资讯专栏INFORMATION COLUMN

Centos下免费开启https服务 - Nginx

neu / 1802人阅读

摘要:超文本传输安全协议英语,缩写,常称为,或是一种透过计算器网上进行安全通信的传输协议。超文本传输安全协议为什么要开启安全性开启免费服务我们今天介绍的免费签名平台是,安装过程以为例,如果你使用了其他系统或其他服务类型可前往查看相应部署方法。

HTTPS
超文本传输安全协议(英语:Hypertext Transfer Protocol Secure,缩写:HTTPS,常称为HTTP over TLS,HTTP over SSL或HTTP Secure)是一种透过计算器网上进行安全通信的传输协议。HTTPS经由HTTP进行通信,但利用SSL/TLS来加密数据包。HTTPS开发的主要目的,是提供对网站服务器的身份认证,保护交换数据的隐私与完整性。这个协议由网景公司(Netscape)在1994年首次提出,随后扩展到互联网上。—— 超文本传输安全协议 from WIKI

为什么要开启HTTPS? 1、SEO 2、安全性 开启免费HTTPS服务

我们今天介绍的免费签名平台是Let"s Encrypt,安装过程以CentOS 7 + Nginx为例,如果你使用了其他系统或其他服务类型可前往Certbot查看相应部署方法。

安装

提示:如果你在使用RHEL on EC2,你可以运行以下代码来开启选项通道(optional channel):

$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-> server-optional

开启选项通道后运行下面代码安装Certbot:

$ sudo yum install python2-certbot-nginx

开始使用

给Certbot安装Nginx插件:

$ sudo certbot --nginx

运行这个命令会自动为你获取证书,并且Certbot会自动配置你的Nginx以提供服务。如果你想要手动修改Nginx配置可以使用certonly子命令:

$ sudo certbot --nginx certonly
自动配置说明

执行自动配置命令后命令行输出下文:

# sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter "c" to
cancel): [ email@example.com ]

提示你输入接收紧急更新和安全提示的邮箱,

输入邮箱键入回车进入下一步(输入"c"并回车放弃设置该邮箱)。

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: 

要求阅读协议,输入A同意该协议并继续。

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let"s Encrypt project and the non-profit
organization that develops Certbot? We"d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: 

询问邮箱是否接受广告,输入N拒绝并继续。

No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter "c" to cancel): 

输入你的域名(例如:example.me)并继续。

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.me
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/nginx.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you"re confident your site works on HTTPS. You can undo this
change by editing your web server"s configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press "c" to cancel): 

选择是否将http请求重定向至https,输入1不改变当前服务器配置(不重定向),输入2将自动配置所有http请求的重定向。

既然我们要开启https服务就输入2并继续。

Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://example.me

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.me
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.me/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.me/privkey.pem
   Your cert will expire on 2019-02-12. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let"s Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

出现以上提示就说明配置成功啦,赶快去访问一下试试吧。

文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。

转载请注明本文地址:https://www.ucloud.cn/yun/40182.html

相关文章

  • 2019 年如何在 CentOS 7 上安装最新版 Nginx

    摘要:本文首发开发指南如何在上安装读作,是一个免费的开源的高性能的和反向代理服务,主要负责负载一些访问量比较大的站点。本教程将会教您如何在的服务器上安装和管理。仓库中有的安装包。期待下次与你相见本文首发开发指南如何在上安装 showImg(https://segmentfault.com/img/bVbozn1?w=1000&h=530); 本文首发:开发指南:如何在 CentOS 7 上安...

    jk_v1 评论0 收藏0
  • OpenLiteSpeed安装与使用-开源轻量高性能的建站面板-免费SSL,多PHP,LSCache

    LiteSpeed是一款可以替换Apache的企业级Web服务器,具有高性能,低资源占用,安全,易用的特点。它支持直接使用Apache的配置文件,可直接使用.htacess,无需额外配置,兼容Mod_Security。因此避免像Nginx那样需要自己写重写规则的麻烦。而OpenLiteSpeed是LiteSpeed的开源免费版本,除了保留了LiteSpeed轻量、高性能的特性外,它还加入了非常多的...

    番茄西红柿 评论0 收藏2637
  • Swoft| Swoft官网全站 HTTP2 实践

    摘要:官网全站实践正式来袭也迎来自己的一个里程碑数正式突破官网作为项目组服务开发者们的重要渠道也迎来了自己的一次重大更新重构升级到全站实现本篇先介绍官网全站实践先来一张官网效果图镇楼静态资源由托管开启业务代码交由执行设置使用协议要实现非常简单 date: 2018-3-8 13:50:03title: Swoft| Swoft官网全站 HTTP2 实践 Swoft1.0正式来袭, Swoft...

    stdying 评论0 收藏0

发表评论

0条评论

neu

|高级讲师

TA的文章

阅读更多
最新活动
阅读需要支付1元查看
<