aws实例中部署certbot证书步骤

阅读更多
#certboot证书安装步骤:

安装准备:
1、安装nginx服务
scp -r [email protected]:/download/nginx.tar.gz /usr/local/
解压至当前文件夹:tar -zxvf nginx.tar.gz
修改nginx.conf文件:vim /usr/local/nginx/nginx.conf
修改nginx服务的文件夹名称:mv nginx nginx-service
2、添加nginx服务到系统中
scp -r [email protected]:/download/nginx /etc/init.d/
给该服务文件属于权限:chmod 755 /etc/init.d/nginx
把该服务器加载到系统中:chkconfig --add nginx
3、修改nginx.conf文件信息
4、创建nginx启动错误日志文件和临时文件夹
[root@ip-172-31-14-227 conf]# mkdir /WORK
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx/nginx
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx/nginx/logs
[root@ip-172-31-14-227 conf]# mkdir /WORK/nginx/nginx/client_body_temp
[root@ip-172-31-14-227 conf]# vim /WORK/nginx/nginx/logs/error.log
5、安装tomcat服务
拷贝安装包:scp -r [email protected]:/download/apache-tomcat-7.0.72.tar.gz /usr/local/
解压安装包:tar -zxvf apache-tomcat-7.0.72.tar.gz
修改service.xml文件:  8080端口修改为90端口
修改tomcat-user.xml文件,添加管理员用户名和密码:







6、添加驱动jar包到tomcat目录下的bin目录下:
scp -r [email protected]:/download/mysql-connector-java-5.1.40-bin.jar /usr/local/tomcat-7.0.72/lib
7、添加浏览器左上角图标到tomcat目录下:
scp -r [email protected]:/download/favicon.ico /usr/local/tomcat-7.0.72/webapps/ROOT/

8、启动nginx服务
[root@ip-172-31-14-122 conf]# service nginx start
Starting nginx:                                            [  OK  ]

9、获取证书安装文件
wget https://dl.eff.org/certbot-auto

10、给该文件进行授权
chmod a+x certbot-auto

11、执行证书安装命令
./certbot-auto certonly --webroot -w /usr/local/static/ -d ***.com --debug

12、输入邮箱地址点击回车确定
[email protected]

13、遇到pip错误如下:
ReadTimeoutError: HTTPSConnectionPool(host='pypi.python.org', port=443): Read timed out.
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
请安装更新pip软件:
pip install --upgrade pip

14、修改nginx.conf文件添加443端口监听服务配置信息
server {
        listen       443;
        server_name  ***.com;

        ssl     on;
        index   index.html index.htm index.php;
        root    /usr/local/static;

        ssl_certificate /etc/letsencrypt/live/***.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/***.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/***.com/chain.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        client_max_body_size 1024m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location /cashier {
                proxy_pass              http://cashier-servers/cashier;
                proxy_set_header        Host $host;
                proxy_set_header        X-Real-IP $remote_addr;
                proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

15、重启nginx服务器:service nginx restart

16、给证书添加定时任务更新功能
[root@ip-172-31-14-227 ~]# mkdir /var/mylog
[root@ip-172-31-14-227 ~]# vim /var/mylog/le-renew.log
[root@ip-172-31-14-227 ~]# crontab -e
./certbot-auto certonly --webroot -w /usr/local/static/ -d ***.com --debug

17、完成大吉!

你可能感兴趣的:(nginx,tomcat)