Tuhinga Tuhinga
Me pehea te tono mo Let's Encrypt?
Kia Whakamuna te Tikanga Tiwhikete SSL me te Akoranga Whakataunga
He aha te SSL?Ko Chen WeiliangI roto i te tuhinga o mua "He aha te rereketanga i waenga i te http me te https? He whakamaramatanga mo te tukanga whakamunatanga SSL"Kua whakahuahia i roto.
Tuhinga ka whai maiE-tauhokohokoMe hoko te paetukutuku i tetahi tiwhikete SSL whakamunatia matatau me te whakamahi i te paetukutuku hei WeChatTe whakatairanga kaute a te iwiTuhinga o muapāpāho houE te iwi, ki te hiahia koe ki te whakauru i tetahi tiwhikete SSL, ka taea e koe te whakauru i tetahi tiwhikete SSL whakamunatia mo te kore utu.SEOHe awhina, ka taea te whakapai ake i te rangatira o nga kupu matua paetukutuku i roto i nga miihini rapu.
Kua tuhia e tatou a Whakamuna he huinga tukanga (https://certbot.eff.org/), whakamahiLinuxe hoa ma, ka taea e koe te whai i tenei akoranga i te wa e korero ana koe ki te mahi.
Tangohia te taputapu certbot-auto i te tuatahi, katahi ka whakahaere i nga whakawhirinakitanga whakaurunga o te taputapu.
wget https://dl.eff.org/certbot-auto --no-check-certificate chmod +x ./certbot-auto ./certbot-auto -n
Hanga tiwhikete SSL
Whai muri, meKo Chen WeiliangTangohia te ingoa rohe rangitaki hei tauira, tena koa whakarereketia kia rite ki o hiahia. Ka whakahaerehia e SSH nga whakahau e whai ake nei.
Kia mahara ki te whakarereke i te tono:
- Pouakaeta
- ara tūmau
- ingoa rohe paetukutuku
Takitaki rohe kotahi, whakaputa tiwhikete:
./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com
Whaiaronga rohe-maha kotahi, hangaia he tiwhikete: (ara, ingoa rohe maha, whaiaronga kotahi, whakamahia te tiwhikete kotahi)
./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com
Ka tiakina te tiwhikete SSL i hangaia ki:/etc/letsencrypt/live/www.chenweiliang.com/
I raro i nga korero.
He maha nga ingoa rohe me nga raarangi maha, hangaia he tiwhikete: (ara, ingoa rohe maha, raarangi maha, whakamahia te tiwhikete kotahi)
./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com -w /home/eloha/public_html/site/etufo.org -d www.etufo.org -d img.etufo.org
I muri i te whakaurunga pai o te Tiwhikete Whakamuna Tatou, ka puta te karere tere e whai ake nei ki SSH:
NGĀ WHAKAMAHI MANA'O:
– Kia ora to tiwhikete me te chain kua tiakina ki:
/etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem
Kua tiakina to kōnae matua ki:
/etc/letsencrypt/live/www.chenweiliang.com/privkey.pem
Ka pau to tiwhikete a te 2018-02-26. Ki te whiwhi i tetahi mea hou, kua takawiri ranei
putanga o tenei tiwhikete a meake nei, whakahaere noa certbot-auto
Ki te whakahou kore-tauwhitiwhiti *katoa* o o tiwhikete, rere
"certbot-aunoa whakahou"
- Mena he pai ki a koe a Certbot, me whakaaro ki te tautoko i a maatau mahi ma:
Koha ki te ISRG / Kia Whakamuna: https://letsencrypt.org/donate
Te tuku ki te EFF: https://eff.org/donate-le
Whakahoutanga Tiwhikete SSL
Ko te whakahou Tiwhikete he tino watea hoki, ma te whakamahicrontabWhakahou-aunoa.Ko etahi o Debian kaore he crontab i whakauruhia, ka taea e koe te whakauru ma te ringa tuatahi.
apt-get install cron
Ko nga whakahau e whai ake nei kei te nginx me te apache / etc / crontab Ko te whakahau i whakauruhia ki roto i te konae ko te tikanga ka whakahoutia ia 10 nga ra, a ka ranea te 90-ra te wa mana.
Nginx crontab kōnae, tēnā tāpirihia:
0 3 */10 * * /root/certbot-auto renew --renew-hook "/etc/init.d/nginx reload"
Kōnae Apache crontab, tāpirihia koa:
0 3 */10 * * /root/certbot-auto renew --renew-hook "service httpd restart"
Tiwhikete SSL whirihoranga Apache
Inaianei, me whakarereke tatou ki te whirihoranga Apache.
Tips:
- ki te whakamahi koePaewhiri Mana CWP, i roto i te Tāpiri ingoa rohe taki Whakaputa aunoa i te tiwhikete SSL, ka whirihora aunoa i te tiwhikete SSL mo Apache.
- Mena ka mahia e koe etahi atu waahanga e whai ake nei, ka puta he hapa i muri i te whakaara ano i a Apache.
- Mena he hapa, mukua te whirihoranga i tapiritia e koe ma te ringa.
Whakatikaina te kōnae httpd.conf ▼
/usr/local/apache/conf/httpd.conf
Kimihia ▼
Listen 443
- (tangohia te nama korero o mua #)
tāpirihia rānei te tauranga whakarongo 443 ▼
Listen 443
SSH tirohia te tauranga whakarongo a Apache ▼
grep ^Listen /usr/local/apache/conf/httpd.conf
Kimihia ▼
mod_ssl
- (tangohia te nama korero o mua #)
tāpiri ranei ▼
LoadModule ssl_module modules/mod_ssl.so
Kimihia ▼
httpd-ssl
- (tangohia te nama korero o mua #)
Na, mahia e te SSH te whakahau e whai ake nei (tohu kia huri te ara ki a koe ake):
at >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3 SSLProxyProtocol all -SSLv2 -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex "file:/usr/local/apache/logs/ssl_mutex" EOF
I muri mai, i te mutunga o te whirihoranga Apache mo te paetukutuku i hanga e koei raro.
Taapirihia te konae whirihoranga o te waahanga SSL (tohua hei tango i te korero, ka huri i te huarahi ki a koe ake):
<VirtualHost *:443> DocumentRoot /home/admin/web/chenweiliang.com/public_html //网站目录 ServerName www.chenweiliang.com:443 //域名 ServerAdmin [email protected] //邮箱 ErrorLog "/var/log/www.chenweiliang.com-error_log" //错误日志 CustomLog "/var/log/www.chenweiliang.com-access_log" common //访问日志 SSLEngine on SSLCertificateFile /etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem //之前生成的证书 SSLCertificateKeyFile /etc/letsencrypt/live/www.chenweiliang.com/privkey.pem //之前生成的密钥 <Directory "/home/admin/web/chenweiliang.com/public_html"> //网站目录 SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All suPHP_UserGroup eloha eloha //用户组(有些服务器配置需要,有些可能不需要,出错请删除此行) Order allow,deny Allow from all DirectoryIndex index.html index.phps </Directory> </VirtualHost>
Ka mutu ka whakaara ano a Apache ki runga:
service httpd restart
Ka kaha a Apache ki te whakawhiti HTTP ki HTTPS
- He maha nga tono tukutuku ka taea anake te whakahaere me te SSL.
- Me mohio tatou i nga wa katoa ka whakamahi tatou i te SSL, me uru te paetukutuku ma te SSL.
- Mena ka ngana tetahi kaiwhakamahi ki te uru atu ki te paetukutuku me te URL kore-SSL, me tukuna atu ia ki te paetukutuku SSL.
- Tukuna ki SSL URL ma te whakamahi i te Apache mod_rewrite module.
- Mēnā ka whakamahi koe i te mōkihi tāutanga paato-kotahi o te LAMP, te whakaurunga aunoa o te tiwhikete SSL me te huri ano ki te HTTPS, te hurihanga ki te HTTPS.Kei te kaha, kaore koe e hiahia ki te taapiri i te HTTPS anga whakamua.
Tāpiri ture anga whakamua
- I roto i te konae whirihoranga a Apache, whakatikahia te kaihautu mariko o te paetukutuku me te taapiri i nga tautuhinga e whai ake nei.
- Ka taea hoki e koe te taapiri i nga tautuhinga rite ki te pakiaka tuhinga i to paetukutuku i roto i to konae .htaccess.
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Mena kei te hiahia koe ki te tautuhi i tetahi URL hei tuku ki te HTTPS:
RewriteEngine On RewriteRule ^message$ https://www.etufo.org/message [R=301,L]
- Mena ka ngana tetahi ki te uru karere , ka peke te wharangi ki https, ka taea e te kaiwhakamahi te uru ki te URL me SSL anake.
Tīmataria anō a Apache kia whai mana te kōnae .htaccess:
service httpd restart
Nga Whakatakarotanga
- Tena koa hurihia te wahitau imeera i runga ake nei ki to wahitau imeera.
- Kia mahara ki te huri i te ingoa rohe paetukutuku i runga ake nei ki to ingoa rohe paetukutuku.
Anō te raruraru tauwāhi ture
I raro i nga ture pseudo-static, i te wa e whakatakoto ana i nga ture peke whakahuri, ka tupono koe Kaore e taea e http te anga ki https Te raru.
I te tuatahi i kapea e matou te waehere anga ki .htaccess ka puta mai i nga keehi e whai ake nei ▼
- E tohu ana [L] ko te ture o naianei te ture whakamutunga, kati te tātari i nga ture tuhi ano e whai ake nei.
- No reira ka uru atu koe ki te wharangi tuhinga kua tukuna ano, ka whakamutua e [L] te ture e whai ake nei, no reira karekau te ture anga atu e mahi.
Ina toro ana matou ki te wharangi wharangi http, ka hiahia matou ki te whakaoho i te hurihanga URL, pekehia te ture pseudo-static ki te mahia te ture peke whakahuri, kia taea aiPae-whānui http anga ki https .
Kaua e whakaurua nga ture whakatika https [L] Ki raro i nga ture, tuu [L] kei runga ake i nga ture ▼
Pānuitanga roa:
- He aha te rereketanga i waenga i te http me te https? He whakamaramatanga mo te tukanga whakamunatanga SSL
- Me aha ahau ki te whiwhi ahau i te hapa 500 i muri i te whakauru i te Tiwhikete Whakamuna SSL i roto i te paewhiri mana CWP?
- Peke aunoa ki te ingoa rohe taumata tuarua kaore he www te ingoa rohe taumata-runga: ka anga te ingoa rohe pakiaka 301 www
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) shared "Me pehea te tono mo Let's Encrypt? Let's Encrypt SSL Free Certificate Principle & Installation Tutorial", he pai ki a koe.
Nau mai ki te tohatoha i te hono o tenei tuhinga:https://www.chenweiliang.com/cwl-512.html
Nau mai ki te hongere Telegram o te blog a Chen Weiliang ki te tiki i nga korero hou!
📚 He uara nui tenei aratohu, 🌟He waahi onge tenei, kaua e ngaro! ⏰⌛💨
Tohaina me te pai ki te pai koe!
Ko to tiritiri me o hiahia ko to maatau hihiri tonu!