tech:webserver:ssl
HTTPS证书配置
0. 安装acme.sh
curl https://get.acme.sh | sh -s email=uncle-lu@outlook.com
1. 申请证书
acme.sh --issue -d uncle-lu.org --nginx
2. 创建nginx证书存放目录
mkdir -p /etc/nginx/ssl/uncle-lu.org
3. nginx配置文件
listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate "/etc/nginx/ssl/fiona-rums.net/fullchain.cer"; ssl_certificate_key "/etc/nginx/ssl/fiona-rums.net/fiona-rums.net.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;
4. acme.h移动证书
acme.sh --install-cert -d uncle-lu.org \ --key-file /etc/nginx/ssl/uncle-lu.org/uncle-lu.org.key \ --fullchain-file /etc/nginx/ssl/uncle-lu.org/fullchain.cer \ --reloadcmd "service nginx force-reload"
/app/www/public/data/pages/tech/webserver/ssl.txt · 最后更改: 2024/01/20 06:22 由 温婕莺