nginx扩展conf配置文件和https

友則_Tomonori
900 阅读1分钟

转载我的个人博客:tomonori.cc

记录自己服务器中配置nginx配置文件从其他的扩展配置,简化nginx.conf,按站点配置,更能直观修改和查看

# nginx.conf
worker_processes  1;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    # 此处include进vhost目录下的所有.conf文件
    include       vhost/*.conf;
    default_type  application/octet-stream;

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
}
  • 在nginx.conf同目录创建vhost目录
# /usr/local/nginx/conf/
mkdir vhost
  • 创建一个toy.conf文件
# /usr/local/nginx/conf/
touch toy.conf
  • 编写站点配置
# vhost/toy.conf
server {
        listen 80;
        server_name toy.reimu.ru;

        location / {
                root /home/frontend/marisa;
                index index.html;
        }

        location /api/v1/ {
                proxy_pass http://127.0.0.1:3000/;
        }
}
  • https(证书使用let's encrypt免费证书)
# vhost/toy.conf
server {
    listen 443 ssl;
    server_name toy.reimu.ru;

    root /home/frontend/marisa;
    index index.html;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/toy.reimu.ru/privkey.pem;

    location / {
        try_files $uri $uri/ =404;
    }

    location /api/v1/ {
        proxy_pass http://127.0.0.1:3000/;
    }
}
  • 使用certbot-auto续签let's encrypt
# 安装并给予可执行权限
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
# 需要安装python依赖

如果是第一次的话,需要输入你的邮箱和其他相关信息,我过去有签过let's encrypt,在/etc/letsencrypt/目录下有存在ssl证书路径

  • 检查和续签
# 检查是否过期
./certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: toy.reimu.ru
    Domains: toy.reimu.ru
    Expiry Date: 2019-03-19 12:02:01+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/toy.reimu.ru/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

# 续签
./certbot-auto renew --cert-name toy.reimu.ru

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/toy.reimu.ru.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for toy.reimu.ru
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/toy.reimu.ru/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@vultr:/home/download# ./certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: toy.reimu.ru
    Domains: toy.reimu.ru
    Expiry Date: 2019-06-23 02:24:26+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/toy.reimu.ru/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/toy.reimu.ru/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
avatar
文章
阅读
粉丝