nginx ssl
Last updated on November 22, 2024 pm
🧙 Questions
☄️ Ideas
使用freessl配置ssl
登录账号,输入域名 isxcode.com,选择品牌
配置域名认证
校验
通过certbot安装
默认下载路径
/etc/letsencrypt/archive/isxcode.com/
NOTE:
命令中取消www.isxcode.com
sudo yum install -y certbot
sudo pip uninstall urllib3
sudo pip install urllib3==1.21.1
sudo pip install --upgrade --force-reinstall 'requests==2.6.0'
sudo certbot certonly --manual -d isxcode.com --server https://acme.freessl.cn/v2/DV90/directory/b2s82ileo16ty8uzgg8k
sudo chown -R ispong:ispong /etc/letsencrypt/archive/
将密钥文件复制到指定路径
cp /etc/letsencrypt/archive/isxcode.com/fullchain1.pem /data/ssl/isxcode.com/full_chain.pem
cp /etc/letsencrypt/archive/isxcode.com/privkey1.pem /data/ssl/isxcode.com/private.key配置nginx.conf
vim /etc/nginx/nginx.confhttp {
server {
listen 80;
server_name isxcode.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
listen 443 ssl;
server_name isxcode.com;
ssl_certificate /data/ssl/isxcode.com/full_chain.pem;
ssl_certificate_key /data/ssl/isxcode.com/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /usr/share/nginx/html/blog/public/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
}手动续约
sudo certbot renew --dry-run使用阿里云配置ssl
创建证书
🔗 Links
nginx ssl
https://ispong.isxcode.com/vue/nginx/nginx ssl/