將網址從http轉成https 更改Service

首先在伺服器中安裝certbot ``` apt install certbot ``` 檢查80port有沒有被佔用如果有被佔用則停掉它通常是nginx 也要把它停用 Linux ``` netstat -tulpn | grep LISTEN systemctl stop 佔用的服務名稱 ``` Mac ``` sudo lsof -i :80 sudo kill 輸入佔用80port的PID ``` 執行certbot 需要轉換的網址大概長這樣主機別名.DomainName 例如: www.aaa.tw ``` sudo certbot certonly --standalone --preferred-challenges http -d 需要轉換的網址 ``` 這是成功後的樣子Mac版本 ``` Louise:%~ $ sudo certbot certonly --standalone --preferred-challenges http -d 需要轉換的網址 Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for 需要轉換的網址 Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/需要轉換的網址/fullchain.pem Key is saved at: /etc/letsencrypt/live/需要轉換的網址/privkey.pem This certificate expires on 2025-06-23. These files will be updated when the certificate renews. NEXT STEPS: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ``` 回到資料夾最上層 ``` cd / ``` 前往nginx的配置文件 ``` cd etc/nginx/sites-available ``` Mac ``` vim /opt/homebrew/etc/nginx/nginx.conf ``` 修改nginx的配置文件 ``` vim default ``` 直接將這個資料覆蓋掉server ``` server { listen 80; listen 443 ssl; #重要的是這三行 server_name 你的網址; index index.html index.htm index.nginx-debian.html; ssl_certificate /etc/letsencrypt/live/你的網址/fullchain.pem; #重要的是這三行 ssl_certificate_key /etc/letsencrypt/live/你的網址/privkey.pem; #重要的是這三行 location / { try_files $uri $uri/ /index.html; root /var/www/html; index index.html; } } ``` 按下esc後保存文件 ``` :wq ``` 檢查文件是否正確 ``` sudo nginx -t ``` 如果都正確就差不多結束了因為剛剛是nginx佔用80port 所以要把nginx重新打開 ``` systemctl restart nginx ``` 轉換成https後 program.cs 也要跟著更改 ``` using System.Security.Authentication; builder.WebHost.ConfigureKestrel(serverOptions => { // 取得appsettings.json var config = builder.Configuration; // 取得appsettings.json Kestrel的部分 serverOptions.Configure(config.GetSection("Kestrel")); serverOptions.ConfigureHttpsDefaults(listenOptions => { listenOptions.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13; }); }); app.Run(); ``` 進入伺服器後到憑證存放的位置 ``` cd /etc/letsencrypt/live/申請好的網址/ ``` 執行以下命令來創建 PFX 文件 ``` sudo openssl pkcs12 -export -out certificate.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem ``` 他會提示你輸入密碼記好等等會用上執行以下命令更改憑證的權限這會將 certificate.pfx 文件的所有者更改為 www-data通常是運行 web 服務器的用戶 ``` sudo chown www-data:www-data /etc/letsencrypt/live/申請好的網址/certificate.pfx sudo chmod 400 /etc/letsencrypt/live/申請好的網址/certificate.pfx ``` port 改在 appsettings.json設定 server使用https localhost使用http ``` { "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "AllowedHosts": "*", "ConnectionStrings": { "DefaultConnection": "Server=伺服器ip;Database=資料庫名稱;Uid=資料庫使用者名稱;Password=資料庫密碼;" }, "Kestrel": { "Endpoints": { "Https": { "Url": "https://*:改成你要的port", "Certificates": { "Default": { "Path": "/etc/letsencrypt/live/申請好的網址/certificate.pfx", "Password": "剛剛輸入的密碼" } } } } } } ```