vps配置备忘

发表于 分类于

https证书

生成证书

1
2
sudo apt-get -y install certbot
certbot certonly --webroot -w /var/www/html -d vps12am.top

证书续期

1
2
3
4
crontab -e

# 定时任务 每12小时尝试续期一次
0 */12 * * * certbot renew --quiet --renew-hook "nginx -s reload"

证书生成问题

  • Another instance of Certbot is already running.

    1
    2
    find / -type f -name ".certbot.lock"
    find / -type f -name ".certbot.lock" -exec rm {} \;

nginx server配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
server {
    listen 443 ssl;
    ssl on;
    ssl_certificate   /etc/letsencrypt/live/vps12am.top/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/vps12am.top/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    server_name vps12am.top;

    client_max_body_size 1024M;
    access_log /var/log/nginx/blog_access.log;
    error_log /var/log/nginx/blog_error.log;

    location / {
        proxy_redirect off;
        proxy_pass http://127.0.0.1:8888;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        # Show realip in v2ray access.log
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

v2ray部署一键脚本

1
bash <(curl -s -L https://git.io/v2ray.sh)

cloudflare分发vps

  1. 在cloudflare中增加域名
  2. 将域名服务商的解析cname到cloudflare
  3. 在cloudflare中将域名指定到服务器IP