点击刷新
缘由
想对 PHP 的 SSO 登录走一遍,加深理解,客户端和服务端配置好之后。客户端点击登录发现
跳转的服务端是 https 协议,因此我需要去配置一个免费的 CA 证书。鉴于在社区已经有了一个方案链接,
并且先前已使用该方法成功配置。但配置过程让我体验很不爽(自身的原因),所以看看有没有更优雅的方法(github 上寻找的)。
1 git 下来(为了描述方便 我下载到/var/www路径下)
git clone https://github.com/kaienkira/acme-client-quick.git /var/www/2 配置你要验证的网站
cd acme-client-quick
echo "example.com" >> domain.txt
echo "www.example.com" >> domain.txt3 修改你的网站配置文件(为能访问到并去验证你的域名)
把这个添加到你的配置文件中
location /.well-known/acme-challenge/ {
default_type text/plain;
alias /var/www/acme-client-quick/work/acme-challenge/;
try_files $uri $uri/ =404;
}我的配置文件(使用的是站长的服务器配置)
server {
listen 80;
server_name sso.jc91715.top;
root /var/www/html/sso.jc91715.top/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /.well-known/acme-challenge/ {
default_type text/plain;
alias /var/www/acme-client-quick/work/acme-challenge/;
try_files $uri $uri/ =404;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log /var/log/nginx/sso.jc91715.top-access.log;
error_log /var/log/nginx/sso.jc91715.top-error.log error;
sendfile off;
client_max_body_size 100m;
include fastcgi.conf;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}4 验证你的网站,并生成证书
需要用到80端口
sudo service nginx stop
sudo ./quick-start.sh5 添加证书到配置文件
原有的基础上增加的是
ssl on;
listen 443 ssl;
ssl_certificate /var/www/acme-client-quick/cert/ssl.crt;
ssl_certificate_key /var/www/acme-client-quick/cert/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}我的配置文件
server {
listen 80;
ssl on;
listen 443 ssl;
ssl_certificate /var/www/acme-client-quick/cert/ssl.crt;
ssl_certificate_key /var/www/acme-client-quick/cert/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
server_name sso.jc91715.top;
root /var/www/html/sso.jc91715.top/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /.well-known/acme-challenge/ {
default_type text/plain;
alias /var/www/acme-client-quick/work/acme-challenge/;
try_files $uri $uri/ =404;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log /var/log/nginx/sso.jc91715.top-access.log;
error_log /var/log/nginx/sso.jc91715.top-error.log error;
sendfile off;
client_max_body_size 100m;
include fastcgi.conf;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}DONE
© 著作权归作者所有
举报
发表评论
0/200
