u0131 \u00e7\u00f6zmek<\/a><\/li><li><a href=\"#3_HTTP2_ve_HTTP3_QUIC_avantajlarindan_yararlanin\"><span class=\"toc_number toc_depth_2\">9.3<\/span> 3. HTTP\/2 ve HTTP\/3 (QUIC) avantajlar\u0131ndan yararlan\u0131n<\/a><\/li><\/ul><\/li><li><a href=\"#Sonuc_Gercek_HTTPS_sadece_kilit_simgesinden_ibaret_degil\"><span class=\"toc_number toc_depth_1\">10<\/span> Sonu\u00e7: Ger\u00e7ek HTTPS, sadece kilit simgesinden ibaret de\u011fil<\/a><\/li><\/ul><\/div>\n<h2><span id=\"CDN_arkasinda_gercek_HTTPS_neden_bu_kadar_kritik\">CDN arkas\u0131nda ger\u00e7ek HTTPS neden bu kadar kritik?<\/span><\/h2>\n<p>CDN kullanmaya ba\u015flayan \u00e7o\u011fu proje ilk etapta performans kazan\u0131m\u0131na odaklan\u0131yor: daha d\u00fc\u015f\u00fck gecikme, statik dosyalar\u0131n edge\u2019te cache\u2019lenmesi, DDoS\u2019a kar\u015f\u0131 temel koruma\u2026 Ancak mimari toplant\u0131lar\u0131nda genellikle g\u00f6zden ka\u00e7an kritik bir detay var: <strong>HTTPS trafi\u011finiz CDN\u2019den origin sunucuya kadar ger\u00e7ekten u\u00e7tan uca \u015fifreli mi<\/strong>, yoksa taray\u0131c\u0131da ye\u015fil kilidi g\u00f6r\u00fcp i\u00e7imiz rahatlasa da arka tarafta HTTP mi dola\u015f\u0131yor?<\/p>\n<p>DCHost taraf\u0131nda onlarca projede g\u00f6rd\u00fc\u011f\u00fcm\u00fcz ortak hata, CDN\u2019de \u201cHTTPS aktif\u201d g\u00f6r\u00fcnd\u00fc\u011f\u00fc i\u00e7in her \u015feyin g\u00fcvende san\u0131lmas\u0131. Oysa yanl\u0131\u015f se\u00e7ilmi\u015f bir SSL modu (\u00f6rne\u011fin sadece CDN\u2019de sonlanan, origin\u2019e HTTP giden \u201cesnek\/flexible\u201d t\u00fcrler) \u015fu riskleri do\u011furuyor:<\/p>\n<ul>\n<li>CDN ile origin aras\u0131ndaki trafik d\u00fcz metin (HTTP) gidiyor; veri merkezleri aras\u0131 dinleme (sniffing) m\u00fcmk\u00fcn.<\/li>\n<li>Araya giren sald\u0131rgan (MITM) CDN\u2013origin hatt\u0131nda istekleri de\u011fi\u015ftirebiliyor.<\/li>\n<li>PCI-DSS, KVKK\/GDPR gibi uyumluluk gereklilikleri kar\u015f\u0131lanm\u0131yor.<\/li>\n<li>\u0130leride HSTS, HTTP\/2, HTTP\/3, mTLS gibi geli\u015fmi\u015f g\u00fcvenlik ad\u0131mlar\u0131n\u0131 uygulamak zorla\u015f\u0131yor.<\/li>\n<\/ul>\n<p>Bu yaz\u0131da DCHost ekibi olarak, CDN arkas\u0131nda <strong>ger\u00e7ek HTTPS<\/strong> kurulumunu u\u00e7tan uca ele alaca\u011f\u0131z: <strong>SSL termination<\/strong> nedir, <strong>Full ve Full (Strict) SSL<\/strong> aras\u0131ndaki farklar nelerdir, <strong>origin \u015fifreleme<\/strong> ve hatta <strong>mTLS (kar\u015f\u0131l\u0131kl\u0131 TLS)<\/strong> nas\u0131l devreye al\u0131n\u0131r? Ayr\u0131ca hem <a href=\"https:\/\/www.dchost.com\/tr\/web-hosting\">payla\u015f\u0131ml\u0131 hosting<\/a>, hem VPS\/dedicated ortamlar\u0131 i\u00e7in pratik yap\u0131land\u0131rma \u00f6rnekleri payla\u015faca\u011f\u0131z.<\/p>\n<h2><span id=\"Temel_kavramlar_SSL_termination_passthrough_ve_origin_sifreleme\">Temel kavramlar: SSL termination, passthrough ve origin \u015fifreleme<\/span><\/h2>\n<p>\u00d6nce mimariyi netle\u015ftirelim. CDN arkas\u0131nda HTTPS konu\u015furken asl\u0131nda \u00fc\u00e7 ayr\u0131 baca\u011f\u0131 y\u00f6netiyoruz:<\/p>\n<ul>\n<li><strong>Taray\u0131c\u0131 \u2192 CDN<\/strong> (kullan\u0131c\u0131 ile edge aras\u0131ndaki ba\u011flant\u0131)<\/li>\n<li><strong>CDN \u2192 Origin<\/strong> (edge ile as\u0131l web sunucunuz aras\u0131ndaki ba\u011flant\u0131)<\/li>\n<li><strong>Origin i\u00e7inde\/arkas\u0131nda servisler<\/strong> (uygulama\u2013veritaban\u0131\u2013API aras\u0131 trafi\u011finiz)<\/li>\n<\/ul>\n<p>Bu tabloda kar\u015f\u0131m\u0131za \u00fc\u00e7 \u00f6nemli kavram \u00e7\u0131k\u0131yor:<\/p>\n<h3><span id=\"SSL_Termination_TLS_sonlandirma\">SSL Termination (TLS sonland\u0131rma)<\/span><\/h3>\n<p><strong>SSL termination<\/strong>, \u015fifreli ba\u011flant\u0131n\u0131n sonland\u0131\u011f\u0131 noktay\u0131 ifade eder. \u00d6rne\u011fin:<\/p>\n<ul>\n<li>Taray\u0131c\u0131 CDN\u2019e <code>https<\/code> ile ba\u011flan\u0131r, CDN sertifikay\u0131 sunar ve trafi\u011fi \u00e7\u00f6zer.<\/li>\n<li>CDN, origin\u2019e HTTP ile ba\u011flanabilir (yanl\u0131\u015f ama yayg\u0131n), ya da tekrar HTTPS ile \u015fifreleyebilir.<\/li>\n<\/ul>\n<p>Bu durumda ilk TLS katman\u0131 CDN\u2019de sonlan\u0131r. E\u011fer origin\u2019e kadar \u015fifreli gitmek istiyorsak ikinci bir TLS katman\u0131 daha devreye girer.<\/p>\n<h3><span id=\"TLS_Passthrough\">TLS Passthrough<\/span><\/h3>\n<p><strong>TLS passthrough<\/strong>, CDN veya reverse proxy\u2019nin TLS\u2019i \u00e7\u00f6zmeden, \u015fifreli trafi\u011fi do\u011frudan arka u\u00e7 sunucuya aktarmas\u0131d\u0131r. Bu modelde sertifika do\u011frulamas\u0131 tamamen origin taraf\u0131nda yap\u0131l\u0131r. Baz\u0131 L4 load balancer ve geli\u015fmi\u015f CDN \u00f6zelliklerinde kar\u015f\u0131m\u0131za \u00e7\u0131kar. Ancak \u00e7o\u011fu web projesinde CDN\u2019in header ekleyebilmesi, cache kontrol\u00fc yapabilmesi i\u00e7in termination modeli tercih edilir.<\/p>\n<h3><span id=\"Origin_sifreleme\">Origin \u015fifreleme<\/span><\/h3>\n<p><strong>Origin \u015fifreleme<\/strong>, CDN \u2192 origin trafi\u011finin de mutlaka TLS ile korunmas\u0131n\u0131 ifade eder. Yani sadece taray\u0131c\u0131dan CDN\u2019e kadar de\u011fil, edge\u2019ten veri merkezinizdeki web sunucusuna kadar olan hat da \u015fifrelenmi\u015f olur. Bu noktada:<\/p>\n<ul>\n<li>Origin\u2019de ge\u00e7erli bir <a href=\"https:\/\/www.dchost.com\/tr\/ssl\">SSL sertifikas\u0131<\/a> (public CA veya CDN\u2019in kendi origin sertifikas\u0131)<\/li>\n<li>Do\u011fru hostname\/SNI yap\u0131land\u0131rmas\u0131<\/li>\n<li>M\u00fcmk\u00fcnse <strong>sertifika do\u011frulamas\u0131n\u0131n zorunlu<\/strong> k\u0131l\u0131nmas\u0131 (Full Strict, mTLS gibi)<\/li>\n<\/ul>\n<p>gibi detaylar devreye girer.<\/p>\n<h2><span id=\"CDN_SSL_modlari_Flexible_Full_ve_Full_Strict_farki\">CDN SSL modlar\u0131: Flexible, Full ve Full (Strict) fark\u0131<\/span><\/h2>\n<p>Bir\u00e7ok CDN panelinde \u00fc\u00e7 temel SSL modu g\u00f6r\u00fcrs\u00fcn\u00fcz. \u0130simler de\u011fi\u015febilir ama mant\u0131k genelde ayn\u0131d\u0131r:<\/p>\n<h3><span id=\"1_Flexible_esnek_SSL_Kacinilmasi_gereken_mod\">1. Flexible (esnek) SSL \u2013 Ka\u00e7\u0131n\u0131lmas\u0131 gereken mod<\/span><\/h3>\n<p>Bu modda yap\u0131 \u015f\u00f6yle \u00e7al\u0131\u015f\u0131r:<\/p>\n<ul>\n<li>Taray\u0131c\u0131 \u2192 CDN: HTTPS<\/li>\n<li>CDN \u2192 Origin: HTTP (\u015fifresiz)<\/li>\n<\/ul>\n<p>D\u0131\u015far\u0131dan bak\u0131nca site tamamen HTTPS g\u00f6r\u00fcn\u00fcr; taray\u0131c\u0131da kilit i\u015fareti vard\u0131r. Ancak CDN\u2019in sizin sunucunuza ba\u011fland\u0131\u011f\u0131 hat d\u00fcz metindir. Bu modelin sak\u0131ncalar\u0131:<\/p>\n<ul>\n<li>CDN\u2013origin trafi\u011fi dinlenebilir, de\u011fi\u015ftirilebilir.<\/li>\n<li>\u015eirket i\u00e7i g\u00fcvenlik taramalar\u0131nda \u201cHTTPS var\u201d san\u0131l\u0131rken asl\u0131nda yar\u0131m bir \u015fifreleme uygulan\u0131yor olur.<\/li>\n<li>KVKK, PCI-DSS gibi reg\u00fclasyonlarda bu yap\u0131 genellikle <strong>uyumsuz<\/strong> kabul edilir.<\/li>\n<\/ul>\n<p>\u00d6zetle: <strong>Flexible\/Esnek SSL, sadece \u00e7ok acil debug ortamlar\u0131 d\u0131\u015f\u0131nda production\u2019da kullan\u0131lmamal\u0131<\/strong>.<\/p>\n<h3><span id=\"2_Full_SSL_Sifreli_ama_zayif_dogrulama\">2. Full SSL \u2013 \u015eifreli ama zay\u0131f do\u011frulama<\/span><\/h3>\n<p>Full modda:<\/p>\n<ul>\n<li>Taray\u0131c\u0131 \u2192 CDN: HTTPS<\/li>\n<li>CDN \u2192 Origin: HTTPS (\u015fifreli), ancak sertifika detaylar\u0131 gev\u015fek kontrol edilir.<\/li>\n<\/ul>\n<p>CDN, origin\u2019e TLS ile ba\u011flan\u0131r ama \u00e7o\u011fu Full modda:<\/p>\n<ul>\n<li>Sertifikan\u0131n s\u00fcresi dolmu\u015f olsa bile ba\u011flant\u0131 kabul edilebilir.<\/li>\n<li>Hostname uyu\u015fmazl\u0131\u011f\u0131 (CN\/SAN uyu\u015fmazl\u0131\u011f\u0131) g\u00f6z ard\u0131 edilebilir.<\/li>\n<li>Self-signed sertifikalar sessizce kabul edilebilir.<\/li>\n<\/ul>\n<p>Bu, dinlemeye kar\u015f\u0131 koruma sa\u011flar ama <strong>ger\u00e7ek bir kimlik do\u011frulamas\u0131<\/strong> sunmaz. Yine de Flexible\u2019a g\u00f6re \u00f6nemli bir ad\u0131md\u0131r.<\/p>\n<h3><span id=\"3_Full_Strict_SSL_Onerilen_uretim_modu\">3. Full (Strict) SSL \u2013 \u00d6nerilen \u00fcretim modu<\/span><\/h3>\n<p><strong>Full (Strict)<\/strong> modda ise tablo \u015f\u00f6yledir:<\/p>\n<ul>\n<li>Taray\u0131c\u0131 \u2192 CDN: HTTPS<\/li>\n<li>CDN \u2192 Origin: HTTPS ve <strong>sertifika s\u0131k\u0131 do\u011frulama<\/strong> ile kontrol edilir.<\/li>\n<\/ul>\n<p>Buradaki kritik noktalar:<\/p>\n<ul>\n<li>Origin sertifikas\u0131 tan\u0131nm\u0131\u015f bir CA\u2019dan ya da CDN\u2019in kendi <strong>origin CA<\/strong>\u2019sinden al\u0131nm\u0131\u015f olmal\u0131.<\/li>\n<li>Hostname (SNI) tam olarak e\u015fle\u015fmeli.<\/li>\n<li>Sertifika s\u00fcresi ge\u00e7memi\u015f olmal\u0131.<\/li>\n<li>G\u00fcvensiz algoritmalar ve \u00e7ok zay\u0131f \u015fifreler genellikle reddedilir.<\/li>\n<\/ul>\n<p>\u00dcretim ortamlar\u0131nda DCHost olarak her zaman <strong>Full (Strict)<\/strong> modunu, hatta uygun projelerde bunun bir ad\u0131m \u00f6tesi olan <strong>mTLS (kar\u015f\u0131l\u0131kl\u0131 TLS)<\/strong> yakla\u015f\u0131m\u0131n\u0131 \u00f6neriyoruz.<\/p>\n<h2><span id=\"Origin_sunucuda_dogru_SSLTLS_kurulumu\">Origin sunucuda do\u011fru SSL\/TLS kurulumu<\/span><\/h2>\n<p>CDN taraf\u0131nda ne se\u00e7erseniz se\u00e7in, i\u015fin temeli her zaman <strong>origin sunucudaki SSL\/TLS yap\u0131land\u0131rmas\u0131d\u0131r<\/strong>. DCHost \u00fczerinde payla\u015f\u0131ml\u0131 hosting, VPS veya dedicated fark etmeksizin a\u015fa\u011f\u0131daki prensipleri izlemenizi \u00f6neririz.<\/p>\n<h3><span id=\"1_Dogru_sertifika_turunu_secmek\">1. Do\u011fru sertifika t\u00fcr\u00fcn\u00fc se\u00e7mek<\/span><\/h3>\n<p>\u00d6nce hangi tip sertifikaya ihtiyac\u0131n\u0131z oldu\u011funa karar verin:<\/p>\n<ul>\n<li>Tek domain (\u00f6r. <code>www.ornek.com<\/code>)<\/li>\n<li>Wildcard (\u00f6r. <code>*.ornek.com<\/code>)<\/li>\n<li>SAN\/Multi-Domain (birden fazla alan ad\u0131)<\/li>\n<\/ul>\n<p>Bu konuya daha detayl\u0131 bakmak isterseniz, blogda yay\u0131nlad\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/wildcard-ssl-mi-san-multi-domain-sertifika-mi-e-ticaret-ve-cok-alan-adli-yapilar-icin-rehber\/\">Wildcard SSL ve SAN sertifikalar aras\u0131ndaki farklar\u0131 anlatt\u0131\u011f\u0131m\u0131z rehberi<\/a> inceleyebilirsiniz.<\/p>\n<h3><span id=\"2_Lets_Encrypt_veya_kurumsal_SSL_kurulumu\">2. Let\u2019s Encrypt veya kurumsal SSL kurulumu<\/span><\/h3>\n<p>DCHost altyap\u0131s\u0131nda:<\/p>\n<ul>\n<li>Payla\u015f\u0131ml\u0131 hosting ve \u00e7o\u011fu panel (cPanel, DirectAdmin, Plesk) \u00fczerinde Let\u2019s Encrypt\u2019i tek t\u0131kla etkinle\u015ftirebilirsiniz.<\/li>\n<li>VPS ve <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a>larda ise ACME istemcileri (\u00f6r. <code>acme.sh<\/code>, <code>certbot<\/code>) ile otomatik yenileme kurman\u0131z\u0131 tavsiye ederiz.<\/li>\n<\/ul>\n<p>Wildcard kullan\u0131yorsan\u0131z, genellikle <strong>DNS-01 challenge<\/strong> gerekir. Bununla ilgili ad\u0131m ad\u0131m kurulumu, <a href=\"https:\/\/www.dchost.com\/blog\/lets-encrypt-wildcard-ssl-otomasyonu-dns-01-ile-cpanel-plesk-ve-nginxte-zahmetsiz-kurulum-ve-yenileme-nasil-yapilir\/\">Let\u2019s Encrypt wildcard SSL otomasyonu rehberimizde<\/a> detayland\u0131rd\u0131k.<\/p>\n<h3><span id=\"3_Nginx_icin_ornek_TLS_yapilandirmasi\">3. Nginx i\u00e7in \u00f6rnek TLS yap\u0131land\u0131rmas\u0131<\/span><\/h3>\n<p>VPS veya dedicated sunucuda Nginx kullan\u0131yorsan\u0131z, tipik bir HTTPS sanal host \u015f\u00f6yle g\u00f6r\u00fcnebilir:<\/p>\n<pre class=\"language-nginx line-numbers\"><code class=\"language-nginx\">server {\n    listen 443 ssl http2;\n    server_name www.ornek.com ornek.com;\n\n    ssl_certificate     \/etc\/letsencrypt\/live\/www.ornek.com\/fullchain.pem;\n    ssl_certificate_key \/etc\/letsencrypt\/live\/www.ornek.com\/privkey.pem;\n\n    ssl_protocols TLSv1.2 TLSv1.3;\n    ssl_prefer_server_ciphers on;\n\n    # \u00d6rnek g\u00fc\u00e7l\u00fc ayarlar, ayr\u0131nt\u0131 i\u00e7in ilgili TLS makalelerine bak\u0131n\n    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:...';\n\n    add_header Strict-Transport-Security &quot;max-age=31536000; includeSubDomains&quot; always;\n\n    root \/var\/www\/ornek.com\/public;\n    index index.php index.html;\n\n    # PHP-FPM, cache vb. ayarlar...\n}\n<\/code><\/pre>\n<p>TLS 1.3, OCSP stapling, modern \u015fifre k\u00fcmeleri gibi konularda daha detayl\u0131 ayarlar\u0131 <a href=\"https:\/\/www.dchost.com\/blog\/tls-1-3-ve-modern-sifrelerin-sicacik-mutfagi-nginx-apachede-ocsp-stapling-hsts-preload-ve-pfs-nasil-kurulur\/\">TLS 1.3 ve modern \u015fifreler rehberimizde<\/a> ad\u0131m ad\u0131m anlatt\u0131k.<\/p>\n<h3><span id=\"4_Apache_icin_ornek_TLS_yapilandirmasi\">4. Apache i\u00e7in \u00f6rnek TLS yap\u0131land\u0131rmas\u0131<\/span><\/h3>\n<pre class=\"language-apache line-numbers\"><code class=\"language-apache\">&lt;VirtualHost *:443&gt;\n    ServerName www.ornek.com\n    ServerAlias ornek.com\n\n    DocumentRoot \/var\/www\/ornek.com\/public\n\n    SSLEngine on\n    SSLCertificateFile      \/etc\/letsencrypt\/live\/www.ornek.com\/fullchain.pem\n    SSLCertificateKeyFile   \/etc\/letsencrypt\/live\/www.ornek.com\/privkey.pem\n\n    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\n    SSLCipherSuite HIGH:!aNULL:!MD5\n    SSLHonorCipherOrder on\n\n    Header always set Strict-Transport-Security &quot;max-age=31536000; includeSubDomains&quot;\n\n    # PHP handler, log vb...\n&lt;\/VirtualHost&gt;\n<\/code><\/pre>\n<p>Bu noktada siteniz CDN olmadan da tamamen HTTPS \u00fczerinde sorunsuz \u00e7al\u0131\u015f\u0131yor olmal\u0131. Sonraki ad\u0131m, CDN tarafa bu yap\u0131y\u0131 do\u011fru anlatmak.<\/p>\n<h2><span id=\"CDN_tarafinda_Full_Strict_SSLi_adim_adim_kurmak\">CDN taraf\u0131nda Full (Strict) SSL\u2019i ad\u0131m ad\u0131m kurmak<\/span><\/h2>\n<p>Origin taraf\u0131n\u0131z haz\u0131r olduktan sonra, CDN panelinizde a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 izlemeniz gerekir. CDN ismi de\u011fi\u015fse de mant\u0131k genelde benzerdir.<\/p>\n<h3><span id=\"1_CDNde_SSL_modunu_Full_Strict_olarak_ayarlayin\">1. CDN\u2019de SSL modunu Full (Strict) olarak ayarlay\u0131n<\/span><\/h3>\n<p>\u0130lk ad\u0131m, SSL\/TLS b\u00f6l\u00fcm\u00fcnde <strong>Full (Strict)<\/strong> veya benzeri bir modu se\u00e7mektir. Bu, CDN\u2019in origin\u2019e ba\u011flan\u0131rken sertifikay\u0131 ger\u00e7ekten do\u011frulamas\u0131 anlam\u0131na gelir.<\/p>\n<p>Dikkat edilmesi gerekenler:<\/p>\n<ul>\n<li>Origin\u2019deki sertifika, CDN\u2019in ba\u011fland\u0131\u011f\u0131 hostname ile <strong>tam e\u015fle\u015fmeli<\/strong>.<\/li>\n<li>CDN\u2019in origin\u2019e hangi host header ile gitti\u011fini kontrol edin (\u00e7o\u011fu panelde \u201cOrigin Hostname\u201d veya \u201cOrigin Server Name\u201d alan\u0131 bulunur).<\/li>\n<li>Wildcard veya SAN sertifika kullan\u0131yorsan\u0131z, do\u011fru alt alan adlar\u0131n\u0131 kapsad\u0131\u011f\u0131ndan emin olun.<\/li>\n<\/ul>\n<h3><span id=\"2_Sertifikayi_CDNe_mi_yukleyeceksiniz_CDN_mi_sizin_icin_uretecek\">2. Sertifikay\u0131 CDN\u2019e mi y\u00fckleyeceksiniz, CDN mi sizin i\u00e7in \u00fcretecek?<\/span><\/h3>\n<p>\u0130ki senaryo var:<\/p>\n<ul>\n<li><strong>Taray\u0131c\u0131 \u2192 CDN i\u00e7in:<\/strong> \u00c7o\u011fu CDN, sizin ad\u0131n\u0131za \u00fccretsiz DV sertifikas\u0131 \u00fcretir. Baz\u0131lar\u0131nda ise kendi SSL\u2019inizi (EV\/OV gibi) y\u00fckleyebilirsiniz.<\/li>\n<li><strong>CDN \u2192 Origin i\u00e7in:<\/strong> Ya standart bir CA\u2019dan ald\u0131\u011f\u0131n\u0131z sertifikay\u0131 kullan\u0131rs\u0131n\u0131z ya da CDN\u2019in sa\u011flad\u0131\u011f\u0131 <strong>\u00f6zel origin sertifikas\u0131<\/strong>n\u0131 sunucuya kurars\u0131n\u0131z.<\/li>\n<\/ul>\n<p>\u0130kinci se\u00e7enek (CDN origin sertifikas\u0131), origin\u2019in <strong>sadece o CDN taraf\u0131ndan g\u00fcvenilir<\/strong> k\u0131l\u0131nmas\u0131n\u0131 sa\u011flar. B\u00f6ylece k\u00f6t\u00fc niyetli biri, ayn\u0131 hostname ile sahte bir sunucu kursa bile CDN ona ba\u011flanmaz.<\/p>\n<h3><span id=\"3_HSTS_HTTPHTTPS_yonlendirmeleri_ve_SEO\">3. HSTS, HTTP\u2192HTTPS y\u00f6nlendirmeleri ve SEO<\/span><\/h3>\n<p>CDN arkas\u0131nda HTTPS\u2019e ge\u00e7ti\u011finizde a\u015fa\u011f\u0131dakileri unutmay\u0131n:<\/p>\n<ul>\n<li>T\u00fcm HTTP isteklerini <strong>301 ile HTTPS\u2019e y\u00f6nlendirin<\/strong> (tercihen origin taraf\u0131nda).<\/li>\n<li>HSTS kullan\u0131yorsan\u0131z, CDN\u2019in de bu header\u2019\u0131 iletti\u011finden emin olun.<\/li>\n<li>Canonical URL\u2019lerinizde protokol\u00fc g\u00fcncelleyin.<\/li>\n<\/ul>\n<p>Bu s\u00fcreci daha geni\u015f bir perspektiften ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/httpden-httpse-gecis-rehberi-301-yonlendirme-hsts-ve-seoyu-korumak\/\">HTTP\u2019den HTTPS\u2019e ge\u00e7i\u015f rehberimiz<\/a>, CDN \u00f6n\u00fcnde de benzer mant\u0131kla uygulanabilir.<\/p>\n<h2><span id=\"Origini_gercekten_korumak_IP_kisitlama_mTLS_ve_Authenticated_Origin_Pulls\">Origin\u2019i ger\u00e7ekten korumak: IP k\u0131s\u0131tlama, mTLS ve Authenticated Origin Pulls<\/span><\/h2>\n<p>Full (Strict) SSL, trafi\u011fin \u015fifrelenmesini ve sertifikan\u0131n do\u011frulanmas\u0131n\u0131 sa\u011flar. Ancak bir ad\u0131m daha ileri gidip, <strong>origin sunucunun sadece CDN\u2019den gelen trafi\u011fi kabul etmesini<\/strong> sa\u011flayabilirsiniz. B\u00f6ylece:<\/p>\n<ul>\n<li>Do\u011frudan IP ile siteye eri\u015fim engellenir.<\/li>\n<li>CDN\u2019i atlayarak yap\u0131lan sald\u0131r\u0131lar bo\u015fa \u00e7\u0131kar.<\/li>\n<li>Ger\u00e7ek kullan\u0131c\u0131 trafi\u011fi mutlaka CDN filtrelerinden ge\u00e7mi\u015f olur.<\/li>\n<\/ul>\n<h3><span id=\"1_IP_whitelisting_CDN_IPlerine_izin_vermek\">1. IP whitelisting (CDN IP\u2019lerine izin vermek)<\/span><\/h3>\n<p>Basit ama etkili bir y\u00f6ntem: G\u00fcvenlik duvar\u0131n\u0131zda (iptables, ufw, firewalld, DCHost panel g\u00fcvenlik kurallar\u0131 vb.) sadece CDN\u2019in yay\u0131nlad\u0131\u011f\u0131 IP aral\u0131klar\u0131na 80\/443 izni verip, di\u011fer IP\u2019leri engelleyebilirsiniz.<\/p>\n<p>Bunun avantajlar\u0131:<\/p>\n<ul>\n<li>Kurulumu basit; ek \u015fifreleme gerektirmez.<\/li>\n<li>\u00c7o\u011fu k\u00fc\u00e7\u00fck ve orta \u00f6l\u00e7ekli site i\u00e7in yeterli seviye sa\u011flar.<\/li>\n<\/ul>\n<p>Dezavantajlar\u0131:<\/p>\n<ul>\n<li>CDN IP aral\u0131klar\u0131 de\u011fi\u015fti\u011finde whitelist\u2019i g\u00fcncellemeniz gerekir.<\/li>\n<li>Birden fazla CDN\/servis kullan\u0131yorsan\u0131z kurallar karma\u015f\u0131kla\u015fabilir.<\/li>\n<\/ul>\n<h3><span id=\"2_Authenticated_Origin_Pulls_CDN_origin_mTLS\">2. Authenticated Origin Pulls (CDN \u2192 origin mTLS)<\/span><\/h3>\n<p>Daha geli\u015fmi\u015f bir y\u00f6ntem, <strong>CDN\u2019in client sertifikas\u0131 ile kendini origin\u2019e tan\u0131tmas\u0131d\u0131r<\/strong>. \u00d6rne\u011fin baz\u0131 CDN\u2019ler \u201cAuthenticated Origin Pulls\u201d ad\u0131n\u0131 verdikleri \u00f6zellikle, origin\u2019e ba\u011flan\u0131rken istemci sertifikas\u0131 g\u00f6nderir ve siz de Nginx\/Apache taraf\u0131nda sadece bu sertifikay\u0131 ta\u015f\u0131yan ba\u011flant\u0131lar\u0131 kabul edersiniz.<\/p>\n<p>Bu yap\u0131y\u0131 daha \u00f6nce detayl\u0131 ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/origini-korumak-cloudflare-authenticated-origin-pulls-ve-mtls-ile-gercek-kaynak-dogrulamasi\/\">origin\u2019i mTLS ile koruma rehberimiz<\/a>, Nginx ve CDN \u00f6zelinde ad\u0131m ad\u0131m anlat\u0131yor. Ayn\u0131 prensip, di\u011fer CDN\u2019ler ve reverse proxy\u2019ler i\u00e7in de ge\u00e7erli.<\/p>\n<h3><span id=\"3_Kendi_mTLS_altyapinizi_kurmak\">3. Kendi mTLS altyap\u0131n\u0131z\u0131 kurmak<\/span><\/h3>\n<p>CDN kullanmasan\u0131z bile, i\u00e7 servisleriniz (API gateway, mikroservisler, panel eri\u015fimi vb.) i\u00e7in mTLS kurmak olduk\u00e7a g\u00fc\u00e7l\u00fc bir g\u00fcvenlik katman\u0131 sunar. Nginx ve Caddy \u00fczerinde mTLS kurulumunu, istemci sertifikalar\u0131n\u0131n nas\u0131l zorunlu k\u0131l\u0131naca\u011f\u0131n\u0131 ve sadece belirli CA\u2019lardan gelen sertifikalar\u0131n nas\u0131l kabul edilece\u011fini anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/nginx-ve-caddyde-mtls-nasil-kurulur-mikroservislerde-sertifika-dogrulamanin-tatli-sirlari\/\">mTLS rehberimiz<\/a> bu noktada iyi bir ba\u015fvuru kayna\u011f\u0131 olabilir.<\/p>\n<h2><span id=\"Gercek_dunya_senaryolari_Hangi_mimaride_ne_yapmak_mantikli\">Ger\u00e7ek d\u00fcnya senaryolar\u0131: Hangi mimaride ne yapmak mant\u0131kl\u0131?<\/span><\/h2>\n<h3><span id=\"Senaryo_1_Klasik_WordPress_CDN\">Senaryo 1: Klasik WordPress + CDN<\/span><\/h3>\n<p>Basit bir kurumsal site veya orta \u00f6l\u00e7ekli bir blog d\u00fc\u015f\u00fcnelim. WordPress, DCHost payla\u015f\u0131ml\u0131 hosting veya NVMe VPS \u00fczerinde \u00e7al\u0131\u015f\u0131yor, \u00f6n\u00fcnde pop\u00fcler bir CDN var.<\/p>\n<ul>\n<li>Origin\u2019de Let\u2019s Encrypt veya kurumsal DV\/OV sertifikas\u0131.<\/li>\n<li>Nginx\/Apache\u2019de TLS 1.2+1.3, HSTS, OCSP stapling ayarl\u0131.<\/li>\n<li>CDN \u2192 origin trafi\u011fi i\u00e7in Full (Strict) mod.<\/li>\n<li>G\u00fcvenlik duvar\u0131nda IP whitelisting veya en az\u0131ndan rate limit.<\/li>\n<\/ul>\n<p>Bu yap\u0131, \u00e7o\u011fu kurumsal site i\u00e7in g\u00fcvenlik, performans ve i\u015fletme maliyeti dengesini iyi kurar.<\/p>\n<h3><span id=\"Senaryo_2_WooCommerce_veya_odeme_alan_eticaret_sitesi\">Senaryo 2: WooCommerce veya \u00f6deme alan e\u2011ticaret sitesi<\/span><\/h3>\n<p>Burada i\u015f biraz daha ciddi; \u00f6deme sayfalar\u0131nda PCI-DSS uyumu, hata an\u0131nda minimum risk, loglama gibi konular devreye giriyor. DCHost m\u00fc\u015fterilerinde s\u0131k\u00e7a uygulad\u0131\u011f\u0131m\u0131z yakla\u015f\u0131m:<\/p>\n<ul>\n<li>Origin\u2019de kurumsal SSL (OV\/EV) veya en az\u0131ndan iyi y\u00f6netilen DV.<\/li>\n<li>CDN\u2019de Full (Strict) SSL, minimum TLS 1.2.<\/li>\n<li>Kritik admin ve \u00f6deme endpoint\u2019leri i\u00e7in CDN taraf\u0131nda da ek WAF kurallar\u0131.<\/li>\n<li>Origin IP\u2019si do\u011frudan eri\u015fime kapal\u0131; sadece CDN IP\u2019leri ve bak\u0131m i\u00e7in VPN\u2019den eri\u015fim.<\/li>\n<\/ul>\n<p>\u00d6deme s\u00fcre\u00e7lerinin g\u00fcvenli\u011fini, TLS taraf\u0131ndaki gerekliliklerle birlikte ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/pci-dss-uyumlu-e-ticaret-hosting-rehberi\/\">PCI-DSS uyumlu e\u2011ticaret hosting rehberimiz<\/a> bu mimariyi tamamlar nitelikte.<\/p>\n<h3><span id=\"Senaryo_3_SaaS_uygulamasi_coklu_domain_ve_otomatik_SSL\">Senaryo 3: SaaS uygulamas\u0131, \u00e7oklu domain ve otomatik SSL<\/span><\/h3>\n<p>SaaS d\u00fcnyas\u0131nda kullan\u0131c\u0131lar kendi alan adlar\u0131n\u0131 sisteme eklemek istiyor (\u00f6r. <code>panel.musteri.com<\/code>). Bu durumda:<\/p>\n<ul>\n<li>Hem CDN\u2019de hem origin\u2019de \u00e7ok say\u0131da <strong>dinamik SSL sertifikas\u0131<\/strong> y\u00f6netmeniz gerekir.<\/li>\n<li>\u00c7o\u011fu zaman <strong>DNS-01 challenge<\/strong> tabanl\u0131 ACME otomasyonu devreye girer.<\/li>\n<li>CDN, edge taraf\u0131nda sertifikay\u0131 sonland\u0131r\u0131rken; origin\u2019de de wildcard veya otomatik \u00fcretilen sertifikalar \u00e7al\u0131\u015f\u0131r.<\/li>\n<\/ul>\n<p>DCHost olarak bu t\u00fcr yap\u0131larda ACME tabanl\u0131 otomasyon, origin \u015fifrelemesi ve CDN ili\u015fkisini daha \u00f6nce <a href=\"https:\/\/www.dchost.com\/blog\/saaste-ozel-alan-adlari-ve-otomatik-ssl-dns-01-ile-cok-kiracili-mimarini-nasil-tatli-tatli-olceklersin\/\">SaaS\u2019te \u00f6zel alan adlar\u0131 ve otomatik SSL rehberimizde<\/a> ad\u0131m ad\u0131m anlatt\u0131k. Ayn\u0131 prensipleri CDN arkas\u0131nda Full (Strict) SSL ile birle\u015ftirmek m\u00fcmk\u00fcn.<\/p>\n<h2><span id=\"DCHost_altyapisinda_ornek_kurulum_akislari\">DCHost altyap\u0131s\u0131nda \u00f6rnek kurulum ak\u0131\u015flar\u0131<\/span><\/h2>\n<h3><span id=\"1_DCHost_paylasimli_hosting_CDN\">1. DCHost payla\u015f\u0131ml\u0131 hosting + CDN<\/span><\/h3>\n<ol>\n<li>DCHost kontrol panelinizden alan ad\u0131n\u0131za Let\u2019s Encrypt veya sat\u0131n ald\u0131\u011f\u0131n\u0131z SSL sertifikas\u0131n\u0131 kurun.<\/li>\n<li><code>https:\/\/<\/code> ile siteye do\u011frudan (CDN\u2019siz) eri\u015fip her \u015feyin sorunsuz \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 do\u011frulay\u0131n.<\/li>\n<li>CDN panelinde domaini ekleyin, origin adresi olarak DCHost sunucu ad\u0131n\u0131z\u0131 veya IP\u2019nizi girin.<\/li>\n<li>SSL modunu <strong>Full (Strict)<\/strong> olarak ayarlay\u0131n.<\/li>\n<li>DNS kay\u0131tlar\u0131n\u0131z\u0131 DCHost nameserver\u2019lar\u0131ndan CDN nameserver\u2019lar\u0131na y\u00f6nlendirin veya sadece A\/CNAME kay\u0131tlar\u0131n\u0131 CDN\u2019e i\u015faret edecek \u015fekilde g\u00fcncelleyin.<\/li>\n<li>Gerekirse DCHost taraf\u0131nda g\u00fcvenlik duvar\u0131 kurallar\u0131 ile CDN IP\u2019lerini whitelist\u2019leyin.<\/li>\n<\/ol>\n<h3><span id=\"2_DCHost_NVMe_VPS_Nginx_CDN\">2. DCHost NVMe VPS + Nginx + CDN<\/span><\/h3>\n<ol>\n<li>VPS\u2019inizde Nginx veya Apache\u2019yi kurun; Let\u2019s Encrypt ile otomatik yenilenen bir sertifika yap\u0131land\u0131r\u0131n.<\/li>\n<li><code>server_name<\/code> \/ <code>ServerName<\/code> direktiflerinin CDN\u2019in origin olarak ba\u011flanaca\u011f\u0131 hostname ile uyumlu oldu\u011fundan emin olun.<\/li>\n<li>Nginx\u2019te HTTP\u2192HTTPS y\u00f6nlendirmelerini ve HSTS\u2019i etkinle\u015ftirin.<\/li>\n<li>CDN panelinde SSL modunu Full (Strict) yap\u0131n; origin hostname olarak ayn\u0131 alan ad\u0131n\u0131 veya ayr\u0131 bir <code>origin.ornek.com<\/code> alt alan\u0131n\u0131 kullan\u0131n.<\/li>\n<li>iptables\/ufw ile sadece CDN IP aral\u0131klar\u0131ndan 443\u2019e eri\u015fime izin verin; y\u00f6netim i\u00e7in DCHost VPN veya sabit y\u00f6netim IP\u2019lerinizi de whitelist\u2019e ekleyin.<\/li>\n<\/ol>\n<h3><span id=\"3_DCHost_dedicatedcolocation_mTLS_CDN\">3. DCHost dedicated\/colocation + mTLS + CDN<\/span><\/h3>\n<p>Daha kurumsal yap\u0131larda \u015fu mimariyi \u00f6neriyoruz:<\/p>\n<ul>\n<li>Edge\u2019te CDN, Full (Strict) + Authenticated Origin Pulls veya benzeri \u00f6zellik aktif.<\/li>\n<li>DCHost veri merkezindeki dedicated\/colocation sunucunuzda Nginx, CDN\u2019in client sertifikas\u0131n\u0131 do\u011frulayacak \u015fekilde mTLS ile yap\u0131land\u0131r\u0131lm\u0131\u015f.<\/li>\n<li>Origin IP\u2019leri d\u0131\u015f d\u00fcnyaya kapal\u0131; sadece CDN IP bloklar\u0131 ve y\u00f6netim VPN\u2019i eri\u015febiliyor.<\/li>\n<\/ul>\n<p>B\u00f6yle bir yap\u0131da, sadece <strong>do\u011fru sertifikaya sahip CDN d\u00fc\u011f\u00fcmleri<\/strong> origin\u2019e ula\u015fabildi\u011fi i\u00e7in, kimlik do\u011frulamas\u0131 \u00e7ok daha sa\u011flam bir hale gelir.<\/p>\n<h2><span id=\"Izleme_hata_teshisi_ve_bakim\">\u0130zleme, hata te\u015fhisi ve bak\u0131m<\/span><\/h2>\n<p>CDN arkas\u0131nda ger\u00e7ek HTTPS kurmak kadar, bu yap\u0131y\u0131 s\u00fcrd\u00fcr\u00fclebilir \u015fekilde y\u00f6netmek de \u00f6nemli. DCHost\u2019ta sahada en s\u0131k kar\u015f\u0131la\u015ft\u0131\u011f\u0131m\u0131z problemler ve \u00f6nerilerimiz \u015f\u00f6yle:<\/p>\n<h3><span id=\"1_Sertifika_bitis_tarihlerini_otomatik_izleyin\">1. Sertifika biti\u015f tarihlerini otomatik izleyin<\/span><\/h3>\n<p>\u00d6zellikle birden fazla alan ad\u0131 ve ortam (test, staging, prod) s\u00f6z konusu oldu\u011funda, sertifika s\u00fcre sonu unutmak \u00e7ok kolay. Bu y\u00fczden:<\/p>\n<ul>\n<li>Let\u2019s Encrypt\/ACME istemcilerinin otomatik yenileme loglar\u0131n\u0131 ve cron job\u2019lar\u0131n\u0131 d\u00fczenli kontrol edin.<\/li>\n<li>Harici monitoring ile sertifika biti\u015f tarihine g\u00f6re uyar\u0131 kurun.<\/li>\n<\/ul>\n<p>Onlarca alan ad\u0131 y\u00f6netenler i\u00e7in, <a href=\"https:\/\/www.dchost.com\/blog\/onlarca-alan-adi-icin-ssl-sertifika-sure-sonu-izleme-ve-otomatik-yenileme-stratejisi\/\">\u00e7oklu domain\u2019de SSL sertifika s\u00fcre sonu izleme ve otomasyon rehberimiz<\/a> \u00f6zellikle faydal\u0131 olacakt\u0131r.<\/p>\n<h3><span id=\"2_Mixed_content_ve_8220Not_Secure8221_uyarilarini_cozmek\">2. Mixed content ve &#8220;Not Secure&#8221; uyar\u0131lar\u0131n\u0131 \u00e7\u00f6zmek<\/span><\/h3>\n<p>CDN sonras\u0131 en s\u0131k g\u00f6r\u00fclen sorulardan biri, baz\u0131 sayfalarda taray\u0131c\u0131n\u0131n hala \u201cg\u00fcvenli de\u011fil\u201d uyar\u0131s\u0131 g\u00f6stermesi. Genelde sebep, sayfa i\u00e7inde HTTP ile \u00e7a\u011fr\u0131lan g\u00f6rsel, JS veya CSS dosyalar\u0131d\u0131r. Bu problemi \u00e7\u00f6zmek i\u00e7in:<\/p>\n<ul>\n<li>Kaynak URL\u2019lerini <code>https:\/\/<\/code> veya <code>\/\/<\/code> (protokol ba\u011f\u0131ms\u0131z) yap\u0131n.<\/li>\n<li>CDN \u00f6nbelle\u011fini temizleyerek yeni i\u00e7eriklerin yay\u0131lmas\u0131n\u0131 h\u0131zland\u0131r\u0131n.<\/li>\n<\/ul>\n<p>Bu konuya \u00f6zel haz\u0131rlad\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/ssl-sonrasi-mixed-content-ve-guvensiz-icerik-hatalarini-duzeltmek\/\">SSL sonras\u0131 mixed content hatalar\u0131n\u0131 d\u00fczeltme rehberi<\/a>, CDN arkas\u0131nda da birebir ge\u00e7erli.<\/p>\n<h3><span id=\"3_HTTP2_ve_HTTP3_QUIC_avantajlarindan_yararlanin\">3. HTTP\/2 ve HTTP\/3 (QUIC) avantajlar\u0131ndan yararlan\u0131n<\/span><\/h3>\n<p>CDN\u2019lerin b\u00fcy\u00fck k\u0131sm\u0131 HTTP\/2 ve HTTP\/3 deste\u011fi sunuyor. Do\u011fru ayarlarla:<\/p>\n<ul>\n<li>Daha iyi ba\u011flant\u0131 \u00e7oklama (multiplexing)<\/li>\n<li>Daha az TCP\/TLS el s\u0131k\u0131\u015fmas\u0131<\/li>\n<li>Y\u00fcksek gecikmeli mobil ba\u011flant\u0131larda daha iyi kullan\u0131c\u0131 deneyimi<\/li>\n<\/ul>\n<p>elde etmek m\u00fcmk\u00fcn. Hem CDN hem origin taraf\u0131nda HTTP\/2\/3 deste\u011finin performansa etkilerini, <a href=\"https:\/\/www.dchost.com\/blog\/http-2-ve-http-3-destegi-seo-ve-core-web-vitalsi-nasil-etkiler-hosting-secerken-nelere-bakmali\/\">HTTP\/2 ve HTTP\/3 rehberimizde<\/a> detayl\u0131ca anlatt\u0131k.<\/p>\n<h2><span id=\"Sonuc_Gercek_HTTPS_sadece_kilit_simgesinden_ibaret_degil\">Sonu\u00e7: Ger\u00e7ek HTTPS, sadece kilit simgesinden ibaret de\u011fil<\/span><\/h2>\n<p>Taray\u0131c\u0131da g\u00f6r\u00fcnen kilit simgesi \u00e7o\u011fu zaman i\u00e7imizi rahatlat\u0131yor, ama i\u015fin mutfa\u011f\u0131nda neler olup bitti\u011fini sorgulamazsak, CDN arkas\u0131nda \u201cyar\u0131m HTTPS\u201d ile yolumuza devam edebiliyoruz. DCHost olarak sahada g\u00f6rd\u00fc\u011f\u00fcm\u00fcz en kritik fark \u015fu: <strong>Flexible ya da zay\u0131f Full SSL, sorun \u00e7\u0131kana kadar fark edilmiyor; Full (Strict) + origin \u015fifreleme ise uzun vadede projeyi hem g\u00fcvenlik hem uyumluluk a\u00e7\u0131s\u0131ndan koruyor<\/strong>.<\/p>\n<p>\u00d6zetle \u015funlar\u0131 hayat\u0131n\u0131za katman\u0131z\u0131 \u00f6neriyoruz:<\/p>\n<ul>\n<li>Origin sunucuda modern TLS ayarlar\u0131 ve otomatik yenilenen bir SSL altyap\u0131s\u0131 kurun.<\/li>\n<li>CDN taraf\u0131nda mutlaka <strong>Full (Strict)<\/strong> veya e\u015fde\u011fer modu se\u00e7in.<\/li>\n<li>M\u00fcmk\u00fcnse origin\u2019i sadece CDN\u2019den ve y\u00f6netim VPN\u2019inizden eri\u015filebilir hale getirin.<\/li>\n<li>Orta ve b\u00fcy\u00fck projelerde mTLS, Authenticated Origin Pulls gibi geli\u015fmi\u015f y\u00f6ntemleri de\u011ferlendirin.<\/li>\n<\/ul>\n<p>E\u011fer mevcut kurulumunuzun ger\u00e7ekten u\u00e7tan uca g\u00fcvenli olup olmad\u0131\u011f\u0131ndan emin de\u011filseniz, DCHost ekibi olarak <strong>payla\u015f\u0131ml\u0131 hosting, NVMe VPS, dedicated sunucu veya colocation<\/strong> altyap\u0131lar\u0131m\u0131z \u00fczerinde CDN ve HTTPS mimarinizi birlikte g\u00f6zden ge\u00e7irebiliriz. Projenizin \u00f6l\u00e7e\u011fi ne olursa olsun, performans kayb\u0131 ya\u015famadan ger\u00e7ek HTTPS\u2019e ge\u00e7meniz m\u00fcmk\u00fcn. Destek talebi a\u00e7arak ya da sat\u0131\u015f ekibimizle ileti\u015fime ge\u00e7erek, CDN arkas\u0131nda g\u00fcvenli ve s\u00fcrd\u00fcr\u00fclebilir bir HTTPS mimarisini birlikte tasarlayabiliriz.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 CDN arkas\u0131nda ger\u00e7ek HTTPS neden bu kadar kritik?2 Temel kavramlar: SSL termination, passthrough ve origin \u015fifreleme2.1 SSL Termination (TLS sonland\u0131rma)2.2 TLS Passthrough2.3 Origin \u015fifreleme3 CDN SSL modlar\u0131: Flexible, Full ve Full (Strict) fark\u01313.1 1. Flexible (esnek) SSL \u2013 Ka\u00e7\u0131n\u0131lmas\u0131 gereken mod3.2 2. Full SSL \u2013 \u015eifreli ama zay\u0131f do\u011frulama3.3 3. Full (Strict) SSL \u2013 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4128,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-4127","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=4127"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4127\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/4128"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=4127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=4127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=4127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}