增加手动配置https的方案

2024-06-03 15:18:03 +00:00
parent 08dd185ca1
commit f33a13a7b8
1 changed files with 54 additions and 0 deletions
@@ -0,0 +1,54 @@
+# 手动配置https
+
+## let's encypt certbot 手动方案
+[官网](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal&tab=standard)
+
+前置条件:
+1. 已经部署好nginx网站
+2. 已经配置好dns
+
+```bash
+# 移除certbot
+sudo apt-get remove certbot 
+# 安装certbot
+sudo snap install --classic certbot
+sudo ln -s /snap/bin/certbot /usr/bin/certbot
+sudo certbot certonly --standalone
+# 手动填写信息, 等待注册完成
+# 此处会生成证书
+```
+
+### 如果是docker中, 则还需要将证书文件拷贝到容器中去
+
+```bash
+sudo cp -r /etc/letsencrypt/archive/*.huangguanpc.com Lotter/ssl
+```
+
+修改Dockerfile, 将证书拷贝进容器中
+```dockerfile
+COPY ssl /ssl
+```
+
+
+修改nginx.cnf
+```yml
+# 1. 原80需转发到443
+# 2. 增加证书信息
+
+      listen 80 ;
+      server_name *.huangguanpc.com;
+      rewrite ^(.*) https://$server_name$1 permanent;
+  }
+
+  server {
+      listen 443 ssl;
+      server_name *.huangguanpc.com;
+      ssl_certificate /ssl/fullchain1.pem;
+      ssl_certificate_key  /ssl/privkey1.pem;
+```
+
+修改dockercompose.yml的web, 增加443端口
+```yml
+    - '443:443'
+```
+