CentOS配置Https

一、安裝php

./certbot-auto certonly --webroot -w /usr/local/nignx/html -d www.xxxx.com

二、nginx配置css

server {
        listen 443 ssl;
        server_name www.xxx.com;
        index index.php;
        root /data/www/public;

        ssl_certificate /etc/letsencrypt/live/www.xxx.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.xxx.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/www.xxx.com/chain.pem;

        location / {
            if (!-e $request_filename) {
                rewrite  ^(.*)$  /index.php/$1  last;
                break;
            }
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /\.htaccess
        {
            deny all;
        }

        access_log /var/log/nginx/www.xxx.com.log;

        location ~ \.php {
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_connect_timeout   180;
            fastcgi_read_timeout      600;
            fastcgi_send_timeout      600;
            fastcgi_split_path_info ^(.+\.php)(.*)$;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
}

三、Apache配置html

打開ssl模塊,沒有這個模塊就須要安裝依賴包:mod_ssl,安裝後就會在modules裏面找到:nginx

LoadModule ssl_module         modules/mod_ssl.so

引入ssl配置文件,增長支持ssl:web

Include conf/extra/httpd-ssl.conf(去掉行首的註釋)
<VirtualHost *:80>
    Options FollowSymLinks
    ServerName xxx.org.cn
    DocumentRoot /www1/xxx
    ServerAlias www.xxx.cn xxx.cn
    ErrorLog logs/error_log
    CustomLog logs/access_log common
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
    Options FollowSymLinks
    ServerName xxx.cn
    DocumentRoot /www1/xxx
    ServerAlias www.xxx.cn xxx.cn
    ErrorLog logs/ssl-error_log
    CustomLog logs/ssl-access_log common
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/www.xxx.cn/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/www.xxx.cn/privkey.pem
</VirtualHost>

四、自動續期apache

crontab -ebash

30 3 25 3,6,9,12 * /opt/certbot-auto renew >>/var/log/certbot-renew.log 2>&1
50 3 25 3,6,9,12 * /etc/init.d/nginx reload #或者50 3 25 3,6,9,12 * service httpd reload
相關文章
相關標籤/搜索