保护我的web app安全-为网页加入SSL安全证书

本文为博客—(使用google cloud部署基于flask的网站)的后续部分😎
本文内容的目的使确保到你的服务器的流量是安全的,并使用“Let’s Encrypt”来获取免费的证书;
下面就是我们的实现部分:
1.升级ubuntu的apt,并且下载一些libraries,否则下一步会出现bug

sudo apt update
sudo apt-get install software-properties-common

2.添加Certbot Ubuntu存储库:

sudo add-apt-repository ppa:certbot/certbot

3.安装Certbot的Nginx软件包:

sudo apt install python-certbot-nginx

4.Certbot提供了多种通过插件获取SSL证书的方法。Nginx插件将负责重新配置Nginx并在必要时重新加载配置。要使用此插件,请键入以下内容:

sudo certbot --nginx -d your_domain -d www.your_domain

将输出:

Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

选择1或者2,然后按Enter如果不想总更换安全信息,选择1,否则选2
接下来还会有一个选择,关于暂时的时间长短,选择1或2再Enter
下面是正常的输出代码,恭喜你,你的网站现在安全了!

NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your_domain/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your_domain/privkey.pem
   Your cert will expire on 2018-07-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

我们不再需要冗余HTTP配置文件配置:

sudo ufw delete allow 'Nginx HTTP'

下次访问,请使用==https://==导航到你的域

https://your_domain

不过,立即查看的时候,小锁头没有立即出现,但是过了5分钟,再次访问,你就发现,有小锁头了欸!👏
在这里插入图片描述

  • 2
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值