https(全称:Hyper Text Transfer Protocol over Secure Socket Layer),是以安全为目标的 http 通道,简单讲是 http 的安全版。即 http 下加入 SSL 层,https 的安全基础是 SSL,因此加密的详细内容就需要 SSL。
这些天研究小程序的时候发现小程序的接口一定要是https的域名才有用,当然本地测试的时候,开发者工具里不要登陆的自己的微信账号,http访问还是有用的;https在写接口的时候还是挺重要的,像post参数在http访问中虽然存在body里表面是是看不到了,其实用抓包工具一抓就能拿到,而https就就进行了加密,就算拿到了,也是一串加密过的字符。https可以保证传输数据的安全。
上面只是我对https一些粗浅的理解,以后有了新的理解再补充。
在搭建LAMP环境(linux+apache+mysql+php)的时候,自己走了不少弯路,看apache的config文件看到想吐,可是配置出来还是不尽人意。在初始化了一次服务器之后,我实在是不想重新一步一步重新配置环境,于是去找了一键搭建的脚本,发现了(lamp这是大神打包好的脚本)https://github.com/teddysun,感动到想哭。
准备工作:
- 阿里云服务器1台(装成centos7.2)
- xshell 远程连接工具
yum -y install wget screen git
git clone https://github.com/teddysun/lamp.git
cd lamp
chmod +x *.sh
screen -S lamp
./lamp.sh
一行一行执行!
这样,lamp环境就搭建好了,打开服务器80端口,就可以使用浏览器访问你的服务器IP地址了,显示一个lamp的网页”即说明lamp环境配置成功,网页文件存放根目录:/data/www/default
安装完毕之后用lamp命令
lamp add
交互显示如下:
Please enter server names(example: www.lamp.sh lamp.sh): 此处输入网站域名
Please enter website root directory(default:/data/www/网站域名): 此处输入网站根目录路径,默认回车即可
Please enter Administrator Email address: 此处输入管理员邮箱地址
Administrator Email address: 此处显示上一步输入的邮箱地址
Do you want to create a database and mysql user with same name? [y/n]: 此处输入 y 或 n,表示创建或不创建数据库(输入 y)
Virtual host [网站域名] has been created
Website root directory is: /data/www/网站域名
Database [数据库名] and mysql user [数据库用户名] has been created // 数据库及同名用户创建成功
Reloading the apache config file...
Syntax OK
Reload success
Do you want to add a SSL certificate? [y/n]: 此处输入 y 或 n,表示添加或不添加证书(输入 y)
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Please enter 1 or 2: 此处输入 1 或 2,表示使用自己的证书,或使用 Let's Encrypt 签发免费证书(输入 2)
You have already chosen Let's Encrypt
It will be processed automatically
Installing certbot command...
此处开始下载安装 certbot 命令
Starting create Let's Encrypt SSL Certificate...
此处开始安装 certbot 运行所需的依赖库等
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 网站域名
Using the webroot path /data/www/网站域名 for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/网站域名/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/网站域名/privkey.pem
Your cert will expire on 2018-02-02. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Let's encrypt crontab renew rule is not exist, create it!
Create Let's Encrypt SSL Certificate successfully
Reloading the apache config file...
Syntax OK
Reload success
All done
输入2,自动安装一个 Let's Encrypt 签发的免费证书
按提示下一步就ok,安装完毕后,已经自动帮我们的http重定向到https,之后访问我们自己的域名,都是自动调整到https://
简单到想流泪啊,省了不少时间,感谢大佬!有疑问可以评论回复!
网友评论