Ubuntu安裝Nginx簽發免費證書
網域以example.com當範例,
作業系統版本以Ubuntu 18.04為主。
請先更新Ubuntu並安裝Nginx程式。
創建網頁存放位置
mkdir -p /var/www/example.com/html
設定網頁位置存取權限
chown -R $USER:$USER /var/www/example.com/html
chmod -R 755 /var/www/example.com
創建網頁
vi /var/www/example.com/html/index.html
置入網頁Demo內容
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Congratulations</title>
<link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.4/css/bootstrap.min.css">
<script src="//cdn.bootcss.com/jquery/1.11.2/jquery.min.js"></script>
<script src="//cdn.bootcss.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container" style="margin-top:9%;">
<h3>The site was created successfully and this page is automatically generated by the system.</h3>
</div>
</body>
</html>
設定網頁伺服器檔
vi /etc/nginx/sites-available/example.com
置入網頁伺服器檔內容
server {
listen 80;
listen [::]:80;
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name www.example.com;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
listen [::]:80;
server_name example.com;
location / {
return 301 https://www.example.com$request_uri;
}
}
創建網頁伺服器檔連結到啟用站點的位置
ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
開啟下列檔案,刪除server_names_hash_bucket_size的注釋
vi /etc/nginx/nginx.conf
增加certbot的PPA
add-apt-repository ppa:certbot/certbot
安裝Nginx適用的Certbot
##apt install python-certbot-nginx
作業系統版本以Ubuntu 18.04為主。
創建網頁存放位置
mkdir -p /var/www/example.com/html
設定網頁位置存取權限
chown -R $USER:$USER /var/www/example.com/html
chmod -R 755 /var/www/example.com
創建網頁
vi /var/www/example.com/html/index.html
置入網頁Demo內容
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Congratulations</title>
<link rel="stylesheet" href="//cdn.bootcss.com/bootstrap/3.3.4/css/bootstrap.min.css">
<script src="//cdn.bootcss.com/jquery/1.11.2/jquery.min.js"></script>
<script src="//cdn.bootcss.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container" style="margin-top:9%;">
<h3>The site was created successfully and this page is automatically generated by the system.</h3>
</div>
</body>
</html>
設定網頁伺服器檔
vi /etc/nginx/sites-available/example.com
置入網頁伺服器檔內容
server {
listen 80;
listen [::]:80;
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name www.example.com;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
listen [::]:80;
server_name example.com;
location / {
return 301 https://www.example.com$request_uri;
}
}
創建網頁伺服器檔連結到啟用站點的位置
ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
開啟下列檔案,刪除server_names_hash_bucket_size的注釋
vi /etc/nginx/nginx.conf
增加certbot的PPA
add-apt-repository ppa:certbot/certbot
安裝Nginx適用的Certbot
##apt install python-certbot-nginx
#Ubuntu22.04LTS改用下方指令
sudo apt-get install python3-certbot-nginx
查看Nginx是否有錯誤
nginx -t
查看log紀錄
查看Nginx是否有錯誤
nginx -t
查看log紀錄
tail -n 20 /var/log/nginx/error.log
重啟Nginx
systemctl reload nginx
簽發免費憑證
certbot --nginx -d www.example.com -d example.com
初次簽發會要求輸入Email,接著同意條文,
成功後會自動將憑證寫入位於sites-available的網頁伺服器內容,
如果需要開啟自動跳轉HTTPS請在
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
詢問下選擇2: Redirect即可。
/*以下操作針對ubuntu 20.04簽發錯誤暫時的解決方案*/
打開configurator.py檔案
vi /usr/lib/python3/dist-packages/certbot_nginx/configurator.py
先鍵入:再接續輸入下列字串替換
%s/challenges.HTTP01, challenges.TLSSNI01/challenges.HTTP01/gc
保存並退出後,再次嘗試簽發憑證
certbot --nginx -d example.com
測試免費證書續簽
certbot renew --dry-run
增加Browser Cache與h2
vi /etc/nginx/sites-available/example.com
依照底下輸入粗體內容
server {
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name www.example.com;
location / {
try_files $uri $uri/ =404;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~* \.(pdf)$ {
expires 30d;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
h2亦可直接輸入:與下列字串取代
%s/443 ssl;/443 ssl http2;/gc
重啟Nginx
systemctl reload nginx
簽發免費憑證
certbot --nginx -d www.example.com -d example.com
初次簽發會要求輸入Email,接著同意條文,
成功後會自動將憑證寫入位於sites-available的網頁伺服器內容,
如果需要開啟自動跳轉HTTPS請在
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
詢問下選擇2: Redirect即可。
/*以下操作針對ubuntu 20.04簽發錯誤暫時的解決方案*/
打開configurator.py檔案
vi /usr/lib/python3/dist-packages/certbot_nginx/configurator.py
先鍵入:再接續輸入下列字串替換
%s/challenges.HTTP01, challenges.TLSSNI01/challenges.HTTP01/gc
保存並退出後,再次嘗試簽發憑證
certbot --nginx -d example.com
測試免費證書續簽
certbot renew --dry-run
增加Browser Cache與h2
vi /etc/nginx/sites-available/example.com
依照底下輸入粗體內容
server {
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name www.example.com;
location / {
try_files $uri $uri/ =404;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~* \.(pdf)$ {
expires 30d;
}
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
h2亦可直接輸入:與下列字串取代
%s/443 ssl;/443 ssl http2;/gc
留言
張貼留言