部署环境
- Ubuntu
- CentOS, TencentOS Server
获取 SSL 证书(letsencrypt)
Ubuntu 安装 Certbot
sudo apt install certbot
CentOS, TencentOS Server 安装 Certbot
sudo yum install certbot
使用 Certbot standalone 获取(只可单域名证书)
开放 80 端口,确保 80 端口没有被其他应用占用(例如暂时关闭 Nginx)
sudo certbot certonly --standalone --preferred-challenges http --agree-tos --email you@example.com -d www.example.com
使用 Certbot manual 获取(可获取泛域名证书)
不需要开放 80 端口,需要用到 DNS 解析中的 TXT记录。具体用法请按照以下命令发出的提示。
sudo certbot certonly --manual -d www.example.com --agree-tos --email you@example.com --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
*获取泛域名证书
sudo certbot certonly --manual -d *.example.com -d example.com --agree-tos --email you@example.com --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory
获取成功后,证书将会存储在 /etc/letsencrypt
目录下。
配置 Nginx
编辑 Nginx WordPress 文件
sudo nano /etc/nginx/sites-available/wordpress.conf
以域名 www.example.com 为例子
server {
listen 80;
server_name www.example.com;
server_tokens off;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
root /usr/local/lsws/wordpress/wordpress/wordpress;
index index.php index.html;
server_name www.example.com;
server_tokens off;
access_log /var/log/nginx/www.access.log;
error_log /var/log/nginx/www.error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
完成后先在 WordPress 设置界面更改网址为 HTTPS,再重启 Nginx, 此时再进入就会自动跳转到 HTTPS。
*letencrypt 免费证书有效期为3个月。
发表评论须遵守中华人民共和国相关法律法规。违规评论将会被删除。
Comments must subject to the relevant laws and regulations of the People’s Republic of China. Offending comments will be deleted.