Fatal编程技术网
  • laravel-5/
  • Laravel 5 certbot证书在laravel 5应用程序上安全吗?

Laravel 5 certbot证书在laravel 5应用程序上安全吗?

laravel-5 https

Laravel 5 certbot证书在laravel 5应用程序上安全吗?,laravel-5,https,Laravel 5,Https,我在我的laravel 5.7应用程序上安装了certbot证书,并具有: certbot certificates # certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs:

我在我的laravel 5.7应用程序上安装了certbot证书,并具有:

 certbot certificates
 # certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: www.votes.nilov-sergey-demo-apps.tk
    Domains: www.votes.nilov-sergey-demo-apps.tk
    Expiry Date: 2019-03-23 12:31:35+00:00 (VALID: 86 days)
    Certificate Path: /etc/letsencrypt/live/www.votes.nilov-sergey-demo-apps.tk/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.votes.nilov-sergey-demo-apps.tk/privkey.pem
  Certificate Name: votes.nilov-sergey-demo-apps.tk
    Domains: votes.nilov-sergey-demo-apps.tk www.votes.nilov-sergey-demo-apps.tk
    Expiry Date: 2019-03-23 12:26:54+00:00 (VALID: 86 days)
    Certificate Path: /etc/letsencrypt/live/votes.nilov-sergey-demo-apps.tk/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/votes.nilov-sergey-demo-apps.tk/privkey.pem
我使用命令

sudo certbot --apache -d votes.nilov-sergey-demo-apps.tk -d www.votes.nilov-sergey-demo-apps.tk
为此

在my.env文件中,我修改了行:

APP_URL=https://www.votes.nilov-sergey-demo-apps.tk
在public/.htaccess文件中,我添加了https支持行,我希望通过这些更改,任何非https请求都会被重定向到

如果需要手动删除。从url页面被重定向https://www.votes.nilov-sergey-demo-apps.tk/admin/vote/edit/19

但如果手动从url中删除www,则会出现以下错误: 出现错误:

Your connection is not private
Attackers might be trying to steal your information from votes.nilov-sergey-demo-apps.tk (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
我不确定它是否安全,我必须采取哪些步骤来确保我的站点始终处于安全的https url中

谢谢

您的url中是否真的需要www? 我建议将.env文件修改为:

APP_URL=https://votes.nilov-sergey-demo-apps.tk
在public/.htaccess中也类似

重写规则^.${HTTP_HOST}%{REQUEST_URI}[L,R=301]

或者甚至隐藏这一行

我想在您的htaccess中,当您有这一行时^.*$https://www.%{HTTP_HOST}%{REQUEST_URI}[L,R=301],您可能需要另一个不带www的。首先,我只是尝试不带www。在重写规则中:也是一个错误。 
Your connection is not private
Attackers might be trying to steal your information from votes.nilov-sergey-demo-apps.tk (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

APP_URL=https://votes.nilov-sergey-demo-apps.tk