摘要:意思是求給配置一條記錄��,在沒(méi)有確認(rèn)記錄生效之前不要回車執(zhí)行��。
# 我的個(gè)人博客��,希望大家?guī)兔Σ纫幌?/p>
Nginx 證書(shū)配置 強(qiáng)制使用https
先獲取證書(shū)�����,證書(shū)可以有很多種�����, Let"s Encrypt 或者阿里云都可以
這里我用Let"s Encrypt 通配符證書(shū) 以centos 7為例
獲取證書(shū)
#獲取證書(shū)生成工具
wget https://dl.eff.org/certbot-auto
#安裝軟件
chmod a+x certbot-auto
#獲取證書(shū) -d 可以有多個(gè) *.test.com 只能匹配 子域名和www開(kāi)頭�,所以在加一個(gè)主域名不帶www的 如(test.com)
./certbot-auto certonly -d *.test.com -d test.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
**上面的命令會(huì)給出三個(gè)的提示仔細(xì)看:
是否同意 Let"s Encrypt 協(xié)議要求
詢問(wèn)是否對(duì)域名和機(jī)器(IP)進(jìn)行綁定
輸入郵箱��,給你發(fā)送一封驗(yàn)證郵件
確認(rèn)同意才能繼續(xù)����。**
Please deploy a DNS TXT record under the name
_acme-challenge.test.com with the following value:
2_8KBE_jXH8nYZ2unEViIbW52LhIqxkg6i9mcwsRvhQ
Before continuing, verify the record is deployed.
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
意思是:求給 _acme-challenge.test.com 配置一條 TXT 記錄�����,在沒(méi)有確認(rèn) TXT 記錄生效之前不要回車執(zhí)行�。
這個(gè)需要自己配置
配置成功了以后��,等30秒在按回車�����,(保證解析的正確)
確認(rèn)生效后����,回車執(zhí)行
恭喜您,證書(shū)申請(qǐng)成功�����,證書(shū)和密鑰保存在下列目錄:
/etc/letsencrypt/archive/test.com
下面配置Nginx Nginx 安裝我就不教了
打開(kāi)nginx.conf文件
# spring boot 項(xiàng)目的 https的配置
server {
listen 443 ssl; # 監(jiān)聽(tīng)端口
server_name ifsaid.com www.ifsaid.com; # 域名配置�,可以多個(gè)
ssl_certificate /etc/letsencrypt/live/ifsaid.com/fullchain.pem; # 證書(shū)地址
ssl_certificate_key /etc/letsencrypt/live/ifsaid.com/privkey.pem; # 證書(shū)地址
# 固定寫(xiě)法-------------
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
# 這里配置反向代理的項(xiàng)目
location / {
proxy_pass http://127.0.0.1:8090; # spring boot 項(xiàng)目的端口號(hào)
# 固定寫(xiě)法-------------
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
}
# spring boot 項(xiàng)目的 http的配置 強(qiáng)制轉(zhuǎn)發(fā)到https端口
server {
listen 80;
server_name ifsaid.com www.ifsaid.com;
#這是老版本的Nginx轉(zhuǎn)發(fā)
#rewrite ^(.*) https://$server_name$1 permanent;
#這是新版本的Nginx轉(zhuǎn)發(fā)
return 301 https://$server_name$request_uri;
# 固定寫(xiě)法-------------
tcp_nodelay on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# vue 項(xiàng)目的 https的配置
server {
listen 443 ssl;
server_name admin.ifsaid.com;
ssl_certificate /etc/letsencrypt/live/ifsaid.com/fullchain.pem; #同上 當(dāng)然也可以知道另一個(gè)證書(shū)
ssl_certificate_key /etc/letsencrypt/live/ifsaid.com/privkey.pem; #同上
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /home/nginx/admin; # vue.js 打包目錄
#固定寫(xiě)法就可以了
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
# vue 項(xiàng)目的 http的配置 強(qiáng)制轉(zhuǎn)發(fā)到https端口
server {
listen 80;
server_name admin.ifsaid.com; #除了二級(jí)域名可以改變,其他都可以不變
#rewrite ^(.*) https://$server_name$1 permanent;
return 301 https://$server_name$request_uri;
tcp_nodelay on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 然后
Nginx 停止:
/usr/local/nginx/sbin/nginx -s quit
啟動(dòng)
/usr/local/nginx/sbin/nginx
啟動(dòng)在 docker中啟動(dòng) spring boot
命令
docker run -p 8090:8090 -t springboot/spring-boot-docker
可以看到證書(shū)已經(jīng)生效了
在看子域名的 admin.ifsaid.com
至此 Nginx 域名和二級(jí)域名都是https 了 spring boot 和 vue.js 都實(shí)現(xiàn)了
文章版權(quán)歸作者所有�,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除�����。
轉(zhuǎn)載請(qǐng)注明本文地址:http://systransis.cn/yun/40162.html
