Isalathiso senqaku
VestaCP Iphaneli yolawulo ilula kwaye kulula ukuyisebenzisa:
Faka iphaneli yokulawula yeVestaCP, onokuqonda umsebenzi wokhuseleko wokufaka ngokuzenzekelayo isiqinisekiso se-Let Encrypt SSL, ngoko sithandwa phakathi kwamazwe angaphandle.seoAbasebenzi bamkelekile.
Yintoni iLet's Encrypting?
Masi Fihla ligunya lesatifikethi se-SSL elaphehlelelwa ngoAprili 2016, 4.
- Ibonelela simahla izatifikethi ze-X.509 zoKhuseleko loMaleko wezoThutho (TLS) kufihlo ngenkqubo ezenzekelayo,
- Yenzelwe ukuphelisa ukwenziwa kwencwadi yangoku, ukuqinisekiswa, ukusayina, ukufakela kunye nohlaziyo lwezatifikethi kwiiwebhusayithi ezikhuselekileyo.
Iphepha lokungena lephaneli yokulawula yeVestaCP lisebenzisa i-port 8083.
Yintoni izibuko 8083?
- I-8083 liphepha lommeleli kunye nokukhuphela ifayile yefayile, kwaye lizibuko elinengqiqo.
- Kwitekhnoloji yenethiwekhi, amazibuko abandakanya amazibuko abonakalayo kunye namazibuko anengqondo.
Umahluko phakathi kwamazibuko abonakalayo kunye namazibuko anengqondo
- Izibuko ezibonakalayo zibhekisela kumachweba akhoyo ngokwenene, njengeemodem ze-ADSL, ii-hubs, iiswitshi, kunye neerotha eziqhagamshelwe kwezinye izixhobo zenethiwekhi ezifana ne-RJ-45 port, i-SC port, njl.
- Izibuko eliqiqileyo lizibuko elahlula iinkonzo ngentsingiselo ebhadlileyo, njengezibuko lenkonzo kwiprotocol yeTCP/IP. Uluhlu lwenombolo ye-port yi-0 ukuya kwi-65535.
Nangona kunjalo, okwangoku, akukho satifikethi sokhuseleko se-SSL esiboniswa kwizibuko 8083 kwiphaneli yolawulo yeVestaCP ngokungagqibekanga...
Ngoko, kwiFaka iphaneli yeVestaCPNgasemva,ugoogle ChromeUmyalezo onje uya kuvela:
- Umdibaniso wakho awukho bucala
- Abahlaseli banokuzama ukuba iinkcukacha zakho (ezifana namagama ayimfihlo, unxibelelwano, okanye iinkcukacha zekhadi lokuthenga ngetyala).
Iphaneli yokungena yeVesta yenza ukuba i-https
Isiqendu 1:Ngena kwiphaneli yolawulo yeVestaCP
Sebenzisa igama lomamkeli kunye nezibuko 8083 ▼
http:// 你的域名:8083/
Isiqendu 2: Ngena kwinkonzo yeWEBHU yeVestaCP
Fumana igama lenginginya yeseva yakho kwaye ucofe HLELA ▼
Isiqendu 3:Fumana kwaye ujonge i-SSL kwaye Masifihle
"Vumela i-SSL (iNkxaso ye-SSL)", "Sebenzisa i-Let Encrypt (Masibethele iNkxaso)" ▼
- Emva koko cofa Gcina (umlawuli ucofa Gcina kwaye ulinde malunga nemizuzu emihlanu phambi kokuba ujonge isicelo sesatifikethi se-SSL)
Isiqendu 4:Fumana indawo yogcino lwesatifikethi sokhuseleko esithi Masi Fihla
Masibhale ngokuntsonkothileyo sigcina izatifikethi zayo ze-SSL /home/username/conf/web/
kwindawo.
Nceda udwelise iindawo zabo ▼
/home/username/conf/web/ssl.website.crt /home/username/conf/web/ssl.website.key
Iphaneli yokulawula yeVestaCP, igcina igama lomamkeli wesatifikethi se-SSL ▼
/usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate.key
Ke ngoko, kufuneka siqale sithiye kwakhona ifayile yesatifikethi yeVestaCP endala kumbhalo othile we-dummy,
Ukuze iVestaCP ingabi sazisebenzisa, emva koko udibanise iifayile.
Nceda ulandele la manyathelo angezantsi ukuze ufunde ukwenza oku.
Isiqendu 5:SSH kwiseva yakho
Ngenisa le miyalelo mi-2 ukuze uthiye ngokutsha ifayile endala ▼
mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/unusablecer.crt mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/unusablecer.key
- Ukuba le misebenzi ilandelayo ayinakusebenza kwaye ikhonkco le-SSL liyasilela kwaye iwebhusayithi ayinakuvulwa, tshintsha nje ifayile ye-SSL "into engasetyenziswanga"Igama, tshintshela kwigama langaphambili"isiqinisekiso", akukho mfuneko yokuchitha ixesha lokubuyisela ipaneli yeVestaCP.
Isiqendu 6:Yenza ikhonkco lokomfuziselo ukwalatha ikhonkco elitsha lomfuziselo
Nceda buyisela igama lakho lomsebenzisi, njenge:admin
intando chenweiliang.com Faka endaweni yegama lenginginya (FQDN) yeseva yakho yeVPS ▼
ln -s /home/admin/conf/web/ssl.chenweiliang.com.crt /usr/local/vesta/ssl/certificate.crt ln -s /home/admin/conf/web/ssl.chenweiliang.com.key /usr/local/vesta/ssl/certificate.key
Isiqendu 7:Qala kwakhona iVestaCP
service vesta restart
Isiqendu 8:cima i-cache yesikhangeli
Emva koko, zama ukungena kwakhona kwiphaneli yokulawula yeVestaCP usebenzisa i-port 8083.
- Ngoku i-SSL yakho kwi-port 8083 ikhuselekile!
Iimvume ezaphukileyo isisombululo
Ukulungisa iimvume ezaphukileyo, ngenisa lo myalelo ulandelayo ▼
- intando your.adminpanel.com Faka endaweni ye-URL yeVestaCP yakho yolawulo lwekhonsoli.
chgrp mail ssl.your.adminpanel.com.key chmod 660 ssl.your.adminpanel.com.key chgrp mail ssl.your.adminpanel.com.crt chmod 660 ssl.your.adminpanel.com.crt
Oku ngasentla yindlela yokwenza isatifikethi se-SSL kwi-VestaCP backend.
Ulinyanzela njani igama lesizinda ukuba lisebenzise isatifikethi se-SSL se-https?
Inyathelo 1:Faka ithempleyithi yenginx yesiko ▼
cd /usr/local/vesta/data/templates/web wget http://c.vestacp.com/0.9.8/rhel/force-https/nginx.tar.gz tar -xzvf nginx.tar.gz rm -f nginx.tar.gz
Isiqendu 2:Cwangcisa itemplate yommeli ukunyanzela-https
- Yenza isicwangciso esitsha esingagqibekanga, okanye usete amandla-https njenge template yeproxy ye-Nginx kwisicwangciso esikhoyo esingagqibekanga.
- Xa usongeza abasebenzisi abatsha, ungasebenzisa i-force-https template ukunika imvume kubasebenzisi kwisicwangciso sokuseta.
I-HTTP iphinda iqondise ngokuzenzekelayo kwi-HTTPS
I-VestaCP iphinda iqondise njani i-HTTP kwi-HTTPS isebenzisa i-htaccess?
Ngaba ufuna ukuhambisa iwebhusayithi yakho ngokuzenzekelayo kwinguqulelo ekhuselekileyo (HTTPS) yewebhusayithi yakho efihliweyo?
Kwifayile ye.htaccess, yongeza le 301 ilandelayo yokuqondisa kwakhona isivakalisi ▼
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
- U-“L” ku- [R, L] ngasentla uthetha ukuGqibela (kokugqibela) Ukuba ezinye izivakalisi nazo zinalo L, i-http ayisayi kuphinda iqondiswe ku-https.
- Ke ngoko, kuyacetyiswa ukuba ubeke i-syntax yokuqondisa kwakhona i-http301 ukuya kwi-https phezulu (phambi kwezinye iisyntax).
Ukuba ufuna ukongeza iziqinisekiso ze-SSL ezikhuselekileyo kwamanye amagama edomeyini kwindawo yolawulo yeVestaCP, nceda ujonge esi sifundo ▼
Ndiyathemba Chen Weiliang Blog ( https://www.chenweiliang.com/ ) kwabelwana "i-VestaCP backend port 8083 https ayisebenzi?" Isifundo sokuFakela iSatifikethi se-SSL" kunokuba luncedo kuwe.
Wamkelekile ukwabelana ngekhonkco leli nqaku:https://www.chenweiliang.com/cwl-705.html
Wamkelekile kwisitishi seTelegram sebhlog kaChen Weiliang ukufumana uhlaziyo lwamva nje!
📚 Esi sikhokelo sinexabiso elikhulu, 🌟Eli lithuba elinqabileyo, ungaliphoswa! ⏰⌛💨
Yabelana kwaye uthanda ukuba uyathanda!
Ukwabelana kwakho kunye nezinto ozithandayo ziyinkuthazo yethu eqhubekayo!