如何在Nginx后使用Golang的Lego Let’s Encrypt客户端?

huangapple go评论87阅读模式
英文:

How to use golang lego let's encrypt client behind nginx?

问题

我想在使用Go编写的lego客户端(https://github.com/xenolf/lego/)的nginx服务器上设置Let's Encrypt证书。

我需要如何配置nginx以获取证书?

英文:

I'd like to setup Let's Encrypt certificate to live server with nginx with lego client written in Go https://github.com/xenolf/lego/

What I'll to do with nginx config to get certificate?

答案1

得分: 1

您需要在:80和:443虚拟服务器中添加以下位置:

# http和https nginx服务器
location /.well-known/acme-challenge/ {
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:4000$request_uri;
}

然后运行lego二进制文件:

./lego.amd64 --http 127.0.0.1:4000 --email="your@address.tld" --domains domain.tld --domains some.domain.tld run

您的证书文件存储在:

# ls -la .lego/certificates/
total 20
drwx------ 2 root root 4096 Nov  9 08:06 .
drwx------ 4 root root 4096 Nov  9 08:06 ..
-rw------- 1 root root 3477 Nov  9 08:15 domain.tld.crt
-rw------- 1 root root  226 Nov  9 08:15 domain.tld.json
-rw------- 1 root root 1679 Nov  9 08:15 domain.tld.key

如果nginx已经使用有效的SSL/TLS证书工作,并且您想要在证书中添加新的域名,您需要排除'tls-sni-01'解决方案:

./lego.amd64 --exclude=tls-sni-01 --http 127.0.0.1:4000 --email="your@address.com" --domains domain.tld --domains new.domain.tld run
英文:

You need to add in :80 and :443 virtual servers following location:

# http and https nginx servers
location /.well-known/acme-challenge/ {
    proxy_set_header Host $host;
    proxy_pass http://127.0.0.1:4000$request_uri;
}

And run lego binary:

./lego.amd64 --http 127.0.0.1:4000 --email="your@address.tld" --domains domain.tld --domains some.domain.tld run

Your certificate files stored in:

# ls -la .lego/certificates/
total 20
drwx------ 2 root root 4096 Nov  9 08:06 .
drwx------ 4 root root 4096 Nov  9 08:06 ..
-rw------- 1 root root 3477 Nov  9 08:15 domain.tld.crt
-rw------- 1 root root  226 Nov  9 08:15 domain.tld.json
-rw------- 1 root root 1679 Nov  9 08:15 domain.tld.key

In case nginx already works with valid SSL/TLS certificate and you want to add new domain name in certificate you need to exclude tls-sni-01 solver:

./lego.amd64 --exclude=tls-sni-01  --http 127.0.0.1:4000  --email="your@address.com" --domains domain.tld --domains new.domain.tld run

huangapple
  • 本文由 发表于 2016年11月9日 16:51:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/40502926.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定