Lets encrypt安装及配置
letsencrypt recommend that most people with shell access use the Certbot ACME client.
It can automate certificate issuance and installation with no downtime.
It also has expert modes for people who don¡¯t want autoconfiguration.
It¡¯s easy to use, works on many operating systems, and has great documentation.
This is a simple example to use certbot + nginx, for more information -> https://letsencrypt.org/docs/
1 install certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
2 install certificates
(a) standalone
./certbot-auto certonly --standalone -d www.system-in-motion.com
(b)webroot
./certbot-auto certonly --webroot -w /var/www/system-in-motion -d system-in-motion.com -d www.system-in-motion.com
3 nginx conf
(1)rewrite
You can include multiple rewrite directives in both the server and location contexts.
NGINX Plus executes the directives one-by-one in the order they occur.
The rewrite directives in a server context are executed once when that context is selected.
After NGINX processes a set of rewriting instructions, it selects a location context according to the new URI.
If the selected location contains rewrite directives, they are executed in turn.
If the URI matches any of those, a search for the new location starts after all defined rewrite directives are processed.
(2)ssl_certificate
https://www.nginx.com/blog/nginx-ssl/
server {
listen 80;
server_name www.system-in-motion.com;
root [location context];
rewrite ^(.*)$ https://$server_name$1 permanent;
access_log /var/log/nginx/host.http2https.access.log
main;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.system-in-motion.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.system-in-motion.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server_name www.system-in-motion.com;
root [location context];
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}
}
4 automating renewal(use crontab)
Certbot can be configured to renew your certificates automatically before they expire.
Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature¡£
crontab -e
0 0 */28 * * ./certbot-auto renew --pre-hook "service nginx stop" --post-hook "service nginx start"
Lets encrypt安装及配置的更多相关文章
- nginx安装Lets Encrypt SSL免费HTTPS加密证书
Linux Nginx网站:Certbot安装配置Lets Encrypt SSL免费HTTPS加密证书 原文地址:https://renwole.com/archives/157 实验环境:Cent ...
- Let's Encrypt 安装配置教程,免费的 SSL 证书
官网:https://letsencrypt.org/ 安装Let's Encrypt 安装非常简单直接克隆就可以了 git clone https://github.com/letsencrypt/ ...
- Nginx + Lets'encrypt 实现HTTPS访问七牛空间资源
上一篇文章 为七牛云存储空间绑定自定义域名,并使用七牛云提供的免费SSL证书,将自定义加名升级为HTTPS 我们提到利用七牛的免费SSL证书,将自定义加名升级为HTTPS的方法. 不知道有没有小伙伴会 ...
- CentOS 6.3下Samba服务器的安装与配置方法(图文详解)
这篇文章主要介绍了CentOS 6.3下Samba服务器的安装与配置方法(图文详解),需要的朋友可以参考下 一.简介 Samba是一个能让Linux系统应用Microsoft网络通讯协议的软件, ...
- Chapter 2. OpenSSL的安装和配置学习笔记
Chapter 2. OpenSSL的安装和配置学习笔记 2.1 在linux上面安装OpenSSL我还是做点No paper事情比较在行,正好和老师的课程接轨一下.以前尝试过在Windows上面安装 ...
- CentOS 6.3下Samba服务器的安装与配置(转)
CentOS 6.3下Samba服务器的安装与配置 一.简介 Samba是一个能让Linux系统应用Microsoft网络通讯协议的软件,而SMB是Server Message Block的缩写, ...
- CentOS下Samba文件服务器的安装与配置
CentOS下Samba文件服务器的安装与配置 http://blog.csdn.net/limingzhong198/article/details/22064801 一.安装配置 1. 安装sam ...
- CentOS 7下Samba服务器的安装与配置
文基于<CentOS 6.3下Samba服务器的安装与配置>,参照原博文,自己在CentOS7环境上实现,并按照自己的环境修改博文内容 一.简介 Samba是一个能让Linux系统应用Mi ...
- MySQL8.0.12 安装及配置、读写分离,主从复制
一.安装 1.从网上下载MySQL8.0.12版本,下载地址:https://dev.mysql.com/downloads/mysql/ 2. 下载完成后解压 我解压的路径是:D:\Java\mys ...
随机推荐
- 自己动手实现java数据结构(一) 向量
1.向量介绍 计算机程序主要运行在内存中,而内存在逻辑上可以被看做是连续的地址.为了充分利用这一特性,在主流的编程语言中都存在一种底层的被称为数组(Array)的数据结构与之对应.在使用数组时需要事先 ...
- SpringBoot 三种方式配置 Druid(包括纯配置文件配置)
记录一下在项目中用纯 YML(application.yml 或者 application.properties)文件.Java 代码配置 Bean 和注解三种方式配置 Alibaba Druid 用 ...
- Ajax之跨域请求
一.引子 我现在开启了两个django项目,分别叫Demo1和Demo2,Demo1中有一个路径‘http://127.0.0.1:8000/index/’,对应的视图是index视图返回一个inde ...
- WebService学习概念总结
概念总结:WebSerevice是一种跨编程语言和跨操作系统平台的远程调用技术传输协议:HTTP技术构成:XML+XSD,SOAP,WSDL XML封装数据格式,解决数据表示问题 XSD定 ...
- 【Spring】15、spring mvc路径匹配原则
Ant path 匹配原则 在Spring MVC中经常要用到拦截器,在配置需要要拦截的路径时经常用到<mvc:mapping/>子标签,其有一个path属性,它就是用来指定需要拦截的路径 ...
- Python全栈学习_day005作业
,有如下变量(tu是个元祖),请实现要求的功能 tu = (, , {,,)}, ]) a. 讲述元祖的特性 b. 请问tu变量中的第一个元素 "alex" 是否可被修改? c. ...
- HTML-CSS写抽屉网的置顶区域
1.在pycharm的已有工程中新建一个html文件. 2.在<body></body>标签内部写入要内容: <div class='head-box' > < ...
- Ansible--inventory
简介 Inventory 是 Ansible 管理主机信息的配置文件,相当于系统 HOSTS 文件的功能,默认存放在 /etc/ansible/hosts.为方便批量管理主机,便捷使用其中的主机分组, ...
- iOS动画-从UIView到Core Animation
首先,介绍一下UIView相关的动画. UIView普通动画: [UIView beginAnimations: context:]; [UIView commitAnimations]; 动画属性设 ...
- Spring 事件
JDK事件 java通过java.util.EventObject类和java.util.EventListener接口描述事件和监听器 事件源,事件的产生者,任何一个EventObject都必须拥有 ...