- 安装nginx(注意需要安装ssl模块)
安装gcc#查看gcc版本 gcc -V #安装gcc yum -y install gcc
安装pcre pcre-devel
yum install -y pcre pcre-devel
安装zlib
yum install -y zlib zlib-devel
安装openssl
yum install -y openssl openssl-devel
下载最新稳定版nginx-1.20.1并安装
wget http://nginx.org/download/nginx-1.20.1.tar.gz tar -zxvf nginx-1.20.1.tar.gz cd nginx-1.20.1 #配置添加ssl模块 ./configure --prefix=/usr/local/nginx --with-http_ssl_module make make install #查看nginx所含模块 /usr/local/nginx/sbin/nginx -V #加入nginx环境变量方便使用 vi /etc/profile PATH=$PATH:/usr/local/nginx/sbin export PATH source /etc/profile
- 安装acme.sh
#回到root根目录 cd curl https://get.acme.sh | sh
设置acme.sh别名方便使用
alias acme.sh=~/.acme.sh/acme.sh echo 'alias acme.sh=~/.acme.sh/acme.sh' >>/etc/profile source /etc/profile
更改acme.sh获取zeroSSL证书
参考https://www.ffis.me/archives/2110.html
注意:如果域名没有使用DNSPod动态解析的,用下述命令配置默认证书获取来源acme.sh --set-default-ca --server zerossl
注意:如果域名没有使用DNSPod动态解析的,用下述命令申请证书
acme.sh --issue -d xxx.com --nginx /usr/local/nginx/conf/nginx.conf
请先把nginx的server_name xxxx.com 配置为在用域名,并启动nginx。
安装证书acme.sh --install-cert -d xxx.com \ --key-file /usr/local/nginx/conf/ssl/xxx.com.key \ --fullchain-file /usr/local/nginx/conf/ssl/xxx.com.crt \ --reloadcmd "systemctl force-reload nginx.service"
配置nginx ssl证书
server { listen 443 ssl; server_name xxx.com; root html; index index.html index.htm; ssl_certificate /usr/local/nginx/conf/ssl/xxx.com.cer; ssl_certificate_key /usr/local/nginx/conf/ssl//xxx.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }