zoukankan      html  css  js  c++  java

  • 阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问

    参考页面:

    https://certbot.eff.org/#ubuntutrusty-nginx

    http://bbs.qcloud.com/thread-12059-1-1.html

    http://www.cnblogs.com/yanghuahui/archive/2012/06/25/2561568.html

    http://www.jb51.net/os/Ubuntu/323696.html

    1. 下载let's encrypt

    $ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

      无法找到add-apt-repository时,需要

    apt-get install python-software-properties
    apt-get install software-properties-common

    2. 生成密钥

    certbot certonly --standalone -d example.com -d www.example.com

    执行成功会显示如下内容:

    IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/【这里是你的域名】/fullchain.pem. Your cert will
   expire on 【这里是到期时间】. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

      红色内容在下一步会被使用。

    3. 配置nginx

            listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/【这里是你的域名】/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/【这里是你的域名】/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
        listen [::]:443 ssl ipv6only=on;

      请注意这里的两个红色路径所对应的文件不相同。

    4. 重启nginx

    nginx -s reload

      这时通过https访问网站,访问成功。

      通过http访问网站,失败。错误:ERR_CONNECTION_REFUSED

    5. 重定向http访问到https

    server {
        listen 80;
        server_name 【这里是你的域名】;
        rewrite ^(.*) https://$server_name$1 permanent;
}

      再次访问http,成功。  

    至此,配置完成。如下图

    * let's encrypt 只有90天的期限,续期使用如下代码:

    certbot renew --dry-run 
    certbot renew

      此操作前,请先关闭nginx

    nginx -s stop

     重启nginx,可能会遇到 [error] open() "/run/nginx.pid" failed (2: No such file or directory) 这样的问题,解决方法如下(参考自:http://blog.csdn.net/llnara/article/details/8691049):

    nginx -c /etc/nginx/nginx.conf

    欢迎访问我的网站:https://maomishen.com/
  • 相关阅读:
    Encoding
    F Takio与Blue的人生赢家之战
    D FFF团的怒火
    C Golden gun的巧克力
    B 倒不了的塔
    A jubeat
    17230 计算轴承半径
    10686 DeathGod不知道的事情
    10688 XYM-AC之路
    10692 XYM-入门之道
  • 原文地址:https://www.cnblogs.com/maomishen/p/6112721.html
Copyright © 2011-2022 走看看