Ìwé Directory
Bii o ṣe le beere fun Jẹ ki a Encrypt?
Jẹ ki a Encrypt SSL ijẹrisi Ilana & Fifi sori Tutorial
Kini SSL?Chen WeiliangNinu nkan ti tẹlẹ "Kini iyato laarin http vs https? Alaye alaye ti ilana fifi ẹnọ kọ nkan SSL"O ti mẹnuba ninu.
yato siE-iṣowoOju opo wẹẹbu gbọdọ ra ijẹrisi SSL ti o ni ilọsiwaju ati lo oju opo wẹẹbu bi WeChatÀkọsílẹ iroyin igbegatimedia tuntunAwọn eniyan, ti o ba fẹ fi ijẹrisi SSL sori ẹrọ, o le fi ijẹrisi SSL ti paroko sori ẹrọ ni ọfẹ.SEOIranlọwọ, le mu ipo awọn koko-ọrọ aaye ayelujara dara si ni awọn ẹrọ wiwa.
Jẹ ki a Encrypt funrararẹ ti kọ eto awọn ilana kan (https://certbot.eff.org/), loLinuxAwọn ọrẹ, o le tẹle ikẹkọ yii lakoko ti o tọka si ilana naa.
Ṣe igbasilẹ ohun elo certbot-auto ni akọkọ, lẹhinna ṣiṣe awọn igbẹkẹle fifi sori ẹrọ naa.
wget https://dl.eff.org/certbot-auto --no-check-certificate chmod +x ./certbot-auto ./certbot-auto -n
Ṣẹda ijẹrisi SSL
Nigbamii, pẹluChen WeiliangMu orukọ aaye bulọọgi naa gẹgẹbi apẹẹrẹ, jọwọ ṣe atunṣe gẹgẹbi awọn iwulo tirẹ. SSH nṣiṣẹ awọn aṣẹ wọnyi.
Rii daju lati yi aṣẹ pada ni:
- Apoti meeli
- olupin ona
- aaye ayelujara ašẹ orukọ
Liana ẹyọkan, ṣe ipilẹṣẹ ijẹrisi kan:
./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com
Liana ẹyọkan-ọpọlọpọ, ṣe ina ijẹrisi kan: (ie, awọn orukọ agbegbe pupọ, itọsọna ẹyọkan, lo ijẹrisi kanna)
./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com
Ijẹrisi SSL ti ipilẹṣẹ yoo wa ni fipamọ ni:/etc/letsencrypt/live/www.chenweiliang.com/
Labẹ awọn akoonu.
Awọn orukọ agbegbe pupọ ati awọn ilana ilana pupọ, ṣe ipilẹṣẹ ijẹrisi kan: (iyẹn ni, awọn orukọ agbegbe pupọ, awọn ilana ilana pupọ, lo ijẹrisi kanna)
./certbot-auto certonly --email [email protected] --agree-tos --no-eff-email --webroot -w /home/admin/web/chenweiliang.com/public_html -d www.chenweiliang.com -d img.chenweiliang.com -w /home/eloha/public_html/site/etufo.org -d www.etufo.org -d img.etufo.org
Lẹhin ti Jẹ ki ká Encrypt ijẹrisi ti fi sori ẹrọ ni aṣeyọri, ifiranṣẹ kiakia atẹle yoo han ni SSH:
Awọn abawọn pataki:
– Oriire! ijẹrisi rẹ ati chain ti wa ni fipamọ ni:
/etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem
Faili bọtini rẹ ti wa ni ipamọ ni:
/etc/letsencrypt/live/www.chenweiliang.com/privkey.pem
Iwe-ẹri rẹ yoo pari ni 2018-02-26. Lati gba tuntun tabi tweaked
ti ikede yi ijẹrisi ni ojo iwaju, nìkan ṣiṣe certbot-auto
lẹẹkansi Lati ti kii-interactively tunse *gbogbo* ti awọn iwe-ẹri rẹ, ṣiṣe awọn
"certbot-auto isọdọtun"
- Ti o ba fẹ Certbot, jọwọ ronu atilẹyin iṣẹ wa nipasẹ:
Ṣetọrẹ si ISRG / Jẹ ki a Encrypt: https://letsencrypt.org/donate
Ẹbun si EFF: https://eff.org/donate-le
Isọdọtun ijẹrisi SSL
Isọdọtun ijẹrisi tun rọrun pupọ, lilocrontabAtunṣe laifọwọyi.Diẹ ninu Debian ko ni crontab sori ẹrọ, o le fi sii pẹlu ọwọ ni akọkọ.
apt-get install cron
Awọn aṣẹ atẹle wa ni nginx ati apache ni atele / ati be be lo / crontab Aṣẹ ti a tẹ sinu faili tumọ si pe o ti tunse ni gbogbo ọjọ mẹwa 10, ati pe akoko ifọwọsi ọjọ 90 kan to.
Nginx crontab faili, jọwọ fikun:
0 3 */10 * * /root/certbot-auto renew --renew-hook "/etc/init.d/nginx reload"
Faili crontab Apache, jọwọ ṣafikun:
0 3 */10 * * /root/certbot-auto renew --renew-hook "service httpd restart"
SSL ijẹrisi Apache iṣeto ni
Bayi, a nilo lati ṣe awọn ayipada si iṣeto Apache.
Awọn imọran:
- ti o ba loIgbimọ Iṣakoso CWP, ni Fikun-ašẹ orukọ ayẹwo Laifọwọyi ṣe ina ijẹrisi SSL kan, yoo tunto ijẹrisi SSL laifọwọyi fun Apache.
- Ti o ba ṣe diẹ sii ti awọn igbesẹ wọnyi, aṣiṣe le waye lẹhin ti o tun Apache bẹrẹ.
- Ti aṣiṣe ba wa, paarẹ iṣeto ni ti o ṣafikun pẹlu ọwọ.
Ṣatunkọ faili httpd.conf ▼
/usr/local/apache/conf/httpd.conf
Wa ▼
Listen 443
- (yọ nọmba asọye ti iṣaaju kuro #)
tabi fi kun ibudo 443 ▼
Listen 443
SSH ṣayẹwo ibudo gbigbọ Apache ▼
grep ^Listen /usr/local/apache/conf/httpd.conf
Wa ▼
mod_ssl
- (yọ nọmba asọye ti iṣaaju kuro #)
tabi fi kun ▼
LoadModule ssl_module modules/mod_ssl.so
Wa ▼
httpd-ssl
- (yọ nọmba asọye ti iṣaaju kuro #)
Lẹhinna, SSH ṣiṣẹ pipaṣẹ atẹle (akọsilẹ lati yi ọna pada si tirẹ):
at >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3 SSLProxyProtocol all -SSLv2 -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex "file:/usr/local/apache/logs/ssl_mutex" EOF
Nigbamii, ni ipari iṣeto Apache fun oju opo wẹẹbu ti o ṣẹdalabẹ.
Ṣafikun faili iṣeto ni apakan SSL (akọsilẹ lati yọ asọye kuro, ki o yi ọna pada si tirẹ):
<VirtualHost *:443> DocumentRoot /home/admin/web/chenweiliang.com/public_html //网站目录 ServerName www.chenweiliang.com:443 //域名 ServerAdmin [email protected] //邮箱 ErrorLog "/var/log/www.chenweiliang.com-error_log" //错误日志 CustomLog "/var/log/www.chenweiliang.com-access_log" common //访问日志 SSLEngine on SSLCertificateFile /etc/letsencrypt/live/www.chenweiliang.com/fullchain.pem //之前生成的证书 SSLCertificateKeyFile /etc/letsencrypt/live/www.chenweiliang.com/privkey.pem //之前生成的密钥 <Directory "/home/admin/web/chenweiliang.com/public_html"> //网站目录 SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All suPHP_UserGroup eloha eloha //用户组(有些服务器配置需要,有些可能不需要,出错请删除此行) Order allow,deny Allow from all DirectoryIndex index.html index.phps </Directory> </VirtualHost>
Níkẹyìn tun Apache bẹrẹ lori rẹ:
service httpd restart
Apache ipa HTTP àtúnjúwe si HTTPS
- Ọpọlọpọ awọn ibeere wẹẹbu le nigbagbogbo ṣiṣẹ pẹlu SSL nikan.
- A nilo lati rii daju pe ni gbogbo igba ti a lo SSL, oju opo wẹẹbu gbọdọ wa ni iwọle nipasẹ SSL.
- Ti olumulo eyikeyi ba gbiyanju lati wọle si oju opo wẹẹbu pẹlu URL ti kii ṣe SSL, o gbọdọ darí si oju opo wẹẹbu SSL.
- Ṣe àtúnjúwe si SSL URL nipa lilo Apache mod_rewrite module.
- Iru bii lilo ohun elo fifi sori titẹ-ọkan LAMP, fifi sori ẹrọ laifọwọyi ti ijẹrisi SSL ati itusilẹ fi agbara mu si HTTPS, atunṣe si HTTPSPelu agbara, o ko nilo lati ṣafikun HTTPS àtúnjúwe.
Fi àtúnjúwe ofin
- Ninu faili iṣeto Apache, ṣatunkọ ogun oju opo wẹẹbu naa ki o ṣafikun awọn eto atẹle.
- O tun le ṣafikun awọn eto kanna si gbongbo iwe aṣẹ lori oju opo wẹẹbu rẹ ninu faili .htaccess rẹ.
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Ti o ba kan fẹ pato URL kan lati tun dari si HTTPS:
RewriteEngine On RewriteRule ^message$ https://www.etufo.org/message [R=301,L]
- Ti ẹnikan ba gbiyanju lati wọle si ifiranṣẹ , oju-iwe naa yoo fo si https, ati pe olumulo le wọle si URL nikan pẹlu SSL.
Tun Apache bẹrẹ fun faili .htaccess lati ni ipa:
service httpd restart
Awọn iṣọra
- Jọwọ yi adirẹsi imeeli ti o wa loke pada si adirẹsi imeeli rẹ.
- Jọwọ ranti lati yi orukọ ìkápá oju opo wẹẹbu ti o wa loke pada si orukọ ìkápá oju opo wẹẹbu rẹ.
Atunṣe ofin ipo isoro
Labẹ awọn ofin pseudo-aimi, nigbati o ba gbe awọn ofin fo redirection, o maa pade http ko le darí si https Iṣoro naa.
Ni ibẹrẹ a daakọ koodu atunṣe sinu .htaccess ati pe yoo han ni awọn iṣẹlẹ wọnyi ▼
- [L] tọkasi pe ofin lọwọlọwọ jẹ ofin ti o kẹhin, dawọ gbeyewo awọn ofin atunko atẹle wọnyi.
- Nitorinaa nigbati o ba wọle si oju-iwe nkan ti a darí, [L] da ofin atẹle duro, nitorinaa ofin atunṣe ko ṣiṣẹ.
Nigbati o ba n ṣabẹwo si oju-ile http, a fẹ lati ṣe okunfa atunṣe URL kan, fo ofin pseudo-static lati ṣiṣẹ ofin fo atunṣe, ki o le ṣee ṣe.Oju opo wẹẹbu http darí si https ,
Maṣe fi awọn ofin atunṣe https sinu L Ni isalẹ awọn ofin, fi L loke awọn ofin ▼
Siwaju sii kika:
- Kini iyato laarin http vs https? Alaye alaye ti ilana fifi ẹnọ kọ nkan SSL
- Kini MO le ṣe ti MO ba gba aṣiṣe 500 lẹhin fifi sii Jẹ ki a Encrypt SSL ijẹrisi ni igbimọ iṣakoso CWP?
- Fofo ni aifọwọyi si orukọ-ašẹ ipele-keji laisi orukọ ašẹ oke-ipele www: orukọ ašẹ root 301 awọn atunṣe www.
Ireti Chen Weiliang Blog ( https://www.chenweiliang.com/ ) pín "Bawo ni a ṣe le lo fun Let's encrypt? Jẹ ki a Encrypt SSL Free Certificate Principle & Installing Tutorial ", eyi ti o ṣe iranlọwọ fun ọ.
Kaabo lati pin ọna asopọ ti nkan yii:https://www.chenweiliang.com/cwl-512.html
Kaabọ si ikanni Telegram ti bulọọgi Chen Weiliang lati gba awọn imudojuiwọn tuntun!
📚 Itọsọna yii ni iye nla, 🌟Eyi jẹ aye to ṣọwọn, maṣe padanu rẹ! ⏰⌛💨
Pin ati fẹran ti o ba fẹ!
Pinpin rẹ ati awọn ayanfẹ jẹ iwuri wa lemọlemọfún!