HelloGitHub- dream chasers
The sample code covered in this article has been synchronously updated to the HelloGithub-Team repository
HTTP packets are transmitted in plain text. If your site only supports HTTP, you may be vulnerable to security attacks. You can open an HTTP site using Google Chrome and find that Chrome marks the site as unsafe on the left side of the url.
HTTPS provides an encrypted transmission channel for HTTP packets, preventing attackers from eavesdropping or tampering with the transmitted content. To enable HTTPS, you must apply for an HTTPS certificate from a trusted authority. Professional certification applications cost a fee, but there are many free certification applications for personal blogging sites. For example, Let’s Encrypt provides a free certificate application service. You only need to run a few commands to apply for a certificate, and automatically renew the certificate after it expires. The next step is to apply for a free HTTPS certificate using the tools provided by Let’s Encrypt.
Start by installing the certificate application tool provided by Let’s Encrypt. Go to certbot.eff.org/ to choose the server software and operating system to use for our blog site. Nginx and CentOS 7 are used as examples:
First install the necessary tools:
$ sudo yum -y install yum-utils
$ sudo sudo yum install -y certbot python2-certbot-nginx
Copy the codeCertbot python2-certbot-nginx is a tool for applying HTTPS certificates provided by Let’s Encrypt. Python2-certbot-nginx is a plugin for nginx. Nginx makes it easier to apply for certificates for services run by Nginx.
Then run the certificate request command:
$ sudo certbot --nginx
Copy the codePay attention to
ImportError may be reported after running the command: No module named ‘requests. Packages. Urllib3’ mistakes, this is due to low requests and urlib3 version (may find the discussion of this issue), the solution is to reinstall them, run the following command:
$ pip uninstall requests $ pip uninstall urllib3 $ yum remove python-urllib3 $ yum remove python-requests Copy the codeThen reinstall Certbot. Since it relies on the above two packages, it will be installed with both:
$ sudo yum install -y certbot python2-certbot-nginx Copy the code
Re-execute the certificate request command: sudo certbot –nginx
There will be a series of interactive prompts that will first ask you to enter your email address for subscribing. Then type A to agree with their policy.
Certbot will then scan the domain name automatically and enter the domain name you want to enable HTTPS as prompted:
Which names would you like to activate HTTPS for?
1: django-blog-tutorial-v2-demo.zmrenwu.com
Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter ‘c’ to cancel): 1
Certbot then does a domain verification to prove that you have control over the domain. Once authenticated, Let’s Encrypt issues the certificate to you.
Certbot will automatically modify the configuration of Nginx to redirect HTTP to HTTPS. If users use HTTP to access our blog site, It redirects access to THE HTTPS protocol to ensure security.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect – Make no further changes to the webserver configuration. 2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you’re confident your site works on HTTPS. You can undo this change by editing your web server’s configuration.
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2 Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/django-blog-tutorial-v2.conf
Certbot’s certificate is only valid for 3 months, but it doesn’t matter, Certbot can be renewed indefinitely, we added a crontab scheduled task to execute certbot automatic renewal task, such a application, lifetime use.
Run the /etc/crontab command to add a scheduled task:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/null
Copy the codeThe automatic renewal command is configured at 12:00 every day.
Since HTTPS is enabled throughout the site, non-HTTPS content (such as external resources requested through HTTP protocol) needs to be changed to HTTPS. In our blog, a style file introducing external icon library is introduced through HTTP protocol, which needs to be changed to HTTPS:
base.html
<link rel="stylesheet" href="https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css">
Copy the codeAbove, a few simple steps, on the whole site HTTPS.
“Explain Open Source Project series” — let the people who are interested in open source projects not be afraid, let the initiator of open source projects not be alone. Follow along as you discover the joys of programming, use, and how easy it is to get involved in open source projects. Welcome to leave a message to contact us, join us, let more people fall in love with open source, contribute to open source ~