strongant · March 19, 2023 05:54
diff --git a/cenots-install-nginx-config-https.sh b/cenots-install-nginx-config-https.sh
 #!/bin/bash

 # 更新系统
 sudo yum update -y

 # 安装 EPEL 仓库
 sudo yum install -y epel-release

 # 安装 Nginx
 sudo yum install -y nginx

 # 启动 Nginx
 sudo systemctl start nginx

 # 设置 Nginx 开机自启动
 sudo systemctl enable nginx

 # 安装 certbot
 sudo yum install -y certbot python2-certbot-nginx

 # 修改 Nginx 配置
 sudo bash -c "cat > /etc/nginx/conf.d/your_domain.conf << EOL
 server {
    listen 80;
    server_name your_domain;
    location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt/;
    }
    location / {
        return 301 https://\$host\$request_uri;
    }
 }
 EOL"

 # 为 certbot 创建 webroot 目录
 sudo mkdir -p /var/www/letsencrypt

 # 获取 SSL 证书
 sudo certbot certonly --webroot -w /var/www/letsencrypt -d your_domain --agree-tos --email [email protected] --non-interactive

 # 为 Nginx 配置 SSL 证书
 sudo bash -c "cat > /etc/nginx/conf.d/your_domain_ssl.conf << EOL
 server {
    listen 443 ssl http2;
    server_name your_domain;

    ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';

    location / {
        proxy_pass http://localhost:80;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
 }
 EOL"

 # 重新加载 Nginx 配置
 sudo nginx -s reload

 # 设置自动续期证书
 echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
	#!/bin/bash

	# 更新系统
	sudo yum update -y

	# 安装 EPEL 仓库
	sudo yum install -y epel-release

	# 安装 Nginx
	sudo yum install -y nginx

	# 启动 Nginx
	sudo systemctl start nginx

	# 设置 Nginx 开机自启动
	sudo systemctl enable nginx

	# 安装 certbot
	sudo yum install -y certbot python2-certbot-nginx

	# 修改 Nginx 配置
	sudo bash -c "cat > /etc/nginx/conf.d/your_domain.conf << EOL
	server {
	listen 80;
	server_name your_domain;
	location /.well-known/acme-challenge/ {
	root /var/www/letsencrypt/;
	}
	location / {
	return 301 https://\$host\$request_uri;
	}
	}
	EOL"

	# 为 certbot 创建 webroot 目录
	sudo mkdir -p /var/www/letsencrypt

	# 获取 SSL 证书
	sudo certbot certonly --webroot -w /var/www/letsencrypt -d your_domain --agree-tos --email [email protected] --non-interactive

	# 为 Nginx 配置 SSL 证书
	sudo bash -c "cat > /etc/nginx/conf.d/your_domain_ssl.conf << EOL
	server {
	listen 443 ssl http2;
	server_name your_domain;

	ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';

	location / {
	proxy_pass http://localhost:80;
	proxy_set_header Host \$host;
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto \$scheme;
	}
	}
	EOL"

	# 重新加载 Nginx 配置
	sudo nginx -s reload

	# 设置自动续期证书
	echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" \| sudo tee -a /etc/crontab > /dev/null