我是靠谱客的博主 酷酷哈密瓜,最近开发中收集的这篇文章主要介绍阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问,觉得挺不错的,现在分享给大家,希望可以做个参考。
概述
用云旺的做IM,ios端图片地址只能是https的才能显示,所以为服务器增加证书
Let’s Encrypt是一个免费并且开源的CA,且已经获得Mozilla、微软等主要浏览器厂商的根授信
1. 下载let's encrypt
apt-get install python-software-properties apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot
2.生成密钥
certbot certonly --standalone -d XXX.com
出现下面代表成功
root@iZ2zedq9lexkebewgjhhwzZ:/etc/letsencrypt# certbot certonly --standalone -d 51best.site Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for XXX.com Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/XXX.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/XXX.com/privkey.pem Your cert will expire on 2017-12-27. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
默认是在 /etc/letsencrypt/live 路径下
3. 配置nginx
(1)方式一
listen 80 ;
listen 443 ssl; ssl_certificate /etc/letsencrypt/live/XXX.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/XXX.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; listen [::]:443 ssl ipv6only=on;
(2)方式二
listen 443 ssl; ssl_certificate /etc/letsencrypt/live/XXX.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/XXX.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; listen [::]:443 ssl ipv6only=on;
通过https访问,成功。
通过http访问,失败。错误:ERR_CONNECTION_REFUSED
重定向http访问到https
server { listen 80; server_name XXX.com; rewrite ^(.*) https://$server_name$1 permanent; }
访问http,成功
4. 重启nginx
/etc/init.d/nginx restart
http://XXX.com和https://XXX.com都可以访问
5.续期
Let’s Encrypt 生成的免费证书为3个月时间,使用 certbot renew 可以无限免费续签 Https 证书
先关闭nginx
/etc/init.d/nginx stop
certbot renew --dry-run
certbot renew
重启nginx
/etc/init.d/nginx restart
注:
如果遇到 [error] open() "/run/nginx.pid" failed (2: No such file or directory)
nginx -c /etc/nginx/nginx.conf
转载于:https://www.cnblogs.com/baby123/p/7607845.html
最后
以上就是酷酷哈密瓜为你收集整理的阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问的全部内容,希望文章能够帮你解决阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复