使用Let's Encrypt產生免費SSL憑證

參考文章
https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates/

通常在這步驟完成之後，會遇到一些問題

Problem binding to port 80: Could not bind to IPv4 or IPv6.

這表示port 80一直被listen。一個解決的方法是暫停NGINX server

sudo systemctl stop nginx 

然後再一次執行

sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

如果成功了，就會看見

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem

sudo systemctl restart nginx

然後回去 /etc/nginx/sites-available/example.conf, 加上ssl certificate的路徑：

    ssl_certificate      /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;

完成之後，記得

sudo nginx -s reload

就可以試試看https連線了!

在ubuntu上安裝nginx

sudo add-apt-repository ppa:nginx/stable

sudo apt-get update

sudo apt-get install nginx

/etc/nginx/sites-available/example.conf  http範例如下

server {

    listen         80;

    listen         [::]:80;

    server_name    example.com www.example.com;

    root           /var/www/html/example.com/public_html;

    index          index.php;

    location / {

      # try_files $uri $uri/ =404;

      # This is cool because no php is touched for static content.

      # include the "?$args" part so non-default permalinks doesn't break when using query string

      try_files $uri $uri/ /index.php?$args;

    }

    location ~* \.php$ {

      fastcgi_index   index.php;

      include         fastcgi_params;

      fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;

      fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;

      #fastcgi_pass unix:/run/php/php7.2-fpm.sock;

      fastcgi_pass    127.0.0.1:9000;

    }

    error_page 405    =200 $uri;

}

/etc/nginx/sites-available/example.ssl.conf  https範例如下

server {

    listen         443 ssl;

    listen         [::]:443 ssl;

    server_name    example.com www.example.com;

    root           /var/www/html/example.com/public_html;

    index          index.php;

    ssl_certificate      /etc/letsencrypt/live/example.com/fullchain.pem;

    ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;

    location / {

      # try_files $uri $uri/ =404;

      # This is cool because no php is touched for static content.

      # include the "?$args" part so non-default permalinks doesn't break when using query string

      try_files $uri $uri/ /index.php?$args;

    }

    location ~* \.php$ {

      fastcgi_index   index.php;

      include         fastcgi_params;

      fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;

      fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;

      #fastcgi_pass unix:/run/php/php7.2-fpm.sock;

      fastcgi_pass    127.0.0.1:9000;

    }

    error_page 405    =200 $uri;

}

存檔之後

sudo ln -s /etc/nginx/sites-available/example.conf /etc/nginx/sites-enabled/example.conf

sudo ln -s /etc/nginx/sites-available/example.ssl.conf /etc/nginx/sites-enabled/example.ssl.conf

sudo service nginx restart

在ubuntu上安裝php7.2

sudo apt-get update && apt-get upgrade

sudo apt-get install python-software-properties

sudo add-apt-repository ppa:ondrej/php

sudo apt-get update

sudo apt-get install php7.2-fpm php7.2-cli php7.2-curl

sudo apt-get install php7.2

sudo apt-get install php7.2-curl php7.2-gd php7.2-json php7.2-mbstring php7.2-intl php7.2-mysql php7.2-xml php7.2-zip

sudo apt-get upgrade

編輯 /etc/php/7.2/fpm/php-fpm.conf 

emergency_restart_threshold = 10
emergency_restart_interval = 1m

編輯 /etc/php/7.2/fpm/pool.d/*.conf
user = deploy  (自行更改)
group = deploy (自行更改)

listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1

pm.max_children = 51
pm.start_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 1000
slowlog = /var/log/$pool.log.slow
request_slowlog_timeout = 5s

存檔之後

sudo service php7.2-fpm restart