Nginx配置Let's Encrypt https证书

Posted i书生

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Nginx配置Let's Encrypt https证书相关的知识,希望对你有一定的参考价值。

下载源码

wget http://nginx.org/download/nginx-1.16.1.tar.gz

安装依赖

#PCREwget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz#OpenSSLwget https://www.openssl.org/source/openssl-1.0.2t.tar.gz#zlib wget http://www.zlib.net/zlib-1.2.11.tar.gz

编译安装

#解压之后nginx-1.16.1 pcre-8.43 openssl-1.0.2t zlib-1.2.11#预编译./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-zlib=../zlib-1.2.11 --with-pcre=../pcre-8.43 --with-openssl=../openssl-1.0.2t#编译make#安装make install

启动

/usr/local/nginx/sbin/nginx

利用acem.sh生成证书

按照acem.sh

curl https://get.acme.sh | sh

阿里DNS解析

export Ali_Key="asdasdsdasdasd"export Ali_Secret="asdasdsdasdasdasdasd"acme.sh --issue --dns dns_ali -d domian.com -d *.domian.com

cloudflare DNS 解析

export CF_Key="asdasdsdasdasdasdasd"export CF_Email="xxxxx@dd.com"acme.sh --issue --dns dns_cf -d domain.com -d *.domain.com

生成好之后,会有提示信息,并且有证书的保存位置

nginx https配置

 server { listen 443 ssl; server_name domain.com; ssl_certificate /root/.acme.sh/domain.com/fullchain.cer; ssl_certificate_key /root/.acme.sh/domain.com/domain.com.key;
ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on;
location / { proxy_pass http://127.0.0.1:9000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Cookie $http_cookie; client_max_body_size 1024M; proxy_connect_timeout 60; proxy_send_timeout 600; proxy_read_timeout 600; proxy_buffer_size 64k; proxy_buffers 16 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; }}# http 转httpsserver { listen 80; server_name demo.domain.com; rewrite ^(.*)$ https://$host$1 permanent;}

访问

https://domain.com

更新

"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
证书的有效期为3个月,到期之后执行上面脚本进行更新,也可以添加脚本到系统的定时任务里面,定时执行。


以上是关于Nginx配置Let's Encrypt https证书的主要内容,如果未能解决你的问题,请参考以下文章

centos 7 nginx 配置Let's Encrypt证书,并自动更新

centos+nginx申请Let's Encrypt 通配符HTTPS证书

let's encrypt生成免费https证书 ubuntu+tomcat+nginx+let's encrypt

nginx接入let's encrypt

Nginx 部署的虚拟主机如何使用 Let's Encrypt 来进行加密 https

Let's Encrypt证书安装