有个网站打开速度特别慢,严重怀疑是SSL造成的跳转问题。鉴于已经有了docker SSL经验,于是试试。
# 创建验证目录:
mkdir -p /var/www/certbot
# 修改配置文件:/etc/nginx/conf.d/eait.co.conf 此处需要先添加才行,然后给nginx传递挑战目录(docker用的)
location ^~ /.well-known/acme-challenge/ {
root /var/www/certbot;
default_type "text/plain";
try_files $uri =404;
}
# 然后reload
nginx -t && systemctl reload nginx
# 验证挑战目录可用
echo test > /var/www/certbot/.well-known/acme-challenge/ping
curl http://eait.co/.well-known/acme-challenge/ping
curl http://notes.coremix.net/.well-known/acme-challenge/ping
# 执行,更换邮箱:
docker run --rm \
-v /etc/letsencrypt:/etc/letsencrypt \
-v /var/www/certbot:/var/www/certbot \
certbot/certbot certonly --webroot \
-w /var/www/certbot \
-m your@email.com --agree-tos --no-eff-email \
-d xxx.com -d xxx.xxx2.com -d notes.coremix.net
# 成功后会有个目录(一般是主域名)
/etc/letsencrypt/live/eait.co/fullchain.pem
/etc/letsencrypt/live/eait.co/privkey.pem
# 跳转后的整体文件(改端口和目录):
server {
listen 80;
server_name www.xxxx.com;
location ^~ /.well-known/acme-challenge/ {
root /var/www/certbot;
default_type "text/plain";
try_files $uri =404;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name www.xxxx.com;
ssl_certificate /etc/letsencrypt/live/coremix.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/coremix.net/privkey.pem;
client_max_body_size 100M;
location / {
proxy_pass http://127.0.0.1:8091;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 300;
}
}