Let's Encrypt: 为CentOS/RHEL 7下的nginx安装https支持-具
广告位API接口通信错误,查看德得广告获取帮助
环境说明:
centos 7 nginx 1.10.2
前期准备
软件安装
yum install -y epel-release yum install -y certbot
创建目录及链接
方法1:在网站根目录下创建一个.well-known的目录 方法2: mkdir -p /usr/local/nginx/cert/.well-known ln -s /usr/local/nginx/cert/.well-known /data/www/example.com/.well-known ln -s /usr/local/nginx/cert/.well-known /data/www/test.example.com/.well-known
命令执行
certbot certonly --webroot -w /usr/local/nginx/cert -d example.com -d test.example.com 根据提示进行操作,一般可以正常生产证书文件。 证书文件的目录存放在: '/etc/letsencrypt/live/example.com/' 会有4个文件: cert.pem chain.pem fullchain.pem privkey.pem 特别要注意,这条命令只会将生成的证书放在这个目录,不会有一个/etc/letsencrypt/live/test.example.com/目录,test.example.com的证书和example.com的证书放在一起了,具体看后面的nginx配置。
nginx配置
server { listen 443 ssl http2; server_name example.com; index index.html index.htm index.php; root /data/www/example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; access_log off; } server { listen 443 ssl http2; server_name test.example.com; index index.html index.htm index.php; root /data/www/test.example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; access_log off; }
环境说明:
centos 7 nginx 1.10.2 本文来自无奈人生安全网
前期准备
软件安装
yum install -y epel-release yum install -y certbot 内容来自无奈安全网
创建目录及链接
方法1:在网站根目录下创建一个.well-known的目录 方法2: mkdir -p /usr/local/nginx/cert/.well-known ln -s /usr/local/nginx/cert/.well-known /data/www/example.com/.well-known ln -s /usr/local/nginx/cert/.well-known /data/www/test.example.com/.well-known 内容来自无奈安全网
命令执行
certbot certonly --webroot -w /usr/local/nginx/cert -d example.com -d test.example.com 根据提示进行操作,一般可以正常生产证书文件。 证书文件的目录存放在: '/etc/letsencrypt/live/example.com/' 会有4个文件: cert.pem chain.pem fullchain.pem privkey.pem 特别要注意,这条命令只会将生成的证书放在这个目录,不会有一个/etc/letsencrypt/live/test.example.com/目录,test.example.com的证书和example.com的证书放在一起了,具体看后面的nginx配置。无奈人生安全网
nginx配置
server { listen 443 ssl http2; server_name example.com; index index.html index.htm index.php; root /data/www/example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; access_log off; } server { listen 443 ssl http2; server_name test.example.com; index index.html index.htm index.php; root /data/www/test.example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; access_log off; } 内容来自无奈安全网
无奈人生安全网
【声明】:无奈人生安全网(http://www.wnhack.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱472701013@qq.com,我们会在最短的时间内进行处理。
上一篇:linux防火墙的策略规则 【返回网站首页】【进入网站论坛】
下一篇:Linux NTP 服务器搭建