2021/4/11的修行

字数统计: 1.1k字   |   阅读时长≈ 5分

用空了一瓶洗发水

是施巴(sebamed)牌的

带着一股奇妙的,略微让人有些安心的香味

……嗯,是很好的洗发水没错

但是果然还是换掉吧

……从今天开始,用花王了

据说能很好地去油。但愿如此吧

……大概会偶尔或者一直怀念这股味道吧。但是果然我还是得往前走才行

本来想拍一张自拍,证明自己很好

却怎么也装不出阳光的笑容

那便算了吧

……继续执行任务吧

1. 塑形课

2. 给博客上https

2.1 查看letsencrypt官网

https://letsencrypt.org/zh-cn/getting-started/

被强烈推荐使用certbot,好的吧

2.2 查看certbot官网

https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx

OK,按照官网一步步操作就行了

不过要先确保你机子上有nginx

为了避免麻烦,我这边直接用的apt install nginx拿到的nginx binary

如果有人想要研究自行构建的话推荐我之前自己写的个坑,可以去看我的构建步骤 : SpeedyExsimple

真的很麻烦的,别做

虽然我那边确实自动化做出来了但是实话说就是恶心

2.3 修改nginx配置文件

修改nginx配置文件 /etc/nginx/sites-available/default

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
    listen 80;
    listen [::]:80;

    # SSL configuration
    #
	# listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
	# Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
	# Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
	# Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
	# include snippets/snakeoil.conf;

    # root /hexo/public;

    # Add index.php to the list if you are using PHP
    # index index.html index.htm index.nginx-debian.html;

    server_name xenoamess.com;

    # location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    # 	try_files $uri $uri/ =404;
    # }

    # pass PHP scripts to FastCGI server
    #
	#location ~ \.php$ {
    #	include snippets/fastcgi-php.conf;
    #
	#	# With php-fpm (or other unix sockets):
    #	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    #	# With php-cgi (or other tcp sockets):
    #	fastcgi_pass 127.0.0.1:9000;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
	#location ~ /\.ht {
    #	deny all;
    #}
    return       301 https://xenoamess.com$request_uri;
}

server {
    listen       443 ssl;
    server_name  xenoamess.com;

    ssl_certificate /etc/letsencrypt/live/xenoamess.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xenoamess.com/privkey.pem;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass  http://127.0.0.1:8080/;
    }
}

# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

简单介绍下都做了什么

443接口使用证书提供了个https服务,然后网站内容是proxy pass到本机8080端口去的。

所以得修改你的原本的http服务到端口8080去

嗯,然后80端口就做死一个301,这样有人访问你的80端口的话直接301到你的443端口去,强制他使用https服务就完事了

记得更改配置后要重启nginx哦

1
2
nginx -s quit
nginx

2.4 更新证书

1
/snap/bin/certbot renew

这个 必须 每三个月至少跑一次

……那么crontab里 每周一次 就行了吧

附带常见crontab示例

1
2
3
4
5
6
7
8
每分钟执行 * * * * *
每小时执行 0 * * * *
每天执行 0 0 * * *
每周执行 0 0 * * 0
每月执行 0 0 1 * *
每年执行 0 0 1 1 *
每小时的第3和第15分钟执行 3,15 * * * *
上午8点到11点的第3和第15分钟执行 3,15 8-11 * * *

那就是0 0 * * 0 /snap/bin/certbot renew咯?

3. 给另一个网站上https

4. 不蒜子访问人数bug 新进展

前情提要:不蒜子访问人数bug

关于同一个浏览器多次访问,会被认为是多个不同访客的问题,实测在https网站中不存在,即只在http网站中存在

即,使用https后,该bug被我们规避了

原因未名

……有趣

不论如何,我没有替他们修复的打算

既然报告也报告过了,他们也知道这事了,那我的义务就尽到了,对吧

扫一扫,分享到微信

tag:

    缺失模块。
    1、请确保node版本大于6.2
    2、在博客根目录(注意不是yilia-plus根目录)执行以下命令:
    npm i hexo-generator-json-content --save

    3、在根目录_config.yml里添加配置: 

      jsonContent:
    meta: false
    pages: false
    posts:
      title: true
      date: true
      path: true
      text: false
      raw: false
      content: false
      slug: false
      updated: false
      comments: false
      link: false
      permalink: false
      excerpt: false
      categories: false
      tags: true

自称为XenoAmess的方术师。

为了得到【意义】而进行各种各样的修行。

Hack The Box