1. 下载 certbot(https://certbot.eff.org)https://github.com/certbot/certbot
2.生成证书时需要配置的nginx
|
server
{
listen 80;
server_name gzmp.xxx.com;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root D:/IISWeb/gzmp;
}
location = /.well-known/acme-challenge/ {
return 404;
}
access_log logs/www_access.log;
}
|
3.测试nginx配置是否正确
|
nginx -t
|
4.重启nginx
|
nginx -s reload
|
5.certbot生成证书(create_certbot.bat)
|
certbot certonly --webroot --email dev@xxx.com -w D:/IISWeb/gzmp -d gzmp.xxx.com
|
6.certbot手动更新证书(renew_certbot.bat)
|
certbot renew -v
|
7.certbot自动更新证书(auto_renew_certbot.bat)
|
certbot renew --quiet --no-self-upgrade
|
生成成功后,C盘的Certbot文件夹下面会出现一个live文件夹。里面有一个以你配置的网站的域名为名称的文件夹。
8.生成证书后,修改nginx配置,重复3、4步骤。
配置1.
|
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name gzmp.xxx.com;
root D:/IISWeb/gzmp;
# SSL
ssl_certificate C:Certbotlivegzmp.xxx.comfullchain.pem;
ssl_certificate_key C:Certbotlivegzmp.xxx.comprivkey.pem;
# index.php
index index.html index.htm index.php;
}
server
{
listen 80;
server_name gzmp.xxx.com;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:82;
}
access_log logs/www_access.log;
}
|
配置2.
|
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name gzmp.xxx.com;
#root D:AppHomePatrolLineportalwwwroot;
# security
include default/security.conf;
# logging
access_log logs/gzmp.xxx.com.access.log;
error_log logs/gzmp.xxx.com.error.log warn;
# SSL
ssl_certificate C:Certbotlivegzmp.xxx.comfullchain.pem;
ssl_certificate_key C:Certbotlivegzmp.xxx.comprivkey.pem;
# index.php
#index index.html index.htm index.php;
location ^~/mp/ {
root D:AppHomePatrolLineminiprogram;
}
# reverse proxy
location / {
proxy_pass http://127.0.0.1:9980;
include default/proxy.conf;
}
# additional config
include default/general.conf;
}
server {
listen 80;
listen [::]:80;
server_name gzmp.xxx.com;
root public;
location / {
return 301 https://gzmp.xxx.com$request_uri;
}
}
|
mp目录结构