Shulou(Shulou.com)06/02 Report--

An introduction to configuring https on your website server

Use Let's Encrypt's free certificate service to enable http to use ssl for encrypted transmission (https://zh.wikipedia.org/wiki/%E5%82%B3%E8%BC%B8%E5%B1%A4%E5%AE%89%E5%85%A8%E5%8D%94%E8%AD%B0) to make your website more secure.

Let's Encrypt

As a public and free SSL project, Let's Encrypt is gradually spread and used by the majority of users. It is initiated by Mozilla, Cisco, Akamai, IdenTrust, EFF and other organizations. The main purpose is to promote the process of website transition from HTTP to HTTPS. At present, more and more businesses have joined and sponsored support.

The emergence of Let's Encrypt free SSL certificate will also deal a blow to the traditional merchants that provide paid SSL certificate service. So far, Let's Encrypt has obtained IdenTrust cross-signature, which means that it can be applied and supported by mainstream browsers, including FireFox and Chrome. Although it is currently in public beta, many users have officially used it in their own website projects.

The operating environment is as follows

[root@www ~] # cat / etc/redhat-release

CentOS Linux release 7.2.1511 (Core)

[root@www] # nginx-V

Nginx version: nginx/1.12.0

Built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)

Built with OpenSSL 1.0.1e-fips 11 Feb 2013

TLS SNI support enabled

Configure arguments:-user=nginx-- group=nginx-- prefix=/application/nginx-1.12.0/-- with-http_v2_module-- with-http_ssl_module-- with-http_sub_module-- with-http_stub_status_module-- with-http_gzip_static_module-- with-pcre

Install certbotyum install certbot: enable EPEL repository

[root@www ~] # yum install-y yum-utils

[root@www~] # yum-config-manager-- enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

Install certbot

[root@www~] # sudo yum install certbot

Git installation certbot: install the git tool:

Installation dependencies:

[root@www ~] # yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel

Download the source code:

[root@www ~] # wget https://github.com/git/git/archive/v2.13.0.tar.gz

Compile and install git:

[root@www ~] # tar-zxf git-2.13.0.tar.gz

[root@www ~] # cd git-2.13.0

[root@www git-2.13.0] # make prefix=/usr/local all

[root@www git-2.13.0] # make prefix=/usr/local install

Update python to more than 2.7:

Check the python version

[root@www git-2.13.0] # python-V

Python 2.4.3

Install the gcc compiler

[root@www ~] # yum-y install gcc

Download the python source code

[root@www ~] # wget https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz

Compile and install python2.7

[root@www ~] # tar-zxf Python-2.7.13.tgz

[root@www ~] # cd Python-2.7.13

[root@www ~] #. / configure

[root@www ~] # make all

[root@www ~] # make install

[root@www ~] # make clean

[root@www ~] # make distclean

Change the python command to point to python2.7

[root@www Python-2.7.13] # mv / usr/bin/python / usr/bin/python2.4

[root@www Python-2.7.13] # ln-s / usr/local/bin/python2.7 / usr/bin/python

[root@www Python-2.7.13] # python-V

Python 2.7.13 # updated successfully

Install certbot

[root@www ~] # git clone https://github.com/letsencrypt/letsencrypt

Obtain a certificate

Obtain the certificate manually

Naming used by yum installation certbot

[root@www] # certbot certonly-- standalone-- email 244819336@qq.com-d czlun.top-d www.czlun.top

Commands used by git to install certbot

[root@www ~] # cd letsencrypt

[root@www letsencrypt] # / letsencrypt-auto certonly-- standalone-- email 244819336@qq.com-d czlun.top-d www.czlun.top

Replace 244819336@qq.com with your own mailbox

Replace czlun.top and www.czlun.top with their own domain names

Location of the certificate

There are four generated key certificate files under the corresponding domain name

[root@www ~] # ls / etc/letsencrypt/live/czlun.top/

Cert.pem chain.pem fullchain.pem privkey.pem README

Cert.pem-Apache server-side certificate

Chain.pem-Apache root certificate and relay certificate

Ssl_certificate files required by fullchain.pem-Nginx

Privkey.pem-Security Certificate KEY File

Configure nginx

Server {

Listen 80

Server_name czlun.top www.czlun.top

Return 301 https://www.czlun.top$request_uri;

}

Server {

Listen 443 ssl

Server_name czlun.top www.czlun.top

Ssl on

Ssl_certificate / etc/letsencrypt/live/czlun.top/fullchain.pem

Ssl_certificate_key / etc/letsencrypt/live/czlun.top/privkey.pem

[other configurations of the domain name host are here]

}

Restart nginx to see that the SSL certificate is valid and the HTTPS can access the site

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.