日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 运维知识 > Ubuntu >内容正文

Ubuntu

阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问

發布時間:2025/7/14 Ubuntu 44 豆豆
生活随笔 收集整理的這篇文章主要介紹了 阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

用云旺的做IM,ios端圖片地址只能是https的才能顯示,所以為服務器增加證書

Let’s Encrypt是一個免費并且開源的CA,且已經獲得Mozilla、微軟等主要瀏覽器廠商的根授信

1. 下載let's encrypt

apt-get install python-software-properties apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot

2.生成密鑰

certbot certonly --standalone -d XXX.com

出現下面代表成功

root@iZ2zedq9lexkebewgjhhwzZ:/etc/letsencrypt# certbot certonly --standalone -d 51best.site Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for XXX.com Waiting for verification... Cleaning up challengesIMPORTANT NOTES:- Congratulations! Your certificate and chain have been saved at:/etc/letsencrypt/live/XXX.com/fullchain.pemYour key file has been saved at:/etc/letsencrypt/live/XXX.com/privkey.pemYour cert will expire on 2017-12-27. To obtain a new or tweakedversion of this certificate in the future, simply run certbotagain. To non-interactively renew *all* of your certificates, run"certbot renew"- If you like Certbot, please consider supporting our work by:Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donateDonating to EFF: https://eff.org/donate-le

默認是在 /etc/letsencrypt/live 路徑下

3. 配置nginx

(1)方式一

listen 80 ;
listen 443 ssl; ssl_certificate /etc/letsencrypt/live/XXX.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/XXX.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; listen [::]:443 ssl ipv6only=on;

(2)方式二

listen 443 ssl; ssl_certificate /etc/letsencrypt/live/XXX.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/XXX.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; listen [::]:443 ssl ipv6only=on;

通過https訪問,成功。

通過http訪問,失敗。錯誤:ERR_CONNECTION_REFUSED

重定向http訪問到https

server {listen 80;server_name XXX.com;rewrite ^(.*) https://$server_name$1 permanent; }

訪問http,成功

4. 重啟nginx

/etc/init.d/nginx restart

http://XXX.com和https://XXX.com都可以訪問

5.續期

  Let’s Encrypt 生成的免費證書為3個月時間,使用 certbot renew 可以無限免費續簽 Https 證書

先關閉nginx

/etc/init.d/nginx stop certbot renew --dry-run
certbot renew

重啟nginx

/etc/init.d/nginx restart

?注:

  如果遇到?[error] open() "/run/nginx.pid" failed (2: No such file or directory)

nginx -c /etc/nginx/nginx.conf

?

總結

以上是生活随笔為你收集整理的阿里云Ubuntu 14.04 + Nginx + let's encrypt 搭建https访问的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。