setup_https_with_nginx_and_letsencrypt
**这是本文档旧的修订版!**
注意:以下都是以ubuntu 16.04 环境为例子, 默认安装好了nginx
关闭本机的80和443端口占用程序
systemctl stop nginx
安装 letsencrypt
add-apt-repository ppa:certbot/certbot apt-get update apt-get install python-certbot-nginx
生成ssl的秘钥
cd /etc/nginx mkdir ssl cd /etc/nginx/ssl openssl dhparam -out dhparam.pem 2048
生成letsencrypt的证书
certbot certonly --standalone --email <xxx>@<xxxmail.com> -d <xxx>.com -d www.<xxx>.com
nginx 80 和443的配置文件
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/maoyouhui.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maoyouhui.cc/privkey.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
server_name maoyouhui.cc www.maoyouhui.cc;
root /www/wwwroot/maoyouhui.cc;
location / {
index index.html index.htm;
}
}
server {
listen 80;
listen [::]:80;
server_name maoyouhui.cc www.maoyouhui.cc;
return 301 https://$server_name$request_uri;
}
setup_https_with_nginx_and_letsencrypt.1516012074.txt.gz · 最后更改: (外部编辑)