nginx扩展conf配置文件和https
三月 04, 2019
记录自己服务器中配置nginx配置文件从其他的扩展配置,简化nginx.conf,按站点配置,更能直观修改和查看
1 | # nginx.conf |
在nginx.conf同目录创建vhost目录
1
2# /usr/local/nginx/conf/
mkdir vhost创建一个toy.conf文件
1
2# /usr/local/nginx/conf/
touch toy.conf编写站点配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14# vhost/toy.conf
server {
listen 80;
server_name toy.reimu.ru;
location / {
root /home/frontend/marisa;
index index.html;
}
location /api/v1/ {
proxy_pass http://127.0.0.1:3000/;
}
}https(证书使用let’s encrypt免费证书)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20# vhost/toy.conf
server {
listen 443 ssl;
server_name toy.reimu.ru;
root /home/frontend/marisa;
index index.html;
ssl on;
ssl_certificate /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/toy.reimu.ru/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
location /api/v1/ {
proxy_pass http://127.0.0.1:3000/;
}
}使用certbot-auto续签let’s encrypt
1
2
3
4# 安装并给予可执行权限
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
# 需要安装python依赖如果是第一次的话,需要输入你的邮箱和其他相关信息,我过去有签过let’s encrypt,在/etc/letsencrypt/目录下有存在ssl证书路径
检查和续签
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50# 检查是否过期
./certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: toy.reimu.ru
Domains: toy.reimu.ru
Expiry Date: 2019-03-19 12:02:01+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem
Private Key Path: /etc/letsencrypt/live/toy.reimu.ru/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# 续签
./certbot-auto renew --cert-name toy.reimu.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/toy.reimu.ru.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for toy.reimu.ru
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/toy.reimu.ru/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/toy.reimu.ru/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@vultr:/home/download# ./certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: toy.reimu.ru
Domains: toy.reimu.ru
Expiry Date: 2019-06-23 02:24:26+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem
Private Key Path: /etc/letsencrypt/live/toy.reimu.ru/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
查看评论