Change the configuration of nginx so that acme.sh can automatically issue SSL certificates for free even in the case of reverse proxy

server { listen 443 ssl; listen [::]:443 ssl; ssl_certificate /data/example.com.pem; ssl_certificate_key /data/example.com.pem; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:! aNULL:! MD5; server_name example.com; client_max_body_size 1000m; location ^~ /.well-known/acme-challenge/ { default_type"text/plain";
        allow all;
        root /var/www/example.com/;
   }

  location / { 
        proxy_redirect off;
        proxy_pass http://xxxxxxx:8000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

       
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}Copy the code

Location ^~ /. Well-known /acme-challenge/, acme uses this directory for authentication.

acme.sh --issue -d example.com -w /home/wwwroot/example.com
Copy the code

Change the configuration of nginx so that acme.sh can automatically issue SSL certificates for free even in the case of reverse proxy

Related Posts

Docker deployed nginx+ Tomcat +mysql service

Health chain (HDC) : Basic public chain is longitude, medical engine is latitude

Counting sort