LNMP 一键安装包配置 https

一、安装包

安装大家按照官方说的安装即可。

./install.sh lnmpa

二、配置

为域名 bbs.wzlinux.com 配置虚拟主机

[[email protected] ~]# lnmp vhost add
+-------------------------------------------+
|    Manager for LNMP, Written by Licess    |
+-------------------------------------------+
|              https://lnmp.org             |
+-------------------------------------------+
Please enter domain(example: www.lnmp.org): bbs.wzlinux.com
 Your domain: bbs.wzlinux.com
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for the domain: bbs.wzlinux.com
Default directory: /home/wwwroot/bbs.wzlinux.com:
Virtual Host Directory: /home/wwwroot/bbs.wzlinux.com
Allow access log? (y/n) y
Enter access log filename(Default:bbs.wzlinux.com.log):
You access log filename: bbs.wzlinux.com.log
Please enter Administrator Email Address: [email protected]
Server Administrator Email:[email protected]
Create database and MySQL user with same name (y/n) n
Add SSL Certificate (y/n) y
1: Use your own SSL Certificate and Key
2: Use Let‘s Encrypt to create SSL Certificate and Key
Enter 1 or 2: 2
It will be processed automatically.

Press any key to start create virtul host...

Create Virtul Host directory......
set permissions of Virtual Host directory......
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

Reload Nginx......
Test Apache configure file...
test apache configure... Syntax OK
 done
Restart Apache...
graceful apache...  done
--2019-05-08 16:15:37--  https://soft.vpser.net/lib/acme.sh/latest.tar.gz
Resolving soft.vpser.net (soft.vpser.net)... 50.93.201.152, 2600:3c01::f03c:91ff:fe92:1a06
Connecting to soft.vpser.net (soft.vpser.net)|50.93.201.152|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 128963 (126K) [application/octet-stream]
Saving to: ‘latest.tar.gz’

100%[==========================================================================================================================================================================================>] 128,963      296KB/s   in 0.4s   

2019-05-08 16:15:39 (296 KB/s) - ‘latest.tar.gz’ saved [128963/128963]

[Wed May  8 16:15:39 CST 2019] It is recommended to install socat first.
[Wed May  8 16:15:39 CST 2019] We use socat for standalone server if you use standalone mode.
[Wed May  8 16:15:39 CST 2019] If you don‘t use standalone mode, just ignore this warning.
[Wed May  8 16:15:39 CST 2019] Installing to /usr/local/acme.sh
[Wed May  8 16:15:39 CST 2019] Installed to /usr/local/acme.sh/acme.sh
[Wed May  8 16:15:39 CST 2019] Installing alias to ‘/root/.bashrc‘
[Wed May  8 16:15:39 CST 2019] OK, Close and reopen your terminal to start using acme.sh
[Wed May  8 16:15:39 CST 2019] Installing alias to ‘/root/.cshrc‘
[Wed May  8 16:15:39 CST 2019] Installing alias to ‘/root/.tcshrc‘
[Wed May  8 16:15:39 CST 2019] Installing cron job
no crontab for root
no crontab for root
[Wed May  8 16:15:39 CST 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Wed May  8 16:15:39 CST 2019] OK
Redirecting to /bin/systemctl restart crond.service
Note: Forwarding request to ‘systemctl enable crond.service‘.
Starting create SSL Certificate use Let‘s Encrypt...
[Wed May  8 16:15:41 CST 2019] Registering account
[Wed May  8 16:15:43 CST 2019] Registered
[Wed May  8 16:15:43 CST 2019] ACCOUNT_THUMBPRINT=‘-cKHSTDQhjSIjWvO8OFcqx4cURrIDG88TaHlE_OkRDM‘
[Wed May  8 16:15:43 CST 2019] Creating domain key
[Wed May  8 16:15:43 CST 2019] The domain key is here: /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.key
[Wed May  8 16:15:43 CST 2019] Single domain=‘bbs.wzlinux.com‘
[Wed May  8 16:15:43 CST 2019] Getting domain auth token for each domain
[Wed May  8 16:15:44 CST 2019] Getting webroot for domain=‘bbs.wzlinux.com‘
[Wed May  8 16:15:45 CST 2019] Verifying: bbs.wzlinux.com
[Wed May  8 16:15:48 CST 2019] Success
[Wed May  8 16:15:48 CST 2019] Verify finished, start to sign.
[Wed May  8 16:15:48 CST 2019] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/56638729/438522172
[Wed May  8 16:15:50 CST 2019] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/046b73070d79dd7f8275ef2ce8235ddab879
[Wed May  8 16:15:50 CST 2019] Cert success.
[Wed May  8 16:15:50 CST 2019] Your cert is in  /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.cer
[Wed May  8 16:15:50 CST 2019] Your cert key is in  /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.key
[Wed May  8 16:15:50 CST 2019] The intermediate CA cert is in  /usr/local/nginx/conf/ssl/bbs.wzlinux.com/ca.cer
[Wed May  8 16:15:50 CST 2019] And the full chain certs is there:  /usr/local/nginx/conf/ssl/bbs.wzlinux.com/fullchain.cer
[Wed May  8 16:15:51 CST 2019] Run reload cmd: /etc/init.d/nginx reload
Reload service nginx...  done
[Wed May  8 16:15:51 CST 2019] Reload success
Let‘s Encrypt SSL Certificate create successfully.
Create dhparam.pem...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........................................................................................................................................................................................................................................+....................................................................................+..............................................................................+..............................................................................+...............................................................................................................................+.....+.............................+...............................................................................................................................+......+.......................................+...........................................................................................................+.....................................................................................................................................................................................................................................................+.................................................................+.........................................................................+...................................................+....................................................................+......................................................................................+......................+.........+...................................................................+...................................+................................................................................................+...............................................................+......................................................................+...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.........+.....................+....................++*++*
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
================================================
Virtualhost infomation:
Your domain: bbs.wzlinux.com
Home Directory: /home/wwwroot/bbs.wzlinux.com
Enable log: yes
Create database: no
Create ftp account: no
Enable SSL: yes
  =>Let‘s Encrypt
================================================

添加好测试页面,就可以了,我们发现也是正常的。

三、查看配置文件

首先查看 Nginx 配置文件 /usr/local/nginx/conf/vhost/bbs.wzlinux.com.conf,我们看到 http 和 https 都是可以访问的。

server
    {
        listen 80;
        #listen [::]:80;
        server_name bbs.wzlinux.com ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/bbs.wzlinux.com;

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include proxy-pass-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/bbs.wzlinux.com.log;
    }

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name bbs.wzlinux.com ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/bbs.wzlinux.com;
        ssl on;
        ssl_certificate /usr/local/nginx/conf/ssl/bbs.wzlinux.com/fullchain.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/bbs.wzlinux.com/bbs.wzlinux.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include proxy-pass-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/bbs.wzlinux.com.log;
    }

3.1、设定强制跳转 https

方法1:可以在server 80 里面添加一个一个重定向。

rewrite ^(.*)$  https://$host$1 permanent;

或者

server_name bbs.wzlinux.com;
rewrite ^(.*)$  https://$server_name$1 permanent;

或者

listen 80;
server_name bbs.wzlinux.com bbs1.wzlinux.com bbs2.wzlinux.com;
if ($host != ‘bbs.wzlinux.com‘) {
      rewrite ^/(.*)$ https://bbs.wzlinux.com/$1 permanent;
    }

或者

if ($http_x_forwarded_proto != "https")
        {
            rewrite  ^/(.*)$  https://$host/$1 permanent;
        }

或者

if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }

或者使用 return

if ($server_port = 80 ) {
                return 301 https://$host$request_uri;
        }

或者

return 301 https://$host$request_uri;

3.2 Rewrite 常用全局变量举例

变量  说明
$args   存放了请求url中的请求指令。比如http://www.myweb.name/server/source?arg1=value1&arg2=value2中的arg1=value1&arg2=value2
$content_length 存放请求头中的Content-length字段
$content_type   存放了请求头中的Content-type字段
$document_root  存放了针对当前请求的根路径
$document_uri   请求中的uri,不包含请求指令 ,比如比如http://www.myweb.name/server/source?arg1=value1&arg2=value2中的/server/source
$host   存放了请求url中的主机字段,比如比如http://www.myweb.name/server/source?arg1=value1&arg2=value2中的www.myweb.name。如果请求中的主机部分字段不可用或者为空,则存放nginx配置中该server块中server_name指令的配置值
$http_user_agent    存放客户端的代理
$http_cookie    cookie
$limit_rate nginx配置中limit_rate指令的配置值
$remote_addr    客户端的地址
$remote_port    客户端与服务器端建立连接的端口号
$remote_user    变量中存放了客户端的用户名
$request_body_file  存放了发给后端服务器的本地文件资源的名称
$request_method 存放了客户端的请求方式,如get,post等
$request_filename   存放当前请求的资源文件的路径名
$requset_uri    当前请求的uri,并且带有指令
$query_string   $args含义相同
$scheme 客户端请求使用的协议,如http,https,ftp等
$server_protocol    客户端请求协议的版本,如”HTTP/1.0”,”HTTP/1.1”
$server_addr    服务器的地址
$server_name    客户端请求到达的服务器的名称
$server_port    客户端请求到达的服务器的端口号
$uri    同 $document_uri

原文地址:https://blog.51cto.com/wzlinux/2391231

时间: 2024-10-08 10:44:08

LNMP 一键安装包配置 https的相关文章

LNMP一键安装包 – 简单单单配置好linux服务器

lnmp-org 网站.独立博客越做越大,腰包越来越鼓,不少做网站的朋友明显感受到了虚拟主机已经不足以满足自己网站的负载,加之服务器硬件以及带宽的成本降低,价格已趋于平民,于是纷纷将原有的虚拟主机升级为VPS甚至是独立主机,可是随之而来的就是很多技术上的问题,如网站环境的搭建,VPS的系统配置等让人头痛,不过今天张自然为大家介绍一款软件可以让您简单又迅速的配置好您的VPS或独立主机.当然,张自然的小博客不需要! LNMP一键安装包是一个用Linux Shell编写的可以为CentOS/RadHa

LNMP一键安装包+Thinkphp搭建基于pathinfo模式的路由(可以去除url中的.php)

LNMP一键安装包是一个用Linux Shell编写的可以为CentOS/RadHat/Fedora.Debian/Ubuntu/Raspbian/Deepin VPS或独立主机安装LNMP(Nginx/MySQL/PHP).LNMPA(Nginx/MySQL/PHP/Apache).LAMP(Apache/MySQL/PHP)生产环境的Shell程序.同时提供一些实用的辅助工具如:虚拟主机管理.FTP用户管理.Nginx.MySQL/MariaDB.PHP的升级.常用缓存组件Redis.Xca

CentOS7下安装lnmp一键安装包

上一篇说到CentOS7无法使用yum安装,把这个问题解决后,就开始安装环境lnmp一键安装包,建议新手还是选择lnmp一键安装包吧,至于为什么?大家都懂,省心省事省时间没毛病! 首先输入命令检查一下是否已安装 screen -S lnmp 如果提示screen: command not found 命令不存在即表示没有安装,如图: 则可以使用命令yum install screen 或 apt-get install screen安装 yum install screen apt-get in

lnmp一键安装包 虚拟主机问题

lnmp一键安装包淌过的坑  --手动虚拟主机配置 安装一键包的时候教程 官网也有虚拟主机的教程 一下示例: 后来自己手动去做 就遇到了一个大家都遇到的问题 及时安装让nginx支持解析PHP脚本解析 网上也有一些示例 但是配置了 不是502 就是下载文件 一般 nginx 虚拟主机配置 颜色标出解析PHP配置的一块 # 虚拟主机以server进行定义 server {     # 监听的端口,多个端口之间使用空格进行间隔     listen       80;     # 用来定义访问的ip

lowendscript:适用于64MB内存的LNMP一键安装包

简介 lowendscript lnmp一键部署script是由本国兄弟David Pennington制作的,长处:最大化节流资源支付.相形军哥的lnmp一键部署包要简单.轻便的多,磁盘当空占用也少.部署lowendscript lnmp一键包适用于Ubuntu.Debian系统,概括其他版本Linux系统来说,Debian 32位系统下部署对立占用资源起码. 部署 1.下载lowendscript部署script wget --no-check-certificate https://raw

LNMP一键安装包 V1.1 发布

LNMP一键安装包 是一个用Linux Shell编写的可以为CentOS/RadHat.Debian/Ubuntu VPS(VDS)或独立主机安装LNMP(Nginx.MySQL/MariaDB.PHP.phpMyAdmin)生产环境的Shell程序.同时提供一些实用的辅助脚本如:可以帮助完成Nginx.MySQL/MariaDB.PHP的升级.常用缓存组件的安装.重置MySQL root密码.502自动重启.日志切割等许多实用脚本. 时间匆匆流过,又快到一年一度的六一儿童节了,同时端午假期也

LNMP一键安装包 V1.1 通告

LNMP一键安装包 是一个用Linux Shell编写的能够为CentOS/RadHat.Debian/Ubuntu VPS(VDS)或独立主机安装LNMP(Nginx.MySQL/MariaDB.PHP.phpMyAdmin)生产环境的Shell程序.同一时候提供一些有用的辅助脚本如:能够帮助完毕Nginx.MySQL/MariaDB.PHP的升级.经常使用缓存组件的安装.重置MySQL rootpassword.502自己主动重新启动.日志分割等很多有用脚本. 时间匆匆流过,又快到一年一度的

LNMP一键安装包 V1.1 公布

LNMP一键安装包 是一个用Linux Shell编写的能够为CentOS/RadHat.Debian/Ubuntu VPS(VDS)或独立主机安装LNMP(Nginx.MySQL/MariaDB.PHP.phpMyAdmin)生产环境的Shell程序.同一时候提供一些有用的辅助脚本如:能够帮助完毕Nginx.MySQL/MariaDB.PHP的升级.经常使用缓存组件的安装.重置MySQL rootpassword.502自己主动重新启动.日志分割等很多有用脚本. 时间匆匆流过,又快到一年一度的

thinkphp5在lnmp一键安装包虚拟域名提示500(转)

域名指定到根目录下一切都ok,唯独指向public下之后就一直提示500错误 打开了display_errors 提示 open_basedir 错误 然而域名的配置文件下并没有open_basedir,目录下的.user.ini改成public的上一层目录即网站根目录也无济于事 最后发现是fastcgi.conf中的open_basedir在捣鬼,将: "open_basedir=$document_root/:/tmp/:/proc/" 改成: "open_basedir