curl https://get.acme.sh | sh

acme.sh --issue -d domain.com --nginx

acme.sh --installcert -d domain.com --key-file /etc/nginx/ssl/domain.com.key --fullchain-file /etc/nginx/ssl/fullchain.cer --reloadcmd "systemctl force-reload nginx"

acme.sh --upgrade --auto-upgrade

server {
    charset              utf-8;
    listen               80;
    listen               443 ssl;
    server_name          domain.com;

    ssl_certificate      /etc/nginx/ssl/fullchain.cer;
    ssl_certificate_key  /etc/nginx/ssl/domain.com.key;
    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers          HIGH:!aNULL:!MD5;

    location / {
        proxy_pass_header Server;
        proxy_pass        http://127.0.0.1:8000;
        proxy_redirect    off;
        proxy_set_header  Host $host;
        proxy_set_header  X-Real-IP $host;
        proxy_set_header  X-Scheme $scheme;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  Cookie $http_cookie;
        proxy_buffering   off;
    }
}

发表评论