前情提要:
个人博客搭建教程(云服务器+wordpress)【一】 - 力所能及的改变这个世界
个人博客搭建教程(域名申请+ICP备案+公安备案)【二】 - 力所能及的改变这个世界
搭建好网站后,我们发现在访问网站时浏览器会给访问该网站不安全的提示,这是因为HTTP协议以明文方式传输数据,没有加密过程,这使得用户与网站之间的交互信息(包括敏感信息)容易被第三方截获或篡改。
所以如何使我们的网站能够获得免费的http证书并可以通过https的方式访问呢?
首先我们要安装certbot,这是一个可以自动化申请证书并应用在我们的网站的工具
sudo apt update
sudo apt install certbot python3-certbot-nginx这之后,我们就可以直接运行curbot来为我们自动申请证书并安装
sudo certbot --nginx在这个过程中需要输入邮箱之类的信息用于申请证书,申请成功后certbot会自动为你配置nginx的参数文件。过程大概如下
Please enter your email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): your_email@example.com这里需要输入你的个人邮箱用于注册https证书
Please read and accept the EULA by typing in 'Y' (or 'N' to decline): Y这里输入Y同意条款
Would you like to share your email address with the Electronic Frontier Foundation (EFF), a nonprofit organization that sponsors this software and helps protect users' rights? (Y/N) : N
这里询问你是否愿意公开自己的邮箱用于合适内容的推广,不希望接受广告可以输入N
Which names would you like to activate HTTPS for?
1: yourdomain.com
2: www.yourdomain.com
3: both
4: Cancel这里会检测你nginx设置的域名,并询问你需要为哪个域名注册https,如果你的nginx没有设置域名会让你输入你的域名
Please choose whether or not to redirect HTTP traffic to HTTPS.
1: No redirect - Make no further changes to your web server.
2: Redirect - Make all HTTP requests redirect to HTTPS.这里询问是否设置http自动跳转至https,可以输入2
配置成功后会提示:
Successfully signed certificate for yourdomain.com and www.yourdomain.com.
Your certificate and chain have been saved at:
/etc/letsencrypt/live/yourdomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/yourdomain.com/privkey.pem
Your cert will expire on 2025-01-25. To obtain a new certificate, simply run
"certbot renew".
好的到这里按理说已经完成了所有的设置,certbot会自动管理续期的时间,但是务必注意certbot会自动设置/etc/nginx/sites-available/下的nginx参数,但这个参数文件未必是我们nginx使用的参数。按照之前的博客搭建教程,我们使用的参数文件时:/usr/local/nginx/conf/nginx.conf,在这里也请注意你的nginx使用的参数文件究竟是哪一个。
如果自动修改错了文件,我们就需要找到certbot自动配置的文件,将监听443的server和重定向的serve粘贴我们nginx的配置文件,这里我给出certbot为我生成的参数作为参考:
##监听https端口
server
{
root /home/wwwroot/wordpress;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name jamilblog.top; # managed by Certbot
include enable-php.conf;
include vhost/*.conf;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
#try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include /etc/nginx/snippets/fastcgi-php.conf;
# With php-fpm:
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
# 根据你 PHP 版本的不同,路径可能不同
# If you're using PHP over TCP instead of Unix socket,则需要配置:
# fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param SCRIPT_NAME $fastcgi_script_name; # 添加此行
include fastcgi_params;
}
listen 443 ssl;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
#listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/jamilblog.top/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/jamilblog.top/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
##重定向
server
{
if ($host = jamilblog.top) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name jamilblog.top;
# 强制重定向到 HTTPS
return 301 https://$host$request_uri;
}清除浏览器缓存后,我们的网站就可以用https协议访问啦!
Comments NOTHING