• Lets encrypt安装及配置


    letsencrypt recommend that most people with shell access use the Certbot ACME client.
    It can automate certificate issuance and installation with no downtime.
    It also has expert modes for people who don¡¯t want autoconfiguration.
    It¡¯s easy to use, works on many operating systems, and has great documentation.

    This is a simple example to use certbot + nginx, for more information -> https://letsencrypt.org/docs/

    1 install certbot
    wget https://dl.eff.org/certbot-auto
    chmod a+x certbot-auto

    2 install certificates
    (a) standalone
    ./certbot-auto certonly --standalone -d www.system-in-motion.com
    (b)webroot
    ./certbot-auto certonly --webroot -w /var/www/system-in-motion -d system-in-motion.com -d www.system-in-motion.com

    3 nginx conf
    (1)rewrite
    You can include multiple rewrite directives in both the server and location contexts.
    NGINX Plus executes the directives one-by-one in the order they occur.
    The rewrite directives in a server context are executed once when that context is selected.
    After NGINX processes a set of rewriting instructions, it selects a location context according to the new URI.
    If the selected location contains rewrite directives, they are executed in turn.
    If the URI matches any of those, a search for the new location starts after all defined rewrite directives are processed.
    (2)ssl_certificate
    https://www.nginx.com/blog/nginx-ssl/

    server {
    listen 80;

    server_name www.system-in-motion.com;
    root [location context];

    rewrite ^(.*)$ https://$server_name$1 permanent;
    access_log /var/log/nginx/host.http2https.access.log
    main;

    }

    }

    server {
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/www.system-in-motion.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.system-in-motion.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    server_name www.system-in-motion.com;
    root [location context];

    location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://127.0.0.1:8080/;
    }

    }

    4 automating renewal(use crontab)
    Certbot can be configured to renew your certificates automatically before they expire.
    Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature¡£

    crontab -e
    0 0 */28 * * ./certbot-auto renew --pre-hook "service nginx stop" --post-hook "service nginx start"

  • 相关阅读:
    SQL ——索引、视图和事务
    流控制语句
    SQL Server 高级编程之T-SQL 编程函数
    SQL高级编程之waitfor
    数据库主键、外键、唯一等约束
    打代码会遇到的单词
    前端词云图
    docker+mysql集群+读写分离+mycat管理+垂直分库+负载均衡
    lvs+keepalived实现Mycat的负载均衡--高可用
    mycat配置数据库集群
  • 原文地址:https://www.cnblogs.com/ly-radiata/p/7084075.html
Copyright © 2020-2023  润新知