certbot證書安裝--nginx
阿新 • • 發佈:2019-01-02
在python2.7的基礎之上
使用certbot來安裝網站證書支援https
官網教程 https://certbot.eff.org/
安裝包 wget https://dl.eff.org/certbot-auto
nginx 網站下
首先得有virtualhost 配置虛擬站點,啟用Namevirtualhost,監聽433埠
nginx採用的yum安裝
在conf.d目錄下 有 default.conf ssl.conf virtual.conf
先建立站點 abc.wang.com 多個站點123.wang.com同目錄
vim virtual.conf server { listen 8000; listen 443 ssl; # managed by Certbot server_name abc.wang.com 123.wang.com;#多個域名用空格隔開 ssl_certificate /etc/letsencrypt/live/abc.wang.com/fullchain.pem; # managed by Certbot #1 ssl_certificate_key /etc/letsencrypt/live/abc.wang.com/privkey.pem; # managed by Certbot#2 在certbot環節中會自動建立增加 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot if ($server_port = "8000") { return 301 https://$server_name/$request_uri; } #此條新增為跳轉https location / { root /var/www/html/nginx; index index.html index.htm; } }
./certbot --nginx certonly
安裝證書完成後,在/etc/letsencrypt/live/目錄下會有個abc.wang.com目錄
cd /etc/letsencrypt/live/abc.wang.com/
cert.pem chain.pem fullchain.pem privkey.pem README
此時證書的安裝部分完成
在nginx的配置中載入證書
此時需要啟用ssl.conf 註釋取消掉,修改證書的正確路徑
vim ssl.conf # # HTTPS server configuration # server { listen 443 ssl http2 default_server; listen [::]:443 ssl; server_name abc.wang.com; root /var/www/html/wang; ssl_certificate /etc/letsencrypt/live/abc.wang.com/cert.pem; ssl_certificate_key /etc/letsencrypt/live/abc.wang.com/privkey.pem; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; # # # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; # location / { } # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } }
此時還需要新增一條重寫規則,讓http的訪問跳轉到https上面來
修改virtual配置檔案
在server中新增
if ($server_port = "8000") { return 301 https://$server_name/$request_uri; }
檢視虛擬目錄的載入檔案情況
nginx -t -D DUMP_VHOSTS