起因:在censys/fofa等搜索引擎搜索成功的发现自己博客ip泄漏了

经仔细排查是因为443端口默认调用了博客的证书,然后被搜索引擎采集了,然后尝试了如下方法,几天后搜索引擎搜索不到了。

如下教程是针对宝塔进行的

首先你需要一个证书,随便找一个,不是自己博客的就行。

注意:xxx.com的xxx是你找来的废弃证书

新建证书文件夹,然后把废弃证书上传或者新建进去

mkdir /www/server/panel/vhost/cert/xxx.com
vi /www/server/panel/vhost/cert/xxx.com/privkey.pem

-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgnNqr0n1/nXQiNaX2
jr3xv88Y3hwfdE6ub4VW9Fj7rl6gCgYIKoZIzj0DAQehRANCAAQOH4a7ojDTrI31
DWPtbtvCOsTKCVsLFVqw9k14fZzdNnh/lLbzf9+Q3xHZ3k4DnTLhuNu8n4Qg6USX
97NXPb6Q
-----END PRIVATE KEY-----
vi /www/server/panel/vhost/cert/xxx.com/fullchain.pem

-----BEGIN CERTIFICATE-----
MIIEjDCCA3SgAwIBAgISA5gHdmweFylc6INwaYvFkQ2vMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA2MTMwNjEwNTVaFw0x
OTA5MTEwNjEwNTVaMBUxEzARBgNVBAMMCiouNTAyMi54eXowWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAQOH4a7ojDTrI31DWPtbtvCOsTKCVsLFVqw9k14fZzdNnh/
lLbzf9+Q3xHZ3k4DnTLhuNu8n4Qg6USX97NXPb6Qo4ICajCCAmYwDgYDVR0PAQH/
BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
AjAAMB0GA1UdDgQWBBSHqj44OgqtUbzZj+Q7YT10Art6vjAfBgNVHSMEGDAWgBSo
SmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGG
Imh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKG
I2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB8GA1UdEQQYMBaC
CiouNTAyMi54eXqCCDUwMjIueHl6MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysG
AQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQu
b3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAdH7agzGtMxCRIZzOJU9CcMK/
/V5CIAjGNzV55hB7zFYAAAFrT6zVBgAABAMASDBGAiEA42GtaXom8nthe40phdMc
WPiqq/tRcu0RxvdETa9BrPUCIQD2KMZdvFKUTpyDwZGgcZIhYxEkKjYXXHH2oORg
kyOR7wB2AGPy283oO8wszwtyhCdXazOkjWF3j711pjixx2hUS9iNAAABa0+s1JwA
AAQDAEcwRQIgaez9vzEODMztiHie9e8OGtyn1bsNUpGHJWT0Rf634xICIQD5I4AS
RSVlBCYmsgw6JB9Ddc1YFmLv5Zm8iKXUk5G26zANBgkqhkiG9w0BAQsFAAOCAQEA
ko5rEl1lGhXyWAG8+MouWnrFE+10t/WhAVJN+cwG48LG/Ia0fNojM/i1HwaQLvaP
FM0taMgsPB+32wqhsjj0lX8Lb88R/d3+Cnye615Bt71fo5emzJ6KGk4Kr2vB5z5w
pD2ksyYL4+wMBrbBgtyryuzSfVsxt+7qp3Gb2hO+96kkccFPuRz2mQw0whugh5ct
lB8yJ5VjLwOdN00xu9xqO4W9OwrxR9BQluA5BtUqB31gcTN6/0/mOK6T2iNT6Jei
SQbQpd0gtIs0aHCICLkHpjHg2N5aFZpTuDaxi3K55yQ2/NKrDFxIVVpwvZowJ0OC
fFG6uLjsdFKU32+s9RsF2g==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

然后创建一个Nginx配置文件

cd /www/server/panel/vhost/nginx
vi 1.default.conf

server
{
    listen 443 ssl;
    server_name _;
    index index.html;
    root /www/server/nginx/html;
         #SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    ssl_certificate    /www/server/panel/vhost/cert/xxx.com/fullchain.pem;
    ssl_certificate_key    /www/server/panel/vhost/cert/xxx.com/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497  https://$host$request_uri;
}
~                  

测试一下配置文件有没有问题

nginx -t

这样就是没问题,然后记得重启Nginx

大概就这些……

说点什么
支持Markdown语法
好耶,沙发还空着ヾ(≧▽≦*)o
Loading...