環(huán)境：阿里云 Centos7 64位

Paste_Image.png

環(huán)境配置

1、更新 yum 源

http://mirrors.aliyun.com/help/centos

• 備份

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

• 下載新的 CentOS-Base.repo 到 /etc/yum.repos.d/

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

• 更新

yum makecache
yum update

2、設(shè)置免密碼 ssh 登錄

git config --global user.name "your_name"
git config --global user.email "your@gmail.com"
ssh-keygen -t rsa -C   "your@gmail.com"
cat ~/.ssh/id_rsa.pub   #復(fù)制自己本地的id_rsa.pub，這一句在自己本地的電腦的命令行里跑
vi ~/.ssh/authorized_keys   #添加自己的id_rsa.pub進(jìn)去
chmod 600 ~/.ssh/authorized_keys

3、安裝 Git

參考 http://blog.csdn.net/jinwufeiyang/article/details/51933925

4、安裝 oh-my-zsh

參考 https://zhuanlan.zhihu.com/p/19556676?columnSlug=mactalk

5、安裝 autojump

參考 https://github.com/wting/autojump/wiki

6、安裝 lnmp

https://github.com/lj2007331/lnmp

7、安裝composer

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"

composer config -g repo.packagist composer https://packagist.phpcomposer.com

8、備份

進(jìn)入阿里云后臺(tái)設(shè)置阿里云自動(dòng)快照備份。

9、添加ftp用戶

cd ~/lnmp
./pureftpd_vhost.sh

站點(diǎn)配置

0、關(guān)閉默認(rèn)站點(diǎn)的訪問

cd /usr/local/nginx/conf
vi nginx.conf

修改 root /data/wwwroot/default; 為 root /data/wwwroot/default/none;

service nginx restart

1、添加虛擬站點(diǎn)

cd ~/lnmp 
./vhost.sh

2、配置 https 功能
采用的是 letsencrypt 提供的免費(fèi) HTTPS 證書。

配置方法如下：

wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto

cp  letsencrypt-auto /bin/letsencrypt

chmod -R 755  /bin/letsencrypt

service nginx stop

letsencrypt certonly --standalone --email your@mail.com -d domain.com

最后一步如果出現(xiàn)問題的話，刪除 ~/.pip/pip.conf ,運(yùn)行

 pip install --upgrade pip

然后重新運(yùn)行

letsencrypt certonly --standalone --email your@mail.com -d domain.com

如果卡在這里Installing Python packages
參考 https://github.com/certbot/certbot/issues/2516

成功的話看到

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/vickoo.linkerlab.net/fullchain.pem. Your cert
   will expire on 2017-06-01. To obtain a new or tweaked version of
   this certificate in the future, simply run letsencrypt again. To
   non-interactively renew *all* of your certificates, run
   "letsencrypt renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

修改nginx.conf，添加https支持，修改nginx.conf下面對(duì)應(yīng)項(xiàng)（或者修改虛擬站點(diǎn)里的配置）

listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name cdn.loldata.cn;
index index.html index.htm index.php default.html default.htm default.php;
root  /home/wwwroot/op-gg-spider/storage;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.loldata.cn-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.loldata.cn-0001/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_session_cache builtin:1000 shared:SSL:10m;

修改nginx.conf（或虛擬站點(diǎn)的配置文件），使http自動(dòng)跳轉(zhuǎn)https,在server添加

server
{
      if ($ssl_protocol = "") { 
            return 301 https://$server_name$request_uri; 
      }
}

重啟nginx

service nginx start

設(shè)置自動(dòng)續(xù)費(fèi)

crontab -e
#在文件里添加
* * 1 * * service nginx stop && letsencrypt renew && service nginx start

自動(dòng)腳本

把上面的配置 Https 的步驟寫成了一個(gè)簡(jiǎn)單的腳本了，使用方法:

• 把下面腳本代碼復(fù)制到任何想放的位置，例如命名為 add-https ，給予執(zhí)行權(quán)限。
• 第一次運(yùn)行，請(qǐng)執(zhí)行下面命令，安裝 letsencrypt
  ./add-https install
• 用 lnmp 配置好想要的域名
• 在域名管理后臺(tái)，把該域名映射到對(duì)應(yīng)的 ip 上
• 執(zhí)行以下命令，安裝證書
  ./add-https your.domain
• 安裝后會(huì)看到如下提示

#-----Add those below to your.domain.conf-----
listen 443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_session_cache builtin:1000 shared:SSL:10m;

if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }

復(fù)制上面內(nèi)容，到 your.domain.conf 里，運(yùn)行

service nginx start

配置完成!

自動(dòng)腳本如下：

#!/bin/sh
if [ "$#" -eq "0" ]
then
   echo "---------How to use?-----------
1. cd /home/lnmp and add a vhost you want under http.
2. back to this directory and run
./add-https your_domain
";
elif [ $1 == "install" ]
then
  echo "--------- installing letsencrypt ----------";
  wget https://raw.githubusercontent.com/certbot/certbot/master/letsencrypt-auto
  mv  letsencrypt-auto /bin/letsencrypt
  chmod -R 755  /bin/letsencrypt
  rm ~/.pip/pip.conf
  pip install --upgrade pip
  echo "--------- success! --------";
else
  echo "-----Adding Https by letsencrypt----";
  service nginx stop
  letsencrypt certonly --standalone --email your@email.com -d $1
  service nginx start
  echo "


-----Add those below to $1.conf-----
  listen 443 ssl http2;
  ssl on;
  ssl_certificate /etc/letsencrypt/live/$1/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/$1/privkey.pem;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
  ssl_session_cache builtin:1000 shared:SSL:10m;


  if (\$ssl_protocol = \"\") { return 301 https://\$server_name\$request_uri; }
";
fi

版權(quán)聲明

轉(zhuǎn)載請(qǐng)注明作者和文章出處
作者: X先生
首發(fā)于 http://www.itdecent.cn/p/a6fdb039d670