本文为博客—(使用google cloud部署基于flask的网站)的后续部分😎
本文内容的目的使确保到你的服务器的流量是安全的,并使用“Let’s Encrypt”来获取免费的证书;
下面就是我们的实现部分:
1.升级ubuntu的apt,并且下载一些libraries,否则下一步会出现bug
sudo apt update
sudo apt-get install software-properties-common
2.添加Certbot Ubuntu存储库:
sudo add-apt-repository ppa:certbot/certbot
3.安装Certbot的Nginx软件包:
sudo apt install python-certbot-nginx
4.Certbot提供了多种通过插件获取SSL证书的方法。Nginx插件将负责重新配置Nginx并在必要时重新加载配置。要使用此插件,请键入以下内容:
sudo certbot --nginx -d your_domain -d www.your_domain
将输出:
Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
选择1或者2,然后按Enter如果不想总更换安全信息,选择1,否则选2
接下来还会有一个选择,关于暂时的时间长短,选择1或2再Enter。
下面是正常的输出代码,恭喜你,你的网站现在安全了!
NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/your_domain/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/your_domain/privkey.pem
Your cert will expire on 2018-07-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
我们不再需要冗余HTTP配置文件配置:
sudo ufw delete allow 'Nginx HTTP'
下次访问,请使用==https://==导航到你的域
https://your_domain
不过,立即查看的时候,小锁头没有立即出现,但是过了5分钟,再次访问,你就发现,有小锁头了欸!👏
