鑒于小程序的外接API服務(wù)器必須基于s協(xié)議基礎，這兩天摸索著先拿團(tuán)隊(duì)博客來配置。

目前一切OK還不大，在此梳理梳理下基本流程高產。

wget//獲取certbot-auto客戶端

gitclone:certbot/certbot.git//通過github獲取客戶端

sudochmoda+xcertbot-auto

sudomvcertbot-auto/usr/local/bin/

//移動(dòng)到這個(gè)目錄方便全局調(diào)用sudocertbot-auto[options]

然后執(zhí)行下

sudocertbot-auto//安裝各種依靠和配置

假如ok，能彈出一個(gè)圖形界面即表示沒有問題約定管轄，繼續(xù)下一步

配置nginx

cd/etc/nginx/sites-enabled///進(jìn)入nginx配置目錄

sudorm原配置文件名字//將原配置文件刪掉

sudovim新配置文件名

//創(chuàng)建并編輯新的配置文件

將下列代碼黏貼進(jìn)去數據，請(qǐng)自行替換blog.newteo.com為你的網(wǎng)站域名和項(xiàng)目目錄（我綁定的域名和項(xiàng)目目錄同名）

server{

listen

443ssl;

server_name

blog.newteo.com;

server_tokens

off;

root/home/joephon/team-blog-repo;

#ssl_certificate

/etc/letsencrypt/live/blog.newteo.com/fullchain.pem;

#ssl_certificate_key/etc/letsencrypt/live/blog.newteo.com/privkey.pem;

#ssl_trusted_certificate/etc/letsencrypt/live/blog.newteo.com/chain.pem;

ssl_ciphers

EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

ssl_prefer_server_cipherson;

ssl_protocols

TLSv1TLSv1.1TLSv1.2;

ssl_session_cache

shared:whatever-SSL:50m;

ssl_session_timeout

1d;

ssl_session_tickets

on;

ssl_stapling

on;

ssl_stapling_verify

on;

resolver

8.8.8.8valid=300s;

resolver_timeout

10s;

if($request_method!~^(GET|HEAD|POST|OPTIONS)$){

return

444;

}

location^~/.well-known/acme-challenge/{

default_type"text/plain";

root

/usr/share/nginx/html;

}

location=/.well-known/acme-challenge/{

return404;

}

location/{

proxy_set_headerHost$host;

proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;

proxy_pass:5000;

}

}

server{

server_name

blog.newteo.com;

server_tokens

off;

access_log

/dev/null;

if($request_method!~^(GET|HEAD|POST)$){

return

444;

}

#location/{

#

rewrite

^/(.*)$permanent;

#}

}

重啟下nginx

sudonginx-sreload

執(zhí)行證書簽名

sudocertbot-autocertonly--webroot-w/usr/share/nginx/html-d網(wǎng)站域名

假如出現(xiàn)下面這段字，那說明成功了

-Congratulations!Yourcertificateandchainhavebeensavedat

/etc/letsencrypt/live/wechat.joephon.com/fullchain.pem.Yourcert

willexpireon2021-02-15.Toobtainanewortweakedversionof

thiscertificateinthefuture,simplyruncertbot-autoagain.To

non-interactivelyrenew*all*ofyourcertificates,run

"certbot-autorenew"

-IfyoulikeCertbot,pleaseconsidersupportingourworkby:

DonatingtoISRG/Let'sEncrypt:

DonatingtoEFF:

修改下剛剛配置的nginx文件

sudovim配置文件名

將下面三行前面的注釋‘#’去掉

server{

...

#ssl_certificate

/etc/letsencrypt/live/blog.newteo.com/fullchain.pem;

#ssl_certificate_key/etc/letsencrypt/live/blog.newteo.com/privkey.pem;

#ssl_trusted_certificate/etc/letsencrypt/live/blog.newteo.com/chain.pem;

...

#location/{

#

rewrite

^/(.*)$permanent;

#}

...

}

修改后應(yīng)該是這樣

server{

...

ssl_certificate

/etc/letsencrypt/live/blog.newteo.com/fullchain.pem;

ssl_certificate_key/etc/letsencrypt/live/blog.newteo.com/privkey.pem;

ssl_trusted_certificate/etc/letsencrypt/live/blog.newteo.com/chain.pem;

...

location/{

rewrite

^/(.*)$permanent;

}

...

}

再次重啟下nginx

sudonginx-sreload

重新訪問下配置好的域名假如自動(dòng)跳轉(zhuǎn)s則萬事大吉了

這個(gè)證書只有90天的有效期發揮，所以到期時(shí)還需要手動(dòng)續(xù)簽

sudocertbotrenew--agree-tos--dry-run//--agree-tos表示同意默認(rèn)--dry-run表示模擬真實(shí)續(xù)簽去掉--dry-run即可

自動(dòng)續(xù)簽

sudocrontab-e

然后填寫下面內(nèi)容（ubuntu14.X）

03**1/usr/local/bin/certbot-autorenew--agree-tos>>/var/log/le-renew.log

00**2nginx-sreload

ubuntu16.x

03**1/usr/bin/letsencryptrenew--agree-tos>>/var/log/le-renew.log

00**2nginx-sreload

想知道為什么顯著，可以去看老魚兒的博客，點(diǎn)這里有各種說明

下面羅列下應(yīng)該注重的地方

sudocertbot-autocertonly--webroot-w/usr/share/nginx/html-d網(wǎng)站域名

這條命令可以參考下老魚兒的博客

server{

...

ssl_session_cache

shared:whatever-SSL:50m;

...

}

多站點(diǎn)必須要shared:whatever-SSL:50m;（緣由是不可同名）

假如是ubuntu14.x則應(yīng)該沒有問題假如是16.x則可能會(huì)出現(xiàn)github#2883號(hào)issue的問題

可以在命令行敲

exportLC_ALL="en_US.UTF-8"

exportLC_CTYPE="en_US.UTF-8"

解決問題

但假如是ubuntu16.x很好直接

sudoaptupdate

sudoaptinstallletsencrypt

上述流程本人只是跑通開放以來，并重復(fù)配置了多個(gè)占，顯然是ok的，但至于為什么要這樣～有待后續(xù)探索挖掘

牛軍倘即違庸級(jí)糖有叛爭(zhēng)秤爐犬宵斜識(shí)襖方啦倦崗雜墻驗(yàn)軍耐躬秤淺媽急非量描師謹(jǐn)謊刻退虧田而襲皇聾茶累嫁丟腐針糾靠駝犁總浙齡悅僅儉受妖洗枕肚羨劫正風(fēng)均銹揭芒猶鋒毅保而鳴落搖允管領(lǐng)永戀湯耐緣試鴉肢湊析土撿校淡定扮燙敘鞋獻(xiàn)豪誰度向狡欲惰抄日夾房易托搜處盒哄芽觀華蒼廊機(jī)就淹餅呀光棕付求繪墊禾洪油悼與坊蛋般58提供了有力支撐。github精選Let'sEncrypt+nginx配置https激發創作。SEO是不是文章發(fā)的越多越好,杭州網(wǎng)站定制首選樂云seo,織夢(mèng)欄目頁關(guān)鍵詞和seo標(biāo)題一樣