小贝子编程

如何使用nginxcertbot在web服务器上添加ssl



我正在web服务器上添加ssl。我正在使用django,nginx,uwsgi。我从certbot,letsencrypt得到了ssl密钥。但是当我在.conf中添加ssl密钥路径时,它将不起作用。。我的代码出了什么问题?这是nginx.conf

#user  nobody;
#Defines which Linux system user will own and run the Nginx server
worker_processes  1;
#Referes to single threaded process. Generally set to be equal to the number of CPUs or cores.
#error_log  logs/error.log; #error_log  logs/error.log  notice;
#Specifies the file where server logs.
#pid        logs/nginx.pid;
#nginx will write its master process ID(PID).
events {
worker_connections  1024;
# worker_processes and worker_connections allows you to calculate maxclients value:
# max_clients = worker_processes * worker_connections
}

http {
include       mime.types;
# anything written in /opt/nginx/conf/mime.types is interpreted as if written inside the http { } block
default_type  application/octet-stream;
#
#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
#                  '$status $body_bytes_sent "$http_referer" '
#                  '"$http_user_agent" "$http_x_forwarded_for"';
#access_log  logs/access.log  main;
sendfile        on;
# If serving locally stored static files, sendfile is essential to speed up the server,
# But if using as reverse proxy one can deactivate it
#tcp_nopush     on;
# works opposite to tcp_nodelay. Instead of optimizing delays, it optimizes the amount of data sent at once.
#keepalive_timeout  0;
keepalive_timeout  65;
# timeout during which a keep-alive client connection will stay open.
#gzip  on;
# tells the server to use on-the-fly gzip compression.
server {
# You would want to make a separate file with its own server block for each virtual domain
# on your server and then include them.
#tells Nginx the hostname and the TCP port where it should listen for HTTP connections.
# listen 80; is equivalent to listen *:80;
server_name  fidochallenge486.tk;
#server_name localhost;
# lets you doname-based virtual hosting
charset utf-8;
#access_log  logs/host.access.log  main;
location / {
#The location setting lets you configure how nginx responds to requests for resources within the server.
root   html;
index  index.html index.htm;
}
#error_page  404              /404.html;
# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ .php$ {
#    proxy_pass   http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ .php$ {
#    root           html;
#    fastcgi_pass   127.0.0.1:9000;
#    fastcgi_index  index.php;
#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
#    include        fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /.ht {
#    deny  all;
#}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/fidochallenge486.tk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/fidochallenge486.tk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#    listen       8000;
#    listen       somename:8080;
#    server_name  somename  alias  another.alias;
#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}

# HTTPS server
#
server {
listen       80 ssl;
listen [::]:80 ssl default_server;
server_name  fidochallenge486.tk;
#    ssl_certificate      cert.pem;
ssl_certificate /etc/letsencrypt/live/fidochallenge486.tk/fullchain.pem;
#    ssl_certificate_key  cert.key;
ssl_certificate_key /etc/letsencrypt/live/fidochallenge486.tk/privkey.pem;
#    ssl_session_cache    shared:SSL:1m;
#    ssl_session_timeout  5m;
#    ssl_ciphers  HIGH:!aNULL:!MD5;
#    ssl_prefer_server_ciphers  on;
include /etc/letsencrypt/options-ssl-nginx.conf;
#  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location ^~ /.well-known/acme-challenge/ {
root /usr/share/nginx/html;
}
}
}

这是来自certbot 的ssl密钥的ls路径

- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/fidochallenge486.tk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/fidochallenge486.tk/privkey.pem

http正在工作,但https不工作。。我不知道哪里有错误的代码。我在谷歌上搜索了所有关于nginxcertbotssl的博客,但它们都不一样。

你能按照更新你的nginx配置吗

server {
if ($host = fidochallenge486.tk) {
return 301 https://$host$request_uri;
} 

server_name  fidochallenge486.tk;
listen 80;
return 404; 

}

server{
server_name fidochallenge486.tk; 
root         /usr/share/nginx/html or your website location ;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}


error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}

listen [::]:443 ssl ipv6only=on; 
listen 443 ssl; 
ssl_certificate /etc/letsencrypt/live/fidochallenge486.tk/fullchain.pem; 
ssl_certificate_key /etc/letsencrypt/live/fidochallenge486.tk/privkey.pem; 
include /etc/letsencrypt/options-ssl-nginx.conf; 
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

}

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium