问题描述

项目执行在3000端口,服务器部署在阿里云,所以需要先在阿里云控制台添加安全组规则,入方向添加3000端口,由于需要https,所以同时需要开放443端口。

域名设置

域名配置可百度。

centos设置

关闭防火墙

systemctl stop firewalld.service

关闭Selinux

vi /etc/selinux/config,将将SELINUX=enforcing改为SELINUX=disabled.

nginx配置

server{
        listen       443;
        server_name your.sub.domain;

        location / {
                proxy_set_header Host $host:$server_port;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;

                proxy_pass http://127.0.0.1:3000;
                root  /the/directory/of/your/project;# 如果只有端口,不需要文件路径(如go应用)则可注释掉
                
                index index.html;
     #          try_files $uri $uri/ /index.html;
        }

}

执行certbot certonly --nginx使用let's encypt生成证书,会提示certkey存放在那个目录之下,
写到配置文件中,即

server{
        listen       443 ssl;
        server_name jianshi.erestu.top;
        ssl_certificate  /etc/letsencrypt/live/jianshi.erestu.top/fullchain.pem;#cert文件路径
        ssl_certificate_key /etc/letsencrypt/live/jianshi.erestu.top/privkey.pem;#key文件路径
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        location / {
                proxy_set_header Host $host:$server_port;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;

                proxy_pass http://127.0.0.1:3000;
                root  /the/directory/of/your/project;# 如果只有端口,不需要文件路径(如go应用)则可注释掉
                index index.html;
     #          try_files $uri $uri/ /index.html;
        }

}

最后
reload nginx:service nginx reload

service nginx restart,
访问https://your.sub.domain

遇到的问题

ImportError: No module named 'requests.packages.urllib3‘
2018年05月24日 11:20:57 shengerjianku 阅读数 7797
I use nginx on centos 7.3.

I installed certbot following https://certbot.eff.org/#centosrhel7-nginx

There is an error when running certbot --nginx:

[root@demo src]# certbot --nginx
Traceback (most recent call last):
File "/usr/bin/certbot", line 9, in
load_entry_point('certbot==0.14.1', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 564, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 2662, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 2316, in load
return self.resolve()
File "/usr/lib/python2.7/site-packages/pkg_resources/init.py", line 2322, in resolve
module = import(self.module_name, fromlist=['name'], level=0)
File "/usr/lib/python2.7/site-packages/certbot/main.py", line 14, in
from certbot import account
File "/usr/lib/python2.7/site-packages/certbot/account.py", line 17, in
from acme import messages
File "/usr/lib/python2.7/site-packages/acme/messages.py", line 4, in
from acme import challenges
File "/usr/lib/python2.7/site-packages/acme/challenges.py", line 10, in
import requests
File "/usr/lib/python2.7/site-packages/requests/init.py", line 58, in
from . import utils
File "/usr/lib/python2.7/site-packages/requests/utils.py", line 32, in
from .exceptions import InvalidURL
File "/usr/lib/python2.7/site-packages/requests/exceptions.py", line 10, in
from .packages.urllib3.exceptions import HTTPError as BaseHTTPError
File "/usr/lib/python2.7/site-packages/requests/packages/init.py", line 95, in load_module
raise ImportError("No module named '%s'" % (name,))
ImportError: No module named 'requests.packages.urllib3'
解决方法:

trypip install --upgrade --force-reinstall 'requests==2.6.0' urllib3 , I've had the same problem https://niuhp.com/other/https-certbot.html