CA证书和Ingress (4) 手动调用 letsencrypt

Submitted by Lizhe on Tue, 04/23/2019 - 00:20

 

lizhedeMacBook-Pro:lz_study lizhe$ ssh -i id_rsa ubuntu@54.95.179.97

Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-1032-aws x86_64)

 

 * Documentation:  https://help.ubuntu.com

 * Management:     https://landscape.canonical.com

 * Support:        https://ubuntu.com/advantage

 

  System information as of Mon Apr 22 16:19:19 UTC 2019

 

  System load:  0.08               Processes:              179

  Usage of /:   35.1% of 15.45GB   Users logged in:        0

  Memory usage: 53%                IP address for eth0:    10.1.0.147

  Swap usage:   0%                 IP address for docker0: 172.17.0.1

 

 

  Get cloud support with Ubuntu Advantage Cloud Guest:

    http://www.ubuntu.com/business/services/cloud

 

 * Canonical Livepatch is available for installation.

   - Reduce system reboots and improve kernel security. Activate at:

     https://ubuntu.com/livepatch

 

54 packages can be updated.

1 update is a security update.

 

 

*** System restart required ***

Last login: Mon Apr 22 15:33:07 2019 from 85.203.47.117

ubuntu@study-cluster-master1:~$ wget https://dl.eff.org/certbot-auto

--2019-04-22 16:19:35--  https://dl.eff.org/certbot-auto

Resolving dl.eff.org (dl.eff.org)... 151.101.108.201, 2a04:4e42:1a::201

Connecting to dl.eff.org (dl.eff.org)|151.101.108.201|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 63564 (62K) [application/octet-stream]

Saving to: ‘certbot-auto’

 

certbot-auto                               100%[=======================================================================================>]  62.07K  --.-KB/s    in 0.006s  

 

2019-04-22 16:19:35 (9.76 MB/s) - ‘certbot-auto’ saved [63564/63564]

 

ubuntu@study-cluster-master1:~$ sudo mv certbot-auto /usr/local/bin/certbot-auto

ubuntu@study-cluster-master1:~$ sudo chown root /usr/local/bin/certbot-auto

ubuntu@study-cluster-master1:~$ sudo chmod 0755 /usr/local/bin/certbot-auto

ubuntu@study-cluster-master1:~

 

20190423122057

 

20190423121739

 

20190423124710

  1. 打开 Nginx 的配置文件(默认为: /etc/nginx/nginx.conf ),在需要提供 HTTPS 的 server 下新增以下三行,并把 listen 80; 删掉:

listen 443 ssl;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

  1. 新增以下 server 使所有 HTTP 请求都跳转至 HTTPS :

server { listen 80; server_name example.com www.example.com service.example.com; return 301 https://$host$request_uri; }