Letsencrypt: Skirtumas tarp puslapio versijų
Jump to navigation
Jump to search
ĮSPĖJIMAS
(Jokio skirtumo)
|
Dabartinė 09:52, 26 kovo 2018 versija
Debian Jessie (8.x)[keisti]
echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list sudo apt-get update sudo apt-get install certbot -t jessie-backports sudo certbot certonly -a webroot --webroot-path=/var/www/html -d example.com -d www.example.com
nginx.conf[keisti]
location ~ /.well-known { root /home/useris/public; allow all; }
/etc/nginx/snippets/ssl-params.conf[keisti]
# from https://cipherli.st/ # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable preloading HSTS for now. You can use the commented out header line that includes # the "preload" directive if you understand the implications. #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; ssl_dhparam /etc/ssl/certs/dhparam.pem;
Redirectas i ssl[keisti]
server { listen 80; server_name example.com www.example.com; return 301 https://$server_name$request_uri; }
SSL hostas[keisti]
server { listen 443 ssl; server_name example.com www.example.com; include snippets/ssl-params.conf; ssl_certificate ...path to fullchain.pem; ssl_certificate_key ..path to privkey.pem; }
Cron renew[keisti]
30 2 * * * root /usr/bin/certbot renew --noninteractive --renew-hook "/bin/systemctl reload nginx" >> /var/log/le-renew.log