阿里雲伺服器 Ubuntu 16.04 安裝https 結合Docker 、Nginx 的操作步驟
阿新 • • 發佈:2018-12-18
1.Let's Encrypt證書
# Let's Encrypt證書
#依次執行這個命令
sudo wget https://dl.eff.org/certbot-auto
sudo chmod a+x ./certbot-auto
sudo ./certbot-auto --help2.證書下載安裝
# 建立萬用字元證書 $sudo ./certbot-auto certonly -d *.xxx.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory *.xxx.com 代表自己的域名 *代表所有 當出現這個這句話的時候請注意 (別回車那麼快 慢一點) _acme-challenge.xxx.com = O3wTEcONmDE-2el69a6xHv7O28M4P0i7hxiJGluJ_xQ 域名系統->域名解析->增加TXT記錄 到阿里雲後臺域名解析 新增 這樣的一條記錄 型別 選擇TXT文字 主機記錄 _acme-challenge.xxx.com 記錄值 O3wTEcONmDE-2el69a6xHv7O28M4P0i7hxiJGluJ_xQ 這個過程中還可能需要輸入你的郵箱地址(不要那麼快,自己又不熟悉環境) 成功之後會顯示 就是 fullchain.pem privkey.pem 存放的目錄 IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/xxx.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/xxx.com/privkey.pem Your cert will expire on 2019-02-27. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
3.複製證書到nginx容器的對映目錄
建立nginx容器啟動 sudo docker run -d \ --name=nginx \ --restart always \ -p 80:80 -p 443:443 \ -v /opt/nginx/conf.d:/etc/nginx/conf.d \ -v /opt/nginx/sslkey:/etc/nginx/sslkey \ nginx conf.d資料夾 是存放 nginx.conf配置的 sslkey資料夾 是存放 fullchain.pem privkey.pem cp /etc/letsencrypt/live/xxx.com/* /opt/nginx/sslkey/
4.配置Nginx的檔案
## nginx配置ssl證書 xxx.xxxx.com.conf server { listen 443; server_name xx.xxxx.com; client_max_body_size 1000M; ssl on; ssl_certificate /etc/nginx/sslkey/fullchain.pem; ssl_certificate_key /etc/nginx/sslkey/privkey.pem; location / { proxy_pass http://xx.xx.xx.xx:xxx; #自己的ip和埠號 } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
5.驗證https 續期
這個證書只能用90天 到期後 自動續期
# 續期
letsencrypt-auto renew
