证书准备工作
Install https
配置说明
https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E安装 acme.sh
curl https://get.acme.sh | sh
acme.sh 会被安装到 home 目录下
cd ~/.acme.sh/
并创建 一个 bash 的 alias, 方便使用:
alias acme.sh=~/.acme.sh/acme.sh
从阿里云 申请 key / secret
export Ali_Key="LTAIGeWI5I4X1qNi" export Ali_Secret="8ypTj8BiFstqStRaaPOziGMpqmKGjK"
生成证书
acme.sh --issue --dns dns_ali -d "*.example.top" -d example.top
记录保存路径
[Tue May 22 08:13:47 EDT 2018] Your cert is in /root/.acme.sh/*.example.top/*.example.top.cer ### important [Tue May 22 08:13:47 EDT 2018] Your cert key is in /root/.acme.sh/*.example.top/*.example.top.key [Tue May 22 08:13:47 EDT 2018] The intermediate CA cert is in /root/.acme.sh/*.example.top/ca.cer ### important [Tue May 22 08:13:47 EDT 2018] And the full chain certs is there: /root/.acme.sh/*.example.top/fullchain.cer
Django + uWSGI + nginx
安装 Django
pip3 install django
安装 uWSGI
pip3 install uwsgi
创建 django 项目
# /root/projects/demo
django-admin startproject demo
配置 uwsgi.ini
#/root/projects/script/uwsgi.ini
[uwsgi]
http=127.0.0.1:8080
chdir=/root/projects/demo
module=demo.wsgi
daemoize=/var/log/demo.log
static-map=/static=/root/projects/demo/static
pidfile=/root/projects/demo/demo.pid
配置 nginx VM
在 /etc/nginx/sites-available/ 下 创建 example.top.conf 配置文件。
建议名称和你的域名一致
server{
listen 80;
#root /var/www/example.top/public_html/;
#index index.html;
server_name example.top;
rewrite ^(.*)$ https://$host$1 permanent;
}
server{
listen 443 ssl http2;
root /var/www/example.top/public_html/;
index index.html;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl on;
ssl_certificate /root/.acme.sh/*.example.top/fullchain.cer;
ssl_certificate_key /root/.acme.sh/*.example.top/*.example.top.key;
#ssl_certificate /root/.acme.sh/example.top/fullchain.cer;
#ssl_certificate_key /root/.acme.sh/example.top/example.top.key;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:EECDH+ECDSA+AES128:EECDH+aRSA+AES128!MD5;
server_name example.top;
location /{
proxy_pass http://127.0.0.1:8080; # 这里要和前面uswgi.ini 配置文件 内 一致
}
}
站点的符号链接,真正起效的在 /etc/nginx/sites-enabled/,所以设置一个软链接
sudo ln -s /etc/nginx/sites-available/example.top /etc/nginx/sites-enabled/
测试Nginx配置的正确语法:
sudo nginx -t
nginx 重新加载
systemctl restart nginx
运行 uwsgi (后台运行)
nohup uwsgi --ini uwsgi.ini &