返回 首页

Let's Encrypt SSL证书


生成

yum install epel-release -y
yum install certbot -y


certbot certonly --webroot -w /home/wwwroot/bt.wktadmin.com -d bt.wktadmin.com -m w@wktadmin.com.com --agree-tos
****

nginx 配置

upstream tornadoes {
    server 127.0.0.1:8000;
    server 127.0.0.1:8002;
}



 server {
    listen 80;
    server_name bt.wktadmin.com;
    return 301 https://bt.wktadmin.com$request_uri;
}
server {
    listen 443 ssl;
    server_name bt.wktadmin.com;
    ssl_certificate /etc/letsencrypt/live/bt.wktadmin.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bt.wktadmin.com/privkey.pem;
    location /static {
        root /root/tools/tornado;
autoindex on;
    }
    location /.well-known {
      root   /home/wwwroot/bt.wktadmin.com;
        autoindex on;
    }
    location / {
         proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        # 把请求方向代理传给tornado服务器,负载均衡
        proxy_pass http://tornadoes;


    proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
    }
}

自动更新

30 2 * */2 * /usr/bin/certbot renew --quiet && /bin/systemctl restart nginx

详细: https://juejin.im/entry/5b59c3f26fb9a04fda4e2238



评论(0)

登录