网站颁发免费ssl证书,https

原创

那时一个人 2024-03-05 13:35:42 ©著作权

文章标签 nginx IP Real 文章分类 HarmonyOS 后端开发

©著作权归作者所有：来自51CTO博客作者那时一个人的原创作品，请联系作者获取转载授权，否则将追究法律责任

https://github.com/acmesh-official/acme.sh 我使用的是nginx, 主要使用的命令:

curl https://get.acme.sh | sh -s email=my@example.com
source ~/.barshrc
# 使用该命令需要先配置带有域名的nginx 配置文件
acme.sh --issue -d mydomain.com --nginx

nginx 配置文件:

server {
                listen 80 ;
                listen [::]:80 ;
                server_name mydomain.com;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                location / {
                 proxy_pass http://localhost:8018;


       }

}

执行命令acme.sh --issue -d mydomain.com --nginx 后手动添加ssl 相关配置

server {
                listen 80 ;
                listen [::]:80 ;
                server_name mydomain.com;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                location / {
                 proxy_pass http://localhost:8018;


       }

}
server {
  #监听443端口
    listen 443 ;
    #你的域名
    server_name mydomain.com;
    ssl on;
    #ssl证书的pem文件路径
    ssl_certificate  /root/.acme.sh/mydomaincom_ecc/mydomain.com.cer;
    #ssl证书的key文件路径
    ssl_certificate_key /root/.acme.sh/mydomain.com/mydomain.com.key;

     proxy_set_header X-Forwarded-Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Host $http_host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-NginX-Proxy true;
    client_max_body_size 100m;

        location / {
          proxy_pass http://localhost:8018;

}

}