如何把服务器上的http转成https
先介绍比较low一点,不支持wildcard,后面有更方便快捷的
注:本文只适合nginx代理的方式,更多细节访问cerbot
1. ssh 登陆站点
2. Enable EPEL repo
可以访问这个网站查看 centos
3. Enable the optional channel
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional4. Install Certbot
sudo yum install certbot python2-certbot-nginx5. Choose how you'd like to run Certbot
sudo certbot --nginx
or
sudo certbot certonly --nginx6. Set up automatic renewal
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null7. Confirm that Certbot worked
https://yourwebsite 在你的浏览器支持wildcart的方式
注 本文参考之 申请Let's Encrypt通配符HTTPS证书
1. 获取acme.sh
curl https://get.acme.sh | sh
source ~/.bashrc2. 开始获取证书
[阿里云密钥](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert "阿里云密钥")
# 替换成从阿里云后台获取的密钥
export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
# 换成自己的域名
acme.sh --issue --dns dns_ali -d your.domain -d *.your.domain3. 修改nginx
# domain自行替换成自己的域名
server {
server_name your.domain.com;
listen 443 http2 ssl;
ssl_certificate /path/.acme.sh/domain/fullchain.cer;
ssl_certificate_key /path/.acme.sh/domain/domain.key;
ssl_trusted_certificate /path/.acme.sh/domain/ca.cer;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:10086;
}
}