zoukankan      html  css  js  c++  java
  • HTTPS配置

    一、https配置

    1.0 环境

    系统:CentOS7

    [root@www ~]# cat /etc/redhat-release 
    CentOS Linux release 7.4.1708 (Core)
    

    nginx:nginx/1.12.2

    域名:sample.com 这里以这个域名举例

    1.1 安装Certbot Let's Encrypt Client

    sudo yum install -y epel-release
    sudo yum install -y certbot-nginx
    

    1.2 配置nginx

    # 安装nginx,如果未安装
    sudo yum install nginx
    # 启动nginx
    sudo systemctl start nginx
    # 配置nginx
    sudo vi /etc/nginx/nginx.conf
    # server_name sample.net www.sample.net;
    # 验证nginx配置文件
    sudo nginx -t
    # 重启nginx
    sudo systemctl reload nginx
    

    1.3 配置防火墙

    sudo firewall-cmd --add-service=http
    sudo firewall-cmd --add-service=https
    sudo firewall-cmd --runtime-to-permanent
    

    1.4 获取证书

    # 这个地方有坑,解决方案见参考文件中的ImportError的两个网页
    sudo certbot --nginx -d sample.net -d www.sample.net
    

    1.5 配置Diffie-Hellman参数

    sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
    sudo vi /etc/nginx/nginx.conf
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    sudo nginx -t
    sudo systemctl reload nginx
    

    1.6 验证

    查看/etc/nginx/nginx.conf

    # http配置转发到https
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        # Redirect non-https traffic to https
        if ($scheme != "https") {
          return 301 https://$host$request_uri;
        } # managed by Certbot
    }
    
    # https配置
    server {
        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/h2o1k.net/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/h2o1k.net/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
        server_name www.sample.net sample.net; # managed by Certbot
        
            root         /usr/local/nginx/html;
            # Load configuration files for the default server block.
            include /etc/nginx/default.d/*.conf;
            location / {
            }
            error_page 404 /404.html;
                location = /40x.html {
            }
    
            error_page 500 502 503 504 /50x.html;
                location = /50x.html {
            }
    }
    

    验证nginx配置文件并重启nginx

    访问http://example.com看是否重定向到https了

    1.7 配置自动续费

    sudo crontab -e
    15 3 * * * /bin/certbot renew --quiet
    

    二、参考

  • 相关阅读:
    Intellij Idea 2017创建web项目及tomcat部署实战
    使用docker安装mysql服务
    python2--升级python3
    SpringCloud--注册中心Eureka
    SpringBoot--属性加载顺序
    Jmeter--压测dubbo接口
    较快的maven的settings.xml文件
    Spring boot:logback文件配置
    Spring--AOP
    34组代码敲不队记账类app会议纪要
  • 原文地址:https://www.cnblogs.com/okokabcd/p/8641365.html
Copyright © 2011-2022 走看看