环境:阿里云 Centos7 64位
环境配置
1、更新 yum 源
http://mirrors.aliyun.com/hel...
备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
下载新的 CentOS-Base.repo 到 /etc/yum.repos.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
更新
yum makecache yum update
2、设置免密码 ssh 登录
git config --global user.name "your_name" git config --global user.email "your@gmail.com" ssh-keygen -t rsa -C "your@gmail.com" cat ~/.ssh/id_rsa.pub #复制自己本地的id_rsa.pub vi ~/.ssh/authorized_keys #添加自己的id_rsa.pub进去 chmod 600 ~/.ssh/authorized_keys
3、安装 Git
参考 http://blog.csdn.net/jinwufei...
4、安装 oh-my-zsh
参考 https://zhuanlan.zhihu.com/p/...
5、安装 autojump
参考 https://github.com/wting/auto...
6、安装 lnmp
https://github.com/lj2007331/...
7、安装composer
PHP -r "copy('https://getcomposer.org/installer','composer-setup.PHP');" PHP composer-setup.PHP PHP -r "unlink('composer-setup.PHP');" composer config -g repo.packagist composer https://packagist.PHPcomposer.com
8、备份
设置阿里云自动快照备份
9、添加ftp用户
cd ~/lnmp ./pureftpd_vhost.sh
站点配置
1、添加虚拟站点
cd ~/lnmp ./vhost.sh
2、配置 https 功能
采用的是 letsencrypt 提供的免费 HTTPS 证书。
配置方法如下:
wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto cp letsencrypt-auto /bin/letsencrypt chmod -R 755 /bin/letsencrypt service Nginx stop letsencrypt certonly --standalone --email your@mail.com -d domain.com
最后一步如果出现问题的话,删除 ~/.pip/pip.conf,运行
pip install --upgrade pip
然后重新运行
letsencrypt certonly --standalone --email your@mail.com -d domain.com
成功的话看到
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/vickoo.linkerlab.net/fullchain.pem. Your cert will expire on 2017-06-01. To obtain a new or tweaked version of this certificate in the future,simply run letsencrypt again. To non-interactively renew *all* of your certificates,run "letsencrypt renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot,please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
修改Nginx.conf,添加https支持,修改Nginx.conf下面对应项(或者修改虚拟站点里的配置)
listen 443 ssl http2; #listen [::]:443 ssl http2; server_name cdn.loldata.cn; index index.html index.htm index.PHP default.html default.htm default.PHP; root /home/wwwroot/op-gg-spider/storage; ssl on; ssl_certificate /etc/letsencrypt/live/www.loldata.cn-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.loldata.cn-0001/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; ssl_session_cache builtin:1000 shared:SSL:10m;
修改Nginx.conf(或虚拟站点的配置文件),使http自动跳转https,在server添加
server { if ($ssl_protocol = "") { return 301 https://$server_name$request_uri; } }
重启Nginx
service Nginx start
设置自动续费
crontab -e #在文件里添加 * * 1 * * service Nginx stop && letsencrypt renew && service Nginx start
自动脚本
把上面的配置 Https 的步骤写成了一个简单的脚本了,使用方法:
把下面脚本代码复制到任何想放的位置,例如命名为 add-https ,给予执行权限。
第一次运行,请执行下面命令,安装 letsencrypt
./add-https install
用 lnmp 配置好想要的域名
在域名管理后台,把该域名映射到对应的 ip 上
执行以下命令,安装证书
./add-https your.domain
安装后会看到如下提示
#-----Add those below to your.domain.conf----- listen 443 ssl http2; ssl on; ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; ssl_session_cache builtin:1000 shared:SSL:10m; if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }
复制上面内容,到 your.domain.conf 里,运行
service Nginx start
配置完成!
自动脚本如下:
#!/bin/sh if [ "$#" -eq "0" ] then echo "---------How to use?----------- 1. cd /home/lnmp and add a vhost you want under http. 2. back to this directory and run ./add-https your_domain "; elif [ $1 == "install" ] then echo "--------- installing letsencrypt ----------"; wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto mv letsencrypt-auto /bin/letsencrypt chmod -R 755 /bin/letsencrypt rm ~/.pip/pip.conf pip install --upgrade pip echo "--------- success! --------"; else echo "-----Adding Https by letsencrypt----"; service Nginx stop letsencrypt certonly --standalone --email your@email.com -d $1 service Nginx start echo " -----Add those below to $1.conf----- listen 443 ssl http2; ssl on; ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; ssl_session_cache builtin:1000 shared:SSL:10m; if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; } "; fi