璟雯院

珺璟如晔,雯华若锦

用户工具

站点工具

您在这里: start » tech » webserver » ssl
tech:webserver:ssl

HTTPS证书配置

0. 安装acme.sh 

curl https://get.acme.sh | sh -s email=uncle-lu@outlook.com

1. 申请证书 

acme.sh --issue -d uncle-lu.org --nginx

2. 创建nginx证书存放目录 

mkdir -p /etc/nginx/ssl/uncle-lu.org

3. nginx配置文件 

    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    ssl_certificate "/etc/nginx/ssl/fiona-rums.net/fullchain.cer";
    ssl_certificate_key "/etc/nginx/ssl/fiona-rums.net/fiona-rums.net.key";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

4. acme.h移动证书 

acme.sh --install-cert -d uncle-lu.org \
--key-file       /etc/nginx/ssl/uncle-lu.org/uncle-lu.org.key  \
--fullchain-file  /etc/nginx/ssl/uncle-lu.org/fullchain.cer \
--reloadcmd     "service nginx force-reload"
/app/www/public/data/pages/tech/webserver/ssl.txt · 最后更改: 2024/01/20 06:22 由 温婕莺