{"id":188,"date":"2022-08-31T20:55:11","date_gmt":"2022-08-31T12:55:11","guid":{"rendered":"https:\/\/miie.net\/?p=188"},"modified":"2022-08-31T20:55:11","modified_gmt":"2022-08-31T12:55:11","slug":"setup-nginx-ssl-debian","status":"publish","type":"post","link":"https:\/\/diji.net\/?p=188","title":{"rendered":"DEBIAN11 \u914d\u7f6e\u57df\u540d\u5e76\u542f\u7528SSL"},"content":{"rendered":"

DEBIAN \u914d\u7f6e\u57df\u540d\u5e76\u542f\u7528SSL<\/p>\n

1.\u5c06SSL\u8bc1\u4e66\u6587\u4ef6\u653e\u5728\/etc\/ssl\u76ee\u5f55\u4e0b\uff0c\u653e\u5176\u4ed6\u76ee\u5f55\u4e5f\u53ef\u4ee5\u3002<\/h2>\n

\nmiie_net.pem\nmiie_net.key\n<\/pre>\n<\/p>\n
2. \u5efa\u7acb\u7f51\u7ad9\u8ddf\u76ee\u5f55<\/h2>\n
\nsudo mkdir \/var\/www\/miienet\n<\/pre>\n<\/p>\n
3.\u7f16\u8f91NGINX\u4e3b\u673a\u914d\u7f6e\u6587\u4ef6<\/h2>\n
\nmiie@miie:~$ cd \/etc\/nginx\/sites-available\nmiie@miie:\/etc\/nginx\/sites-available$ sudo cp default miienet\n\nmiie@miie:\/etc\/nginx\/sites-available$ sudo vi miienet\n\n##\n# You should look at the following URL's in order to grasp a solid understanding\n# of Nginx configuration files in order to fully unleash the power of Nginx.\n# https:\/\/www.nginx.com\/resources\/wiki\/start\/\n# https:\/\/www.nginx.com\/resources\/wiki\/start\/topics\/tutorials\/config_pitfalls\/\n# https:\/\/wiki.debian.org\/Nginx\/DirectoryStructure\n#\n# In most cases, administrators will remove this file from sites-enabled\/ and\n# leave it as reference inside of sites-available where it will continue to be\n# updated by the nginx packaging team.\n#\n# This file will automatically load configuration files provided by other\n# applications, such as Drupal or WordPress. These applications will be made\n# available underneath a path with that package name, such as \/drupal8.\n#\n# Please see \/usr\/share\/doc\/nginx-doc\/examples\/ for more detailed examples.\n##\n\n# Default server configuration\n#\nserver {\n        # \u6ce8\u91ca\u4e0b\u9762\u4e24\u884c\uff0c\u4e0d\u76d1\u542c80\u7aef\u53e3\n        #listen 80 default_server;\n        #listen [::]:80 default_server;\n\n        # SSL configuration\n        #\n        # \u4ee5\u4e0b\u4e24\u884c\u6ce8\u91ca\u53bb\u6389\uff0c\u76d1\u542c443\u7aef\u53e3\uff0c\u5e76\u53bb\u6389default_server\n          listen 443 ssl ;\n          listen [::]:443 ssl ;\n        # \u6dfb\u52a0\u4ee5\u4e0b6\u884c\uff0c\u5bfc\u5165\u8bc1\u4e66\n        ssl_certificate  \/etc\/ssl\/miie_net.pem;\n        ssl_certificate_key \/etc\/ssl\/miie_net.key;\n        ssl_session_timeout 5m;\n        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;\n        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n        ssl_prefer_server_ciphers on;\n\n        #\n        # Note: You should disable gzip for SSL traffic.\n        # See: https:\/\/bugs.debian.org\/773332\n        #\n        # Read up on ssl_ciphers to ensure a secure configuration.\n        # See: https:\/\/bugs.debian.org\/765782\n        #\n        # Self signed certs generated by the ssl-cert package\n        # Don't use them in a production server!\n        #\n        # include snippets\/snakeoil.conf;\n\n        # \u914d\u7f6e\u7f51\u7ad9\u8ddf\u76ee\u5f55\n        root \/var\/www\/miienet;\n\n        # Add index.php to the list if you are using PHP\n        index index.html index.htm index.nginx-debian.html index.php;\n\n        # \u914d\u7f6e\u7f51\u7ad9\u57df\u540d\n        server_name miie.net www.miie.net;\n\n        location \/ {\n                # First attempt to serve request as file, then\n                # as directory, then fall back to displaying a 404.\n                try_files $uri $uri\/ =404;\n        }\n\n        # \u542f\u7528PHP\u652f\u6301\n        # pass PHP scripts to FastCGI server\n        #\n        location ~ \\.php$ {\n                include snippets\/fastcgi-php.conf;\n                # With php-fpm (or other unix sockets):\n                fastcgi_pass unix:\/run\/php\/php7.4-fpm.sock;\n                # With php-cgi (or other tcp sockets):\n                #fastcgi_pass 127.0.0.1:9000;\n        }\n\n\n\n        # deny access to .htaccess files, if Apache's document root\n        # concurs with nginx's one\n        #\n        #location ~ \/\\.ht {\n        #       deny all;\n        #}\n}\n\n\n# Virtual Host configuration for example.com\n#\n# You can move that to a different file under sites-available\/ and symlink that\n# to sites-enabled\/ to enable it.\n#\n# \u914d\u7f6ehttp\u7f51\u7ad9\u652f\u6301\nserver {\n       listen 80;\n       listen [::]:80;\n\n       server_name www.miie.net miie.net;\n# \u914d\u7f6ehttp\u8f6c\u53d1\u5230https\n       rewrite ^(.*)$ https:\/\/miie.net;\n#\n#       root \/var\/www\/example.com;\n#       index index.html;\n#\n#       location \/ {\n#               try_files $uri $uri\/ =404;\n#       }\n}\n<\/pre>\n<\/p>\n
4.\u5efa\u7acb\u914d\u7f6e\u6587\u4ef6\u94fe\u63a5<\/h2>\n
\nsudo ln -s \/etc\/nginx\/sites-available\/miienet  \/etc\/nginx\/sites-enabled\/\n<\/pre>\n<\/p>\n
5.\u6d4b\u8bd5\u5e76\u91cd\u542fNGINX<\/h2>\n
\nsudo systemctl reload nginx\nsudo systemctl restart nginx\n<\/pre><\/p>\n","protected":false},"excerpt":{"rendered":"
DEBIAN \u914d\u7f6e\u57df\u540d\u5e76\u542f\u7528SSL 1.\u5c06SSL\u8bc1\u4e66\u6587\u4ef6\u653e\u5728\/etc\/ssl\u76ee\u5f55\u4e0b\uff0c\u653e\u5176\u4ed6\u76ee\u5f55\u4e5f\u53ef\u4ee5\u3002 miie_net.pem miie_net.key 2. \u5efa\u7acb\u7f51\u7ad9\u8ddf\u76ee\u5f55 sudo mkdir \/var\/www\/miienet 3.\u7f16\u8f91NGINX\u4e3b\u673a\u914d\u7f6e\u6587\u4ef6 miie@miie:~$ cd \/etc\/nginx\/sites-available miie@miie:\/etc\/nginx\/sites-available$ sudo cp default miienet miie@miie:\/etc\/nginx\/sites-available$ sudo vi miienet ## # You should look at the following URL’s in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https:\/\/www.nginx.com\/resources\/wiki\/start\/ […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-188","post","type-post","status-publish","format-standard","hentry","category-debian"],"_links":{"self":[{"href":"https:\/\/diji.net\/index.php?rest_route=\/wp\/v2\/posts\/188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diji.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diji.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diji.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diji.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=188"}],"version-history":[{"count":0,"href":"https:\/\/diji.net\/index.php?rest_route=\/wp\/v2\/posts\/188\/revisions"}],"wp:attachment":[{"href":"https:\/\/diji.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diji.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diji.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}