Otu esi etinye akwụkwọ maka Let's Encrypt? Ka anyị ezobe ụkpụrụ Asambodo efu na nkuzi nwụnye SSL

Otu esi etinye akwụkwọ maka Let's Encrypt?

Ka anyị zoo ụkpụrụ Asambodo SSL na nkuzi nwụnye

Gịnị bụ SSL?Chen WeiliangN'isiokwu gara aga "Kedu ihe dị iche n'etiti http vs https? Nkọwa zuru ezu nke usoro nzuzo SSL"A na-akpọ ya ".

ewepu naE-azụmahịaNa mgbakwunye na ịzụrụ ihe dị elu ezoro ezo SSL akwụkwọ, webụsaịtị ga-eji maka WeChatNkwalite akaụntụ ọhankemgbasa ozi ohuruNdị mmadụ, ọ bụrụ na ịchọrọ ịwụnye asambodo SSL, ị nwere ike ịwụnye asambodo SSL ezoro ezo n'efu, nke dị mma maka.SEOỌ na-enye aka ma nwee ike melite ogo nke isiokwu weebụsaịtị na engines ọchụchọ.

Ka anyị encrypt onwe ya edeela usoro nhazi (https://certbot.eff.org/), ijiLinuxNdị enyi, ị nwere ike zoo aka na usoro a wee soro nkuzi a.

Buru ụzọ budata ngwa certbot-auto, wee megharịa akụrụngwa dabere na nrụnye nke ngwaọrụ.

wget https://dl.eff.org/certbot-auto --no-check-certificate
chmod +x ./certbot-auto
./certbot-auto -n

Mepụta asambodo SSL

Ọzọ, malite naChen WeiliangWere ngalaba aha blọọgụ dịka ọmụmaatụ, biko gbanwee ya dịka mkpa gị siri dị. Gbaa iwu a site na SSH.

Biko hụ na ị gbanwee iwu a:

1. Akwụkwọ ozi
2. Ụzọ nkesa
3. aha ngalaba weebụsaịtị

Otu akwụkwọ ndekọ aha ngalaba, mepụta asambodo:

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com

Akwụkwọ ndekọ aha ọtụtụ ngalaba, mepụta asambodo: (ya bụ ọtụtụ aha ngalaba, otu akwụkwọ ndekọ aha, jiri otu asambodo)

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com

A ga-echekwa asambodo SSL emepụtara na:/etc/letsencrypt/live/www.chenweiliang.com/ N'okpuru ọdịnaya.

Otutu ngalaba aha na otutu akwụkwọ ndekọ aha, mepụta asambodo: (ya bụ, otutu ngalaba aha, otutu akwụkwọ ndekọ aha, jiri otu akwụkwọ)

./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com -w /home/eloha/public_html/site/etufo.org -d www.etufo.org -d img.etufo.org

Mgbe ị wụnyechara akwụkwọ ikike ka anyị Encrypt nke ọma, ozi ngwa ngwa SSH ga-apụta:

MARA EGO:
– Ekele! Asambodo gị na chain echekwabara na:
/etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem
Edokwala faịlụ igodo gị na:
/etc/letsencrypt/live/www.chenweiliang.com/privkey.pem
Asambodo gị ga-ekubi ume na 2018-02-26. Iji nweta nke ọhụrụ ma ọ bụ tweaked
Ụdị asambodo a n'ọdịnihu, mee naanị certbot-auto
ọzọ. Iji na-abụghị interactively megharia * niile* nke gị asambodo, ọsọ
"certbot-auto renewing"
- Ọ bụrụ na-amasị Certbot, biko tụlee ịkwado ọrụ anyị site na:
Inye onyinye na ISRG / Ka anyị zoo: https://letsencrypt.org/donate
Inye ego na EFF https://eff.org/donate-le

SSL akwụkwọ ọhụrụ

Nkwalite asambodo dịkwa mma nke ukwuu, ijicrontabMee mmeghari ohuru akpaaka. Ọ bụrụ na ụfọdụ ndị Debian enweghị crontab arụnyere, ị nwere ike ibu ụzọ tinye ya na aka.

apt-get install cron

Iwu ndị a bụ maka nginx na apache n'otu n'otu. / wdg / crontab Iwu etinyere na faịlụ ahụ pụtara mmeghari ohuru kwa ụbọchị iri, yana oge nkwado nke ụbọchị 10 zuru ezu.

Nginx crontab faịlụ, biko tinye:

0 3 */10 * * /root/certbot-auto renew --renew-hook "/etc/init.d/nginx reload"

Faịlụ crontab Apache, biko tinye:

0 3 */10 * * /root/certbot-auto renew --renew-hook "service httpd restart"

Nhazi Apache Asambodo SSL

Ugbu a, anyị kwesịrị ịgbanwe nhazi Apache.

Ndụmọdụ:

• Ọ bụrụ na ị na-ejiOgwe njikwa CWP, lelee na-emepụta akwụkwọ SSL na-akpaghị aka mgbe ị na-agbakwụnye aha ngalaba, a ga-ahazi Apache akwụkwọ SSL na-akpaghị aka.
• Ọ bụrụ na ịmee ọtụtụ usoro ndị a, njehie nwere ike ime ka ịmalitegharịa Apache.
• Ọ bụrụ na ihe na-aga nke ọma, hichapụ nhazi nke ị jiri aka tinye.

Dezie faịlụ httpd.conf ▼

/usr/local/apache/conf/httpd.conf

Chọta ▼

Listen 443

• (Wepu nọmba nkọwapụta gara aga #)

Ma ọ bụ tinye ọdụ ụgbọ mmiri 443 ▼

Listen 443

SSH lelee ọdụ ụgbọ mmiri Apache ▼

grep ^Listen /usr/local/apache/conf/httpd.conf

Chọta ▼

mod_ssl

• (Wepu nọmba nkọwapụta gara aga #)

ma ọ bụ tinye ▼

LoadModule ssl_module modules/mod_ssl.so

Chọta ▼

httpd-ssl

• (Wepu nọmba nkọwapụta gara aga #)

Mgbe ahụ, SSH mebie iwu a (rịba ama ka ị gbanwee ụzọ nke gị):

at >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/apache/logs/ssl_mutex"
EOF

Na-esote, na njedebe nke nhazi Apache maka weebụsaịtị ị mepụtaran'okpuru.

Tinye faịlụ nhazi SSL (dee ka ewepụ ihe ndị ahụ wee gbanwee ụzọ nke gị):

<VirtualHost *:443>
DocumentRoot /home/admin/web/chenweiliang.com/public_html //网站目录
ServerName www.chenweiliang.com:443 //域名
ServerAdmin [email protected] //邮箱
ErrorLog "/var/log/www.chenweiliang.com-error_log" //错误日志
CustomLog "/var/log/www.chenweiliang.com-access_log" common //访问日志
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem //之前生成的证书
SSLCertificateKeyFile /etc/letsencrypt/live/www.chenweiliang.com/privkey.pem //之前生成的密钥
<Directory "/home/admin/web/chenweiliang.com/public_html"> //网站目录
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
suPHP_UserGroup eloha eloha //用户组（有些服务器配置需要，有些可能不需要，出错请删除此行）
Order allow,deny
Allow from all
DirectoryIndex index.html index.phps
</Directory>
</VirtualHost>

N'ikpeazụ, malitegharịa Apache:

service httpd restart

Apache Force HTTP redirect HTTPS

• Ọtụtụ arịrịọ webụ nwere ike na-agba naanị iji SSL.
• Anyị kwesịrị ijide n'aka na oge ọ bụla anyị na-eji SSL, anyị ga-enwerịrị ike ịnweta weebụsaịtị site na SSL.
• Ọ bụrụ na onye ọrụ ọ bụla nwara iji URL na-abụghị SSL wee nweta webụsaịtị, a ga-ebugharị ya na webụsaịtị SSL.
• Jiri modul Apache mod_rewrite ka ibugharịa gaa na URL SSL.
• Ọ bụrụ na ị na-eji LAMP iji wụnye ngwugwu ahụ n'otu ọpịpị, ọ wulitere asambodo SSL na akpaaka yana ntugharị na HTTPS na ntụgharị na HTTPS.Na Mmanye, ọ dịghị mkpa ịgbakwunye HTTPS redirection.

Tinye iwu redirect

• N'ime faịlụ nhazi Apache, dezie onye nnabata webụsaịtị wee tinye ntọala ndị a.
• Ịnwekwara ike ịgbakwunye otu ntọala ahụ na mgbọrọgwụ akwụkwọ dị na weebụsaịtị gị na faịlụ .htaccess.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Ọ bụrụ naanị na ị chọrọ ịkọwa ụfọdụ URL iji bugharịa na HTTPS:

RewriteEngine On
RewriteRule ^message$ https://www.etufo.org/message [R=301,L]

• Ọ bụrụ na mmadụ nwaa ịbanye ozi , ibe ahụ ga-awụlikwa elu na https, ndị ọrụ nwere ike ịnweta URL naanị site na iji SSL.

Malitegharịa Apache iji mee ka faịlụ .htaccess nwee mmetụta:

service httpd restart

Cakpachara anya

• Biko gbanwee adreesị ozi-e dị n'elu ka ọ bụrụ adreesị ozi-e nke gị.
• Biko cheta ịgbanwe n'elu website ngalaba aha gị website ngalaba aha.

Esemokwu iwu redirect

N'okpuru iwu pseudo-static, mgbe ị na-etinye iwu redirection jump, ị na-ezutekarị http enweghị ike ibugharị gaa na https Nsogbu ahụ.

Na mbụ, anyị depụtaghachiri koodu redirect n'ime .htaccess na ọ ga-apụta n'ọnọdụ ndị a ▼

• [L] na-egosi na iwu dị ugbu a bụ iwu ikpeazụ, kwụsị nyocha iwu ndị a na-edegharị.
• Yabụ mgbe ị na-abanye na ibe akụkọ ebugharị, [L] kwụsịrị iwu ndị a, yabụ iwu ntụgharị anaghị arụ ọrụ.

Mgbe ị na-eleta homepage http, anyị chọrọ ịkpalite redirection URL, mafe iwu pseudo-static iji mebie iwu ịwụgharị redirection, ka e wee nweta ya.http redirect na saịtị na https .

Etinyela https redirect iwu n'ime [L] N'okpuru iwu, tinye [L] n'elu iwu ▼

Ịgbatịkwu oge:

• Kedu ihe dị iche n'etiti http vs https? Nkọwa zuru ezu nke usoro nzuzo SSL
• Kedu ihe m ga - eme ma ọ bụrụ na enwetara m njehie 500 mgbe ị wụnyechara akwụkwọ ikike Ka anyị Encrypt SSL na ogwe njikwa CWP?
• Na-amali elu na ngalaba aha ọkwa nke abụọ na-akpaghị aka na-enweghị aha ngalaba ngalaba nke elu-elu: mgbọrọgwụ ngalaba aha 301 redirects www.