Windows平台下为Nginx部署的站点配置SSL证书,以及自动更新证书
上一篇
1.手动部署SSL证书
可以手动拷贝domain.com.cer和domain.com.key到对应的服务端文件夹下, 再修改站点配置文件即可。当然也可以使用官方提供的命令去自动安装证书, 这里就不展开了。配置文件参考如下:
# another virtual host using mix of IP-, name-, and port-based configuration
#
server {
listen 80;
server_name cimen.club;
root html/cimen.club;
index index.html;
location ~ /.well-known {
allow all;
}
return 301 https://cimen.club$request_uri;
}
# HTTPS server
#
server {
listen 443 ssl;
server_name cimen.club;
root html/cimen.club;
index index.html;
ssl_certificate D:/nginx-1.20.1/ssl/cimen.club/cimen.club.cer;
ssl_certificate_key D:/nginx-1.20.1/ssl/cimen.club/cimen.club.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
#这部分是aria2NG相关 不需要可以移除
location /jsonrpc {
proxy_pass http://127.0.0.1:6800/jsonrpc;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location ~ /.well-known {
allow all;
}
}2.设置自动更新证书
Linux下我们常用Corntab, 而Windows则可以使用自带的计划任务来达到同样的效果, 只不过相比起来有些繁杂。
待测试, 等三个月后自动续订了再放吧。。。
好久没来更,都快忘了这回事……由于需要更改一些配置,索性单独再水一篇吧,有需要的可以参考一下:Windows系统下使用acme.sh搭配计划任务来定时更新ssl证书
阅读剩余
版权声明:
作者:觉
链接:https://cimen.club/249.html
文章版权归作者所有,未经允许请勿转载。
THE END
