环境:阿里云 Centos7 64位

Paste_Image.png

环境配置

1、更新 yum 源

http://mirrors.aliyun.com/hel...

  • 备份

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
  • 下载新的 CentOS-Base.repo 到 /etc/yum.repos.d/

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
  • 更新

yum makecache
yum update
2、设置免密码 ssh 登录
git config --global user.name "your_name"
git config --global user.email "your@gmail.com"
ssh-keygen -t rsa -C   "your@gmail.com"
cat ~/.ssh/id_rsa.pub   #复制自己本地的id_rsa.pub
vi ~/.ssh/authorized_keys   #添加自己的id_rsa.pub进去
chmod 600 ~/.ssh/authorized_keys
3、安装 Git

参考 http://blog.csdn.net/jinwufei...

4、安装 oh-my-zsh

参考 https://zhuanlan.zhihu.com/p/...

5、安装 autojump

参考 https://github.com/wting/auto...

6、安装 lnmp

https://github.com/lj2007331/...

7、安装composer
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"

composer config -g repo.packagist composer https://packagist.phpcomposer.com
8、备份

设置阿里云自动快照备份

9、添加ftp用户
cd ~/lnmp
./pureftpd_vhost.sh

站点配置

1、添加虚拟站点
cd ~/lnmp    
./vhost.sh

2、配置 https 功能
采用的是 letsencrypt 提供的免费 HTTPS 证书。

配置方法如下:

wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto

cp  letsencrypt-auto /bin/letsencrypt

chmod -R 755  /bin/letsencrypt

service nginx stop

letsencrypt certonly --standalone --email your@mail.com -d domain.com

最后一步如果出现问题的话,删除 ~/.pip/pip.conf ,运行

 pip install --upgrade pip

然后重新运行

letsencrypt certonly --standalone --email your@mail.com -d domain.com

成功的话看到

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/vickoo.linkerlab.net/fullchain.pem. Your cert
   will expire on 2017-06-01. To obtain a new or tweaked version of
   this certificate in the future, simply run letsencrypt again. To
   non-interactively renew *all* of your certificates, run
   "letsencrypt renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

修改nginx.conf,添加https支持,修改nginx.conf下面对应项(或者修改虚拟站点里的配置)

listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name cdn.loldata.cn;
index index.html index.htm index.php default.html default.htm default.php;
root  /home/wwwroot/op-gg-spider/storage;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.loldata.cn-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.loldata.cn-0001/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_session_cache builtin:1000 shared:SSL:10m;

修改nginx.conf(或虚拟站点的配置文件),使http自动跳转https,在server添加

server
{
      if ($ssl_protocol = "") { 
            return 301 https://$server_name$request_uri; 
      }
}

重启nginx

service nginx start

设置自动续费

crontab -e
#在文件里添加
* * 1 * * service nginx stop && letsencrypt renew && service nginx start

自动脚本

把上面的配置 Https 的步骤写成了一个简单的脚本了,使用方法:

  • 把下面脚本代码复制到任何想放的位置,例如命名为 add-https ,给予执行权限。

  • 第一次运行,请执行下面命令,安装 letsencrypt
    ./add-https install

  • 用 lnmp 配置好想要的域名

  • 在域名管理后台,把该域名映射到对应的 ip 上

  • 执行以下命令,安装证书
    ./add-https your.domain

  • 安装后会看到如下提示

#-----Add those below to your.domain.conf-----
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_session_cache builtin:1000 shared:SSL:10m;

if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }

复制上面内容,到 your.domain.conf 里,运行

service nginx start

配置完成!

自动脚本如下:

#!/bin/sh
if [ "$#" -eq "0" ]
then
   echo "---------How to use?-----------
1. cd /home/lnmp and add a vhost you want under http.
2. back to this directory and run
./add-https your_domain
";
elif [ $1 == "install" ]
then
  echo "--------- installing letsencrypt ----------";
  wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto
  mv  letsencrypt-auto /bin/letsencrypt
  chmod -R 755  /bin/letsencrypt
  rm ~/.pip/pip.conf
  pip install --upgrade pip
  echo "--------- success! --------";
else
  echo "-----Adding Https by letsencrypt----";
  service nginx stop
  letsencrypt certonly --standalone --email your@email.com -d $1
  service nginx start
  echo "


-----Add those below to $1.conf-----
  listen 443 ssl http2;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
  ssl_session_cache builtin:1000 shared:SSL:10m;


  if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }
";
fi

X先生
317 声望786 粉丝

腾讯TEG研发管理部小小后台攻城狮一枚,负责腾讯敏捷产品研发平台TAPD的基础功能的开发和维护,热爱技术,喜欢分享,欢迎与我交流~


引用和评论

0 条评论