创建脚本文件:
vi setup_nginx_https.sh
脚本内容:
#!/bin/bash
# =============================
# 一键安装 Nginx + Certbot + HTTPS (CentOS 7)
# 功能:自动安装 Nginx、Certbot,配置 HTTPS,自动续期
# 使用方法:./setup_nginx_https.sh yourdomain.com [www.yourdomain.com]
# =============================
set -e
# 检查是否为 root 用户
if [ "$EUID" -ne 0 ]; then
echo "请使用 root 用户或通过 sudo 运行此脚本"
exit 1
fi
# 检查参数
if [ -z "$1" ]; then
echo "使用方法: $0 yourdomain.com [www.yourdomain.com]"
echo "示例: $0 example.com www.example.com"
exit 1
fi
DOMAIN=$1
WWW_DOMAIN=""
if [ -n "$2" ]; then
WWW_DOMAIN=$2
fi
echo "🔧 开始自动部署 Nginx + HTTPS (Let's Encrypt SSL) ..."
# -------------------------------
# 1. 更新系统
echo "🔄 更新系统软件包..."
yum update -y
# -------------------------------
# 2. 安装 EPEL(推荐)
echo "📦 安装 EPEL 仓库..."
yum install -y epel-release
# -------------------------------
# 3. 安装 Snapd & Certbot(官方推荐方式)
echo "🔐 安装 Snapd 和 Certbot..."
yum install -y snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap
export PATH=$PATH:/snap/bin
# 安装 certbot
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
# 安装 Nginx 插件
snap set certbot trust-plugin-with-root=ok
snap install certbot-nginx
# -------------------------------
# 4. 安装 Nginx(官方源)
echo "🌐 安装 Nginx(官方源)..."
cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
EOF
yum install -y nginx
# -------------------------------
# 5. 配置防火墙
echo "🔥 配置防火墙放行 HTTP (80) 和 HTTPS (443)..."
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
# -------------------------------
# 6. 创建默认 Nginx Server 配置(HTTP 80,用于验证)
NGINX_CONF_DIR="/etc/nginx/conf.d"
DOMAIN_CONF="$NGINX_CONF_DIR/${DOMAIN}.conf"
echo "📄 创建 Nginx 配置文件:$DOMAIN_CONF"
cat > $DOMAIN_CONF <<EOF
server {
listen 80;
server_name $DOMAIN $WWW_DOMAIN;
# 用于 Certbot 验证域名所有权
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://\$host\$request_uri;
}
}
# 可选:如果你想先手动配置 HTTPS,可取消注释以下部分
# server {
# listen 443 ssl;
# server_name $DOMAIN $WWW_DOMAIN;
#
# ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
#
# root /usr/share/nginx/html;
# index index.html;
#
# location / {
# try_files \$uri \$uri/ =404;
# }
# }
EOF
# 创建 .well-known 目录
mkdir -p /var/www/certbot
chmod -R 755 /var/www/certbot
# -------------------------------
# 7. 启动 Nginx
echo "🚀 启动 Nginx 服务..."
systemctl start nginx
systemctl enable nginx
# -------------------------------
# 8. 运行 Certbot 自动获取 SSL 证书并配置 HTTPS
echo "🛡️ 正在使用 Certbot 为 $DOMAIN 申请 SSL 证书并配置 HTTPS..."
if [ -z "$WWW_DOMAIN" ]; then
certbot --nginx -d $DOMAIN
else
certbot --nginx -d $DOMAIN -d $WWW_DOMAIN
fi
# -------------------------------
# 9. 测试自动续期
echo "🔄 测试证书自动续期功能..."
certbot renew --dry-run
# -------------------------------
# 10. 完成
echo ""
echo "🎉 恭喜!Nginx + HTTPS 配置完成!"
echo ""
echo "🔒 HTTPS 已自动为域名配置:https://$DOMAIN"
if [ -n "$WWW_DOMAIN" ]; then
echo "🔒 以及:https://$WWW_DOMAIN"
fi
echo ""
echo "📂 Nginx 配置文件:$DOMAIN_CONF"
echo "🔒 SSL 证书位置:/etc/letsencrypt/live/$DOMAIN/"
echo ""
echo "🔄 证书将自动续期,你可以通过以下命令测试续期:"
echo " sudo certbot renew --dry-run"
echo ""
echo "🌐 请在浏览器访问:https://$DOMAIN"
echo ""
赋予执行权限:
chmod +x setup_nginx_https.sh
运行脚本(带你的域名参数):
sudo ./setup_nginx_https.sh xzhshyh123.icu