VestaCP yangasemva 8083 port https ayisebenzi?Faka iSifundo seSatifikethi se-SSL

VestaCP Iphaneli yolawulo ilula kwaye kulula ukuyisebenzisa: Faka iphaneli yokulawula yeVestaCP, onokuqonda umsebenzi wokhuseleko wokufaka ngokuzenzekelayo isiqinisekiso se-Let Encrypt SSL, ngoko sithandwa phakathi kwamazwe angaphandle.seoAbasebenzi bamkelekile.

Yintoni iLet's Encrypting?

Masi Fihla ligunya lesatifikethi se-SSL elaphehlelelwa ngoAprili 2016, 4.

• Ibonelela simahla izatifikethi ze-X.509 zoKhuseleko loMaleko wezoThutho (TLS) kufihlo ngenkqubo ezenzekelayo,
• Yenzelwe ukuphelisa ukwenziwa kwencwadi yangoku, ukuqinisekiswa, ukusayina, ukufakela kunye nohlaziyo lwezatifikethi kwiiwebhusayithi ezikhuselekileyo.

Iphepha lokungena lephaneli yokulawula yeVestaCP lisebenzisa i-port 8083.

Yintoni izibuko 8083?

• I-8083 liphepha lommeleli kunye nokukhuphela ifayile yefayile, kwaye lizibuko elinengqiqo.
• Kwitekhnoloji yenethiwekhi, amazibuko abandakanya amazibuko abonakalayo kunye namazibuko anengqondo.

Umahluko phakathi kwamazibuko abonakalayo kunye namazibuko anengqondo

• Izibuko ezibonakalayo zibhekisela kumachweba akhoyo ngokwenene, njengeemodem ze-ADSL, ii-hubs, iiswitshi, kunye neerotha eziqhagamshelwe kwezinye izixhobo zenethiwekhi ezifana ne-RJ-45 port, i-SC port, njl.
• Izibuko eliqiqileyo lizibuko elahlula iinkonzo ngentsingiselo ebhadlileyo, njengezibuko lenkonzo kwiprotocol yeTCP/IP. Uluhlu lwenombolo ye-port yi-0 ukuya kwi-65535.

Nangona kunjalo, okwangoku, akukho satifikethi sokhuseleko se-SSL esiboniswa kwizibuko 8083 kwiphaneli yolawulo yeVestaCP ngokungagqibekanga...

Ngoko, kwiFaka iphaneli yeVestaCPNgasemva,ugoogle ChromeUmyalezo onje uya kuvela:

Iphaneli yokungena yeVesta yenza ukuba i-https

Isiqendu 1:Ngena kwiphaneli yolawulo yeVestaCP usebenzisa igama lomninimzi kunye ne-port 8083 ▼

http:// 你的域名:8083/

Isiqendu 2: Ngenisa inkonzo yeWEBHU yeVestaCP ukufumana igama leseva yakho, emva koko ucofe HLELA ▼

Isiqendu 3:Fumana kwaye ujonge i-SSL kwaye masibhale i-encrypt "Vumela i-SSL (iNkxaso ye-SSL)" kwaye "Sebenzisa iSifihlo (Masibethele iNkxaso)" ▼

• Emva koko cofa Gcina (umlawuli ucofa Gcina kwaye ulinde malunga nemizuzu emihlanu phambi kokuba ujonge isicelo sesatifikethi se-SSL)

Isiqendu 4:Fumana Masifihle indawo yokugcina isatifikethi ekhuselekileyo /home/username/conf/web/ kwindawo. Nceda udwelise iindawo zabo ▼

/home/username/conf/web/ssl.website.crt
/home/username/conf/web/ssl.website.key

Iphaneli yokulawula yeVestaCP, igcina igama lomamkeli wesatifikethi se-SSL ▼

/usr/local/vesta/ssl/certificate.crt
/usr/local/vesta/ssl/certificate.key

Ke ngoko, kufuneka siqale sithiye kwakhona iifayile zesatifikethi zakudala zeVestaCP kumbhalo othile we-dummy ukuze iVestaCP ingasayi kuphinda izisebenzise, ​​kwaye emva koko idibanise ezi fayile. Nceda ulandele la manyathelo angezantsi ukuze ufunde ukwenza oku.

Isiqendu 5:SSH kwiseva yakho kwaye ungenise le miyalelo mi-2 ukuze uthiye ngokutsha ifayile endala ▼

mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/unusablecer.crt
mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/unusablecer.key

• Ukuba le misebenzi ilandelayo ayinakusebenza kwaye ikhonkco le-SSL liyasilela kwaye iwebhusayithi ayinakuvulwa, tshintsha nje ifayile ye-SSL "into engasetyenziswanga"Igama, tshintshela kwigama langaphambili"isiqinisekiso", akukho mfuneko yokuchitha ixesha lokubuyisela ipaneli yeVestaCP.

Isiqendu 6:Yenza ikhonkco lomfuziselo ukwalatha ikhonkco elitsha lomfuziselo Nceda buyisela igama lakho lomsebenzisi, elifana:admin intando chenweiliang.com Faka endaweni yegama lenginginya (FQDN) yeseva yakho yeVPS ▼

ln -s /home/admin/conf/web/ssl.chenweiliang.com.crt /usr/local/vesta/ssl/certificate.crt
ln -s /home/admin/conf/web/ssl.chenweiliang.com.key /usr/local/vesta/ssl/certificate.key

Isiqendu 7:Qala kwakhona iVestaCP

service vesta restart

Isiqendu 8:Cima i-cache yesiphequluli sakho kwaye uzame ukungena kwipaneli yokulawula yeVestaCP kwakhona usebenzisa i-port 8083.

• Ngoku i-SSL yakho kwi-port 8083 ikhuselekile!

Iimvume ezaphukileyo isisombululo

Ukulungisa iimvume ezaphukileyo, ngenisa lo myalelo ulandelayo ▼

• intando yakho.adminpanel.com Faka endaweni ye-URL yeVestaCP yakho yolawulo lwekhonsoli.

chgrp mail ssl.your.adminpanel.com.key
chmod 660 ssl.your.adminpanel.com.key
chgrp mail ssl.your.adminpanel.com.crt
chmod 660 ssl.your.adminpanel.com.crt

Oku ngasentla yindlela yokwenza isatifikethi se-SSL kwi-VestaCP backend.

Ulinyanzela njani igama lesizinda ukuba lisebenzise isatifikethi se-SSL se-https?

Inyathelo 1:Faka ithempleyithi yenginx yesiko ▼

cd /usr/local/vesta/data/templates/web
wget http://c.vestacp.com/0.9.8/rhel/force-https/nginx.tar.gz
tar -xzvf nginx.tar.gz
rm -f nginx.tar.gz

Isiqendu 2:Cwangcisa itemplate yommeli ukunyanzela-https

• Yenza isicwangciso esitsha esingagqibekanga, okanye usete amandla-https njenge template yeproxy ye-Nginx kwisicwangciso esikhoyo esingagqibekanga.
• Xa usongeza abasebenzisi abatsha, ungasebenzisa i-force-https template ukunika imvume kubasebenzisi kwisicwangciso sokuseta.

I-HTTP iphinda iqondise ngokuzenzekelayo kwi-HTTPS

I-VestaCP iphinda iqondise njani i-HTTP kwi-HTTPS isebenzisa i-htaccess? Ngaba ufuna ukuhambisa iwebhusayithi yakho ngokuzenzekelayo kwinguqulelo ekhuselekileyo (HTTPS) yewebhusayithi yakho efihliweyo?

Kwifayile ye.htaccess, yongeza le 301 ilandelayo yokuqondisa kwakhona isivakalisi ▼

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

• U-“L” ku- [R, L] ngasentla uthetha ukuGqibela (kokugqibela) Ukuba ezinye izivakalisi nazo zinalo L, i-http ayisayi kuphinda iqondiswe ku-https.
• Ke ngoko, kuyacetyiswa ukuba ubeke i-syntax yokuqondisa kwakhona i-http301 ukuya kwi-https phezulu (phambi kwezinye iisyntax).

Ukuba ufuna ukongeza iziqinisekiso ze-SSL ezikhuselekileyo kwamanye amagama edomeyini kwindawo yolawulo yeVestaCP, nceda ujonge esi sifundo ▼

🔗Uyisebenzisa njani ipaneli yeVestaCP? Faka i-Post Office/Yongeza iiDomain ezininzi kunye noLawulo lweeFayile