网站扫码怎么做的,WordPress文章分享图,网站制作加双链接怎么做,网站域名费会计分录怎么做前提
您已购置vps服务器#xff0c;例如阿里云全球站ecs、AWS EC2、Azure VM、GCP Compute等安全组已开启80、443端口#xff0c;且访问源设置为0.0.0.0/0域名已设置A记录指向当前操作服务器#xff0c;若您使用aws ec2#xff0c;有公有 IPv4 DNS#xff0c;可供使用
安…前提
您已购置vps服务器例如阿里云全球站ecs、AWS EC2、Azure VM、GCP Compute等安全组已开启80、443端口且访问源设置为0.0.0.0/0域名已设置A记录指向当前操作服务器若您使用aws ec2有公有 IPv4 DNS可供使用
安装Acme.sh并申请证书Step-By-Step
Ubuntu—EasyWay
cat install-CA.sh EOF
#!/bin/bash
rm -rf /etc/nginx/cert/ mkdir /etc/nginx/cert/
read -p Enter your domain: domain
rootDomain\echo $domain|cut -d . -f2-\
apt -y install wget unzip socat
curl https://get.acme.sh | sh
rm -rf /usr/local/bin/acme.sh
ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
acme.sh --register-account -m admin$rootDomain
acme.sh --issue -d ${domain} --standalone -k ec-256
cp /root/.acme.sh/${domain}_ecc/fullchain.cer /etc/nginx/cert/server.cert
cp /root/.acme.sh/${domain}_ecc/${domain}.key /etc/nginx/cert/server.key
acme.sh --installcert -d ${domain} --ecc --key-file /etc/nginx/cert/server.key --fullchain-file /etc/nginx/cert/server.cert
systemctl start nginx
EOFCentOS—EasyWay
cat install-CA.sh EOF
#!/bin/bash
rm -rf /etc/nginx/cert/ mkdir /etc/nginx/cert/
read -p Enter your domain: domain
rootDomain\echo $domain|cut -d . -f2-\
yum -y install wget unzip socat
curl https://get.acme.sh | sh
rm -rf /usr/bin/acme.sh
ln -s /root/.acme.sh/acme.sh /usr/bin/acme.sh
acme.sh --register-account -m admin$rootDomain
acme.sh --issue -d ${domain} --standalone -k ec-256
cp /root/.acme.sh/${domain}_ecc/fullchain.cer /etc/nginx/cert/server.cert
cp /root/.acme.sh/${domain}_ecc/${domain}.key /etc/nginx/cert/server.key
acme.sh --installcert -d ${domain} --ecc --key-file /etc/nginx/cert/server.key --fullchain-file /etc/nginx/cert/server.cert
systemctl start nginx
EOFnginx配置设置—以centos为例
修改nginx.conf的内容
取消Settings for a TLS enabled server下的注释内容 server {listen 443 ssl http2;listen [::]:443 ssl http2;server_name YourDomain;root /usr/share/nginx/html;ssl_certificate /etc/nginx/cert/server.cert;ssl_certificate_key /etc/nginx/cert/server.key;ssl_session_cache shared:SSL:1m;ssl_session_timeout 10m;ssl_ciphers DEFAULT;# This is default SSL_ciphers setting,if you get error,you can change it like me,set DEFAULT#ssl_ciphers PROFILESYSTEM;ssl_prefer_server_ciphers on; # Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;error_page 404 /404.html;location /40x.html {} error_page 500 502 503 504 /50x.html;location /50x.html {} } Trouble Shooting
SSL_CTX_set_cipher_list:no cipher match
报错信息
[emerg] 11926#11926: SSL_CTX_set_cipher_list(PROFILESYSTEM) failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)Solution
将nginx.config默认的ssl_ciphers PROFILESYSTEM;设置为ssl_ciphers DEFAULT; 重启nginx即可
