centos7 安装 certbot 动态更新Let's encrypt 证书实现nginx免费ssl证书
先更新内核,然后安装nginx。启用bbr。
yum install yum-utils vim -y
vim /etc/yum.repos.d/nginx.repo
输入:
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
sudo yum-config-manager --enable nginx-mainline
sudo yum install nginx
systemctl enable nginx
systemctl start nginx
sudo yum -y install epel-release
yum -y install yum-plugin-copr
yum copr enable @caddy/caddy
yum -y install caddy
sudo yum -y install snapd
sudo systemctl enable --now snapd.socket
sudo snap install core;
sudo snap refresh core
reboot
systemctl enable snapd
systemctl start --now snapd.socket
ln -s /var/lib/snapd/snap /snap
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
安装完毕后,配置nginx即可:
vim /etc/nginx/conf.d/default.conf
配置如下:
记得修改server_name为你将要申请ssl证书的域名。
server { server_name your_domain.com; #charset koi8-r; #access_log /var/log/nginx/host.access.log main; location / { try_files $uri $uri/ =404; #root /usr/share/nginx/html; #index index.html index.htm; } location /your_v2_dir { proxy_redirect off; proxy_pass http://127.0.0.1:your_v2_port; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Show realip in v2 access.log proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } }
nginx -s reload
certbot --nginx
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload
就可以实现你想要的功能了,enjoy~~~
////////////////////////////////
////////Sixi. Let it be.../////
//////////////////////////////