一、准备工作
- 一个正常访问的服务器
- 一个域名,并已解析到服务器的ip
- 一个链接服务器的ssl工具
二、使用 Nginx 进行反向代理
- 安装 Nginx
# 添加 Nginx 源
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
# 安装 Nginx
sudo yum install -y nginx
# 启动 Nginx
sudo systemctl start nginx.service
# 设置开机自启 Nginx
sudo systemctl enable nginx.service
- 配置 Nginx
# 下载 官方的 Nginx 配置模板(我这个是halo)
curl -o /etc/nginx/conf.d/halo.conf --create-dirs https://dl.halo.run/config/nginx.conf
下载完成之后,我们还需要对其进行修改
# 使用 vim 编辑 halo.conf
vim /etc/nginx/conf.d/halo.conf
打开之后我们可以看到
server {
listen 80;
注: (***为自己的域名)
server_name *** www.***;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8090/;
}
}
- 修改完成之后
# 检查配置是否有误
sudo nginx -t
# 重载 Nginx 配置
sudo nginx -s reload
三、配置SSL证书
1、更新软件包
sudo yum update -y
2、停止防火墙 (在CentOS7版本以上,默认开启防火墙,不关闭防火墙将无法申请证书)
systemctl stop firewalld && systemctl disable firewalld
3、关闭nginx服务(配置 certbot 的时候)
service nginx stop
4、# 安装 certbot 以及 certbot nginx 插件
sudo yum install certbot python2-certbot-nginx -y
5、执行配置,中途会询问你的邮箱,如实填写即可
sudo certbot --nginx
6、更新软件包
sudo certbot renew --dry-run
四、关于配置ssl证书时所出现的问题已经解决办法
1、防火墙没关闭导致错误
关闭防火墙
2、nginx服务没关闭导致错误
关闭nginx服务
3、配置 SSL 证书证书时,报错ImportError: cannot import name UnrewindableBodyError
问题描述
Traceback (most recent call last):
File "/usr/bin/tower-cli", line 11, in <module>
load_entry_point('ansible-tower-cli==3.3.0', 'console_scripts', 'tower-cli')()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 479, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2703, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2321, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2327, in resolve
module = __import__(self.module_name, fromlist=['__name__'], level=0)
File "/usr/lib/python2.7/site-packages/tower_cli/cli/run.py", line 17, in <module>
from tower_cli.cli.base import TowerCLI
File "/usr/lib/python2.7/site-packages/tower_cli/cli/base.py", line 25, in <module>
from tower_cli.cli import misc
File "/usr/lib/python2.7/site-packages/tower_cli/cli/misc.py", line 24, in <module>
from requests.auth import HTTPBasicAuth
File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 43, in <module>
import urllib3
File "/usr/lib/python2.7/site-packages/urllib3/__init__.py", line 10, in <module>
from .connectionpool import (
File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 31, in <module>
from .connection import (
File "/usr/lib/python2.7/site-packages/urllib3/connection.py", line 45, in <module>
from .util.ssl_ import (
File "/usr/lib/python2.7/site-packages/urllib3/util/__init__.py", line 4, in <module>
from .request import make_headers
File "/usr/lib/python2.7/site-packages/urllib3/util/request.py", line 5, in <module>
from ..exceptions import UnrewindableBodyError
ImportError: cannot import name UnrewindableBodyError
解决方案
似乎是请求的问题,而不是tower-cli,尝试按照以下步骤重新安装请求和urlib3来查看
# sudo yum remove python-urllib3
# sudo yum remove python-requests
通过执行命令,确认已删除所有上述库:
# pip freeze | grep requests
使用yum安装这些软件包:
# sudo yum install python-urllib3
# sudo yum install python-requests
注:自己在获取证书时遇到了非常多的问题,在这里没有一一列举,如需帮助,可以联系我帮忙解答!
五、获取证书成功
