Author: HelloGitHub- Dream figure
Sample code relates to text, it has been updated to synchronize HelloGitHub-Team warehouse
HTTP packets transmitted in clear text, if your site only supports HTTP protocol, then it may be subjected to security attacks. You can use the Google browser to open a Web site HTTP protocol will be found to the left of Chrome URLs will mark this site as unsafe.
HTTPS provides a channel for the encrypted transmission of HTTP packets, so an attacker can not eavesdrop or tamper with the content transmission. To enable HTTPS, you must apply to a trusted institution HTTPS certificate. Professional certificate request for a surcharge, but for personal blog sites, there are many free certificate applicant. For example, Let's Encrypt, which provides free certificate request service, the application process is very simple, just run a few commands to, and support for automatic renewal after the certificate expires, can be described once and for all. Next we use tools Let's Encrypt is provided free to apply for the HTTPS certificate.
Let's Encrypt first install the certificate provided by the application tool. Log https://certbot.eff.org/ select server software and operating systems we use blog site. Tutorial to Nginx and CentOS 7 as an example:
First, install the necessary tools:
$ sudo yum -y install yum-utils
$ sudo sudo yum install -y certbot python2-certbot-nginxcertbot python2-certbot-nginx HTTPS certificate is a tool provided by Let's Encrypt application, python2-certbot-nginx Nginx is designed for plug-ins, making the service application for a certificate Nginx running more simple and convenient.
And then run the Certificate Request command:
$ sudo certbot --nginxnote
After testing, it is possible to run the above command reported ImportError: No module named 'requests.packages.urllib3' error, which is due to requests and urlib3 version is too low due to (refer to the issue discussed), the solution is to reinstall they, run the following command:
$ pip uninstall requests $ pip uninstall urllib3 $ yum remove python-urllib3 $ yum remove python-requestsThen reinstall certbot, since it depends on the above two packages, it will reload fitted together:
$ sudo yum install -y certbot python2-certbot-nginx
Re certificate for the command: sudo certbot --nginx
There will be a series of interactive prompts, you will first enter the mailbox for subscription. Then enter a consent of their policies.
Then certbot automatically scanned domain name, follow the prompts to enter the domain name labels want to turn on the HTTPS:
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: django-blog-tutorial-v2-demo.zmrenwu.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Then certbot will do a domain name check to prove that you have control rights to the domain name. After verification by, Let's Encrypt will be the certificate is issued to you.
Finally, you will be prompted to redirect HTTP to HTTPS, of course, choose Yes, so certbot will automatically help us modify Nginx configuration, an HTTP redirect to HTTPS, if the user uses the HTTP protocol to access our blog site will be redirected to HTTPS protocol to access, to ensure safety.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/django-blog-tutorial-v2.conf
certbot certificate application is only valid for three months, but it does not matter, certbot unlimited renewal, we add a crontab scheduled tasks to perform certbot automatically renewed mandate, such an application, lifetime use.
Open the / etc / crontab, increase regular tasks:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/nullHere Configuring 12:00 every day automatically renew command execution.
Since the entire station opened HTTPS, HTTPS is required to Africa website content (such as an external resource requests through the HTTP protocol) was changed to HTTPS, our blog currently has an import external style icon library files are introduced HTTP protocol , you need to be changed HTTPS:
base.html
<link rel="stylesheet" href="https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css">More than a few simple steps, it opens up the whole station HTTPS.
"Explain open source projects Series" - to let people interested in open source projects are no longer afraid, let sponsors open source projects are no longer alone. Follow our articles, you'll discover the fun of programming, the use of open source projects and found to be involved so simple. Welcome messages to contact us, join us, so that more people fall in love with open source, open source contribution ~