![\"ssl.webp\"](\"https:\/\/lyvba.com\/wp-content\/uploads\/2021\/09\/3761701783.webp\" "\\"ssl.webp\\"")
<\/p>\n\u5173\u6ce8SSL\u8bc1\u4e66\u7684\u670b\u53cb\u5e94\u8be5\u90fd\u77e5\u9053SSL\u8bc1\u4e66\u7684\u6709\u6548\u671f\u4e00\u76f4\u5728\u7f29\u77ed\uff0c\u4ece2018\u5e743\u67081\u65e5\u8d77\uff0cSSL\u8bc1\u4e66\u6700\u957f\u671f\u9650\u8bbe\u7f6e\u4e3a825\u5929\uff0c\u8fd9\u4e00\u65b0\u89c4\u5ef6\u7eed\u4e86\u4e0d\u5230\u4e24\u5e74\uff0c\u5c31\u57282020\u5e742\u6708\u82f9\u679c\u5728CA\/B\u8bba\u575b\u7684\u4f1a\u8bae\u4e0a\u5ba3\u5e03\uff0c\u5c06\u4e0d\u518d\u4fe1\u4efb2020\u5e749\u67081\u65e5\u4e4b\u540e\u7b7e\u53d1\u7684\u6709\u6548\u671f\u8d85\u8fc7398\u5929\u7684SSL\u8bc1\u4e66\u3002\u968f\u540e\uff0c\u8c37\u6b4c\u3001\u706b\u72d0\u7b49\u6d4f\u89c8\u5668\u5382\u5546\u4e5f\u8868\u793a\u9075\u5faa\u8fd9\u4e00\u539f\u5219\u3002<\/p>\n
<\/p>\n
\u56e0\u6b64\uff0c\u5404\u5927\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4e5f\u7eb7\u7eb7\u5ba3\u5e03\uff0c2020\u5e749\u67081\u65e5\u5f00\u59cb\uff0c\u5c06\u4e0d\u518d\u7b7e\u53d1\u6709\u6548\u671f\u8d85\u8fc7398\u5929\u7684\u8bc1\u4e66\uff0c\u8bc1\u4e66\u7684\u6700\u957f\u6709\u6548\u671f\u5c06\u7f29\u77ed\u4e3a13\u4e2a\u6708\u3002\u90a3\u4e48\u95ee\u9898\u6765\u4e86\uff0c\u4e3a\u4ec0\u4e48SSL\u8bc1\u4e66\u4e0d\u80fd\u957f\u671f\u6709\u6548\u5462\uff1f\u4e3b\u8981\u6709\u4ee5\u4e0b\u51e0\u4e2a\u539f\u56e0\uff1a<\/p>\n
1\uff09\u4e0d\u80fd\u4fdd\u8bc1\u4e00\u4e2a\u5408\u6cd5\u7f51\u7ad9\u6c38\u8fdc\u4e0d\u4f1a\u6210\u4e3a\u4e00\u4e2a\u9493\u9c7c\u7ad9\u70b9<\/p>\n
2\uff09\u6c38\u4e45\u6709\u6548\u7684\u8bc1\u4e66\u5bfc\u81f4CRL\u4e0d\u65ad\u589e\u52a0\uff0c\u4f1a\u589e\u52a0\u6d4f\u89c8\u5668\u7684\u8bf7\u6c42\u6d41\u91cf\u538b\u529b<\/p>\n
3\uff09\u6709\u6548\u671f\u5bf9\u4fdd\u62a4\u8bc1\u4e66\u5b89\u5168\u6027\u662f\u57fa\u4e8ePKI\u6280\u672f\u7684\u6570\u5b57\u8bc1\u4e66\uff0c\u7ed3\u5408\u516c\u94a5\u52a0\u5bc6\u7b97\u6cd5\u3001\u5bf9\u79f0\u52a0\u5bc6\u7b97\u6cd5\u3001\u6563\u5217\u7b97\u6cd5\u7b49\u5bc6\u7801\u6280\u672f\uff0c\u7528\u4e8e\u5b9e\u73b0\u8ba4\u8bc1\u3001\u52a0\u5bc6\u3001\u7b7e\u540d\u7b49\u5b89\u5168\u529f\u80fd\u3002<\/p>\n
4\uff09\u6ca1\u6709\u5408\u7406\u8bbe\u7f6eSSL\u8bc1\u4e66\u6709\u6548\u671f\uff0c\u4f1a\u9020\u6210\u6781\u5927\u7684\u5b89\u5168\u5a01\u80c1\u3002\u81ea\u7b7e\u540dSSL\u8bc1\u4e66\u4e3a\u4f8b\uff0c\u81ea\u7b7e\u540dSSL\u8bc1\u4e66\u4e0d\u53d7\u56fd\u9645\u6807\u51c6\u5236\u7ea6\uff0c\u53ef\u4ee5\u628a\u6709\u6548\u671f\u8bbe\u7f6e\u4e3a10\u5e74\u751a\u81f320\u5e74\u3002\u81ea\u7b7e\u540d\u8bc1\u4e66\u957f\u671f\u672a\u66f4\u65b0\uff0c\u4ecd\u5728\u4f7f\u7528\u975e\u5e38\u4e0d\u5b89\u5168\u76841024\u4f4dRSA\u7b97\u6cd5\u548cSHA-1\u7b7e\u540d\u7b97\u6cd5\u3002\u8d85\u957f\u7684\u6709\u6548\u671f\u548c\u8106\u5f31\u7684\u52a0\u5bc6\u7b97\u6cd5\uff0c\u8ba9\u9ed1\u5ba2\u62e5\u6709\u8db3\u591f\u7684\u65f6\u95f4\u548c\u7b97\u529b\u7834\u89e3\u8bc1\u4e66\u7684\u52a0\u5bc6\u5bc6\u94a5\uff0c\u9020\u6210\u4e25\u91cd\u540e\u679c\u3002<\/p>\n
5\uff09CA\u673a\u6784\u5fc5\u987b\u91cd\u65b0\u9a8c\u8bc1\u8eab\u4efd\u4fe1\u606f\uff0c\u786e\u4fdd\u8eab\u4efd\u8ba4\u8bc1\u4fe1\u606f\u662f\u6700\u65b0\u7684\uff0c\u5e76\u4ecd\u7136\u62e5\u6709\u8be5\u57df\u540d\u3002<\/p>\n
\u4e0d\u542c\u4e0d\u542c\u738b\u516b\u5ff5\u7ecf<\/code> \uff0c\u6211\u5c31\u60f3\u4e00\u52b3\u6c38\u9038\uff0c\u800c\u4e14\u8fd8\u60f3\u767d\u5ad6\u3002<\/h2>\n\n- \u4e0b\u9762\u6211\u4eec\u6765\u7533\u8bf7SSL\u8bc1\u4e66\uff0c\u5982\u56fe:\u6d4f\u89c8\u5668\u91cc\u8f93\u5165
1.1.1.1<\/code>\uff0c\u628a\u4f60\u7684\u57df\u540dDNS\u7ba1\u7406\uff0c\u653e\u5230 cloudflare<\/code> \u7ba1\u7406<\/li>\n- DNS \u8bbe\u7f6e\u597d\u540e\uff0c\u4ee3\u7406\u72b6\u6001: \u9ec4\u8272\u4e91\u6735\u70b9\u4eae(\u5df2\u4ee3\u7406); \u518d\u70b9\u51fb\u84dd\u8272
SSL\/TLS<\/code>\uff0c\u9009\u62e9 \u6e90\u670d\u52a1\u5668<\/code>
![\"1111.png\"](\"https:\/\/lyvba.com\/wp-content\/uploads\/2021\/09\/1545855510.png\" "\\"1111.png\\"")
<\/li>\n- \u6e90\u8bc1\u4e66: \u751f\u6210\u7531 Cloudflare \u7b7e\u540d\u7684\u514d\u8d39 TLS \u8bc1\u4e66\uff0c\u4ee5\u5b89\u88c5\u5728\u6e90\u670d\u52a1\u5668\u4e0a\u3002\u6e90\u8bc1\u4e66\u4ec5\u5bf9 Cloudflare \u4e0e\u6e90\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u52a0\u5bc6\u6709\u6548\u3002
![\"123.png\"](\"https:\/\/lyvba.com\/wp-content\/uploads\/2021\/09\/4163863278.png\" "\\"123.png\\"")
<\/li>\n - \u70b9\u51fb
\u521b\u5efa\u8bc1\u4e66<\/code>\uff0c\u5982\u56fe\u518d\u70b9\u51fb\u53f3\u4e0b\u89d2 \u521b\u5efa<\/code>\uff0c\u8bc1\u4e66\u5c31\u5b8c\u6210\u4e86<\/li>\n<\/ul>\n![\"22.png\"](\"https:\/\/lyvba.com\/wp-content\/uploads\/2021\/09\/3671882018.png\" "\\"22.png\\"")
<\/p>\n
\n- \u5982\u56fe\uff0c\u628a\u8bc1\u4e66\u6587\u672c\u5206\u522b\u590d\u5236\u548c\u4fdd\u5b58\u6587\u4ef6\u540d\u4e3a\uff1a
lyvba.com.pem<\/code> \u548c lyvba.com.key<\/code><\/li>\n- \n
\u628aSSL\u8bc1\u4e66\u516c\u94a5\u548c\u79c1\u94a5 \u4e0a\u4f20\u5230\u670d\u52a1\u5668 \/etc\/nginx\/cert\/<\/code> \uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728\u670d\u52a1\u5668\u4e0a\u7f16\u8f91<\/p>\nvim \/etc\/nginx\/cert\/lyvba.com.pem\nvim \/etc\/nginx\/cert\/lyvba.com.key <\/code><\/pre>\n\u6dfb\u52a0\u914d\u7f6e Nginx<\/code> \u670d\u52a1\u5668\u914d\u7f6e\u6587\u4ef6 https.conf<\/code> \u5185\u5bb9<\/h2>\nserver {\n listen 443 ssl default_server;\n listen [::]:443 ssl default_server;\n\n server_name us.lyvba.com;\n ssl_certificate cert\/lyvba.com.pem;\n ssl_certificate_key cert\/lyvba.com.key;\n\n ssl_session_timeout 5m;\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n\n ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;\n ssl_prefer_server_ciphers on;\n\n root \/var\/www\/html;\n index index.html index.php index.nginx-debian.html;\n\n location \/ {\n try_files $uri $uri\/ =404;\n }\n\n # pass PHP scripts to FastCGI server\n location ~ .*.php(\/.*)*$ {\n include snippets\/fastcgi-php.conf;\n # fastcgi_pass 127.0.0.1:9000;\n # With php-fpm (or other unix sockets):\n fastcgi_pass unix:\/run\/php\/php7.3-fpm.sock;\n }\n}<\/code><\/pre>\n<\/li>\n<\/ul>\n\u4fee\u6539 Nginx<\/code> \u914d\u7f6e\uff0c\u6d4b\u8bd5 Nginx<\/code> \u914d\u7f6e\u548c\u91cd\u542f Nginx<\/code><\/h3>\nvim \/etc\/nginx\/conf.d\/https.conf\n\nnginx -t\nnginx: the configuration file \/etc\/nginx\/nginx.conf syntax is ok\nnginx: configuration file \/etc\/nginx\/nginx.conf test is successful\n\nnginx -s reload\n2021\/09\/11 03:25:35 [notice] 559#559: signal process started\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"\u4e3a\u4ec0\u4e48SSL\u8bc1\u4e66\u4e0d\u80fd\u957f\u671f\u6709\u6548 \u5173\u6ce8SSL\u8bc1\u4e66\u7684\u670b\u53cb\u5e94\u8be5\u90fd\u77e5\u9053SSL\u8bc1\u4e66\u7684\u6709\u6548\u671f\u4e00\u76f4\u5728\u7f29\u77ed\uff0c\u4ece2018 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[35,17],"class_list":["post-440","post","type-post","status-publish","format-standard","hentry","category-vps","tag-nginx","tag-vps"],"_links":{"self":[{"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/posts\/440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/comments?post=440"}],"version-history":[{"count":0,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/posts\/440\/revisions"}],"wp:attachment":[{"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/media?parent=440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/categories?post=440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lyvba.com\/index.php\/wp-json\/wp\/v2\/tags?post=440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}