- 积分
- 71
- 威望
-
- 金钱
-
- 注册时间
- 2020-3-22
- 在线时间
- 小时
- 最后登录
- 1970-1-1
|
楼主 |
发表于 2021-10-16 13:34:38
|
显示全部楼层
首先感谢 木风木 licess 两位大佬的帮助
已经实现局域网https访问
如何获取安全证书
用了两种方法获取安全证书,不过缺点是到期后需要手动续签
一种是通过域名DNS服务商提供的免费安全证书 (安全证书有效期是一年)
另一种是通过 lnmp onlyssl 获取的免费安全证书 (安全证书有效期是三个月)
第一种通过域名DNS服务商提供的免费安全证书,这里就不详说了
通过lnmp onlyssl 获取的免费安全证书
lnmp onlyssl
+-------------------------------------------+| Manager for LNMP, Written by Licess |+-------------------------------------------+| https://lnmp.org |+-------------------------------------------+The dns manual mode can not renew automatically, you must renew it manually./usr/local/acme.sh/acme.sh [found]Please enter domain(example: lnmp.org): 这里是你的域名 #这里键入你的域名 Your domain: 这里是你的域名Enter more domain name(example: *.lnmp.org): 这里是你的域名 #这里键入你的域名 domain list: 这里是你的域名Starting create SSL Certificate use Let's Encrypt...[Sat Oct 16 12:47:18 CST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory[Sat Oct 16 12:47:18 CST 2021] Multi domain='DNS:这里是你的域名,DNS:这里是你的域名'[Sat Oct 16 12:47:18 CST 2021] Getting domain auth token for each domain[Sat Oct 16 12:47:22 CST 2021] Getting webroot for domain='这里是你的域名'[Sat Oct 16 12:47:22 CST 2021] Getting webroot for domain='这里是你的域名'[Sat Oct 16 12:47:22 CST 2021] Add the following TXT record:[Sat Oct 16 12:47:22 CST 2021] Domain: '_acme-challenge.这里是你的域名' #_acme-challenge.是添加TXT记录的别名,即域名前缀[Sat Oct 16 12:47:22 CST 2021] TXT value: '这里是需要给域名手动添加TXT记录的内容'[Sat Oct 16 12:47:22 CST 2021] Please be aware that you prepend _acme-challenge. before your domain[Sat Oct 16 12:47:22 CST 2021] so the resulting subdomain will be: _acme-challenge.这里是你的域名[Sat Oct 16 12:47:22 CST 2021] Add the following TXT record:[Sat Oct 16 12:47:22 CST 2021] Domain: '_acme-challenge.这里是你的域名'[Sat Oct 16 12:47:22 CST 2021] TXT value: '这里是需要给域名手动添加TXT记录的内容'[Sat Oct 16 12:47:22 CST 2021] Please be aware that you prepend _acme-challenge. before your domain[Sat Oct 16 12:47:22 CST 2021] so the resulting subdomain will be: _acme-challenge.这里是你的域名[Sat Oct 16 12:47:22 CST 2021] Please add the TXT records to the domains, and re-run with --renew.[Sat Oct 16 12:47:22 CST 2021] Please check log file for more details: /usr/local/acme.sh/acme.sh.logPlease add the above TXT record to the domain in 120 seconds!!!
这里中途你有120秒的时间给域名添加TXT记录[Sat Oct 16 12:49:25 CST 2021] Renew: '这里是你的域名'[Sat Oct 16 12:49:26 CST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory[Sat Oct 16 12:49:26 CST 2021] Multi domain='DNS:这里是你的域名,DNS:这里是你的域名'[Sat Oct 16 12:49:26 CST 2021] Getting domain auth token for each domain[Sat Oct 16 12:49:26 CST 2021] Verifying: 这里是你的域名[Sat Oct 16 12:49:32 CST 2021] Pending[Sat Oct 16 12:49:35 CST 2021] Pending[Sat Oct 16 12:49:39 CST 2021] Pending[Sat Oct 16 12:49:42 CST 2021] Pending[Sat Oct 16 12:49:45 CST 2021] Pending[Sat Oct 16 12:49:49 CST 2021] Pending[Sat Oct 16 12:49:52 CST 2021] Success[Sat Oct 16 12:49:52 CST 2021] Verifying: 这里是你的域名[Sat Oct 16 12:49:56 CST 2021] Success[Sat Oct 16 12:49:56 CST 2021] Verify finished, start to sign.[Sat Oct 16 12:49:56 CST 2021] Lets finalize the order.[Sat Oct 16 12:49:56 CST 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/ID*****'[Sat Oct 16 12:49:58 CST 2021] Downloading cert.[Sat Oct 16 12:49:58 CST 2021] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/ID*****'[Sat Oct 16 12:49:59 CST 2021] Cert success.[Sat Oct 16 12:49:59 CST 2021] Your cert is in /usr/local/nginx/conf/ssl/这里是你的域名/这里是你的域名.cer [Sat Oct 16 12:49:59 CST 2021] Your cert key is in /usr/local/nginx/conf/ssl/这里是你的域名/这里是你的域名.key [Sat Oct 16 12:49:59 CST 2021] The intermediate CA cert is in /usr/local/nginx/conf/ssl/这里是你的域名/ca.cer [Sat Oct 16 12:49:59 CST 2021] And the full chain certs is there: /usr/local/nginx/conf/ssl/这里是你的域名/fullchain.cer ------------------ SSL Certificate information as follows ------------------| Domain: 这里是你的域名 这里是你的域名| SSL Certificate: /usr/local/nginx/conf/ssl/这里是你的域名/fullchain.cer #这里是你的安全证书| SSL Certificate Key: /usr/local/nginx/conf/ssl/这里是你的域名/这里是你的域名.key #这里是你的安全证书密钥------------------------------------ ---------------------------------------Let's Encrypt SSL Certificate create successfully.
这样你就得到了安全证书和密钥了
获取到证书和密钥以后,重新绑定了虚拟主机
lnmp vhost add
在添加安全证书选项,选择了使用自己的SSL证书和密钥
Add SSL Certificate (y/n) y
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Enter 1 or 2: 1
然后手动录入安全证书和密钥的路径
Please enter full path to SSL Certificate file: /usr/local/nginx/conf/ssl/域名/fullchain.cer
Please enter full path to SSL Certificate Key file: /usr/local/nginx/conf/ssl/域名/域名.key
返回结果
================================================
Virtualhost infomation:
Your domain: 域名
Home Directory: /home/wwwroot/域名
Rewrite: other
Enable log: yes
Create database: no
Create ftp account: no
Enable SSL: yes
=>Certificate file
================================================
到此就可以正常访问https
但是http还是能打开,然后设置301自动跳转
vi /usr/local/nginx/conf/vhost/域名.conf
添加规则
return 301 https://域名$request_uri; #跳转到https
修改配置文件后需要重启Nginx
nginx -s reload
浏览器访问前端地址不管是访问【http://域名】还是访问【http://www.域名】还是访问【https://www.域名/】
都会自动跳转到https://域名/
虽然还不完美,不能自动续签,先这样吧,再次感谢两位
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
x
|
发表于 2021-10-14 18:55:43
发表于 2021-10-15 09:30:29
