服务器支持https协议吗,服务器配置https与http2协议-优快云博客

本文档介绍了如何在服务器上安装和配置certBot，以获取Let's Encrypt的免费SSL证书，并详细说明了升级nginx、申请证书以及配置nginx SSL的过程，确保网站支持HTTPS和HTTP/2。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一、环境要求

1. git

2. openSSL 版本要求大于1.0.2

3. nginx 最新稳定版本1.12.2

4. certBot

二、预装环境

请先将openSSL升级到版本>1.0.2,nginx>= 1.12.2

nginx需要升级到1.12.2版本

2.1 安装certBot

cd /

mkdir soft

cd soft

mkdir staticHtml //这个有用处后面会说

git clone https://github.com/certbot/certbot

2.2 配置nginx的certbot认证目录

切换到nginx的conf.d目录。打开需要配置https域名的配置文件，在配置文件的server模块中加入以下的话。

location ^~ /.well-known/acme-challenge/ {

default_type "text/plain";

root /soft/staticHtml;

}

重启nginx以便映射生效

service nginx restart

三、申请证书(免费)

./certbot-auto certonly --webroot -w /ht/websites/httpStaticHtml/ -d buyer-api-ht-test.chinakeguan.cn --email wuhoujian@126.com

./certbot-auto certonly --standalone --email wuhoujian@126.com -d api-test.keguanzhongxin.com

在经过一会时间之后，成功会提示以下信息

IMPORTANT NOTES:

- Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/a.domain.com/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/a.domain.com/privkey.pem

Your cert will expire on 2018-07-02. To obtain a new or tweaked

version of this certificate in the future, simply run certbot-auto

again. To non-interactively renew *all* of your certificates, run

"certbot-auto renew"

- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

注意：如果遇到失败的情况，可以尝试停掉nginx服务然后重试。另外，我们使用的是let's encrypt免费证书，有效期90天，到期后我们需要续期，续期的时候使用：

certbot-auto renew

四、配置nginx SSL

拷贝一份原来http的nginx配置文件，并且修改与新增以下配置。

server {

listen 443 ssl http2;

ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem;

ssl_trusted_certificate /etc/letsencrypt/live/your.domain.com/chain.pem;

}

重启nginx server。

通过浏览器打开https://your.domain.com 即可查看是否成功开启http支持与http2功能了。

完整的nginx配置如下：

server{

listen 443 ssl http2;

server_name your domain;

ssl_certificate /etc/letsencrypt/live/your domain/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/your domain/privkey.pem;

ssl_trusted_certificate /etc/letsencrypt/live/your domain/chain.pem;

#charset koi8-r;

access_log /ht/logs/buyer-access.log main;

location / {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

client_max_body_size 10m;

client_body_buffer_size 128k;

proxy_buffers 32 4k;

proxy_connect_timeout 3;

proxy_send_timeout 30;

proxy_read_timeout 30;

proxy_pass 后端服务地址;

}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root /usr/share/nginx/html;

}

location ^~ /.well-known/acme-challenge/{

default_type "text/plain";

root /soft/staticHtml;

}