kil*_*zzy 6 nginx lets-encrypt
尝试使用webroot方法进行加密设置,该方法创建并需要访问./.well-known/acme-challenge/目录中的文件.那里的一切(包括我添加的手动测试文件)显示为404.
因为我尝试了以下变体而变得有点疯狂:
location ~ /.well-known {
allow all;
}
location /.well-known/acme-challenge {
default_type text/plain;
}
location /.well-known {
try_files $uri $uri/ =404;
}
没有运气.我还检查了文件夹的权限,甚至设置为777.我是设置nginx配置的新手,所以我确定现有的条件是抛弃它:
server{
listen 80;
server_name domain.com www.domain.com;
location / {
rewrite ^(.*)$ https://domain.com$1 permanent;
}
location ~ /.well-known {
allow all;
}
}
server {
listen 0.0.0.0:443 ssl;
root /var/www/domain.com/public_html;
index index.php index.html index.htm;
server_name domain.com www.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
client_max_body_size 32m;
}
location ~ /.well-known {
allow all;
}
}
正如理查德史密斯所说,root需要一个指令.它可以进入server块或location块.
注意,即使root在location块中,路径也不应包含"/.well-known"
location ~ /.well-known {
allow all;
root /var/www/domain.com/public_html;
# NOT
# root /var/www/domain.com/public_html/.well-known;
}
| 归档时间: |
|
| 查看次数: |
6376 次 |
| 最近记录: |