Yadda ake neman Mu Encrypt? Bari Mu Encrypt SSL Free Certificate Principle & Installation Tutorial

Yadda ake nema don Mu Encrypt?

Bari Mu Rufe Ƙa'idar Takaddun Takaddun SSL & Koyarwar Shigarwa

Menene SSL?Chen WeiliangA cikin labarin da ya gabata "Menene bambanci tsakanin http vs https? Cikakken bayani na tsarin ɓoye SSL"An ambata a ciki.

ban daE-kasuwanciDole ne gidan yanar gizon ya sayi ci-gaba da rufaffen takardar shaidar SSL kuma amfani da gidan yanar gizon azaman WeChatHaɓaka asusun jama'anasabon kafofin watsa labaraiMutane, idan kuna son shigar da takardar shaidar SSL, za ku iya shigar da takaddun SSL da aka rufaffen kyauta.SEOTaimako, na iya inganta martabar kalmomin gidan yanar gizo a cikin injunan bincike.

Bari mu Encrypt kanta ta rubuta tsarin tsari (https://certbot.eff.org/） 使用Linuxabokai, zaku iya bin wannan koyawa yayin da kuke magana akan tsarin.

Zazzage kayan aikin certbot-auto da farko, sannan gudanar da abubuwan dogaro da kayan aikin.

wget https://dl.eff.org/certbot-auto --no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

Samar da takardar shaidar SSL

Na gaba, tare daChen WeiliangƊauki sunan yankin blog a matsayin misali, da fatan za a gyara shi bisa ga buƙatun ku. SSH yana aiwatar da umarni masu zuwa.

Tabbatar canza umarnin a:

1. Akwatin gidan waya
2. hanyar uwar garken
3. sunan yankin gidan yanar gizon

Jagora guda ɗaya na yanki ɗaya, samar da takaddun shaida:

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com

Littafin shugabanci guda daya-daya, yana samar da takaddun shaida: (watau sunayen yanki da yawa, kundin adireshi ɗaya, yi amfani da takaddun shaida iri ɗaya)

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com

Za a adana takardar shaidar SSL a cikin:/etc/letsencrypt/live/www.chenweiliang.com/ Ƙarƙashin abun ciki.

Sunayen yanki da yawa da kundayen adireshi, suna samar da takaddun shaida: (wato, sunayen yanki da yawa, kundayen adireshi da yawa, yi amfani da takaddun shaida iri ɗaya)

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com -w /home/eloha/public_html/site/etufo.org -d www.etufo.org -d img.etufo.org

Bayan an shigar da takardar shaidar Mu Encrypt ɗin cikin nasara, saƙon gaggawa mai zuwa zai bayyana a cikin SSH:

KARANTA SANTA:
– Taya murna!Takardar ku da chain an ajiye su a:
/etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem
An adana fayil ɗin maɓallin ku a:
/etc/letsencrypt/live/www.chenweiliang.com/privkey.pem
Takardar ku za ta ƙare ranar 2018-02-26. Don samun sabon ko tweaked
sigar wannan takardar shaidar nan gaba, kawai gudanar da certbot-auto
Don sabunta *duk* takaddun takaddun ku ba tare da haɗin gwiwa ba, gudu
"certbot-auto sabuntawa"
- Idan kana son Certbot, don Allah a yi la'akari da goyon bayan aikinmu ta hanyar:
Ba da gudummawa ga ISRG / Bari Mu Rufe: https://letsencrypt.org/donate
Ba da izini zuwa FFF: https://eff.org/donate-le

Sabunta Certificate SSL

Sabunta takaddun shaida shima ya dace sosai, ta amfani da shicrontabSabuntawa ta atomatik.Wasu Debian ba su shigar da crontab ba, zaku iya shigar da shi da hannu tukuna.

apt-get install cron

Umurnai masu zuwa suna cikin nginx da apache bi da bi / sauransu / crontab Umurnin da aka shigar a cikin fayil ɗin yana nufin ana sabunta shi kowane kwanaki 10, kuma lokacin tabbatarwa na kwanaki 90 ya wadatar.

Nginx crontab fayil, da fatan za a ƙara:

0 3 */10 * * /root/certbot-auto renew --renew-hook "/etc/init.d/nginx reload"

Apache crontab fayil, da fatan za a ƙara:

0 3 */10 * * /root/certbot-auto renew --renew-hook "service httpd restart"

Takaddun shaida SSL Tsarin Apache

Yanzu, muna buƙatar yin canje-canje ga tsarin Apache.

Tukwici:

• idan kuna amfaniCibiyar Kula da CWP, a cikin Ƙara sunan yankin rajista ta atomatik samar da takardar shaidar SSL, za ta daidaita takardar shaidar SSL ta Apache ta atomatik.
• Idan kun yi ƙarin matakai masu zuwa, kuskure na iya faruwa bayan sake kunna Apache.
• Idan akwai kuskure, share tsarin da kuka ƙara da hannu.

Shirya fayil ɗin httpd.conf ▼

/usr/local/apache/conf/httpd.conf

Nemo ▼

Listen 443

• (cire lambar sharhin da ta gabata #)

ko ƙara tashar tashar sauraro 443 ▼

Listen 443

SSH duba tashar sauraron Apache ▼

grep ^Listen /usr/local/apache/conf/httpd.conf

Nemo ▼

mod_ssl

• (cire lambar sharhin da ta gabata #)

ko ƙara ▼

LoadModule ssl_module modules/mod_ssl.so

Nemo ▼

httpd-ssl

• (cire lambar sharhin da ta gabata #)

Sannan, SSH aiwatar da umarni mai zuwa (bayanin kula don canza hanyar zuwa naku):

at >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/apache/logs/ssl_mutex"
EOF

Na gaba, a ƙarshen saitin Apache don gidan yanar gizon da kuka ƙirƙirakarkashin.

Ƙara fayil ɗin sanyi na sashin SSL (bayanin kula don cire sharhi, kuma canza hanyar zuwa naku):

<VirtualHost *:443>
DocumentRoot /home/admin/web/chenweiliang.com/public_html //网站目录
ServerName www.chenweiliang.com:443 //域名
ServerAdmin [email protected] //邮箱
ErrorLog "/var/log/www.chenweiliang.com-error_log" //错误日志
CustomLog "/var/log/www.chenweiliang.com-access_log" common //访问日志
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem //之前生成的证书
SSLCertificateKeyFile /etc/letsencrypt/live/www.chenweiliang.com/privkey.pem //之前生成的密钥
<Directory "/home/admin/web/chenweiliang.com/public_html"> //网站目录
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
suPHP_UserGroup eloha eloha //用户组（有些服务器配置需要，有些可能不需要，出错请删除此行）
Order allow,deny
Allow from all
DirectoryIndex index.html index.phps
</Directory>
</VirtualHost>

A ƙarshe zata sake farawa Apache akansa:

service httpd restart

Apache tilasta HTTP turawa zuwa HTTPS

• Yawancin buƙatun yanar gizo koyaushe suna iya gudana tare da SSL kawai.
• Muna buƙatar tabbatar da cewa duk lokacin da muke amfani da SSL, dole ne a shiga gidan yanar gizon ta SSL.
• Idan kowane mai amfani yayi ƙoƙarin shiga gidan yanar gizon tare da URL maras SSL, dole ne a tura shi zuwa gidan yanar gizon SSL.
• Komawa zuwa SSL URL ta amfani da Apache mod_rewrite module.
• Idan kun yi amfani da kunshin shigarwa na dannawa ɗaya LAMP, ginanniyar shigarwa ta atomatik ta takardar shaidar SSL da turawa ta tilastawa zuwa HTTPS, turawa zuwa HTTPS.A cikin karfi, ba kwa buƙatar ƙara tura HTTPS.

Ƙara dokar turawa

• A cikin fayil ɗin sanyi na Apache, gyara mahaɗin gidan yanar gizon kuma ƙara saitunan masu zuwa.
• Hakanan zaka iya ƙara saitunan iri ɗaya zuwa tushen daftarin aiki akan gidan yanar gizon ku a cikin fayil ɗin .htaccess.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Idan kawai kuna son saka takamaiman URL don turawa zuwa HTTPS:

RewriteEngine On
RewriteRule ^message$ https://www.etufo.org/message [R=301,L]

• Idan wani yayi ƙoƙarin shiga saƙon , shafin zai yi tsalle zuwa https, kuma mai amfani zai iya samun damar URL kawai tare da SSL.

Sake kunna Apache don fayil ɗin .htaccess don aiwatarwa:

service httpd restart

Kariya

• Da fatan za a canza adireshin imel na sama zuwa adireshin imel ɗin ku.
• Da fatan za a tuna don canza sunan yankin gidan yanar gizon da ke sama zuwa sunan yankin gidan yanar gizon ku.

Ƙaddamar da ƙa'idar wuri matsala

Ƙarƙashin ƙa'idodin ƙididdiga, lokacin sanya ƙa'idodin tsalle-tsalle, yawanci kuna haɗuwa http ba zai iya turawa zuwa https ba Matsalar.

Da farko mun kwafi lambar turawa zuwa .htaccess kuma zai bayyana a cikin waɗannan lokuta ▼

• [L] yana nuna cewa ƙa'idar yanzu ita ce ka'ida ta ƙarshe, dakatar da nazarin waɗannan ƙa'idodin sake rubutawa.
• Don haka lokacin shiga shafin labarin da aka tura, [L] yana dakatar da waɗannan dokoki, don haka ƙa'idodin turawa ba sa aiki.

Lokacin ziyartar gidan yanar gizon http, muna so mu fara jujjuya URL, tsallake ƙa'idar juzu'i don aiwatar da dokar tsalle-tsalle, ta yadda za a iya cimma ta.http tana jujjuyawa zuwa https .

Kar a sanya dokokin turawa https a ciki [L] A ƙasa dokokin, saka [L] sama da dokoki ▼

Karin karatu:

• Menene bambanci tsakanin http vs https? Cikakken bayani na tsarin ɓoye SSL
• Me zan yi idan na sami kuskure 500 bayan shigar da Mu Encrypt SSL takardar shaidar a cikin CWP iko panel?
• Tsalle ta atomatik zuwa sunan yanki na mataki na biyu ba tare da sunan yankin babban matakin www ba: tushen sunan yankin 301 yana turawa www.