一、登录服务器在root用户下、下载acme.sh项目

git clone https://github.com/acmesh-official/acme.sh.git
#或 
# git clone https://gitee.com/307616879/acme.sh.git
cd acme.sh

二、设置注册账号

./acme.sh --register-account -m admin@xuyongsheng.cn --debug

三、设置dnspod或阿里云的key和秘钥、用于自动生成认证信息

export DP_Id="1234"

export DP_Key="sADDsdasdgdsf"

./acme.sh   --issue   --dns dns_dp   -d abc.cn  -d *.abc.cn --debug
成功生成后如上所示

四、配置nginx

编辑nginx配置文件, 将域名对应的80端口进行301转码到443端口, 如下nginx1.20.1为例

# vim /etc/nginx/conf.d/blog.xuyscn.conf
server {
    listen 80;
    server_name *.xuyongsheng.cn;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl http2;
    server_name  xuyongsheng.cn;
    index  index.html index.htm index.php;

    ssl_certificate  /root/.acme.sh/xuyongsheng.cn/fullchain.cer;
    ssl_certificate_key  /root/.acme.sh/xuyongsheng.cn/xuyongsheng.cn.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    ## send request back to apache ##
    location / {
        proxy_pass  http://127.0.0.1:18080;
        proxy_redirect     off;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_max_temp_file_size 0;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;
        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }
    location ~ /\. {
       deny all;
    }
}

注意,由于不同版本的nginx,配置会有一些差别的。

五、配置Apache

修改Apache配置文件,Apache/2.4.6为例

vim  /etc/httpd/conf.d/vhosts.conf
Listen 443

<virtualhost *:80>
    ServerName www.xuyongsheng.cn
    DocumentRoot /home/book_pc/public_html
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{SERVER_PORT} 80
        RewriteRule ^(.*)$ https://www.xuyongsheng.cn/$1 [R=301,L]
    </IfModule>
</virtualhost>

<virtualhost *:443>
    ServerName www.xuyongsheng.cn
    DocumentRoot /home/xuyongsheng.cn/public_html
    SSLEngine on
    SSLCertificateFile  /root/.acme.sh/xuyongsheng.cn/xuyongsheng.cn.cer
    SSLCertificateKeyFile /root/.acme.sh/xuyongsheng.cn/xuyongsheng.cn.key
    SSLCertificateChainFile /root/.acme.sh/xuyongsheng.cn/fullchain.cer

    <Directory /home/xuyongsheng.cn/public_html>
        Options +Includes -Indexes
        Options FollowSymLinks
        AllowOverride All
        Allow from All
    </Directory>
</virtualhost>

最后修改日期: 2022年3月4日

作者