nginx扩展conf配置文件和https

记录自己服务器中配置nginx配置文件从其他的扩展配置，简化nginx.conf，按站点配置，更能直观修改和查看

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# nginx.conf
worker_processes  1;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    # 此处include进vhost目录下的所有.conf文件
    include       vhost/*.conf;
    default_type  application/octet-stream;

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
}

• 在nginx.conf同目录创建vhost目录

  1 2	# /usr/local/nginx/conf/ mkdir vhost

• 创建一个toy.conf文件

  1 2	# /usr/local/nginx/conf/ touch toy.conf

• 编写站点配置

  1 2 3 4 5 6 7 8 9 10 11 12 13 14

  # vhost/toy.conf server { listen 80; server_name toy.reimu.ru; location / { root /home/frontend/marisa; index index.html; } location /api/v1/ { proxy_pass http://127.0.0.1:3000/; } }

• https(证书使用let’s encrypt免费证书)

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

  # vhost/toy.conf server { listen 443 ssl; server_name toy.reimu.ru; root /home/frontend/marisa; index index.html; ssl on; ssl_certificate /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/toy.reimu.ru/privkey.pem; location / { try_files $uri $uri/ =404; } location /api/v1/ { proxy_pass http://127.0.0.1:3000/; } }

• 使用certbot-auto续签let’s encrypt

  1 2 3 4

  # 安装并给予可执行权限 wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto # 需要安装python依赖

  如果是第一次的话，需要输入你的邮箱和其他相关信息，我过去有签过let’s encrypt，在/etc/letsencrypt/目录下有存在ssl证书路径

• 检查和续签

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

  # 检查是否过期 ./certbot-auto certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: toy.reimu.ru Domains: toy.reimu.ru Expiry Date: 2019-03-19 12:02:01+00:00 (INVALID: EXPIRED) Certificate Path: /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem Private Key Path: /etc/letsencrypt/live/toy.reimu.ru/privkey.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # 续签 ./certbot-auto renew --cert-name toy.reimu.ru Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/toy.reimu.ru.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for toy.reimu.ru Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - root@vultr:/home/download# ./certbot-auto certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: toy.reimu.ru Domains: toy.reimu.ru Expiry Date: 2019-06-23 02:24:26+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem Private Key Path: /etc/letsencrypt/live/toy.reimu.ru/privkey.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -