云服环境搭建-免费的https

前置工具

yum install gcc-c++ # y yum install -y pcre pcre-devel yum install -y zlib zlib-devel yum install -y openssl openssl-devel yum install wget

使用wget命令下载

wget -c https://nginx.org/download/nginx-1.12.0.tar.gz

解压

tar -zxvf nginx-1.12.0.tar.gz cd nginx-1.12.0

配置 如果后续需要 https 该步骤替换为

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

./configure

编译安装

make make install

查找安装路径

whereis nginx # nginx: /usr/local/nginx

启动、停止nginx

cd /usr/local/nginx/sbin/ ./nginx ./nginx -s stop ./nginx -s quit ./nginx -s reload 6. https acme.sh申请通配符证书 https://developer.aliyun.com/article/541843?accounttraceid=6a2c1f6b3c8844a3b62a6ffff75af78bpuib https://www.cnblogs.com/lpfuture/p/9524881.html https://www.cnblogs.com/ghjbk/p/6744131.html

6.1. 环境准备 yum update && yum install curl -y && yum install cron -y && yum install socat -y 6.2. 下载ACME.SH并且执行 这个脚本就是用来申请免费证书的脚本

curl https://get.acme.sh | sh 6.3. 导入阿里云的Access Key ID和Access Key Secret到环境变量中 阿里云的Access Key ID和Access Key Secret可以在下面这个页面中登录获取 https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fak-console.aliyun.com%2F%3Fspm%3D5176.2020520001.0.0.0EJtVx#/accesskey

注意:此处不要创建了子用户!将导致后续步骤失败!

设置为环境变量:

export Ali_Key="xxx" export Ali_Secret="xxx" 6.4. 申请证书 接下来就是申请证书了,大家把下面的bboysoul.cn换成自己的域名就好

~/.acme.sh/acme.sh --issue --dns dns_ali -d bboysoul.cn -d *.bboysoul.cn 出现下面这几行表示成功

[Thu Mar 15 11:09:05 CST 2018] Your cert is in /root/.acme.sh/bboysoul.cn/bboysoul.cn.cer [Thu Mar 15 11:09:05 CST 2018] Your cert key is in /root/.acme.sh/bboysoul.cn/bboysoul.cn.key [Thu Mar 15 11:09:05 CST 2018] The intermediate CA cert is in /root/.acme.sh/bboysoul.cn/ca.cer [Thu Mar 15 11:09:05 CST 2018] And the full chain certs is there: /root/.acme.sh/bboysoul.cn/fullchain.cer 之后把这些证书下载下来就好了,所有文件在.acme.sh/你的域名 目录下面

注意:若在第3步中使用子用户,会导致自动添加解析失败,如下图:

6.5. 安装到 nginx 所有文件在 .acme.sh/你的域名 目录下面,将证书 cp 到 nginx/conf/ssl 下。

6.6. nginx 配置 server { listen 443 ssl; server_name abc.domain.com;

ssl on;

ssl_certificate      ssl/abc.domain.com.cer;
ssl_certificate_key  ssl/abc.domain.com.key;

location / {
    proxy_pass   http://127.0.0.1:8001;
}

}

80端口直接转到443

server { listen 80; server_name abc.domain.com; return 301 https://mathrequest_uri; } Nginx如果未开启SSL模块,配置Https时提示错误:

nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:118

切换到源码包

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module make make install # 覆盖安装 6.7. 自动续期 acme.sh --renew -d example.com --force 定时任务将新生成的证书 cp 到 nginx/conf/ssl 下。

aliyun
26 views
Comments
登录后评论
Sign In