<< Home

环境

目标

安装Nginx

vi /etc/yum.repos.d/nginx.repo

写入

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

保存后:

sudo yum install nginx -y
sudo chkconfig nginx on ##设置nginx为开机启动
sudo service nginx start ##开启nginx

打开ip测试,就会看到“Welcome to Nginx!”的经典界面了。

编辑Nginx配置文件

找到nginx主目录,命令是nginx -t,就会看到相关路径

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

编辑默认配置文件, 80端口就是http的默认端口,更改root目录可以修改website的目录指向。

vi /etc/nginx/conf.d/default.conf

Let’s Encrypt

yum -y install wget

wget https://dl.eff.org/certbot-auto

chmod a+x certbot-auto

pip install virtualenv

./certbot-auto

python2.6的环境会有一堆报错提示,可以忽略,或者自行解决升级到python2.7。

certbot certonly --webroot -w /website主目录/ -d 域名

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/你填写的域名/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/你填写的域名/privkey.pem
   Your cert will expire on 2017-11-17. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

因为Let’s encrypt只有90天有效期。具体操作可以看官方文档。https://certbot.eff.org

参考

certbot

Let’s Encrypt官方推荐Certbot工具快速部署SSL证书