Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ Let's Encrypt with semiautomatic into Nginx configuration https     - to compile FFmpeg In Ubuntu (Linux)

- Python2 ---- function using dictionaries (Programming)

- ORA-27054 NFS problem solving (Database)

- The hashcode method of Java (Programming)

- Sublime Text 3 best features, plug-ins and settings (Linux)

- cursor_sharing induced error ORA-00600 (Database)

- Installation of Theano + CUDA under Ubuntu (Linux)

- Linux commands with browsing and downloading files (Linux)

- Java, boolean operators & =, | = ^ = use (Programming)

- Nginx DHCP TFTP Kickstart set up automatic installation system (Server)

- Ubuntu 12.04 64-bit installation Redmine + Git + ReviewBoard (Linux)

- There are three ways to run a Linux operating system from a USB stick (Linux)

- Debian Stable (Jessie 8.1) of normal.mod not found (Linux)

- Installation and use Docker under Ubuntu 14.04 (Linux)

- Search Linux commands and files - which, whereis, locate, find (Linux)

- Job achieve automation in Ubuntu 14.04 - Using Cron (Linux)

- What is a logical partition management LVM, how to use in Ubuntu (Linux)

- Mac OS X Server installation and application (Linux)

- Ubuntu 14.04 / Linux Mint 17 How to install the MintMenu 5.5.2 menu (Linux)

- Oracle () trunc function usage (Database)

 
         
  Let's Encrypt with semiautomatic into Nginx configuration https
     
  Add Date : 2018-11-21      
         
         
         
  With Let's Encrypt, configure SSL certificate is no longer difficult, but Let's Encrypt is still in its very early stages, for nginx automated configuration support is not good. But we can write their own point of feet have been semi-automated configuration of our own nginx server.

One line of command is all pointing nginx domain on this server for SSL Certificates
With the Crontab task to automatically renew certificates
Simple nginx configuration examples. You can redirect all www at the beginning of the domain name to the domain name without the www, you can also get a A + rating of SSL Labs.
installation

I Let's Encrypt as a submodule integrated into this project it. So only you need to clone a project that is enough.

git clone https://github.com/songchenwen/nginx-ssl-config-with-letsencrypt.git
cd nginx-ssl-config-with-letsencrypt
git submodule init
git submodule update --remote
use

Request a certificate

Edit ssl / config

Fill in your domain name. Can fill more than one domain name, the domain name will be used as the first Common Name. Certificates will be stored in / etc / letsencrypt / live / down, next to Common Name directory named.

Let's Encrypt select a server. acme-v01 server is the official beginning of the server, there are strict limits the number of requests, we do not recommend it to do the experiment. acme-staging at the beginning of the server is a test server, there is no limit the number of requests, but does not check out a valid certificate, it is recommended to use this server to test the configuration.

Configuring nginx

Let's Encrypt in the application and renewal of certificates need to use a http server to put a file so that it can verify your ownership of this domain.

I use a simple configuration file letsencrypt_challenge nginx to redirect all domain names point to this server http request to the corresponding https requests, leaving only the required verification Let's Encrypt URL remain on http.

sudo cp nginx-config / letsencrypt_challenge / etc / nginx / sites-available / letsencrypt_challenge
sudo ln -s / etc / nginx / sites-available / letsencrypt_challenge / etc / nginx / sites-enabled / letsencrypt_challenge
sudo nginx -s reload

Execute scripts

Executive ssl / apply_all_certs.sh, follow the prompts to fill in your email, then you can apply for a certificate of good.

bash ssl / apply_all_certs.sh
sudo nginx -s reload
nginx configuration file example

In nginx-config directory, there are three more useful nginx configuration files. Remember to modify them before using, at least remember to replace my domain name to you.

letsencrypt_challenge redirect all point to this server domain http https request to the corresponding request, leaving only the required verification Let's Encrypt URL remain on http.
www_to_none_www redirect all www domain names beginning with https request to the corresponding domain name does not begin with www.
sample_config is a simple server configuration file. This profile can help you easily get SSL Labs on A's score. To the line before the last} configuration uncommented will open HSTS, so your score will become A +.
Crontab mandate automatic renewal certificate

Let's Encrypt certificate issued is valid only for 90 days, so we need a method to automatically renew certificates. A renewal of Crontab task once a month is sufficient. This task should be executed as root, because then we also need to be renewed after about nginx reload configuration to take effect.

sudo crontab -e
Here is the content Crontab task

0 2 1 1-12 * /path/to/ssl/renew_all_certs.sh
     
         
         
         
  More:      
 
- iOS in Singleton (Programming)
- IOwait Linux system monitoring diagnostic tools (Linux)
- Linux network monitoring strategy (Linux)
- Linux 4.0+ kernel support for hardware switching module (HW Switch Offload) (Linux)
- Why not use the ifconfig command under RedHat Linux 5 (Linux)
- Linux operating system boot process analysis (Linux)
- Bash Getopts - let your script supports command line parameters (Linux)
- MySQL 5.6.12 binary log path switching binlog (Database)
- namespace mechanism Linux kernel analysis (Linux)
- 30 minutes with your Quick Start MySQL Tutorial (Database)
- Unix / Linux commonly used to clean up disk space command (Linux)
- Actual SSH port forwarding (Linux)
- Improve the Ubuntu SSH login authentication approach speed (Linux)
- Safe learning through self-extracting package to achieve invasion (Linux)
- Experience RHEL7 new features (Linux)
- Ubuntu 14.04 modify environment variables (Linux)
- CentOS 6 compiling httpd-2.4.10 (Server)
- Installation JDK1.7 under Ubuntu14.04 64-bit (Linux)
- CentOS 7.0 Close firewall is enabled by default iptables firewall (Linux)
- Varnish configuration language VCL and its built-in variables (Server)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.