標簽:rgba file python2 amp cert comm options imp col
安裝certbot
安裝 certbot 為免費證書做準備
yum install certbot python2-certbot-nginx
安裝 svn
安裝svn
創建svn庫
# 創建庫
svnadmin create /var/svn/data
# 授權apache用戶權限
chown -R apache:apache /var/svn/
# 創建svn賬戶密碼文件
touch /var/svn/conf/passwd
# 創建svn授權文件
touch /var/svn/conf/authz
生成svn用戶名密碼
# 把“用戶名”改成你需要的名字就可以了�,可以使用中文
htpasswd /var/svn/conf/passwd 用戶名
apache 配置
安裝apache
yum install httpd
systemctl enable httpd
配置apache文件
# 注釋掉httpd.conf的80端口監聽
vi /etc/httpd/conf/httpd.conf
# Listen 80
# 添加svn配置文件
vi /etc/httpd/conf.d/w_svn_9001.conf
Listen 127.0.0.1:9001
<Location /svn/>
DAV svn
SVNParentPath /var/svn/data/
# 可以列出svn中項目文件夾
#SVNListParentPath on
AuthType Basic
AuthName "Subversion login:"
# 指定密碼文件
AuthUserFile /var/svn/conf/passwd
# 指定權限文件
AuthzSVNAccessFile /var/svn/conf/authz
Satisfy Any
Require valid-user
</Location>
安裝apache的svn模塊
yum install mod_dav_svn -y
查看模塊安裝結果
ls /etc/httpd/modules/ | grep svn
mod_authz_svn.so
mod_dav_svn.so
啟動apache服務
systemctl start httpd
systemctl enable httpd
Nginx 配置
nginx 安裝
配置域名�����、重定向
# nginx.conf
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name svn.andro.com;
root /usr/share/nginx/html;
ssl_certificate /etc/letsencrypt/live/svn.andro.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/svn.andro.com/privkey.pem; # managed by Certbot
include /etc/nginx/default.d/*.conf;
#location /svn {
location / {
proxy_pass http://127.0.0.1:9001;
}
}
備注:以上配置文件����,ssl_certificate和ssl_certificate_key為自動配置好證書后的�,前期沒有證書的時候可以隨便配置一個其他域名的證書用于nginx檢測配置文件
nginx 生成證書
# sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: svn.andro.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c‘ to cancel): 1
Requesting a certificate for svn.andro.com
Performing the following challenges:
http-01 challenge for svn.androidsec.com
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/nginx.conf
No matching insecure server blocks listening on port 80 found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://svn.andro.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Subscribe to the EFF mailing list (email: li@leng.tech).
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/svn.andro.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/svn.andro.com/privkey.pem
Your certificate will expire on 2021-10-24. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let‘s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
配置計劃任務�,自動更新ssl證書
# crontab -l
0 0,12 * * * python -c ‘import random; import time; time.sleep(random.random() * 3600)‘ && certbot renew -q
nginx + http + svn
標簽:rgba file python2 amp cert comm options imp col
原文地址:https://www.cnblogs.com/Star-Haitian/p/15061906.html
