在Debian上为Laravel项目配置SSL证书,通常需要以下几个步骤:
获取SSL证书:
安装Certbot:
sudo apt update
sudo apt install certbot python3-certbot-nginx
配置Nginx:
/var/www/your-laravel-project目录下。/etc/nginx/sites-available/your-laravel-project。server {
listen 80;
server_name your-domain.com www.your-domain.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name your-domain.com www.your-domain.com;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/your-laravel-project;
index index.php index.html index.htm;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # 根据你的PHP版本调整
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
启用Nginx配置:
sudo ln -s /etc/nginx/sites-available/your-laravel-project /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
获取并安装SSL证书:
sudo certbot --nginx -d your-domain.com -d www.your-domain.com
按照提示完成证书的获取和安装。
自动续期: Certbot会自动设置一个cron任务或systemd定时器来定期续期证书。你可以手动测试续期:
sudo certbot renew --dry-run
重启Nginx: 如果你手动修改了Nginx配置文件,记得重启Nginx以应用更改:
sudo systemctl restart nginx
完成以上步骤后,你的Laravel项目应该已经通过HTTPS提供服务了。确保你的防火墙允许443端口的流量。
sudo ufw allow 443/tcp
这样,你的Debian服务器上的Laravel项目就成功配置了SSL证书。