1. 程式人生 > >https-讓網站支援https協議

https-讓網站支援https協議

我的環境是:centos,nginx.


將要使用 Let's Encrypt免費SSL


--------------------------------------------------------


1.獲取certbot客戶端
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto


注:我在使用wget 下載時沒有成功,開啟vpn代理翻牆下載到本地再ftp上傳到某目錄下。離線版下載
2.停止nginx
pkill -9 nginx


3.生成證書

    ./certbot-auto certonly --standalone --email `你的郵箱地址` -d `你的域名地址`

執行完/etc/letsencrypt/live/有相關目錄。 確保nginx程序關閉。

        
3.將證書用於nginx


server {
        listen 80;
        server_name     cui.le.shop;
        index           index.html index.htm index.php;
access_log     /data/wwwroot/cui.le.shop/log/cui.le.shop.access.log main;
error_log       /data/wwwroot/cui.le.shop/log/cui.le.shop.error.log error;
set $root_path '/data/wwwroot/cui.le.shop/wwwroot';
root $root_path;
try_files $uri $uri/ @rewrite;
location @rewrite {
rewrite ^/(.*)$ /index.php/$1;
}
location ~ \.php {
# try_files    $uri =404;


fastcgi_index  /index.php;
fastcgi_pass   127.0.0.1:9000;


include fastcgi_params;
fastcgi_split_path_info       ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO       $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root $root_path;
expires      30d;
}
location ~ /.ht {
deny all;
}
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/cui.le.shop/fullchain.pem; # 主要是這二句
ssl_certificate_key /etc/letsencrypt/live/cui.le.shop/privkey.pem;# 主要是這二句


}




4.啟動nginx


啟動nginx 發現nginx不識別ssl ,ssl_certificate指令,所以重新編譯nginx.
伺服器有安裝包路徑。
-- 查詢相關路徑
find /|grep nginx


--安裝包路徑
/usr/local/src/nginx-1.10.0


-- 編譯  我這裡設定路徑是/usr/local/webserver/nginx,沒有按照預設路徑走。
./configure --prefix=/usr/local/webserver/nginx --sbin-path=/usr/local/webserver/nginx/sbin/nginx --with-http_ssl_module
--生成
make
--備份舊的
cp /usr/local/webserver/nginx/sbin/nginx /usr/local/webserver/nginx/sbin/nginx.bak


--複製成新的
cp objs/nginx /usr/local/webserver/nginx/sbin/nginx


--測試
/usr/local/webserver/nginx/sbin/nginx -t


(nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful)
--啟動

/usr/local/webserver/nginx/sbin/nginx -c /usr/local/webserver/nginx/conf/nginx.conf

----------------------------------------

其他幾篇不錯的相關文章: