一、登录服务器在root用户下、下载acme.sh项目
git clone https://github.com/acmesh-official/acme.sh.git
#或
# git clone https://gitee.com/307616879/acme.sh.git
cd acme.sh
二、设置注册账号
./acme.sh --register-account -m admin@xuyongsheng.cn --debug
三、设置dnspod或阿里云的key和秘钥、用于自动生成认证信息
export DP_Id="1234"
export DP_Key="sADDsdasdgdsf"
./acme.sh --issue --dns dns_dp -d abc.cn -d *.abc.cn --debug
四、配置nginx
编辑nginx配置文件, 将域名对应的80端口进行301转码到443端口, 如下nginx1.20.1为例
# vim /etc/nginx/conf.d/blog.xuyscn.conf
server {
listen 80;
server_name *.xuyongsheng.cn;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name xuyongsheng.cn;
index index.html index.htm index.php;
ssl_certificate /root/.acme.sh/xuyongsheng.cn/fullchain.cer;
ssl_certificate_key /root/.acme.sh/xuyongsheng.cn/xuyongsheng.cn.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
## send request back to apache ##
location / {
proxy_pass http://127.0.0.1:18080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ /\. {
deny all;
}
}
注意,由于不同版本的nginx,配置会有一些差别的。
五、配置Apache
修改Apache配置文件,Apache/2.4.6为例
vim /etc/httpd/conf.d/vhosts.conf
Listen 443
<virtualhost *:80>
ServerName www.xuyongsheng.cn
DocumentRoot /home/book_pc/public_html
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.xuyongsheng.cn/$1 [R=301,L]
</IfModule>
</virtualhost>
<virtualhost *:443>
ServerName www.xuyongsheng.cn
DocumentRoot /home/xuyongsheng.cn/public_html
SSLEngine on
SSLCertificateFile /root/.acme.sh/xuyongsheng.cn/xuyongsheng.cn.cer
SSLCertificateKeyFile /root/.acme.sh/xuyongsheng.cn/xuyongsheng.cn.key
SSLCertificateChainFile /root/.acme.sh/xuyongsheng.cn/fullchain.cer
<Directory /home/xuyongsheng.cn/public_html>
Options +Includes -Indexes
Options FollowSymLinks
AllowOverride All
Allow from All
</Directory>
</virtualhost>