ubuntu18.04 用 cerbot 生成 Https 证书 ,配置 nginx by sherryzhou

View this thread on steempeak.com
· @sherryzhou ·
$2.39
ubuntu18.04 用 cerbot 生成 Https 证书 ,配置 nginx
ubuntu18.04 用 cerbot 生成 Https 证书 ,配置 nginx

最近需要部署web服务,基于安全考虑,当然要支持流行的https。

https需要SSL证书, cerbot 免费的SSL证书是首选,虽然有90天期限限制,到期后需要续约。

这里用cerbot生成ssl证书,用nginx部署。

cerot的官网: https://certbot.eff.org/

# 安装cerot
1) 下载Certbot客户端:`wget https://dl.eff.org/certbot-auto`  
2)下载后,进入下载的目录,添加执行权限:`chmod   a+x   ./certbot-auto`  

# 安装部署 nginx
此处省略,网上教程很多。

# 使用certbot-auto命令,生成证书
查看帮助:`./certbot-auto --help all `
根据提示填写相应的信息。

执行完后,会在/etc/letsencrypt/live下 生成域名的文件夹,并且目录下会有pem文件。

nginx的https 访问,需要用到 pem 的证书文件:

# 配置nginx支持https访问,测试 https的证书是否可用
设置Nginx配置文件,实现http和https同时访问
```
server {
listen 80;(监听80端口)
listen 443 ssl;(监听443端口)

server_name:(域名)
#端口转发配置
location / {
    proxy_pass http://127.0.0.1:8090;
    proxy_set_header Host $host:80;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
    ssl_certificate **/**/**chain.pem;(pem文件路径)
    ssl_certificate_key **/**/**key.pem;(pem文件路径)
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
    ssl_prefer_server_ciphers on;
}
```
###

# 重载nginx服务;
`sudo   nginx  -s  reload`

# 然后用https访问自己的域名,检验是否成功
1,检查443端口,包括服务器上的防火墙是否开启443端口,服务器开启443命令如下:
开启443端口:`firewall-cmd --permanent --add-port=443/tcp`
查看是否成功:`firewall-cmd --permanent --query-port=443/tcp`
端口添加成功后,需要reload重新载入:`firewall-cmd --reload`

也可直接用 cerbot 的nginx 插件完成相关工作,可参见前文:
steem.buzz [ ubuntu18.04 用 cerbot 自动生成 Https 证书 ](https://steem.buzz/hive-132971/@sherryzhou/ubuntu18-cerbot-https-20200323)
hive.blog:[ ubuntu18.04 用 cerbot 自动生成 Https 证书 ](https://hive.blog/hive-132971/@sherryzhou/ubuntu18-cerbot-https-20200323)

本帖同步首发: 
steem.buzz [ ubuntu18.04 用 cerbot 生成 Https 证书 ,配置 nginx ](https://steem.buzz/hive-132971/@sherryzhou/ubuntu18-cerbot-https-20200326)
hive.blog:[ ubuntu18.04 用 cerbot 生成 Https 证书 ,配置 nginx ](https://hive.blog/hive-132971/@sherryzhou/ubuntu18-cerbot-https-20200326)

👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 93 others
properties (23)
post_id85,414,958
authorsherryzhou
permlinkubuntu18-cerbot-https-20200326
categoryhive-101145
json_metadata{"app":"beem\/0.22.3","links":["https:\/\/steem.buzz\/hive-132971\/@sherryzhou\/ubuntu18-cerbot-https-20200323","https:\/\/steem.buzz\/hive-132971\/@sherryzhou\/ubuntu18-cerbot-https-20200326","https:\/\/hive.blog\/hive-132971\/@sherryzhou\/ubuntu18-cerbot-https-20200326","http:\/\/127.0.0.1:8090;","https:\/\/hive.blog\/hive-132971\/@sherryzhou\/ubuntu18-cerbot-https-20200323","https:\/\/dl.eff.org\/certbot-auto`","https:\/\/certbot.eff.org\/"],"tags":["hive-101145","hive-132971","cn","mini","jjm","cn-reader","esteem","steemleo","zzan","hive-143316","cn-curation","sct","sct-cn","sct-freeboard","dblog","whalepower","actnearn","neoxian","palnet","upfundme","lassecash","lifestyle","mediaofficials","busy","wherein","steempreak","cn-marlians","steem","hive","steem2hive"]}
created2020-03-26 15:04:51
last_update2020-03-26 15:04:51
depth0
children0
net_rshares9,518,073,402,050
last_payout2020-04-02 15:04:51
cashout_time1969-12-31 23:59:59
total_payout_value1.228 SBD
curator_payout_value1.164 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length1,964
author_reputation265,053,371,790,108
root_title"ubuntu18.04 用 cerbot 生成 Https 证书 ,配置 nginx"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (157)