如何把服务器上的http转成https


如何把服务器上的http转成https

先介绍比较low一点,不支持wildcard,后面有更方便快捷的

注:本文只适合nginx代理的方式,更多细节访问cerbot

1. ssh 登陆站点

2. Enable EPEL repo

可以访问这个网站查看 centos

3. Enable the optional channel

yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

4. Install Certbot

sudo yum install certbot python2-certbot-nginx

5. Choose how you'd like to run Certbot

sudo certbot --nginx
or
sudo certbot certonly --nginx

6. Set up automatic renewal

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

7. Confirm that Certbot worked

https://yourwebsite 在你的浏览器

支持wildcart的方式

注 本文参考之 申请Let's Encrypt通配符HTTPS证书

1. 获取acme.sh

curl https://get.acme.sh | sh
source ~/.bashrc

2. 开始获取证书

[阿里云密钥](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert "阿里云密钥")
# 替换成从阿里云后台获取的密钥
export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
# 换成自己的域名
acme.sh --issue --dns dns_ali -d your.domain -d *.your.domain

3. 修改nginx

# domain自行替换成自己的域名
server {
    server_name your.domain.com;
    listen 443 http2 ssl;
    ssl_certificate /path/.acme.sh/domain/fullchain.cer;
    ssl_certificate_key /path/.acme.sh/domain/domain.key;
    ssl_trusted_certificate  /path/.acme.sh/domain/ca.cer;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:10086;
    }
}

4. 重启nginx即可