Let's Encrypt + Tornado 开启HTTPS
- Let’s Encrypt安装
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help*文件夹位置无要求。第三步安装python依赖时可能出问题,当出现Installed succeeded时即完成安装,可以生成证书了。
2.Let’s Encrypt 生成证书
(1)自动生成
./letsencrypt-auto certonly --standalone --email your@email.com -d your.website.com(2)手动生成(自动生成一直报各种error,因此选择了手动)
letsencrypt certonly --email your@email.com -d your.website.com -a manual在出现Press ENTER to continue时不要按回车,按照提示验证http服务器(80端口)。
假设提示如下,则tornado按照下方设置:
Make sure your web server displays the following content at
http://your.website.com/.well-known/acme-challenge/TpEfZ8OlplOnPccqRflFQJx4RlyLBrFWSSOmyyMz_hg
before continuing:
TpEfZ8OlplOnPccqRflFQJx4RlyLBrFWSSOmyyMz_hg.AFXCrRqWY4MoK3ELD3znRadP4xAVV4zSDb9Mj0JTHDgclass TestHandler(tornado.web.RequestHandler):
def get(self):
self.write('TpEfZ8OlplOnPccqRflFQJx4RlyLBrFWSSOmyyMz_hg.AFXCrRqWY4MoK3ELD3znRadP4xAVV4zSDb9Mj0JTHDg')
def post(self):
self.get()
def make_app():
return tornado.web.Application([(r"/.well-known/acme-challenge/TpEfZ8OlplOnPccqRflFQJx4RlyLBrFWSSOmyyMz_hg", TestHandler)], debug=True, static_path=os.path.dirname(__file__))完成后将会在/etc/letsencrypt/live/下生成四个文件privkey.pem, fullchain.pem, cert.pem, chian.pem。tornado只需要用到privkey.pem, fullchain.pem。
- Tornado搭建HTTPS服务器
import os.path
from tornado import httpserver
from tornado import ioloop
from tornado import web
class TestHandler(web.RequestHandler):
def get(self):
self.write("Hello, World!")
def main():
settings = {
"static_path": os.path.join(os.path.dirname(__file__), "static"),
}
application = web.Application([
(r"/", TestHandler),
], **settings)
server = httpserver.HTTPServer(application, ssl_options={
"certfile": os.path.join(os.path.abspath("."), "fullchain.pem"),
"keyfile": os.path.join(os.path.abspath("."), "privkey.pem"),
})
server.listen(8000)
ioloop.IOLoop.instance().start()
if __name__ == "__main__":
main()