给网站加上SSL证书
Let’s Encrypt是一家免费的ssl证书提供商,并且这家使用方便简单。
服务器系统:debian
weg服务器:nginx
cerbot提供一键生成ssl证书文件
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto -n
生成证书,-w是网站目录,-d是域名,多个域名可以跟多个-d,按下面的例子
certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is
生成的证书在/etc/letsencrypt/live/example.com目录里面,这样证书就生成成功了
下面配置nginx
server {
listen 443 ssl;
server_name aaa.com;
root /var/www/aaa_com;
index index.html index.htm index.php;
include /etc/nginx/conf.d/discuzx;
include /etc/nginx/fastcgi_php;
access_log /var/log/nginx/yuln.com.access.log;
ssl_certificate /etc/letsencrypt/live/aaa.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/aaa.com/privkey.pem;
}
最后两行就是证书存放的位置
强制非http跳转到https
server {
listen 80;
server_name www.aaa.com aaa.com;
rewrite ^(.*) https://aaa.com$1 permanent;
}