zoukankan      html  css  js  c++  java
  • Ubuntu 16.04——配置Nginx及Https服务

    安装Cerbot

    sudo apt-get update
    sudo apt-get install software-properties-common
    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update
    sudo apt-get install python-certbot-nginx
    

    使用Cerbot中的Nginx插件(自动版,可能会不行)

    sudo certbot --nginx
    
    此命令将自动获取证书并且Certbot会编辑Nginx配置并完成所有工作,
    只需在命令运行期间根据命令的提示输入你要配置SSL的域名即可。
    
    如果想自定义Nginx配置,则使用certonly子命令即可。
    
    sudo certbot --nginx certonly
    

    修改Nginx的配置文件

    . . .
    server_name example.com www.example.com;
    . . .
    

    检测Nginx配置是否正确

    sudo nginx -t
    

     

    重启Nginx

    sudo systemctl restart nginx
    

    ###获取SSL证书

    sudo certbot --nginx -d 自己的域名
    

    若成功则输出信息如下:

    Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
    
    1: No redirect - Make no further changes to the webserver configuration.
    2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
    new sites, or if you’re confident your site works on HTTPS. You can undo this
    change by editing your web server’s configuration.
    
    Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):
    

    输入选择后输出信息如下:

    IMPORTANT NOTES:
    
    Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
    expire on 2017-10-23. To obtain a new or tweaked version of this
    certificate in the future, simply run certbot again with the
    “certonly” option. To non-interactively renew all of your
    certificates, run “certbot renew”
    
    Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
    
    If you like Certbot, please consider supporting our work by:
    
    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le
    

    这样SSL证书就配置成功了,在浏览器以https开头试试能否成功访问即可。  

    自动更新证书期限

    Certbot提供的证书期限为90天,执行此命令可自动续订证书。
    
    sudo certbot renew --dry-run
    

    如果没有报错,Certbot就会自动帮你更新证书并重载Nginx;如果更新失败,Let's Encrypt网站会发送一封邮件到你填入的邮箱告知详细情况。

    另外再推荐一个很好的有各种服务器相关配置教程的网站:
    DigitalOcean
    其中也有详细的为Ubuntu 16.04下Nginx配置SSL证书的英文教程:
    How To Secure Nginx with Let’s Encrypt on Ubuntu 16.04


    原文链接:https://blog.csdn.net/m0_38025747/article/details/80602651

      

    I can feel you forgetting me。。 有一种默契叫做我不理你,你就不理我

  • 相关阅读:
    条件语句、循环语句
    var、符号运算、条件语句、三元(目)运算、自加和自减
    js的介绍
    浏览器的差距、ie6 ie7 ie8、符号、html css、BFC、
    单位、浏览器、布局、
    z-index、absolute、marquee滚动条的问题
    js数据类型 方法 函数
    js函数
    全局方法或全局属性
    数据类型
  • 原文地址:https://www.cnblogs.com/weidaijie/p/12188290.html
Copyright © 2011-2022 走看看