在cloudflare配置好DNS
在没有letsencrypt的服务器上运行
su root
mkdir -p /etc/letsencrypt/live/ && mkdir -p /etc/letsencrypt/archive/ && mkdir -p /etc/letsencrypt/renewal/
在有letsencrypt的服务器上运行
(不是自己申请的也可以),修改端口和IP地址
su root
scp -P port -r /etc/letsencrypt/live/kipjay.org root@IP:/etc/letsencrypt/live/
scp -P port -r /etc/letsencrypt/archive/kipjay.org root@IP:/etc/letsencrypt/archive/
scp -P port -r /etc/letsencrypt/renewal/kipjay.org.conf root@IP:/etc/letsencrypt/renewal/
基本nginx配置
需要修改两个server_name和一个proxy_pass,可以选择是否使用密码限制访问。
server {
listen 80;
server_name URL;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name URL;
ssl_certificate /etc/letsencrypt/live/URL/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/URL/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
location / {
proxy_pass http://127.0.0.1:port/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# auth_basic "Restricted";
# auth_basic_user_file /etc/nginx/sites-available/.bin_htpasswd;
}
}
基本nginx命令
sudo nano /etc/nginx/sites-available/?
sudo ln -s /etc/nginx/sites-available/? /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
使用htpasswd为网站设置密码
密码都创建在当前目录
sudo apt install apache2-utils # 安装htpasswd组件
sudo htpasswd -c .reddit_htpasswd jay # 新建密码文件,用户jay,密码等下输入,专门用于我的自建网站redlib
sudo htpasswd -c .???_htpasswd admin # 新建密码文件,用户admin,密码等下输入,专门用于???
sudo htpasswd .reddit_htpasswd jaychou # 不用-c创建新用户jaychou,使网站可以两个用户两个密码访问
sudo htpasswd -m .reddit_htpasswd jay # 更改用户jay的密码
sudo htpasswd -D .reddit_htpasswd jay # 删除用户jay及其密码
基本的Reserve Proxy
很多网站有禁止反向代理,处理跨域请求CORS,所以可以不可以代理很多大网站,需要额外的项目,需要修改两个server_name和一个proxy_pass。
server {
listen 80;
server_name URL;
return 301 https://URL$request_uri;
}
server {
listen 443 ssl http2;
server_name URL;
ssl_certificate /etc/letsencrypt/live/URL/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/URL/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass to-reverse-proxy-URL;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}