申请证书

#nginx -s stop
systemctl stop nginx
apt-get install socat curl cron
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue -d www.kkiikk.top --standalone -k ec-256 --force --test
rm -rf ~/.acme.sh/www.kkiikk.top_ecc
以上是测试
~/.acme.sh/acme.sh --issue -d www.kkiikk.top --standalone -k ec-256 --force
mkdir /etc/nginx/ssl/
~/.acme.sh/acme.sh --installcert -d www.kkiikk.top --fullchainpath /etc/nginx/ssl/www.kkiikk.top.crt --keypath /etc/nginx/ssl/www.kkiikk.top.key --ecc --force

webdav配置

编辑/etc/nginx/conf/nginx.conf

nano /etc/nginx/conf/nginx.conf

nginx.conf中加入以下内容

user  root;
worker_processes  auto;
error_log  /etc/nginx/error.log warn;
pid        /run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/conf/mime.types; #注意路径,必须写,否则可能造成css无法加载
    default_type  application/octet-stream;
    log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';
    access_log /etc/nginx/access.log main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  120;
    client_max_body_size 20m;
    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
}

编辑/etc/nginx/conf.d/dav.conf

mkdir /etc/nginx/conf.d/
nano /etc/nginx/conf.d/dav.conf

dav.conf中加入以下内容

server {
        listen 443 ssl;
        listen [::]:443 ssl; #没有ipv6的话要注释掉这行
        ssl_certificate       /etc/nginx/ssl/www.kkiikk.top.crt;
        ssl_certificate_key   /etc/nginx/ssl/www.kkiikk.top.key;
        ssl_protocols         TLSv1.2 TLSv1.3;
        ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
        server_name www.kkiikk.top;
        #index index.html index.htm;
        #root  /html;
        #error_page 400 = /400.html;

        location / {  #如果是location /,下面应写成alias /html/
                # 设置使用utf-8编码,防止中文文件名乱码
                charset utf-8;
                # alias /html/,修改为网盘文件夹的路径;
                alias /html/;
                autoindex on;
                dav_methods PUT DELETE MKCOL COPY MOVE;
                # 需要 nginx-dav-ext-module 才有下面的选项
                dav_ext_methods PROPFIND OPTIONS;
                create_full_put_path on;
                dav_access user:rw group:r all:r;
                # 使用者认证
                auth_basic "登录";
                # 使用者身份档案位置
                auth_basic_user_file /etc/nginx/.passwords.list;
                # 关闭详细文件大小统计,让文件大小显示MB,GB单位,默认为b;
                autoindex_exact_size off;
                }
        # Config for 0-RTT in TLSv1.3
        ssl_early_data on;
        ssl_stapling on;
        ssl_stapling_verify on;
        proxy_set_header Early-Data $ssl_early_data;
        add_header Strict-Transport-Security "max-age=31536000";

}
    server {
        listen 80;
        listen [::]:80;   #没有ipv6的话要注释掉这行
        server_name www.kkiikk.top;
        return 301 https://www.kkiikk.top$request_uri;
    }

注意,Mix只支持TLSv1.2

设置用户和密码

echo -n 'admin:' | tee -a /etc/nginx/.passwords.list
#注意admin后面的:不能漏掉,admin可以改成任意用户名
openssl passwd -apr1 | tee -a /etc/nginx/.passwords.list
#输入命令之后会出现提示输入密码

重启nginx

systemctl restart nginx

在其他vps上的转发配置

server {
        listen 443 ssl http2;
        listen [::]:443 http2;
        #listen 0.0.0.0:443;
        #listen [::]:443;
        #ssl on;
        ssl_certificate       /etc/nginx/ssl/bw4.kkiikk.top.crt;
        ssl_certificate_key   /etc/nginx/ssl/bw4.kkiikk.top.key;
        ssl_protocols         TLSv1.3;
        ssl_ciphers           TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
        server_name bw4.kkiikk.top;
        #index index.html index.htm;
        #root  /html/;
        #error_page 400 = /400.html;
 
        location / {
                proxy_redirect off;
                proxy_pass https://www.kkiikk.top;
                #proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                client_max_body_size 1024m;
        }
 
        # Config for 0-RTT in TLSv1.3
        ssl_early_data on;
        ssl_stapling on;
        ssl_stapling_verify on;
        proxy_set_header Early-Data $ssl_early_data;
        add_header Strict-Transport-Security "max-age=31536000";
 
}
    server {
        listen 80;
        listen [::]:80;
        server_name bw4.kkiikk.top;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        location / {
                proxy_pass https://www.kkiikk.top;
        proxy_set_header        X-Real_IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        Host            $host;
        proxy_pass_header       Set-Cookie;
        proxy_pass_header       X-CSRF-TOKEN;
        }
 
}
最后修改:2024 年 09 月 24 日
如果觉得我的文章对你有用,请随意赞赏