foxbook 安装配置，域名https配置，certbot #25

New Issue

2025-12-09T12:30:36+08:00

bigtran commented

2025-12-09 12:30:36 +08:00

解析

1、新增 fox.dev.opmonitor.com 域名，解析到frps服务器 39.101.135.106 【开发用】
2、新增 frp.gh.opmonitor.com 域名，解析到 47.92.134.58 【部署用】

配置nginx

3、nginx配置

server {
        listen 443;
        server_name fox.gh.opmonitor.com;

    ssl on;
    ssl_certificate   /etc/nginx/cert/fox.gh.opmonitor.com.pem;
    ssl_certificate_key  /etc/nginx/cert/fox.gh.opmonitor.com.key;
    ssl_session_timeout  5m;
    #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";


        location / {
            proxy_pass http://127.0.0.1:37803;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

制作证书，并下载

4、在阿里云申请【费劲、免费的用完了】
https://yundun.console.aliyun.com/

5、用 let's encrypt，安装一个 certbot，可以自动生成，自动更新

apt install certbot python3-certbot-nginx
sudo certbot --nginx -d fox.gh.opmonitor.com
service nginx restart

6、自动续期 sudo certbot renew --dry-run

https 配置完成

certbot操作之前的 conf 操作之后的 conf

server {
        listen 80;
        server_name fox.gh.opmonitor.com;

        location / {
            root /var/www/fox.gh.opmonitor.com;
            index index.php index.html;
            #proxy_pass http://127.0.0.1:37803;
            #proxy_set_header Host $host;
            #proxy_set_header X-Real-IP $remote_addr;
            #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

server {
        server_name fox.gh.opmonitor.com;

        location / {
            root /var/www/fox.gh.opmonitor.com;
            index index.php index.html;
            #proxy_pass http://127.0.0.1:37803;
            #proxy_set_header Host $host;
            #proxy_set_header X-Real-IP $remote_addr;
            #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/fox.gh.opmonitor.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/fox.gh.opmonitor.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = fox.gh.opmonitor.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        server_name fox.gh.opmonitor.com;
    return 404; # managed by Certbot


}

### 解析 1、新增 fox.dev.opmonitor.com 域名，解析到frps服务器 39.101.135.106 【开发用】 2、新增 frp.gh.opmonitor.com 域名，解析到 47.92.134.58 【部署用】 ### 配置nginx 3、nginx配置 ``` server { listen 443; server_name fox.gh.opmonitor.com; ssl on; ssl_certificate /etc/nginx/cert/fox.gh.opmonitor.com.pem; ssl_certificate_key /etc/nginx/cert/fox.gh.opmonitor.com.key; ssl_session_timeout 5m; #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; location / { proxy_pass http://127.0.0.1:37803; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ``` ### 制作证书，并下载 4、在阿里云申请【费劲、免费的用完了】 https://yundun.console.aliyun.com/ ![image.png](/attachments/18f7454f-1e5c-4b47-a92a-d5fe4e98e91d) 5、用 let's encrypt，安装一个 certbot，可以自动生成，自动更新 ```shell apt install certbot python3-certbot-nginx sudo certbot --nginx -d fox.gh.opmonitor.com service nginx restart ``` 6、自动续期 sudo certbot renew --dry-run ### https 配置完成 ![image.png](/attachments/a22c2fab-d36a-4780-ad0d-61b5182f88f6) ![image.png](/attachments/17b255d7-44aa-4db5-bf6b-6b673a2ba24f) ### certbot操作之前的 conf 操作之后的 conf ``` server { listen 80; server_name fox.gh.opmonitor.com; location / { root /var/www/fox.gh.opmonitor.com; index index.php index.html; #proxy_pass http://127.0.0.1:37803; #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ``` ``` server { server_name fox.gh.opmonitor.com; location / { root /var/www/fox.gh.opmonitor.com; index index.php index.html; #proxy_pass http://127.0.0.1:37803; #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/fox.gh.opmonitor.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/fox.gh.opmonitor.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = fox.gh.opmonitor.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name fox.gh.opmonitor.com; return 404; # managed by Certbot } ```

image.png

94 KiB

image.png

108 KiB

image.png

8.9 KiB

bigtran changed title from ~~foxbook 安装配置，域名~~ to foxbook 安装配置，域名https配置

2025-12-09 12:30:46 +08:00

bigtran changed title from ~~foxbook 安装配置，域名https配置~~ to foxbook 安装配置，域名https配置，certbot

2025-12-09 12:33:06 +08:00

bigtran added the 4-document label 2025-12-14 03:47:20 +08:00

bigtran closed this issue