创建页面,内容为“ = Wild certificate = <syntaxhighlight lang="bash"> sudo certbot certonly --manual --preferred-challenges=dns -d *.fn.quillgen.com </syntaxhighlight> 600px To verify: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.fn.quillgen.com Category:Linux/Unix” |
|||
| (未显示同一用户的1个中间版本) | |||
| 第6行: | 第6行: | ||
sudo certbot certonly --manual --preferred-challenges=dns -d *.fn.quillgen.com | sudo certbot certonly --manual --preferred-challenges=dns -d *.fn.quillgen.com | ||
</syntaxhighlight> | </syntaxhighlight> | ||
[[Image:wildcard-dns.png|600px]] | [[Image:wildcard-dns.png|600px]] | ||
| 第12行: | 第12行: | ||
https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.fn.quillgen.com | https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.fn.quillgen.com | ||
= Nginx config= | |||
<syntaxhighlight lang="cpp"> | |||
server { | |||
listen 443 ssl; | |||
server_name ~^(.*)\.fn\.quillgen\.com$; | |||
ssl_certificate /etc/letsencrypt/live/fn.quillgen.com/fullchain.pem; | |||
ssl_certificate_key /etc/letsencrypt/live/fn.quillgen.com/privkey.pem; | |||
location / { | |||
proxy_pass http://172.20.0.0; | |||
# otherwise got 426 Upgrade Required error | |||
proxy_http_version 1.1; | |||
proxy_set_header Upgrade $http_upgrade; | |||
proxy_set_header Connection "upgrade"; | |||
proxy_set_header Host $host; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
} | |||
} | |||
# Redirect HTTP to HTTPS | |||
server { | |||
listen 80; | |||
server_name ~^(.*)\.fn\.quillgen\.com$; | |||
return 301 https://$host$request_uri; | |||
} | |||
</syntaxhighlight> | |||
[[Category:Linux/Unix]] | [[Category:Linux/Unix]] | ||
2025年5月6日 (二) 16:36的最新版本
Wild certificate
sudo certbot certonly --manual --preferred-challenges=dns -d *.fn.quillgen.com
To verify: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.fn.quillgen.com
Nginx config
server {
listen 443 ssl;
server_name ~^(.*)\.fn\.quillgen\.com$;
ssl_certificate /etc/letsencrypt/live/fn.quillgen.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fn.quillgen.com/privkey.pem;
location / {
proxy_pass http://172.20.0.0;
# otherwise got 426 Upgrade Required error
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# Redirect HTTP to HTTPS
server {
listen 80;
server_name ~^(.*)\.fn\.quillgen\.com$;
return 301 https://$host$request_uri;
}