I have a RestAPI that works on Node.js and it's proxied through Nginx with the following configuration (private parts have been hidden):
server {
listen 80;
server_name mywebsitestuff.com www.mywebsitestuff.com;
location / {
proxy_pass http://serverip:25000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I want this API work with a Let's Encrypt SSL Certificate, how can I do it?
Thanks
答案 0 :(得分:0)
1.使用加密来为您的域mywebsitestuff.com www.mywebsitestuff.com
链接:Getting Started - Let's Encrypt
2.像这样配置服务器块
listen 443;
server_name mywebsitestuff.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/mywebsitestuff.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsitestuff.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
您可能需要为您的域签署两个w /和w / o www的证书,然后将它们配置在两个单独的服务器块中,因为它们使用两个不同的证书。
更新:
似乎我们的加密会访问/.well-known/acme-challenge/进行域名验证。
添加位置以避免反向代理此请求,例如
location /.well-known/acme-challenge/ {
root /some/path/;
}
然后你可以使用像
这样的命令继续使用webroot插件 ./path/to/certbot-auto certonly --webroot -w /some/path -d mywebsitestuff.com -d www.mywebsitestuff.com
确保/some/path存在,并且您可以在nginx可以读取时进行编写。