nginx配置ssl证书
# 配置ssl证书
dns将域名解析到服务器的ip后,配置ssl证书 Using Free Let’s Encrypt SSL/TLS Certificates with NGINX (opens new window) 服务器配置ssl方式
cat >> /etc/nginx/conf.d/hincky.conf << EOF
server {
listen 80;
listen [::]:80;
root /var/www/html;
server_name hincky.com www.hincky.com;
}
EOF
nginx -t && nginx -s reload
certbot --nginx -d hincky.com -d www.hincky.com
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
跟着按步骤填就好
设置过期自动更新ssl证书 使用crontab设定定时更新查询任务 docker容器内安装crontab
apt-get -y install -qq --force-yes cron
# yum install -y -qq --force-yes cron
1
2
2
crontab使用概览
在nginx容器内执行
crontab -e
0 12 * * * /usr/bin/certbot renew --quiet
1
2
2
# 自动配置后的结果
dns添加progress-daily和www.progress-daily的解析 progress-daily.com
server {
root /var/www/html;
server_name progress-daily.com;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/progress-daily.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/progress-daily.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = progress-daily.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name progress-daily.com;
return 404; # managed by Certbot
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
progress-daily.com & www.progress-daily.com
server {
root /var/www/html;
server_name progress-daily.com www.progress-daily.com;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/progress-daily.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/progress-daily.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.progress-daily.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name progress-daily.com;
return 404; # managed by Certbot
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
编辑 (opens new window)