Ubuntu 16.04——配置Nginx及Https服务

Posted 離人譖挽

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Ubuntu 16.04——配置Nginx及Https服务相关的知识,希望对你有一定的参考价值。

安装Cerbot

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

使用Cerbot中的Nginx插件(自动版,可能会不行)

sudo certbot --nginx

此命令将自动获取证书并且Certbot会编辑Nginx配置并完成所有工作,
只需在命令运行期间根据命令的提示输入你要配置SSL的域名即可。

 

如果想自定义Nginx配置,则使用certonly子命令即可。

sudo certbot --nginx certonly

修改Nginx的配置文件

. . .
server_name example.com www.example.com;
. . .

检测Nginx配置是否正确

sudo nginx -t

 

重启Nginx

sudo systemctl restart nginx

###获取SSL证书

sudo certbot --nginx -d 自己的域名

若成功则输出信息如下:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):

输入选择后输出信息如下:

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
expire on 2017-10-23. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again with the
“certonly” option. To non-interactively renew all of your
certificates, run “certbot renew”

Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.

If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

这样SSL证书就配置成功了,在浏览器以https开头试试能否成功访问即可。  

自动更新证书期限

Certbot提供的证书期限为90天,执行此命令可自动续订证书。

sudo certbot renew --dry-run

如果没有报错,Certbot就会自动帮你更新证书并重载Nginx;如果更新失败,Let‘s Encrypt网站会发送一封邮件到你填入的邮箱告知详细情况。

另外再推荐一个很好的有各种服务器相关配置教程的网站:
DigitalOcean
其中也有详细的为Ubuntu 16.04下Nginx配置SSL证书的英文教程:
How To Secure Nginx with Let’s Encrypt on Ubuntu 16.04

 


原文链接:https://blog.csdn.net/m0_38025747/article/details/80602651

  

以上是关于Ubuntu 16.04——配置Nginx及Https服务的主要内容,如果未能解决你的问题,请参考以下文章

Ubuntu16.04安装及配置nginx

在Ubuntu 16.04安装 Let’s Encrypt并配置ssl

Ubuntu 16.04下配置nginx与nodejs以及服务的部署

ubuntu16.04源码方式安装配置nginx

Ubuntu 16.04 + tesorflow环境配置

Ubuntu16.04 下安装配置 nginx+php