- 安装
可选配置:启动EPEL存储库 非必要项
yum install -y epel-release
yum clean all
yum makecache
#启用可选通道 可以不配置
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
必要配置参数:安装certbot
yum -y install certbot python2-certbot-nginx
- 配置nginx
upstream proxy {
server 127.0.0.1:9000;
}
server {
listen 443;
server_name test.test.com;
location ~ ^/(base|admin|web|assets|auth|user) {
proxy_redirect off;
proxy_set_header X-Proxy-Client-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://proxy;
}
location / {
root /data/camc/public/dist;# project path
try_files $uri /index.html;# if not match,go to the save page
index index.html index.htm;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
#http直接重定向到https
server {
listen 80;
server_name test.test.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
或是一个正常的侦听80端口的也可以,重点是下一步生成证书,
3. 生成证书
3.1自动配置nginx
运行如下命令会自动下载证书并配置nginx。
certbot --nginx
会列表nginx下的域名列表,从其中选择2中配置的域名,会自动生成ssl文件并配置好443端口
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: h**.app
2: a**.app
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
3.2 手动配置nginx
运行如下命令会自动下载证书但需要自己配置nginx。
certbot certonly --nginx
若nginx未安装在默认路径(/etc/nginx or /usr/local/etc/nginx)下需自己指定nginx路径,到conf目录文章来源:https://www.toymoban.com/news/detail-601649.html
certbot certonly --nginx --nginx-server-root=/root/nginx/conf
- 自动更新
sudo crontab -e
0 0 1 * * /usr/bin/certbot renew >> /var/log/le-renew.log
重启crontab,使配置生效
sudo /bin/systemctl restart crond.service文章来源地址https://www.toymoban.com/news/detail-601649.html
到了这里,关于Centos Certbot 使用的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!