摘要:超文本傳輸安全協議英語,縮寫,常稱為,或是一種透過計算器網上進行安全通信的傳輸協議。超文本傳輸安全協議為什么要開啟安全性開啟免費服務我們今天介紹的免費簽名平臺是,安裝過程以為例,如果你使用了其他系統或其他服務類型可前往查看相應部署方法。
HTTPS
超文本傳輸安全協議(英語:Hypertext Transfer Protocol Secure,縮寫:HTTPS,常稱為HTTP over TLS,HTTP over SSL或HTTP Secure)是一種透過計算器網上進行安全通信的傳輸協議。HTTPS經由HTTP進行通信,但利用SSL/TLS來加密數據包。HTTPS開發的主要目的,是提供對網站服務器的身份認證,保護交換數據的隱私與完整性。這個協議由網景公司(Netscape)在1994年首次提出,隨后擴展到互聯網上。—— 超文本傳輸安全協議 from WIKI為什么要開啟HTTPS? 1、SEO 2、安全性 開啟免費HTTPS服務
我們今天介紹的免費簽名平臺是Let"s Encrypt,安裝過程以CentOS 7 + Nginx為例,如果你使用了其他系統或其他服務類型可前往Certbot查看相應部署方法。
安裝提示:如果你在使用RHEL on EC2,你可以運行以下代碼來開啟選項通道(optional channel):
$ yum -y install yum-utils $ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-> server-optional
開啟選項通道后運行下面代碼安裝Certbot:
$ sudo yum install python2-certbot-nginx開始使用
給Certbot安裝Nginx插件:
$ sudo certbot --nginx
運行這個命令會自動為你獲取證書,并且Certbot會自動配置你的Nginx以提供服務。如果你想要手動修改Nginx配置可以使用certonly子命令:
$ sudo certbot --nginx certonly自動配置說明
執行自動配置命令后命令行輸出下文:
# sudo certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter "c" to cancel): [ email@example.com ]
提示你輸入接收緊急更新和安全提示的郵箱,
輸入郵箱鍵入回車進入下一步(輸入"c"并回車放棄設置該郵箱)。
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel:
要求閱讀協議,輸入A同意該協議并繼續。
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let"s Encrypt project and the non-profit organization that develops Certbot? We"d like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o:
詢問郵箱是否接受廣告,輸入N拒絕并繼續。
No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter "c" to cancel):
輸入你的域名(例如:example.me)并繼續。
Obtaining a new certificate Performing the following challenges: http-01 challenge for example.me Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/nginx.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you"re confident your site works on HTTPS. You can undo this change by editing your web server"s configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press "c" to cancel):
選擇是否將http請求重定向至https,輸入1不改變當前服務器配置(不重定向),輸入2將自動配置所有http請求的重定向。
既然我們要開啟https服務就輸入2并繼續。
Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://example.me You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=example.me - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.me/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.me/privkey.pem Your cert will expire on 2019-02-12. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let"s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
出現以上提示就說明配置成功啦,趕快去訪問一下試試吧。
文章版權歸作者所有,未經允許請勿轉載,若此文章存在違規行為,您可以聯系管理員刪除。
轉載請注明本文地址:http://specialneedsforspecialkids.com/yun/40182.html
摘要:本文首發開發指南如何在上安裝讀作,是一個免費的開源的高性能的和反向代理服務,主要負責負載一些訪問量比較大的站點。本教程將會教您如何在的服務器上安裝和管理。倉庫中有的安裝包。期待下次與你相見本文首發開發指南如何在上安裝 showImg(https://segmentfault.com/img/bVbozn1?w=1000&h=530); 本文首發:開發指南:如何在 CentOS 7 上安...
LiteSpeed是一款可以替換Apache的企業級Web服務器,具有高性能,低資源占用,安全,易用的特點。它支持直接使用Apache的配置文件,可直接使用.htacess,無需額外配置,兼容Mod_Security。因此避免像Nginx那樣需要自己寫重寫規則的麻煩。而OpenLiteSpeed是LiteSpeed的開源免費版本,除了保留了LiteSpeed輕量、高性能的特性外,它還加入了非常多的...
摘要:官網全站實踐正式來襲也迎來自己的一個里程碑數正式突破官網作為項目組服務開發者們的重要渠道也迎來了自己的一次重大更新重構升級到全站實現本篇先介紹官網全站實踐先來一張官網效果圖鎮樓靜態資源由托管開啟業務代碼交由執行設置使用協議要實現非常簡單 date: 2018-3-8 13:50:03title: Swoft| Swoft官網全站 HTTP2 實踐 Swoft1.0正式來襲, Swoft...
閱讀 3457·2021-11-17 17:00
閱讀 3818·2021-08-09 13:46
閱讀 2866·2019-08-30 15:54
閱讀 627·2019-08-30 13:54
閱讀 2945·2019-08-29 17:13
閱讀 3218·2019-08-29 14:00
閱讀 2975·2019-08-29 11:11
閱讀 1379·2019-08-26 10:15