Nginx 部署
适合有 SSH 和 sudo 权限的 VPS、云服务器或独立服务器。
1. 设置变量
请替换成你的真实信息:
bash
export ACME_SERVER="你的 Server URL"
export EAB_KID="你的 EAB MAC ID"
export EAB_HMAC_KEY="你的 EAB MAC key"
export EMAIL="[email protected]"
export DOMAIN="example.com"
export WEBROOT="/var/www/example.com/public"2. 安装 acme.sh
bash
curl https://get.acme.sh | sh -s email="$EMAIL"
source ~/.bashrc 2>/dev/null || source ~/.zshrc 2>/dev/null || true3. 注册 ACME 账号
bash
~/.acme.sh/acme.sh --register-account \
--server "$ACME_SERVER" \
--eab-kid "$EAB_KID" \
--eab-hmac-key "$EAB_HMAC_KEY" \
-m "$EMAIL"4. 签发证书
bash
~/.acme.sh/acme.sh --issue \
--server "$ACME_SERVER" \
-d "$DOMAIN" \
-w "$WEBROOT"同时保护 www:
bash
~/.acme.sh/acme.sh --issue \
--server "$ACME_SERVER" \
-d "$DOMAIN" \
-d "www.$DOMAIN" \
-w "$WEBROOT"5. 安装证书
bash
sudo mkdir -p "/etc/ssl/12ssl/$DOMAIN"
sudo ~/.acme.sh/acme.sh --install-cert -d "$DOMAIN" \
--key-file "/etc/ssl/12ssl/$DOMAIN/privkey.pem" \
--fullchain-file "/etc/ssl/12ssl/$DOMAIN/fullchain.pem" \
--reloadcmd "systemctl reload nginx"6. 配置 Nginx
bash
sudo nano /etc/nginx/sites-available/example.com示例:
nginx
server {
listen 443 ssl http2;
server_name example.com www.example.com;
root /var/www/example.com/public;
index index.html index.php;
ssl_certificate /etc/ssl/12ssl/example.com/fullchain.pem;
ssl_certificate_key /etc/ssl/12ssl/example.com/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}检查并重载:
bash
sudo nginx -t
sudo systemctl reload nginx7. 验证
bash
curl -I "https://$DOMAIN"浏览器访问:
text
https://example.com