Uhla lwemibhalo ye-athikili
VestaCP Iphaneli yokulawula ilula futhi kulula ukuyisebenzisa:
Faka i-VestaCP Control Panel, engafaka ngokuzenzakalelayo umsebenzi wokuphepha wesitifiketi se-Let's Encrypt SSL, ngakho samukelwe kahle amazwe angaphandle.SEOAbasebenzi bamukelekile.
Kuyini Asibhale Ngemfihlo?
I-Let Encrypt Igunya Lesitifiketi Se-SSL elethulwe ngo-Ephreli 2016, 4.
- Ihlinzeka ngesitifiketi samahhala se-X.509 sokubethela kwe-Transport Layer Security (TLS) ngenqubo ezenzakalelayo,
- Idizayinelwe ukuqeda ukudalwa kwamanje mathupha, ukuqinisekiswa, ukusayina, ukufakwa nokubuyekezwa kwezitifiketi zamawebhusayithi avikelekile.
Ikhasi lokungena lephaneli yokulawula ye-VestaCP, lisebenzisa i-port 8083.
Iyini i-port 8083?
- I-8083 yikhasi lommeleli nembobo yefayela yokulanda, iyimbobo enengqondo.
- Kubuchwepheshe benethiwekhi, izimbobo zihlanganisa izimbobo ezibonakalayo nezimbobo ezinengqondo.
Umehluko phakathi kwe-Physical Port kanye ne-Logical Port
- Izimbobo ezibonakalayo zibhekisela ezimbobeni ezikhona ngempela, njengamamodemu e-ADSL, amahabhu, amaswishi, namarutha axhumeka kwamanye amadivayisi enethiwekhi njengezimbobo ze-RJ-45, izimbobo ze-SC, njll.
- Imbobo enengqondo iyimbobo ehlukanisa izinsizakalo ngencazelo enengqondo, njengezimbobo zesevisi kuphrothokholi ye-TCP/IP.Ibanga lenombolo yechweba lingu-0 kuye ku-65535.
Kodwa-ke, okwamanje i-port 8083 yephaneli yokulawula ye-VestaCP iboniswa ngokuzenzakalelayo ngaphandle kwesitifiketi sokuphepha se-SSL...
Ngakho, kuFaka iphaneli ye-VestaCPEmuva,i-Google ChromeLo mlayezo uzovela:
- Ukuxhumeka kwakho akulona uxhumo oluyimfihlo
- Abahlaseli bangase bazame ukuntshontsha imininingwane yakho (isb. amaphasiwedi, ukuxhumana noma imininingwane yekhadi lesikweletu).
Iphaneli yokungena ye-Vesta yenza i-https
Isinyathelo sesi-1:Ngena ngemvume ku-Admin Panel ye-VestaCP
Sebenzisa igama lomethuleli kanye nembobo 8083 ▼
http:// 你的域名:8083/
Isinyathelo sesi-2: Faka isevisi ye-WEB ye-VestaCP
Thola igama lomethuleli weseva yakho bese uchofoza HLELA ▼
Isinyathelo sesi-3:Thola bese ubeka uphawu ku-SSL futhi Masibethele
"Vumela i-SSL (SSL Support)", "Adopt Let's Encrypt (Asibethele Usekelo)" ▼
- Bese uchofoza u-Londoloza (umlawuli uchofoza Gcina bese ulinda cishe imizuzu emihlanu ukuze ubuke isicelo sesitifiketi se-SSL)
Isinyathelo sesi-4:Thola indawo lapho kugcinwa khona isitifiketi sokuphepha esithi Masibethele
I-Let Encrypt igcina izitifiketi zayo ze-SSL /home/username/conf/web/
endaweni.
Sicela ubhale izindawo zabo ▼
/home/username/conf/web/ssl.website.crt /home/username/conf/web/ssl.website.key
Iphaneli yokulawula ye-VestaCP, gcina isitifiketi sayo se-SSL segama lomethuleli ku-▼
/usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/certificate.key
Ngakho-ke sidinga ukuqamba kabusha ifayela lesitifiketi esidala se-VestaCP komunye umbhalo we-dummy,
Ukuze i-VestaCP ingasabasebenzisi, bese uhlanganisa amafayela.
Landela lezi zinyathelo ezingezansi ukuze ufunde ukuthi ungakwenza kanjani lokhu.
Isinyathelo sesi-5:SSH kuseva yakho
Faka le miyalo emi-2 ukuze uqambe kabusha amafayela amadala ▼
mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/unusablecer.crt mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/unusablecer.key
- Uma le misebenzi elandelayo ihluleka ukusebenza, okubangela ukuthi isixhumanisi se-SSL sihluleke, iwebhusayithi ayikwazi ukuvulwa, kanye nefayela le-SSL "unusablecer"igama, shintsha ubuyele egameni langaphambili"isitifiketi” ngaphandle kokuchitha isikhathi ngokufaka kabusha iphaneli ye-VestaCP.
Isinyathelo sesi-6:Dala i-symlink ukuze ukhombe i-symlink entsha
Sicela ufake igama lakho lomsebenzisi njenge:admin
intando chenweiliang.com Faka esikhundleni segama lomethuleli (FQDN) leseva yakho ye-VPS▼
ln -s /home/admin/conf/web/ssl.chenweiliang.com.crt /usr/local/vesta/ssl/certificate.crt ln -s /home/admin/conf/web/ssl.chenweiliang.com.key /usr/local/vesta/ssl/certificate.key
Isinyathelo sesi-7:Qala kabusha i-VestaCP
service vesta restart
Isinyathelo sesi-8:sula inqolobane yesiphequluli
Bese, uphinde uzame ukungena kuphaneli yokulawula ye-VestaCP usebenzisa i-port 8083.
- Manje i-SSL yakho ku-port 8083 ivikelekile!
Isixazululo sezimvume eziphukile
Ukuze ulungise izimvume eziphukile, faka umyalo olandelayo▼
- intando your.adminpanel.com Faka esikhundleni se-URL yekhonsoli yakho yokuphatha ye-VestaCP.
chgrp mail ssl.your.adminpanel.com.key chmod 660 ssl.your.adminpanel.com.key chgrp mail ssl.your.adminpanel.com.crt chmod 660 ssl.your.adminpanel.com.crt
Okungenhla kuyindlela yokunika amandla isitifiketi se-SSL ngemuva kwe-VestaCP.
Ungaphoqelela kanjani igama lesizinda ukusebenzisa isitifiketi se-https SSL?
isinyathelo 1:Faka isifanekiso se-nginx ngokwezifiso ▼
cd /usr/local/vesta/data/templates/web wget http://c.vestacp.com/0.9.8/rhel/force-https/nginx.tar.gz tar -xzvf nginx.tar.gz rm -f nginx.tar.gz
Isinyathelo sesi-2:Setha isifanekiso sommeleli ukuthi siphoqelele-https
- Dala ukusetha ngaphambilini okusha, noma ngokusetha ngaphambilini okukhona, setha amandla-https njengesifanekiso sommeleli we-Nginx.
- Lapho ungeza abasebenzisi abasha, ungasebenzisa isifanekiso se-force-https ukuze unikeze izimvume kubasebenzisi bohlelo olusethiwe.
I-HTTP iqondiswa kabusha ngokuzenzakalelayo ku-HTTPS
I-VestaCP iyiqondisa kanjani kabusha i-HTTP ku-HTTPS isebenzisa i-htaccess?
Ingabe ufuna ukuqondisa kabusha iwebhusayithi yakho ngokuzenzakalela enguqulweni evikelekile (HTTPS) yewebhusayithi yakho ukuze ibethelwe?
Efayelini elithi .htaccess, engeza i-syntax elandelayo yokuqondisa kabusha engu-301▼
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
- U-"L" kokungenhla [R,L] usho Okokugcina (Okokugcina), uma ezinye izinhlelo zolimi nazo zinalo L, i-http ayikwazi ukuqondisa kabusha ngokuzenzakalelayo ku-https.
- Ngakho-ke, kunconywa ukuthi uqondise kabusha i-http301 ku-syntax ye-https phezulu (ngaphambi kwamanye ama-syntaxes).
Uma ufuna ukwengeza izitifiketi ezivikelekile ze-SSL kwezinye izizinda zakho kuphaneli yokulawula ye-VestaCP, sicela uhlole lesi sifundo ▼
I-Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) kwabiwe "imbobo engemuva ye-VestaCP 8083 https ayivumelekile?Faka Okokufundisa Kwesitifiketi Se-SSL" ukukusiza.
Siyakwamukela ukwabelana ngesixhumanisi salesi sihloko:https://www.chenweiliang.com/cwl-705.html
Uyemukelwa esiteshini seTelegram sebhulogi ka-Chen Weiliang ukuze uthole izibuyekezo zakamuva!
📚 Lo mhlahlandlela uqukethe inani elikhulu, 🌟Leli ithuba eliyivelakancane, ungaphuthelwa! ⏰⌛💨
Yabelana futhi uthanda uma uthanda!
Ukwabelana kwakho nokuthanda kwakho kuyisisusa sethu esiqhubekayo!