{"id":1275,"date":"2026-02-06T09:47:29","date_gmt":"2026-02-06T01:47:29","guid":{"rendered":"https:\/\/blog.guguan.us.kg\/?p=1275"},"modified":"2026-02-12T06:11:45","modified_gmt":"2026-02-11T22:11:45","slug":"nginx%e8%87%aa%e5%8a%a8%e7%94%b3%e8%af%b7tls%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"https:\/\/blog.guguan.us.kg\/?p=1275","title":{"rendered":"Nginx \u81ea\u52a8\u7533\u8bf7 TLS \u8bc1\u4e66"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Nginx \u57282025\u5e748\u670812\u65e5\u5ba3\u5e03\u5f15\u5165\u4e86\u5b98\u65b9 ACME \u6a21\u5757 <a href=\"https:\/\/nginx.org\/en\/docs\/http\/ngx_http_acme_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">ngx_http_acme_module<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u8fd9\u4e2a\u6a21\u5757\u4f7f\u7528Rust\u8bed\u8a00\u7f16\u5199\uff0c\u652f\u6301 ACMEv2 \u534f\u8bae\uff08HTTP-01 \u6311\u6218\uff09\u53ef\u4ee5\u65b9\u4fbf\u7684\u7533\u8bf7TLS\u8bc1\u4e66<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u5b89\u88c5\u6a21\u5757\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apk add nginx nginx-mod-http-acme<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u5305\u7ba1\u7406\u5668\u5e94\u8be5\u4f1a\u81ea\u52a8\u52a0\u8f7d\u6a21\u5757<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>neko:~# cat \/etc\/nginx\/modules\/10_http_acme.conf \nload_module \"modules\/ngx_http_acme_module.so\";<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u65b0\u5efa\u6587\u4ef6 <code>\/etc\/nginx\/http.d\/acme.conf<\/code> \u7528\u4e8e\u5b58\u653eACME\u76f8\u5173\u7684\u914d\u7f6e\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u5b9a\u4e49\u4e00\u4e2a issuer\uff0c\u53eb\u5565\u90fd\u884c\uff0c\u8fd9\u91cc\u7528 letsencrypt\nacme_issuer letsencrypt {\n\t# \u8bc1\u4e66\u9881\u53d1\u673a\u6784 ACME(v2, RFC 8555) \u670d\u52a1URL\uff0c\u8fd9\u91cc\u7528 Let's Encrypt\n\turi https:\/\/acme-v02.api.letsencrypt.org\/directory;\n\t# \u53ef\u9009\uff0c\u586b\u5199\u81ea\u5df1\u7684\u90ae\u7bb1\n\tcontact j4fyfxqwn@mozmail.com;\n\t# \u5b58\u50a8\u8d26\u53f7\u3001\u8bc1\u4e66\u7684\u8def\u5f84\n\tstate_path \/var\/cache\/nginx\/acme-letsencrypt;\n\t# \u540c\u610f Let's Encrypt \u670d\u52a1\u6761\u6b3e\n\taccept_terms_of_service;\n}\n# ACME \u6a21\u5757\u4e13\u7528\u7684\u5171\u4eab\u5185\u5b58\u533a\nacme_shared_zone zone=acme_shared:1M;\n# \u914d\u7f6e DNS\nresolver 1.1.1.1 1.0.0.1 &#91;2606:4700:4700::1111] &#91;2606:4700:4700::1001];<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u521b\u5efa\u5b58\u50a8\u8d26\u53f7\u3001\u8bc1\u4e66\u7684\u76ee\u5f55\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir -p \/var\/cache\/nginx\/acme-letsencrypt<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728 server {} \u5757\u91cc\u542f\u7528\u5b83\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>server {\n\tlisten 80;\n\tlisten &#91;::]:80;\n\tlisten 443 ssl;\n\tlisten &#91;::]:443 ssl;\n\n\t# \u8bc1\u4e66\u57df\u540d\n\tserver_name neko.guguan.us.kg;\n\n\t# \u4f7f\u7528\u540d\u79f0\u4e3a letsencrypt \u7684 issuer \u7533\u8bf7\/\u7eed\u7b7e\u8bc1\u4e66\n\tacme_certificate letsencrypt;\n\n\t# \u4f7f\u7528\u53d8\u91cf\u7531\u6a21\u5757\u81ea\u52a8\u586b\u5145\n\tssl_certificate $acme_certificate;\n\tssl_certificate_key $acme_certificate_key;\n\t# \u53ef\u9009\uff0c\u7f13\u5b58\u8bc1\u4e66\uff0c\u51cf\u5c11\u6bcf\u6b21\u8bf7\u6c42\u89e3\u6790\n\tssl_certificate_cache max=2;\n\n\troot \/var\/www\/localhost\/htdocs;\n\n\tindex index.html index.htm;\n\n\tlocation \/ {\n\t\ttry_files $uri $uri\/ =404;\n\t}\n}<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u91cd\u8f7d Nginx<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nginx -t &amp;&amp; service nginx reload<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u9759\u7f6e\u51e0\u5206\u949f\uff0cNginx \u4f1a\u81ea\u52a8\u7533\u8bf7\u8bc1\u4e66<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u68c0\u67e5\u4f60\u6307\u5b9a\u7684 state_path \u662f\u5426\u6709\u76f8\u5173\u8bc1\u4e66\u6587\u4ef6<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>neko:~# ls \/var\/cache\/nginx\/acme-letsencrypt\/\naccount.key neko.guguan.us.kg-aaf2531d0d8ce1b0.crt\naccount.url neko.guguan.us.kg-aaf2531d0d8ce1b0.key<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">\u8fd9\u6837\u5c31\u8bf4\u660e\u7533\u8bf7TLS\u8bc1\u4e66\u6210\u529f\u4e86<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"has-small-font-size wp-block-paragraph\">\u76f8\u5173\u6587\u6863\uff1a<a href=\"https:\/\/blog.nginx.org\/blog\/native-support-for-acme-protocol\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/blog.nginx.org\/blog\/native-support-for-acme-protocol<\/a><\/p>\n\n\n\n<style>code {background-color: rgba(0, 0, 0, 0.05);}<\/style>\n","protected":false},"excerpt":{"rendered":"<p>Nginx\u4f7f\u7528ngx_http_acme_module\u6a21\u5757\u81ea\u52a8\u83b7\u53d6TLS\u8bc1\u4e66<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[128,85,37,127,55],"class_list":["post-1275","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-acme","tag-https","tag-nginx","tag-tls","tag-web"],"_links":{"self":[{"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=\/wp\/v2\/posts\/1275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1275"}],"version-history":[{"count":5,"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=\/wp\/v2\/posts\/1275\/revisions"}],"predecessor-version":[{"id":1288,"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=\/wp\/v2\/posts\/1275\/revisions\/1288"}],"wp:attachment":[{"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.guguan.us.kg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}