最近发现,apache2会有较大的内存占用情况
ubuntu@xxx:~$ ps -ylC apache2 | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'
Apache Memory Usage (MB): 584.016
Average Proccess Size (MB): 53.0923
于是,参考了网上一篇文章[1]进行了迁移。这个文章描述的步骤比较详细和准确,只有某些步骤需要调整下。
SSL认证区别
nginx的SSL文件和apache的认证文件有所不同[2],需要合并下。就是[1]中的Combine SSL Certificate with CA Certificates,这一步骤并不需要,因为Let’s Encrypt自动创建了combine后的认证文件。
root@xxx:~# ll /etc/letsencrypt/live/njujiang.tech
total 12
drwxr-xr-x 2 root root 4096 Jul 25 14:02 ./
drwx------ 3 root root 4096 Jan 4 2018 ../
lrwxrwxrwx 1 root root 38 Jul 25 14:02 cert.pem -> ../../archive/njujiang.tech/cert35.pem
lrwxrwxrwx 1 root root 39 Jul 25 14:02 chain.pem -> ../../archive/njujiang.tech/chain35.pem
lrwxrwxrwx 1 root root 43 Jul 25 14:02 fullchain.pem -> ../../archive/njujiang.tech/fullchain35.pem
lrwxrwxrwx 1 root root 41 Jul 25 14:02 privkey.pem -> ../../archive/njujiang.tech/privkey35.pem
-rw-r--r-- 1 root root 543 Jan 4 2018 README
options-ssl-nginx.conf文件缺失
之前只有options-ssl-apache.conf文件,并没有对应的nginx.conf配置文件。尝试从github[3]上下载最新的nginx.conf配置,但是貌似并不匹配,nginx校验配置失败。
root@xxx:# nginx -t
nginx: [warn] invalid value "TLSv1.3" in /etc/letsencrypt/options-ssl-nginx.conf:11
nginx: configuration file /etc/nginx/nginx.conf test failed
root@xxx:~# nginx -V
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
根据[4]的回答,OpenSSL版本并不支持TLSv1.3版本。最好,还是通过certbot,重新初始化配置文件解决。
sudo apt-get install python-certbot-nginx
sudo certbot --nginx
会在nginx对应site的配置文件中,自动覆盖相关配置项
# SSL parameters
ssl_certificate /etc/letsencrypt/live/njujiang.tech/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/njujiang.tech/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
Reference
- https://www.labsrc.com/migrating-from-apache-to-nginx-on-ubuntu-with-wordpress/
- https://blog.csdn.net/huyuchengus/article/details/124642883
- https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
- https://serverfault.com/a/912968