ubuntu nginx 安装 certbot(letsencrypt)

时间:2017-04-29 23:24:26   收藏:0   阅读:3377

https://certbot.eff.org

到上面网站按照步骤安装certbot,

安装完成后,certbot 生成证书有两种方式

第一种:certonly模式,certbot 会启动自带的nginx(如果服务器上已经有nginx,需要停止已有的nginx)生成证书

certbot certonly --standalone -d example.com -d www.example.com

第二种:webroot模式,

certbot会生成随机文件到给定目录(nginx配置的网页目录)下的/.well-known/acme-challenge/目录里面,

并通过已经启动的nginx验证随机文件,生成证书

certbot certonly --webroot -w /usr/local/nginx/html -d logan.ren -d llcv.pw -w /var/www/thing -d thing.is -d m.thing.is

-w nginx.conf 里server配置的网页目录,既生成随机验证的文件的目录

-d nginx.conf 里的 server_name;

 

最后如果要续期

certbot renew --dry-run

 

====以上certbot完成,下面大概简述下nginx的安装====

 

安装 nginx 前先安装nginx所需要的组件

sudo apt-get install libpcre3 libpcre3-dev libpcrecpp0 libssl-dev zlib1g-dev

下载nginx

wget http://nginx.org/download/nginx-1.13.0.tar.gz

解压nginx

tar -zxvf nginx-1.13.0.tar.gz

编译nginx

./configure --with-http_ssl_module 

make && make install

或自定义配置

./configure \
--sbin-path=/opt/nginx/nginx \
--conf-path=/opt/nginx/nginx.conf \
--pid-path=/opt/nginx/nginx.pid \
--with-http_ssl_module \
--with-pcre=/usr/local/src/pcre \
--with-zlib=/usr/local/src/zlib \
--with-openssl=/usr/local/src/openssl

make && make install

 启动nginx

软链nginx
ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
启动
nginx

 

查看端口:

netstat -ano|grep 80

查看是否安装某个模块

dpkg -l | grep openss

 

nginx.conf 配置 

server {
        listen 80;
        server_name logan.ren llcv.pw www.llcv.pw;
        location ~ / {
            proxy_pass http://logan.ren:5050;
        }

        location ^~ /.well-known/acme-challenge/ {
            default_type "text/plain";
            root     /usr/local/nginx/html
        }
        location = /.well-known/acme-challenge/ {
            return 404;
        }
    }

    server {
        listen 443 ssl;
        server_name logan.ren, llcv.pw;
        ssl_certificate /etc/letsencrypt/live/logan.ren/fullchain.pem;
        ssl_certificate_key     /etc/letsencrypt/live/logan.ren/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/logan.ren/chain.pem;

        # ssl_dhparam     /etc/nginx/tls1.2/dhparam.pem;
        ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;
        # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

        location /www/ {
            root /opt/llc/www/llcv;
            index index.html;
        }

        location ~ / {
            proxy_pass http://logan.ren:5050;
        }

    }

 

评论(0
© 2014 mamicode.com 版权所有 京ICP备13008772号-2  联系我们:gaon5@hotmail.com
迷上了代码!