{"rsdb":{"rid":"285538","subhead":"","postdate":"0","aid":"202224","fid":"76","uid":"1","topic":"1","content":"
\u672c\u6587\u4f7f\u7528 HTTP \u548c DNS \u4e24\u79cd\u6821\u9a8c\u65b9\u5f0f\u5bf9 Docker \u4e0b linuxserver\/letsencrypt \u9879\u76ee\u8fdb\u884c\u4e86\u5b9e\u8df5\u3002\u751f\u6210SpringBoot\u53ef\u7528\u8bc1\u4e66\uff0c\u4f7f\u7528 Nginx \u7684 htpasswd \u6765\u5bf9\u7f51\u7ad9\u8fdb\u884c\u5bc6\u7801\u4fdd\u62a4\uff0c\u5e76\u6d4b\u8bd5\u4f7f\u7528 fail2ban \u9632\u6b62 htpasswd \u88ab\u66b4\u529b\u7834\u89e3\u3002\u5168\u6587\u57fa\u4e8e linuxserver\/letsencrypt \u6587\u6863\u53ca\u5176\u4ed6\u5b98\u65b9\u8d44\u6599\uff0c\u6839\u636e\u4f5c\u8005\u5b9e\u8df5\u8fdb\u884c\u8be6\u7ec6\u89e3\u6790\u548c\u8bb0\u5f55\u3002<\/p> \n
\u8fd9\u4e2a\u5bb9\u5668\u8bbe\u7f6e\u4e86\u4e00\u4e2a Nginx \u670d\u52a1\u5668\uff0c\u652f\u6301 PHP \u7684\u53cd\u5411\u4ee3\u7406\u548c\u4e00\u4e2a\u5185\u7f6e\u7684 letsencrypt \u5ba2\u6237\u7aef\uff0c\u53ef\u4ee5\u81ea\u52a8\u5316\u751f\u6210\u6216\u66f4\u65b0 SSL \u670d\u52a1\u5668\u8bc1\u4e66\u3002\u5b83\u8fd8\u5305\u542b\u7528\u4e8e\u9632\u5fa1\u5165\u4fb5\u7684 fail2ban\u3002<\/p> \n
docker create \\\r\n --cap-add=NET_ADMIN \\\r\n --name=letsencrypt \\\r\n -v <path to data>:\/config \\\r\n -e PGID=<gid> -e PUID=<uid> \\\r\n -e EMAIL=<email> \\\r\n -e URL=<url> \\\r\n -e SUBDOMAINS=<subdomains> \\\r\n -e VALIDATION=<method> \\\r\n -p 80:80 -p 443:443 \\\r\n -e TZ=<timezone> \\\r\n linuxserver\/letsencrypt<\/pre> \n1.2 \u53c2\u6570<\/h4> \n
\n
- \u2013cap-add=NET_ADMIN cap-add\uff1a\u5373 Add Linux capabilities \u6dfb\u52a0 Linux \u5185\u6838\u80fd\u529b\u3002\u8fd9\u91cc\u5177\u4f53\u6dfb\u52a0\u7684\u80fd\u529b\u662f\u5141\u8bb8\u6267\u884c\u7f51\u7edc\u7ba1\u7406\u4efb\u52a1\u3002\u8fd9\u662f\u56e0\u4e3a fail2ban \u9700\u8981\u4fee\u6539 iptables<\/li> \n
- -p 80 -p 443\uff1a\u7aef\u53e3<\/li> \n
- -v \/config\uff1a\u5305\u62ec webroot \u5728\u5185\u7684\u6240\u6709\u914d\u7f6e\u6587\u4ef6\u90fd\u4fdd\u5b58\u5728\u6b64\u5904<\/li> \n
- -e URL\uff1a\u9876\u7ea7\u57df\u540d\uff08\u5b8c\u5168\u62e5\u6709\u5219\u5982\uff1a\u201ccustomdomain.com\u201d\uff0c\u52a8\u6001 DNS \u5219\u5982 \u201ccustomsubdomain.ddnsprovider.com\u201d \uff09<\/li> \n
- -e SUBDOMAINS\uff1a\u8bc1\u4e66\u8986\u76d6\u7684\u5b50\u57df\u540d (\u9017\u53f7\u5206\u9694\uff0c\u65e0\u7a7a\u683c) .\u5982 www,ftp,cloud.\u5bf9\u4e8e\u901a\u914d\u7b26\u8bc1\u4e66, \u8bf7\u5c06\u6b64\u660e\u786e\u5730\u8bbe\u7f6e\u4e3a\u901a\u914d\u7b26 (\u901a\u914d\u7b26\u8bc1\u4e66\u53ea\u5141\u8bb8\u901a\u8fc7dns\u65b9\u5f0f\u9a8c\u8bc1)<\/li> \n
- -e VALIDATION\uff1aletsencrypt\u9a8c\u8bc1\u65b9\u6cd5\uff0c\u9009\u9879\u662f http\u3001tls-sni \u6216\u8005 DNS<\/li> \n
- \u4e0d\u540c\u6821\u9a8c\u65b9\u5f0f\u7684\u533a\u522b: \n
\n
- HTTP \u6821\u9a8c<\/strong>\uff1a\u9700\u8981\u4f7f\u7528\u523080\u7aef\u53e3\uff0c\u6545\u5bbf\u4e3b\u673a80\u7aef\u53e3\u5e94\u8be5\u8f6c\u53d1\u5230\u5bb9\u5668\u768480\u7aef\u53e3<\/li> \n
- tls-sni \u6821\u9a8c<\/strong>\uff1a\u9700\u8981\u4f7f\u7528\u5230443\u7aef\u53e3\uff0c\u6545\u5bbf\u4e3b\u673a443\u7aef\u53e3\u5e94\u8be5\u8f6c\u53d1\u5230\u5bb9\u5668\u7684443\u7aef\u53e3\uff08\u6ce8\u610f\uff1a\u7531\u4e8e\u5b89\u5168\u6f0f\u6d1e\uff0cletsencrypt \u7981\u7528\u4e86 tls-sni \u9a8c\u8bc1\uff0c\u4f7f\u7528\u8be5\u65b9\u5f0f\u4f1a\u62a5\u9519\uff1aClient with the currently selected authenticator does not support any combination of challenges that will satisfy the CA<\/span>\uff09<\/li> \n
- DNS \u9a8c\u8bc1<\/strong>\uff1a\u9700\u8981\u8bbe\u7f6e DNSPLUGIN \u53d8\u91cf\uff08\u4e0d\u662f\u6240\u6709\u7684DNS\u670d\u52a1\u5546\u90fd\u652f\u6301\uff09\uff0c\u5e76\u4e14\u9700\u8981\u5728 \/config\/dns-conf \u6587\u4ef6\u5939\u4e0b\u8f93\u5165\u51ed\u636e\u5230\u76f8\u5e94\u7684 ini \u6587\u4ef6\u91cc\uff0c\u5f53\u65e0\u6cd5\u901a\u8fc7\u7aef\u53e3\u9a8c\u8bc1\u65f6\u53ef\u4f7f\u7528\u8fd9\u79cd\u65b9\u6cd5\u9a8c\u8bc1<\/li> \n <\/ul> <\/li> \n
- -e PGID \u8bbe\u7f6e GroupID<\/li> \n
- -e PUID \u8bbe\u7f6e UserID<\/li> \n
-e TZ<\/code> - \u65f6\u533a \u5982 America\/New_York\uff1a\u4e0a\u6d77\u65f6\u533a\u4e3aAsia\/Shanghai<\/li> \n <\/ul> \n
\u901a\u8fc7\u6307\u5b9a\u7528\u6237ID\u548c\u6240\u5c5e\u7fa4\u7684ID\u6765\u907f\u514d\u6570\u636e\u5377\u6302\u8f7d(-v<\/strong>)\u65f6\u5bb9\u5668\u548c\u5bbf\u4e3b\u673a\u76f4\u63a5\u53ef\u80fd\u4ea7\u751f\u7684\u6743\u9650\u95ee\u9898\u3002\u6700\u597d\u8ba9\u6302\u8f7d\u7684\u6570\u636e\u5377\u76ee\u5f55\u7684\u62e5\u6709\u8005\u548c\u6307\u5b9a\u7684\u7528\u6237\u7edf\u4e00\u3002<\/p> \n
\u53e6\u5916\uff0c\u9700\u8981\u6ce8\u610f\uff1a\u4e0d\u80fd\u6307\u5b9aroot\u7528\u6237\uff08\u5373PGID=0,PUID=0\uff09\uff0c\u5426\u5219\u4f1a\u4e00\u76f4\u62a5\u9519\uff08\u4f46\u4e0d\u5f71\u54cd\u4f7f\u7528\uff09\u3002<\/p> \n
#\u5bbf\u4e3b\u673aroot\u7528\u6237\u73af\u5883\u4e0b\u4f7f\u7528\u4f8b\u5b50(\u975e\u5b98\u65b9,\u4ec5\u4f9b\u53c2\u8003)\r\n\r\n#\u521b\u5efa\u8981\u6302\u8f7d\u7684\u76ee\u5f55,\u6b64\u65f6\u8be5\u76ee\u5f55\u5c5eroot\u7528\u6237\u548croot\u7ec4\r\nmkdir \/opt\/letsencrypt\r\n#\u521b\u5efadocker\u7528\u6237(\u9ed8\u8ba4\u4f1a\u987a\u5e26\u65b0\u5efa\u540c\u540dGroup)\r\nuseradd dockeruser\r\n#\u4fee\u6539\u6587\u4ef6\u5939\u5f52\u5c5e(R\u4ee3\u8868\u9012\u5f52\u64cd\u4f5c,\u6587\u4ef6\u5939\u4e0b\u7684\u4e5f\u4e00\u5e76\u4fee\u6539)\r\nchown -R dockeruser:dockeruser \/opt\/letsencrypt\r\n#\u67e5\u770bdockeruser\u7684\u7528\u6237id\u548c\u7fa4id\r\nid dockeruser<\/pre> \n\u53ef\u9009\u8bbe\u7f6e\uff1a<\/p> \n
\n
- -e DNSPLUGIN\uff1a\u5982\u679c VALIDATION \u8bbe\u7f6e\u4e3a DNS \u5219\u6b64\u9879\u5fc5\u9009\u3002\u9009\u9879\u6709 cloudflare\u3001cloudxns\u3001digitalocean\u3001dnsimple\u3001dnsmadeeasy\u3001google\u3001luadns\u3001nsone\u3001rfc2136 \u548c route53\u3002\u8fd8\u9700\u8981\u5728 \/config\/dns-conf \u6587\u4ef6\u5939\u4e0b\u8f93\u5165\u51ed\u636e\u5230\u76f8\u5e94\u7684 ini \u6587\u4ef6\u91cc\u3002\u8fd9\u91cc\u63a8\u8350\u4f7f\u7528 cloudflare\uff0c\u514d\u8d39\u800c\u4e14\u597d\u7528.<\/li> \n
- \u4f7f\u7528 Cloudflare \u670d\u52a1\u7684\u8bdd\u5e94\u786e\u4fdd\u8bbe\u7f6e\u4e3a dns only \u800c\u975e dns + proxy\uff08\u4e8b\u5b9e\u4e0a Cloudflare \u7684 proxy \u5df2\u7ecf\u63d0\u4f9b\u514d\u8d39\u81ea\u52a8 SSL \u670d\u52a1\u4e86\uff0c\u4e5f\u5c31\u6ca1\u6709\u672c\u6587\u7684\u5fc5\u8981\uff09<\/li> \n
- Google DNS \u63d2\u4ef6\u7684\u4f7f\u7528\u5bf9\u8c61\u662f\u4f01\u4e1a\u4ed8\u8d39\u4ea7\u54c1\u201cGoogle Cloud DNS\u201d\u800c\u975e\u201cGoogle Domains DNS\u201d<\/li> \n
- -e EMAIL\uff1a\u60a8\u7684\u8bc1\u4e66\u6ce8\u518c\u548c\u901a\u77e5\u7684\u7535\u5b50\u90ae\u4ef6\u5730\u5740<\/li> \n
- -e DHLEVEL\uff1adhparams \u4f4d\u503c\uff08\u9ed8\u8ba4\u503c= 2048\uff0c\u53ef\u8bbe\u7f6e\u4e3a1024\u62164096\uff09<\/li> \n
- -p 80\uff1aVALIDATION\u8bbe\u7f6e\u4e3a http \u800c\u4e0d\u662f dns \u6216 tls-sni \u65f6\u9700\u898180\u7aef\u53e3\u8fdb\u884c\u8f6c\u53d1<\/li> \n
- -e ONLY_SUBDOMAINS\uff1a\u4ec5\u4e3a\u5b50\u57df\u540d\u83b7\u53d6\u8bc1\u4e66\uff08\u4e3b\u57df\u540d\u53ef\u80fd\u6258\u7ba1\u5728\u53e6\u5916\u4e00\u53f0\u8ba1\u7b97\u673a\u4e14\u65e0\u6cd5\u9a8c\u8bc1\uff09\u65f6\u8bf7\u5c06\u6b64\u9879\u8bbe\u7f6e\u4e3a true<\/li> \n
- -e EXTRA_DOMAINS\uff1a\u989d\u5916\u7684\u5b8c\u5168\u9650\u5b9a\u57df\u540d\uff08\u9017\u53f7\u5206\u9694\uff0c\u65e0\u7a7a\u683c\uff09\u5982 extradomain.com,subdomain.anotherdomain.org<\/li> \n
- -e STAGING\uff1a\u8bbe\u7f6e\u4e3a true \u53ef\u4ee5\u63d0\u9ad8\u901f\u7387\u9650\u5236\uff0c\u4f46\u8bc1\u4e66\u4e0d\u4f1a\u901a\u8fc7\u6d4f\u89c8\u5668\u7684\u5b89\u5168\u6d4b\u8bd5\uff0c\u4ec5\u7528\u4e8e\u6d4b\u8bd5<\/li> \n
- -e HTTPVAL\uff1a\u5df2\u5f03\u7528, \u8bf7\u7528VALIDATION \u4ee3\u66ff<\/li> \n <\/ul> \n
\n2. \u5b9e\u8df5<\/h3> \n
2.1 \u4f7f\u7528 HTTP \u65b9\u5f0f\u9a8c\u8bc1<\/h4> \n
\u9996\u5148\uff0c\u4f60\u5e94\u8be5\u5148\u4fdd\u8bc1\u8981\u83b7\u53d6\u8bc1\u4e66\u7684\u57df\u540d\uff08\u5b50\u57df\u540d\uff09\u80fd\u6b63\u786e\u5730\u8bbf\u95ee\u5230\u4e3b\u673a\u3002\u6ce8\u610f\uff1a\u57df\u540d\u9700\u8981\u5907\u6848\u3002<\/p> \n
\u8fd9\u91cc\u6211\u6620\u5c04\u7684\u5bbf\u4e3b\u673a\u76ee\u5f55\u4e3a \/opt\/letsencrypt1<\/strong>\uff0cPGID \u548c PUID \u7531\u4e0a\u6587\u63d0\u5230\u7684\u65b9\u5f0f\u83b7\u5f97\u3002\u914d\u7f6e\u7684\u57df\u540d\u4e3a my.com \u548c www.my.com \uff08\u5b9e\u9645\u4e0a\u6211\u914d\u7f6e\u7684\u662f\u53e6\u5916\u4e00\u4e2a\u6211\u81ea\u5df1\u771f\u6b63\u62e5\u6709\u7684\u57df\u540d\uff0c\u8fd9\u91cc\u4e0d\u8d34\u51fa\u6765\uff09<\/p> \n
\u6ce8\u610f\uff1a\u4f7f\u7528 HTTP \u65b9\u5f0f\u9a8c\u8bc1\u7684\u8bdd\u5f00\u53d180\u7aef\u53e3\u5c31\u53ef\u4ee5\u4e86\uff0c\u8fd9\u91cc443\u7aef\u53e3\u4e5f\u8fdb\u884c\u6620\u5c04\u3002\u8fd9\u662f\u4e3a\u4e86\u8bc1\u4e66\u83b7\u53d6\u6210\u529f\u540e\u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528 HTTPS \u767b\u5f55\u8be5\u5bb9\u5668\u63d0\u4f9b\u7684\u9ed8\u8ba4\u9996\u9875\u8fdb\u884c\u786e\u8ba4\u3002<\/p> \n <\/div> \n
docker run -d \\\r\n--cap-add=NET_ADMIN \\\r\n--name=letsencrypt \\\r\n-v \/opt\/letsencrypt1:\/config \\\r\n-e PGID=1002 -e PUID=1001 \\\r\n-e URL=my.com \\\r\n-e SUBDOMAINS=www \\\r\n-e VALIDATION=http \\\r\n-p 80:80 -p 443:443 \\\r\n-e TZ=Asia\/Shanghai \\\r\nlinuxserver\/letsencrypt<\/pre> \n\u5bb9\u5668\u4f1a\u5728\u540e\u53f0\u8fd0\u884c\uff0c\u8fd9\u4e2a\u65f6\u5019\u5e94\u8be5\u63d0\u4f9b\u5982\u4e0b\u6307\u4ee4\u67e5\u770b\u65e5\u5fd7\u8f93\u51fa\uff08CTRL + z\u9000\u51fa\uff09","orderid":"0","title":"Docker\u4f7f\u7528 linuxserver\/letsencrypt \u751f\u6210SSL\u8bc1\u4e66\u6700\u5168\u89e3\u6790\u53ca\u5b9e\u8df5(\u4e00)","smalltitle":"","mid":"0","fname":"JAVA","special_id":"0","bak_id":"0","info":"0","hits":"718","pages":"4","comments":"0","posttime":"2019-01-03 10:09:49","list":"1546481389","username":"admin","author":"","copyfrom":"","copyfromurl":"","titlecolor":"","fonttype":"0","titleicon":"0","picurl":"http:\/\/incdn1.b0.upaiyun.com\/2019\/01\/46bcdc99be231a16ee549b13330577d4-1024x434.png","ispic":"1","yz":"1","yzer":"","yztime":"0","levels":"0","levelstime":"0","keywords":"Docker<\/A> \u4f7f\u7528<\/A> linuxserver\/letsencrypt<\/A> \u751f\u6210<\/A> SSL<\/A> \u8bc1\u4e66<\/A> \u6700\u5168<\/A> \u89e3\u6790<\/A> \u5b9e\u8df5<\/A>","jumpurl":"","iframeurl":"","style":"","template":"a:3:{s:4:\"head\";s:0:\"\";s:4:\"foot\";s:0:\"\";s:8:\"bencandy\";s:0:\"\";}","target":"0","ip":"47.106.78.186","lastfid":"0","money":"0","buyuser":"","passwd":"","allowdown":"","allowview":"","editer":"","edittime":"0","begintime":"0","endtime":"0","description":"Docker\u4f7f\u7528 linuxserver\/letsencrypt \u751f\u6210SSL\u8bc1\u4e66\u6700\u5168\u89e3\u6790\u53ca\u5b9e\u8df5","lastview":"1714034190","digg_num":"0","digg_time":"0","forbidcomment":"0","ifvote":"0","heart":"","htmlname":"","city_id":"0"},"page":"1"}