centos7上设置的certbot和nginx子域

【问题标题】:certbot and nginx subdomain set on centos7centos7上设置的certbot和nginx子域
【发布时间】:2019-02-27 07:02:43
【问题描述】:

我正在尝试使用 Let's Encrypt 的 certbot 提供的 ssl 加密在 Centos7 服务器上的 nginx 中设置一个子域(暂时)的网站。

我已经成功安装了 nginx,我已经设置了我的域:example.com www.example.comci.example.com 并获得了没有任何问题的证书(我的浏览器显示“安全”并且它自动从 http 请求重定向到 https .)

现在我想让ci.example.com 代理到 localhost:6500 端口(@98​​7654326@ 我相信它被调用了)。我试过以下: this blog post from 2014 但 nginx 一直服务于标准的“欢迎来到 Nginx 页面”。

所有其他文章/教程都是针对旧版本的 nginx(不使用 /etc/nginx/nginx.conf。

这里是/etc/nginx/nginx.conf

http {
log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

sendfile            on;
tcp_nopush          on;
tcp_nodelay         on;
keepalive_timeout   65;
types_hash_max_size 2048;

include             /etc/nginx/mime.types;
default_type        application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
    server_name  example.com www.example.com;

    root        /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



server {
if ($host = www.example.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


if ($host = example.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = ci.example.com) {
    return 301 https://$host$request_uri;
} #added by me

    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  example.com www.example.com;
return 404; # managed by Certbot

【问题讨论】:

    标签: nginx centos centos7


    【解决方案1】:

    我已经想通了,并将其保存以供后代使用。

    我在运行 certbot --nginx 命令之前没有正确设置 nginx。

    这是你应该做的:

    全新安装的 Centos 7

    通过sudo yum update -y确保 Centos 是最新的

    然后通过:sudo yum install nginx -y安装nginx

    它是默认的,但这确保它是最新的。

    然后按照 this 指南获取不安全的 http://ci.yoursite.comhttp://www.yoursite.com 以按照您的意愿工作。

    注意 - 如果您因为以下原因而无法启动 nginx: [emerg] open() "/usr/share/nginx/logs/ci.yoursite.access.log" failed (13: Permission denied)

    使用:su -c "setenforce 0" 它将SELinux设置为permissive模式并允许nginx启动。

    然后按照: This guide 让 Let's Encrypt 和 Certbot --nginx 工作。

    在此示例中,您最终的 /etc/nginx/conf.d/ci.yourserver.conf 应如下所示以重新路由到端口 6500:

    server {

    server_name ci.example.com;
    access_log logs/ci.example.access.log main;

    root /var/www/ci.example.com/html;
    index index.html index.htm;

    location / {
            proxy_pass http://localhost:6500;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 150;
            proxy_send_timeout 100;
            proxy_read_timeout 100;
            proxy_buffers 4 32k;
            client_max_body_size 8m;
            client_body_buffer_size 128k;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ci.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ci.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
if ($host = ci.example.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot


    listen 80;
    listen [::]:80;

    server_name ci.example.com;
return 404; # managed by Certbot


}

    【讨论】:

      猜你喜欢
      • 2011-08-21
      • 2012-09-19
      • 1970-01-01
      • 2017-03-31
      • 2010-11-13
      • 2023-03-19
      • 1970-01-01
      • 2019-09-04
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode