2. OS
  3. go-acme编译及nginx支持SSL配置、自定义端口(非80/443)

go-acme编译及nginx支持SSL配置、自定义端口(非80/443) Linux

mowen 2024-08-21 827

安装编译环境,同时需要go 1.22+

1
apt install build-essential && golang-1.22


安装golangci-lint

1
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.60.2


源码安装go-acme

1
2
3
4
5
cd /opt
git clone git@github.com:go-acme/lego.git
cd lego
make        # tests + doc + build
make build  # only build
1
2
3
vim ~/.bashrc
export PATH=$PATH:/root/go/bin/:/opt/lego/dist
lego -v


关闭nginx

1
systemctl stop nginx


签发证书

1
lego --email="test@test.com" --domains="test.com" --path="/opt/ssl/" -a --http run


提前45天续签证书

1
lego --email="test@test.com" --domains="test.com" --path="/opt/ssl/" -a --http renew --days 45


自定义端口(可选)

1
2
3
4
--http.port
--tls.port
 
https://go-acme.github.io/lego/usage/cli/options/index.html#port-usage


nginx配置ssl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name test.com www.test.com;
     
    # SSL证书及配置
    ssl_certificate /opt/ssl/certificates/test.com.crt;
    ssl_certificate_key /opt/ssl/certificates/test.com.key;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
     
    # 强制跳转https
    #if ($server_port !~ 443){
    #    rewrite ^(/.*)$ https://$host$1 permanent;
    #}
 
    # 网站的其他配置...
}


最新回复 (0)
返回
发新帖
X