Nxt
如何為 NXT / Ardor 公共節點設置 https sslletsencrypt?
我想執行我自己的公共 nxt / ardor 節點,但我也想要 https (letsencrypt)。我已經安裝了 apache 2.4 的 ubuntu 伺服器。獲得此設置的步驟是什麼?
如此處所述:https ://nxtforum.org/public-nodes-vpss/method-to-configure-https-for-nxt-public-nodes/
Requirements 1) A Linux server running Nxt, and configured for public API access. This should only require creating a nxt.properties under nxt/conf similar to this: nxt.apiServerCORS=true nxt.uiServerCORS=true nxt.myAddress=SERVER_IP_ADDRESS nxt.allowedBotHosts=* nxt.allowedUserHosts=127.0.0.1; localhost; SERVER_IP_ADDRESS; 0:0:0:0:0:0:0:1; nxt.enableAPIserver=true nxt.apiServerHost=0.0.0.0 2) A subdomain (or domain) to access your node. This is required to use an SSL certificate. The subdomain should be included in the domain nameservers configuration as an A record pointing to your server IP. Procedure In this example, setup was done using root account. If you're using a non-root account, it needs to be in the sudo group and commands need to be run using sudo. 1) *Turn off Apache if you have it installed already first* Install letsencrypt (certbot) and generate the SSL certificate for your (sub)domain. wget https://dl.eff.org/certbot-auto chmod a+x ./certbot-auto ./certbot-auto certonly --standalone --email admin@example.com -d sub.example.com 2) Install apache webserver if you dont have it already and enable the modules for ssl and reverse proxy. If you have it installed, just enable proxy_http apt-get install apache2 a2enmod ssl proxy_http 3) Configure the default apache configuration file. nano /etc/apache2/sites-available/000-default.conf Replace the default configuration lines with the following, replacing the strings in red with your (sub)domain. Just comment out the existing one and copy the entire thing below and adjust to your site/directories: <VirtualHost *:80> ServerName sub.example.com Redirect permanent / https://sub.example.com/ </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> ServerName sub.example.com SSLEngine on SSLCertificateFile /etc/letsencrypt/live/sub.example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/sub.example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/sub.example.com/chain.pem SSLProxyEngine On ProxyPreserveHost On ProxyRequests Off ProxyPass / http://localhost:7876/ ProxyPassReverse / http://localhost:7876/ </VirtualHost> </IfModule> 4) Finally, restart the apache webserver. service apache2 restart如果您在安裝過程中遇到 404 錯誤,則必須像這樣刪除這些軟體包:https ://askubuntu.com/questions/896603/trying-to-install-letsencrypt-on-ubuntu-12-04-using- certbot-auto-program-but-ge/896614#896614
如果您要使用 testnet 6876 或 mainnet 7876,請記住更改您的埠。
還要確保為對等連接打開埠 7874。
Ardor 埠是 testnet 26876和 live 27876
在製作公共 Ardor 節點時,上述方法也適用。
以下是成功下載 certbot-auto 後的輸出:
確保在執行此操作之前關閉 APACHE
root@localh:~# ./certbot-auto certonly --standalone --email info@xxxx.com -d ardor.xxxxx.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for ardor.xxxx.com Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/ardor.xxxx.com/fullchain.pem. Your cert will expire on 2017-09-20. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le