https是大势所趋,我们不能落后,今天就玩转https,安装证书Let'sEncryptLet'sEncrypt是一个免费的、开放的、自动化的证书颁发机构(CA),为公众利益而运行。具体还是使用Docker安装创建一个/docker/certbot/conf文件夹用于存放证书文件(也可以改成自己喜欢的路径,别忘了改配置)mkdir-p/docker/certbot/confrundocker命令dockerrun-it--rm-p88:80--namecertbot-v"/docker/certbot/conf:/etc/letsencrypt"-v"/docker/www/html:/usr/share/nginx/html"certbot/certbotcertonly--webroot-w/usr/share/nginx/html--email你的邮箱-d你的网站域名(不带http)这里我们挂载两个文件夹,一个是/docker/certbot/conf(存储证书),一个是/docker/www/html(网站根目录),邮箱和域名不要忘记替换。看过我上一篇文章的朋友可能已经注意到,docker-compose.yml这个文件之前是用来运行docker的。这次怎么改成运行命令了?这是有一点复杂的原因。一是这个命令只需要运行一次,二是不知道怎么写...docker安装好后,不出意外的话,会看到一个窗口让你选择在控制台输入A(同意)就可以了。有了这个,应该安装证书。修改Nginx的docker-compose.ymlcd/docker/nginxvidocker-compose.ymlversion:"3.5"networks:zf_site_network:name:zf_site_networkservices:nginx:container_name:nginximage:nginxprivileged:trueports:-"80:80"-"443:443“重新启动:总是卷:-/docker/www:/usr/share/nginx/www-/docker/nginx/conf:/etc/nginx/conf.d-/docker/certbot/conf:/etc/letsencrypt#mountcertificatefolder-/docker/nginx/logs:/var/log/nginx#mountlognetworks:-zf_site_networkenvironment:-TZ=Asia/Shanghairestartnginxdocker-composeup-dconfigureNginx在第二章我们创建了你的域name_80.conf这个配置文件:server{listen80;server_name你的域名;根网站根目录;location/{indexindex.phpindex.html;}if(!-e$request_filename){最后重写^/(.*)/index.php/$1;}位置~\.php(.*)${fastcgi_passphp:9000;fastcgi_indexindex.php;fastcgi_split_path_info^((?U).+\.php)(/?.+)$;fastcgi_paramSCRIPT_FILENAME$document_root$fastcgi_script_name;fastcgi_paramPATH_INFO$fastcgi_path_info;fastcgi_paramPATH_TRANSLATED$document_root$fastcgi_path_info;包括fastcgi_params;}}现在修改它:server{listen80;server_name你的域名;重写^(.*)https://$host$1permanent;}server{listen443ssl;server_name你的域名;根网站根目录;location/{indexindex.phpindex.html;}if(!-e$request_filename){最后重写^/(.*)/index.php/$1;}location~\.php(.*)${fastcgi_passphp:9000;fastcgi_indexindex.php;fastcgi_split_path_info^((?U).+\.php)(/?.+)$;fastcgi_paramSCRIPT_FILENAME$document_root$fastcgi_script_name;fastcgi_paramPATH_INFO$fastcgi_path_info;fastcgi_paramATRANSLPATH_TRAED$document_root$fastcgi_path_info;包括fastcgi_params;}SSL开启;ssl_certificate/etc/letsencrypt/live/你的域名/fullchain.pem;ssl_certificate_key/etc/letsencrypt/live/你的域名/privkey.pem;ssl_session_timeout5m;TLSv1.1TLSv1.2;ssl_ciphersECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;ssl_prefer_server_ciphers开启;字符集utf-8;access_log/var/log/nginx/你的域名.access.logmain;error_log/var/log/nginx/你的域名.error.logwarn;}重启Nginxdockerrestartnginx(镜像名)访问浏览器现在访问你自己的域名看看是不是变成https了?
