https://github.com/Collective-Software/ClickPaste/releases/download/v1.3.0/ClickPaste_v1.3.0.zip st122214213.114os-final.tw ##### 如果最後HTTP連的到但是HTTPS連不到打這串，因為nginx預設抓enabled，所以這串指令他會向available申請連結到enabled。 sudo ln -s /etc/nginx/sites-available/st213.114os.tw /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl reload nginx sudo nano /etc/bind/zones/db.st213.114os.tw sudo named-checkzone example.com /etc/bind/zones/db.st213.114os.tw sudo systemctl restart named sudo systemctl enable named sudo systemctl status named sudo nano /etc/bind/zones/db.st213.114os.tw sudo systemctl restart named # 把下載到電腦上 scp student213@10.40.18.95:/etc/nginx/ssl/nginx.crt C:\Users\User\Downloads\ # 火狐打開憑證設定 about:preferences # 作用在設定都沒錯ip進得去網域都進不去的情況下(包含http和https)(timed_out之類的) ipconfig /flushdns # 憑證生產方式 cd / sudo nano san.cnf [req] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext prompt = no [req_distinguished_name] CN = st213.114os.tw [req_ext] subjectAltName = @alt_names [alt_names] DNS.1 = st213.114os.tw DNS.2 = www.st213.114os.tw # 驗證到安裝憑證全過程 sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\ -keyout /etc/nginx/ssl/nginx.key \\ -out /etc/nginx/ssl/nginx.crt \\ -config san.cnf \\ -extensions req_ext #這串是重點，強指定，一定要加 sudo chmod 644 /etc/nginx/ssl/nginx.crt sudo chmod 644 /etc/nginx/ssl/nginx.key 然後要記得重新賦予權限不然你下載不了原因，他已經不是原來的檔案只是名字一樣而已，當然權限也不同 然後重啟 sudo systemctl restart nginx openssl x509 -in /etc/nginx/ssl/nginx.crt -text -noout | grep -A1 "Subject Alternative Name" 執行這個檢查 這串是用來檢查的應該要跑數值，例: X509v3 Subject Alternative Name: DNS:st213.114os.tw, DNS:www.st213.114os.tw scp student213@your_IP:/etc/nginx/ssl/nginx.crt "$env:USERPROFILE\Desktop\nginx.crt" scp student213@your_IP:/etc/nginx/ssl/nginx.crt ./nginx.crt 這兩串都是安裝都能用，用"POWERSHELL" 第一部nginx、DNS架設 https://youtu.be/pGEqgsRKMAg 第二部安全憑證 https://youtu.be/9wmIgfue3kM