首页 / Linux服务器架设 / CentOS服务器架设 / 如何在Centos7 Nginx上部署 Let's Encrypt 证书

如何在Centos7 Nginx上部署 Let's Encrypt 证书

一、安装Git软件

yum install git

二、下载Let's Encrypt的客户端源码

git clone https://github.com/letsencrypt/letsencrypt

首先,要先关掉我们的Nginx。使用命令关闭Nginx,不同环境方法不同,请参考你自己的环境配置说明。

运行Standalone插件

./letsencrypt-auto certonly --standalone

注意:Let's Encrypt需要超级用户权限来运行。

在你运行插件后,Let's Encrypt会进入初始化阶段,这时,你要输入一些信息,用于生成证书。

首先输入邮箱,当证书还有30天过期的时候,会发送续期的邮件提醒。

接下来会让你阅读Let's Encrypt的TOS。无视,直接Agree。

接着让你输入自己的域名。例如:example.com和www.example.com 使用空格隔开

当你看到下面的提示,证明你的证书安装成功了。

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/example.com/fullchain.pem. Your
   cert will expire on 2016-03-19. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Let's
   Encrypt so making regular backups of this folder is ideal.
- If like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

三、配置nginx.conf

此时此刻,只需要为https配置一下一些信息即可完成全站https的配置。

server {
    listen 443 ssl;
    server_name example.com www.example.com; # 域名

    
    root /var/www; # 网站根目录
    index index.php index.html index.htm;#默认的index

    # 建议放内网
    # allow 192.168.0.0/24;
    # deny all;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    location / {
      
        if (!-e $request_filename) {
            rewrite  ^(.*)$  /index.php?s=/$1  last;
            break;
        }
    }

    location ~ \.php {
        try_files $uri = 404;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}

四:HTTP跳转到HTTPS

要想使HTTP网址跳转到HTTPS上,需要给80端口配置添加如下代码:

rewrite ^(.*)$  https://$host$1 permanent;

最后一步重启nginx,大功告成了。参考文章来源:http://bbs.qcloud.com/thread-12059-1-1.html

声明:转载请注明原文地址及作者姓名。 作者:Glary Joker 文章地址://glaryjoker.com/article/19.html

评论

登录后评论.