zoukankan      html  css  js  c++  java
  • certbot生成免费证书

    1. 下载 certbot(https://certbot.eff.org)https://github.com/certbot/certbot
    2.生成证书时需要配置的nginx
    server
    {
    listen 80;
    server_name gzmp.xxx.com;
    location ^~ /.well-known/acme-challenge/ {
    default_type "text/plain";
    root D:/IISWeb/gzmp;
    }
     
    location = /.well-known/acme-challenge/ {
    return 404;
    }
    access_log logs/www_access.log;
    }
     
    3.测试nginx配置是否正确
    nginx -t
    4.重启nginx
    nginx -s reload
    5.certbot生成证书(create_certbot.bat)
    certbot certonly --webroot --email dev@xxx.com -w D:/IISWeb/gzmp -d gzmp.xxx.com
    6.certbot手动更新证书(renew_certbot.bat)
    certbot renew -v
    7.certbot自动更新证书(auto_renew_certbot.bat)
    certbot renew --quiet --no-self-upgrade
    生成成功后,C盘的Certbot文件夹下面会出现一个live文件夹。里面有一个以你配置的网站的域名为名称的文件夹。
    8.生成证书后,修改nginx配置,重复3、4步骤。
    配置1.
    server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name gzmp.xxx.com;
    root D:/IISWeb/gzmp;
     
    # SSL
    ssl_certificate C:Certbotlivegzmp.xxx.comfullchain.pem;
    ssl_certificate_key C:Certbotlivegzmp.xxx.comprivkey.pem;
     
    # index.php
    index index.html index.htm index.php;
    }
    server
    {
    listen 80;
    server_name gzmp.xxx.com;
    location / {
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://127.0.0.1:82;
    }
    access_log logs/www_access.log;
    }
    配置2.
    server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name gzmp.xxx.com;
    #root D:AppHomePatrolLineportalwwwroot;
     
    # security
    include default/security.conf;
     
    # logging
    access_log logs/gzmp.xxx.com.access.log;
    error_log logs/gzmp.xxx.com.error.log warn;
     
    # SSL
    ssl_certificate C:Certbotlivegzmp.xxx.comfullchain.pem;
    ssl_certificate_key C:Certbotlivegzmp.xxx.comprivkey.pem;
     
    # index.php
    #index index.html index.htm index.php;
     
    location ^~/mp/ {
    root D:AppHomePatrolLineminiprogram;
    }
    # reverse proxy
    location / {
    proxy_pass http://127.0.0.1:9980;
    include default/proxy.conf;
    }
     
    # additional config
    include default/general.conf;
    }
    server {
    listen 80;
    listen [::]:80;
    server_name gzmp.xxx.com;
    root public;
     
    location / {
    return 301 https://gzmp.xxx.com$request_uri;
    }
    }
    mp目录结构
     

  • 相关阅读:
    杭电2050
    杭电2043,小细节。。。。。
    杭电2034,坑爹的人见人爱a-b
    杭电2035--人见人爱A^B
    杭电2032--杨辉三角
    杭电2029--Palindromes _easy version(回文串)
    杭电2028--Lowest Common Multiple Plus
    NPOI大数据分批写入同个Excel
    [每日一题] OCP1z0-047 :2013-07-25 权限――角色与对象权限
    Ubuntu下安装搜狗拼音输入法
  • 原文地址:https://www.cnblogs.com/guxingzhe/p/13891870.html
Copyright © 2011-2022 走看看