# 手动配置https

## let's encypt certbot 手动方案
[官网](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal&tab=standard)

前置条件:
1. 已经部署好nginx网站
2. 已经配置好dns

```bash
# 移除certbot
sudo apt-get remove certbot 
# 安装certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot certonly --standalone
# 手动填写信息, 等待注册完成
# 此处会生成证书
```

### 如果是docker中, 则还需要将证书文件拷贝到容器中去

```bash
sudo cp -r /etc/letsencrypt/archive/*.huangguanpc.com Lotter/ssl
```

修改Dockerfile, 将证书拷贝进容器中
```dockerfile
COPY ssl /ssl
```


修改nginx.cnf
```yml
# 1. 原80需转发到443
# 2. 增加证书信息

      listen 80 ;
      server_name *.huangguanpc.com;
      rewrite ^(.*) https://$server_name$1 permanent;
  }

  server {
      listen 443 ssl;
      server_name *.huangguanpc.com;
      ssl_certificate /ssl/fullchain1.pem;
      ssl_certificate_key  /ssl/privkey1.pem;
```

修改dockercompose.yml的web, 增加443端口
```yml
    - '443:443'
```