markdown certbot独立多个域#https #tls
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了markdown certbot独立多个域#https #tls相关的知识,希望对你有一定的参考价值。
```
certbot certonly --standalone -d dns.de.blahdns.com -d svr5.ookangzheng.com -d doh.de.blahdns.com
```
nginx.conf
```
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 443 ssl;
listen [::]:443 ssl;
#rewrite ^(.*) https://$server_name$1 permanent;
server_name doh.de.blahdns.com dns.de.blahdns.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/dns.de.blahdns.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dns.de.blahdns.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_tickets on;
ssl_session_timeout 4h;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:20m;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
return 444;
}
location /dns-query {
proxy_pass http://localhost:8053;
#proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto https;
include /etc/nginx/proxy_params;
}
}
# server {
# listen 81 ;
# listen [::]:81 ;
# server_name svr5.ookangzheng.com;
# return 301 https://$host$request_uri;
# }
server {
listen 81 ssl;
listen [::]:81 ssl;
server_name svr5.ookangzheng.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/dns.de.blahdns.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dns.de.blahdns.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_tickets on;
ssl_session_timeout 4h;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:20m;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
return 444;
}
location /admin {
proxy_pass http://127.0.0.1:82/admin;
#proxy_redirect off;
include /etc/nginx/proxy_params;
}
}
}
```
以上是关于markdown certbot独立多个域#https #tls的主要内容,如果未能解决你的问题,请参考以下文章
markdown Certbot与DNS挑战
markdown Certbot
markdown Certbot在网站上启用https
markdown 让我们在Amazon Linux上使用Certbot进行加密
markdown 添加ppa dan install certbot di ubuntu linux
Nginx/Certbot - 来自域/.well-known 的无效响应