使用免费的 ssl 证书搭建https 服务

简单介绍一下 使用letsencrypt 搭建https 服务

环境：centos7

 

1. 安装git

 

运行yum install git

2. git 克隆 lets encrypt库

 

运行git clone https://github.com/letsencrypt/letsencrypt

3. 进入letsencrypt目录

 

运行cd letsencrypt/

4. 申请证书(如果之前就安装了nginx 需要关闭nginx )

运行./letsencrypt-auto certonly --standalone --email {邮箱地址} -d {需要https的域名} 命令

 

在/etc/letsencrypt/live/{你的域名}目录下会生成证书

5. 安装nginx

 

运行yum install nginx

6. 配置nginx

 

运行vi /etc/nginx/nginx.conf

 

找到https相关配置，把下列代码注释去掉并且把前面步骤的证书和密钥配置到nginx配置中ssl_certificate和ssl_certificate_key

 

server

{

listen 443 ssl http2 default_server;

listen [::]:443 ssl http2 default_server;

server_name _;

root /usr/share/nginx/html;

 

ssl_certificate "{证书目录}/fullchain.pem";

ssl_certificate_key "{证书目录}/privkey.pem";

ssl_session_cache shared:SSL:1m;

ssl_session_timeout 10m;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

 

# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;

 

location / {

proxy_pass http://servicehttp;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

}

 

error_page 404 /404.html;

location = /40x.html {

}

 

error_page 500 502 503 504 /50x.html;

location = /50x.html {

}

}

}

 

 

8.注意点：防火墙需要打开443 端口,证书只有90天有效期，需要定期刷新证书