centos7 安装 certbot 动态更新Let's encrypt 证书实现nginx免费ssl证书

先更新内核,然后安装nginx。启用bbr。

yum install yum-utils vim  -y 

vim  /etc/yum.repos.d/nginx.repo

输入:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

 

sudo yum-config-manager --enable nginx-mainline
sudo yum install nginx

 systemctl enable nginx

systemctl start nginx

 sudo yum -y install epel-release

yum -y install yum-plugin-copr
yum copr enable @caddy/caddy
yum -y install caddy
sudo yum -y install snapd
sudo systemctl enable --now snapd.socket

sudo snap install core;

sudo snap refresh core
reboot
systemctl enable snapd
systemctl start --now snapd.socket

ln -s /var/lib/snapd/snap /snap
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot


安装完毕后,配置nginx即可:

vim /etc/nginx/conf.d/default.conf

配置如下:

记得修改server_name为你将要申请ssl证书的域名。 

server {
    server_name  your_domain.com;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
	try_files $uri $uri/ =404;
        #root   /usr/share/nginx/html;
        #index  index.html index.htm;
    }
    location /your_v2_dir {
                proxy_redirect off;
                proxy_pass http://127.0.0.1:your_v2_port;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                # Show realip in v2 access.log
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }

}

 nginx -s reload

certbot --nginx
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload



就可以实现你想要的功能了,enjoy~~~

posted on 2020-12-01 13:28  sixiiweb  阅读(831)  评论(0)    收藏  举报

导航