在python2.7的基础之上
使用certbot来安装网站证书支持https
官网教程 https://certbot.eff.org/
安装包 wget https://dl.eff.org/certbot-auto
nginx 网站下
首先得有virtualhost 配置虚拟站点,启用Namevirtualhost,监听433端口
nginx采用的yum安装
在conf.d目录下 有 default.conf ssl.conf virtual.conf
先创建站点 abc.wang.com 多个站点123.wang.com同目录
vim virtual.conf
server {
listen 8000;
listen 443 ssl; # managed by Certbot
server_name abc.wang.com 123.wang.com;#多个域名用空格隔开
ssl_certificate /etc/letsencrypt/live/abc.wang.com/fullchain.pem; # managed by Certbot #1
ssl_certificate_key /etc/letsencrypt/live/abc.wang.com/privkey.pem; # managed by Certbot#2 在certbot环节中会自动创建增加
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($server_port = "8000") { return 301 https://$server_name/$request_uri; } #此条添加为跳转https
location / {
root /var/www/html/nginx;
index index.html index.htm;
}
}
./certbot --nginx certonly
安装证书完成后,在/etc/letsencrypt/live/目录下会有个abc.wang.com目录
cd /etc/letsencrypt/live/abc.wang.com/
cert.pem chain.pem fullchain.pem privkey.pem README
此时证书的安装部分完成
在nginx的配置中加载证书
此时需要启用ssl.conf 注释取消掉,修改证书的正确路径
vim ssl.conf
#
# HTTPS server configuration
#
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl;
server_name abc.wang.com;
root /var/www/html/wang;
ssl_certificate /etc/letsencrypt/live/abc.wang.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/abc.wang.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
#
location / {
}
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
}
此时还需要添加一条重写规则,让http的访问跳转到https上面来
修改virtual配置文件
在server中添加
if ($server_port = "8000") { return 301 https://$server_name/$request_uri; }
查看虚拟目录的加载文件情况
nginx -t -D DUMP_VHOSTS