certbot 申请添加新的子域名 支持https 步骤

前提是装有certbot

1.添加域名解析 A 指向

首先到你的域名提供商,添加新的域名解析,添加A记录

一共添加两条记录 带有www前缀

不带www前缀

2. 申请证书

sudo certbot --expand -d 你的域名

例:

sudo certbot –expand -d onedev.renderc.com

命令执行完成,certbot 便会在 /etc/letsencrypt/archive 目录下生成对应的证书目录

3. 配置nginx域名指向

linux 原生的 nginx 主机配置目录在 /etc/nginx/conf.d

添加 onedev.conf 子配置,onedev.conf 在nginx 的主入口配置文件包含即可

大致内容

server {
    server_name  onedev.renderc.com www.onedev.renderc.com;

    #some
    client_max_body_size 500m;
    proxy_connect_timeout 75s;

    #access_log  /var/log/nginx/host.access.log  main;

    #location / {
    #    root   /usr/share/nginx/html;
    #    index  index.html index.htm;
    #}

    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass  http://172.22.0.4:6610;
    }


    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #<F9>
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/onedev.renderc.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/onedev.renderc.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = onedev.renderc.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name  onedev.renderc.com www.onedev.renderc.com;
    listen 80;
    return 404; # managed by Certbot


}

主要修改的地方 子域名地址 转发

server_name onedev.renderc.com www.onedev.renderc.com;

该域名要代理转发的服务地址

proxy_pass http://172.22.0.4:6610;