debian下搭建免费https

时间:2018年4月
关键字:debian、https、nginx、免费

准备

域名www.fish2bird.com

第一步,修改域名解析

修改域名www.fish2bird.com解析到你要配置https的服务器的IP。

第二步,安装Nginx

root@debian:~# apt-get install nginx

第三步,安装certbot

certbot是一个自动申请https证书的工具。

root@debian:~# apt-get install certbot

第四步,申请证书

需要输入你域名,这里使用的域名是www.fish2bird.com。同时需要输入你的http服务器的根路径,这里是/var/www/html。

root@debian:~# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):www.fish2bird.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.fish2bird.com

Select the webroot for www.fish2bird.com:
-------------------------------------------------------------------------------
1: Enter a new webroot
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Input the webroot for vpn.fish2bird.com: (Enter 'c' to cancel):/var/www/html
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/www.fish2bird.com/fullchain.pem. Your cert
   will expire on 2018-07-04. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

root@debian:~#

生成好的证书文件位于/etc/letsencrypt/live/www.fish2bird.com/

第五步,配置nginx

需要打开443端口,并配置证书路径。
生成好的证书和私钥位于/etc/letsencrypt/live/www.fish2bird.com/。

root@debian:~# vim /etc/nginx/sites-enabled/default
...
# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	listen [::]:443 ssl default_server;

	ssl_certificate		/etc/letsencrypt/live/www.fish2bird.com/cert.pem;
	ssl_certificate_key	/etc/letsencrypt/live/www.fish2bird.com/privkey.pem;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;
...
root@debian:~# service nginx restart

第六步,浏览器验证

浏览器输入:https://www.fish2bird.com/