#certboot证书安装步骤:
安装准备:
1、安装nginx服务
scp -r [email protected]:/download/nginx.tar.gz /usr/local/
解压至当前文件夹:tar -zxvf nginx.tar.gz
修改nginx.conf文件:vim /usr/local/nginx/nginx.conf
修改nginx服务的文件夹名称:mv nginx nginx-service
2、添加nginx服务到系统中
scp -r [email protected]:/download/nginx /etc/init.d/
给该服务文件属于权限:chmod 755 /etc/init.d/nginx
把该服务器加载到系统中:chkconfig --add nginx
3、修改nginx.conf文件信息
4、创建nginx启动错误日志文件和临时文件夹
[root@ip-172-31-14-227 conf]# mkdir /WORK
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx/nginx
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx/nginx/logs
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx/nginx/client_body_temp
[root@ip-172-31-14-227 conf]# vim /WORK/nginx/nginx/logs/error.log
5、安装tomcat服务
拷贝安装包:scp -r [email protected]:/download/apache-tomcat-7.0.72.tar.gz /usr/local/
解压安装包:tar -zxvf apache-tomcat-7.0.72.tar.gz
修改service.xml文件: 8080端口修改为90端口
修改tomcat-user.xml文件,添加管理员用户名和密码:
<role rolename="manager"/>
<role rolename="manager-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="admin" password="##############" roles="manager,manager-gui,manager-script,manager-jmx,manager-status"/>
6、添加驱动jar包到tomcat目录下的bin目录下:
scp -r [email protected]:/download/mysql-connector-java-5.1.40-bin.jar /usr/local/tomcat-7.0.72/lib
7、添加浏览器左上角图标到tomcat目录下:
scp -r [email protected]:/download/favicon.ico /usr/local/tomcat-7.0.72/webapps/ROOT/
8、启动nginx服务
[root@ip-172-31-14-122 conf]# service nginx start
Starting nginx: [ OK ]
9、获取证书安装文件
wget https://dl.eff.org/certbot-auto
10、给该文件进行授权
chmod a+x certbot-auto
11、执行证书安装命令
./certbot-auto certonly --webroot -w /usr/local/static/ -d ***.com --debug
12、输入邮箱地址点击回车确定
[email protected]
13、遇到pip错误如下:
ReadTimeoutError: HTTPSConnectionPool(host='pypi.python.org', port=443): Read timed out.
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
请安装更新pip软件:
pip install --upgrade pip
14、修改nginx.conf文件添加443端口监听服务配置信息
server {
listen 443;
server_name ***.com;
ssl on;
index index.html index.htm index.php;
root /usr/local/static;
ssl_certificate /etc/letsencrypt/live/***.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/***.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/***.com/chain.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
client_max_body_size 1024m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /cashier {
proxy_pass http://cashier-servers/cashier;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
15、重启nginx服务器:service nginx restart
16、给证书添加定时任务更新功能
[root@ip-172-31-14-227 ~]# mkdir /var/mylog
[root@ip-172-31-14-227 ~]# vim /var/mylog/le-renew.log
[root@ip-172-31-14-227 ~]# crontab -e
./certbot-auto certonly --webroot -w /usr/local/static/ -d ***.com --debug
17、完成大吉!
aws实例中部署certbot证书步骤
猜你喜欢
转载自380837242.iteye.com/blog/2359503
今日推荐
周排行