Chinyorwa Directory
Nzira yekushandisa sei Let's Encrypt?
Ngativei Chete SSL Chitupa Nheyo & Kuisa Tutorial
Chii chinonzi SSL?Chen WeiliangMunyaya yapfuura "Ndeupi musiyano pakati pe http vs https? Tsananguro yakadzama yeSSL encryption process"Inotaurwa mu.
kunze kwaizvozvoE-commerceIyo webhusaiti inofanirwa kutenga yakavharidzirwa SSL chitupa uye kushandisa webhusaiti seWeChatPublic account promotionofmidhiya mitsvaVanhu, kana iwe uchida kuisa SSL chitupa, unogona chaizvo kuisa encrypted SSL chitupa mahara.SEOInobatsira, inogona kuvandudza chiyero chemazwi ewebhusaiti mumajini ekutsvaga.
Let's Encrypt pachayo yakanyora seti yemaitiro (https://certbot.eff.org/), kushandisaLinuxshamwari, unogona kutevera chidzidzo ichi uchireva maitiro.
Dhawunirodha certbot-auto chishandiso kutanga, wobva wamhanyisa kuisirwa kwechishandiso.
wget https://dl.eff.org/certbot-auto --no-check-certificate chmod +x ./certbot-auto ./certbot-auto -n
Gadzira SSL chitupa
Tevere, neChen WeiliangTora zita rezita reblog semuenzaniso, ndapota rigadzirise zvinoenderana nezvaunoda SSH inoshandisa mirairo inotevera.
Iva nechokwadi chekugadzirisa murairo mu:
- Emailbox
- server nzira
- website domain name
Single domain single directory, gadzira chitupa:
./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com
Multi-domain single dhairekitori, gadzira chitupa: (kureva, akawanda mazita edura, rimwe dhairekitori, shandisa chitupa chimwe chete)
./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com
Iyo yakagadzirwa SSL chitupa ichachengetwa mu:/etc/letsencrypt/live/www.chenweiliang.com/
Pasi pezviri mukati.
Mazita akawanda edomasi uye akawanda madhairekitori, gadzira chitupa: (ndiko kuti, akawanda mazita edomasi, akawanda madhairekitori, shandisa chitupa chimwe chete)
./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com -w /home/eloha/public_html/site/etufo.org -d www.etufo.org -d img.etufo.org
Mushure mekunge Let's Encrypt certificate yaiswa zvinobudirira, inotevera meseji yekukurumidza ichaonekwa muSSH:
MAGAZINI ANOKOSHA:
– Makorokoto!Chitupa chako nechain akachengetwa pa:
/etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem
Kiyi yefaira yako yachengetwa pa:
/etc/letsencrypt/live/www.chenweiliang.com/privkey.pem
Chitupa chako chinopera muna 2018-02-26. Kuti uwane chitsva kana kugadzirwa
vhezheni yechitupa ichi mune ramangwana, ingomhanya certbot-auto
zvakare.Kusaita-interactively kuvandudza *zvese* zvitupa zvako, mhanya
"certbot-auto vandudza"
- Kana iwe uchida Certbot, ndapota funga nezvekutsigira basa redu na:
Kupa kune ISRG / Ngatinyorei: https://letsencrypt.org/donate
Kupa kuEFF: https://eff.org/donate-le
SSL Certificate Kuvandudza
Kuvandudzwa kweSitifiketi zvakare kuri nyore kwazvo, kushandisacrontabKuvandudza otomatiki.Imwe Debian haina crontab yakaiswa, unogona kuiisa nemaoko kutanga.
apt-get install cron
Iyo inotevera mirairo iri mu nginx uye apache zvakateerana / etc / crontab Murairo wakapinda mufaira unoreva kuti unovandudzwa mazuva ose e10, uye nguva ye90-yemazuva inokwana.
Nginx crontab faira, ndapota wedzera:
0 3 */10 * * /root/certbot-auto renew --renew-hook "/etc/init.d/nginx reload"
Apache crontab faira, ndapota wedzera:
0 3 */10 * * /root/certbot-auto renew --renew-hook "service httpd restart"
SSL chitupa Apache kumisikidzwa
Zvino, isu tinofanirwa kuita shanduko kune iyo Apache kumisikidzwa.
Mazano:
- kana ukashandisaCWP Control Panel, mune Wedzera zita rezita tarisa Gadzira otomatiki chitupa cheSSL, chinozogadzirisa chitupa cheSSL cheApache.
- Kana iwe ukaita akawanda eanotevera matanho, kukanganisa kunogona kuitika mushure mekutangazve Apache.
- Kana paine chikanganiso, dzima gadziriso yawakawedzera nemaoko.
Rongedza iyo httpd.conf faira ▼
/usr/local/apache/conf/httpd.conf
Tsvaga ▼
Listen 443
- (bvisa nhamba yekutaura yapfuura #)
kana kuwedzera chiteshi chekuteerera 443 ▼
Listen 443
SSH tarisa Apache yekuteerera chiteshi ▼
grep ^Listen /usr/local/apache/conf/httpd.conf
Tsvaga ▼
mod_ssl
- (bvisa nhamba yekutaura yapfuura #)
kana kuwedzera ▼
LoadModule ssl_module modules/mod_ssl.so
Tsvaga ▼
httpd-ssl
- (bvisa nhamba yekutaura yapfuura #)
Zvadaro, SSH ita murairo unotevera (noti kuti uchinje nzira kune yako):
at >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3 SSLProxyProtocol all -SSLv2 -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex "file:/usr/local/apache/logs/ssl_mutex" EOF
Tevere, pakupera kweApache kumisikidzwa yewebhusaiti yawakagadziraunder.
Wedzera iyo faira yekumisikidza yechikamu cheSSL (noti kuti ubvise mhinduro, uye shandura nzira kune yako):
<VirtualHost *:443> DocumentRoot /home/admin/web/chenweiliang.com/public_html //网站目录 ServerName www.chenweiliang.com:443 //域名 ServerAdmin [email protected] //邮箱 ErrorLog "/var/log/www.chenweiliang.com-error_log" //错误日志 CustomLog "/var/log/www.chenweiliang.com-access_log" common //访问日志 SSLEngine on SSLCertificateFile /etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem //之前生成的证书 SSLCertificateKeyFile /etc/letsencrypt/live/www.chenweiliang.com/privkey.pem //之前生成的密钥 <Directory "/home/admin/web/chenweiliang.com/public_html"> //网站目录 SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All suPHP_UserGroup eloha eloha //用户组(有些服务器配置需要,有些可能不需要,出错请删除此行) Order allow,deny Allow from all DirectoryIndex index.html index.phps </Directory> </VirtualHost>
Pakupedzisira tangazve Apache pairi:
service httpd restart
Apache manikidza HTTP kutungamira kuHTTPS
- Zvikumbiro zvakawanda zvewebhu zvinongogara zvichimhanya neSSL.
- Isu tinofanirwa kuve nechokwadi chekuti pese patinoshandisa SSL, webhusaiti inofanirwa kuwanikwa kuburikidza neSSL.
- Kana chero mushandisi akaedza kuwana webhusaiti neiyo isiri-SSL URL, anofanira kuendeswa kune iyo SSL webhusaiti.
- Nangidzira kuSSL URL uchishandisa Apache mod_rewrite module.
- Zvakadai sekushandisa LAMP kamwechete-tinya yekuisa pasuru, yakavakirwa-mukati otomatiki kuisirwa SSL chitupa uye kumanikidzirwa redirection kuHTTPS, redirection kuHTTPS.In force, haufanire kuwedzera HTTPS redirect.
Wedzera redirect mutemo
- MuApache's kumisikidza faira, gadzirisa iyo webhusaiti webhusaiti uye wedzera anotevera marongero.
- Iwe unogonawo kuwedzera zvigadziridzo zvakafanana kumudzi wegwaro pawebsite yako mune yako .htaccess file.
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Kana iwe uchingoda kutsanangura imwe URL yekudzosera kuHTTPS:
RewriteEngine On RewriteRule ^message$ https://www.etufo.org/message [R=301,L]
- Kana mumwe munhu akaedza kuwana mashoko , peji inosvetukira ku https, uye mushandisi anogona chete kuwana iyo URL neSSL.
Tangazve Apache kuti .htaccess file iite basa:
service httpd restart
Kuchenjerera
- Ndokumbirawo shandura email kero iri pamusoro kuita email kero yako.
- Ndokumbira urangarire kushandura zita rewebhusaiti repamusoro kune yako webhusaiti domain zita.
Redirect rule dambudziko renzvimbo
Pasi pemitemo yepseudo-static, kana uchiisa redirection kusvetuka mitemo, iwe unowanzo sangana http haigone kutungamira kune https Dambudziko.
Pakutanga takakopa redirect code mu .htaccess uye ichaonekwa munyaya dzinotevera ▼
- [L] inoratidza kuti mutemo wezvino ndiwo mutemo wekupedzisira, rega kuongorora mitemo inotevera yekunyorazve.
- Saka kana uchiwana iyo yakadzoserwa chinyorwa peji, [L] inomisa unotevera mutemo, saka mutemo wekudzosera haushande.
Pakushanya iyo http peji remba, isu tinoda kukonzeresa URL redirection, svetuka iyo pseudo-static mutemo wekuita redirection kusvetuka mutemo, kuti ugone kuwanikwa.Site-wide http redirect to https .
Usaise https redirect mitemo mukati [L] Pasi pemitemo, isa [L] pamusoro pemitemo ▼
Yakawedzerwa kuverenga:
- Ndeupi musiyano pakati pe http vs https? Tsananguro yakadzama yeSSL encryption process
- Chii chandinofanira kuita kana ndikawana kukanganisa 500 mushure mekuisa iyo Let's Encrypt SSL chitupa muCWP control panel?
- Svetukira otomatiki kune yechipiri-chikamu chezita rezita pasina iyo www yepamusoro-level zita rezita: iyo mudzi domain zita 301 redirects www.
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) yakagoverwa "Maitiro ekunyorera Let's Encrypt? Let's Encrypt SSL Yemahara Certificate Principle & Installation Tutorial", iyo inobatsira kwauri.
Welcome to share link yechinyorwa chino:https://www.chenweiliang.com/cwl-512.html
Tikugashirei kuTeregiramu chiteshi cheChen Weiliang's blog kuti uwane zvichangobva kuitika!
📚 Iri gwara rine kukosha kukuru, 🌟Uyu mukana usingawanzo, usapotsa! ⏰⌛💨
Govera uye like kana uchida!
Kugovera kwako uye kuda ndiko kukurudzira kwedu kunoramba kuripo!