nginx配置

nginx 命令

1
2
3
4
5
6
yum install nginx
nginx
vim /etc/nginx/nginx.conf
nginx -s reload
nginx -s stop

用certbot签名证书

1
2
3
4
5
6
7
8

yum install epel-release
yum install certbot


certbot certonly --email xxx@qq.com --standalone -d jecy.xyz


会将证书生成到这个目录下 /etc/letsencrypt

1
2
3
4
ls /etc/letsencrypt/

accounts  archive  csr  keys  live  renewal  renewal-hooks

修改nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  jecy.xyz;
        root         /usr/share/nginx/html;

        rewrite ^/(.*)$ https://jecy.xyz/$1 permanent;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

  server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  jecy.xyz;
        root         /usr/share/nginx/html;

        ssl_certificate /etc/letsencrypt/live/jecy.xyz/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/jecy.xyz/privkey.pem;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
        location / {
        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
    }

Let’s Encrypt 90天过期 续期命令

certbot renew