已经获取到证书,也配置好了 nginx,并且也安装了 ssl 模块,重启后 443 接口没有启动?
yozosann 2018-05-16 17:26:57 +08:00 6862 次点击这是一个创建于 2786 天前的主题,其中的信息可能已经有所发展或是发生改变。
以下是我的 nginx 配置 ,证书从腾讯云那里申请的,搞了两天了 也不知道为什么一直不行。。。
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name xx.com www.xx.com; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://127.0.0.1:9339; #root /; #index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # server { listen 80; # listen somename:8080; server_name myterm.xx.com; location / { # root html; # index index.html index.htm; proxy_pass http://www.yozosann.com:8256/; } } # HTTPS server # server { listen 443; server_name xx.com www.xx.com; ssl on; ssl_certificate /usr/local/nginx/ssl/www.xx.com-ca-bundle.crt; ssl_certificate_key /usr/local/nginx/ssl/www.xx.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:9339; # root html; # index index.html index.htm; } } }  | 1 titanium98118 2018-05-16 17:33:08 +08:00 nginx -t 有报错吗? |
 | 2 yozosann OP @titanium98118 木有报错啊 很尴尬 看似一切都是正确的。。 但是 443 端口就是没有开 |
| 3 yozosann OP @titanium98118 nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful |
| 4 yozosann OP ``` server { listen 443; server_name www.yozosann.com; ssl on; ssl_certificate 1_www.yozosann.com_bundle.crt; ssl_certificate_key 2_www.yozosann.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:9999; # root html; # index index.html index.htm; } } ``` 目前改成了这样还是没有用 |
 | 5 elsenow 2018-05-16 17:48:20 +08:00 防火墙是否放行了 443 端口? 腾讯云控制台安全组是否放行了 443 端口? |
 | 6 w274189159 2018-05-16 17:48:51 +08:00 @yozosann 看下 nginx 的日志 |
| 7 elsenow 2018-05-16 17:53:26 +08:00 iMac:~ xxx$ telnet www.yozosann.com 443 Trying 108.61.182.82... telnet: connect to address 108.61.182.82: Connection refused telnet: Unable to connect to remote host 看了下,你这是 443 端口没放行吧?还没到 Nginx 端口这一步 |
 | 8 akira 2018-05-16 18:09:07 +08:00 errorlog 呢 |
| 9 yozosann OP @elsenow firewall-cmd --list-ports 4200/tcp 9126/tcp 9126/udp 57575/tcp 38720/tcp 80/tcp 8756/tcp 3306/tcp 9123/udp 443/tcp 433 放行了 没有启动 |
 | 10 will1916 2018-05-16 18:24:38 +08:00 证书物理路径呢? |
| 11 yozosann OP @w274189159 2018/05/16 16:32:22 [notice] 12518#0: signal process started 2018/05/16 16:32:22 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 16:37:27 [warn] 13122#0: invalid value "TLSv1.1" in /usr/local/nginx/conf/nginx.conf:111 2018/05/16 17:15:17 [emerg] 20339#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 17:17:12 [notice] 22994#0: signal process started 2018/05/16 17:17:12 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 17:18:44 [notice] 23179#0: signal process started 2018/05/16 17:18:44 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 17:20:30 [notice] 23412#0: signal process started 2018/05/16 17:20:30 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: still could not bind() 2018/05/16 18:24:15 [notice] 31318#0: signal process started |
| 13 will1916 2018-05-16 18:27:23 +08:00 @yozosann 不是要这样吗? ssl_certificate /usr/local/nginx/conf/1_www.yozosann.com_bundle.crt; ssl_certificate_key /usr/local/nginx/conf/2_www.yozosann.com.key; |
 | 14 SirLostWhite 2018-05-16 18:29:19 +08:00 unknown directive "ssl" 你这 nginx 编译没有开 ssl 模块吧 机器上有 openssl 吗? |
| 16 yozosann OP @SirLostWhite 这是之前的问题 已经解决啦 现在能成功运行 但是 443 仍然没有开 |
 | 17 mchl 2018-05-16 19:51:38 +08:00 via iPhone listen 443 ssl; |
 | 18 shiny PRO 一般 https 网页打不开排查方式: 1. netstat -ln 检查 443 是否有打开, 如果无:检查配置文件和错误日志。 2. 服务器本机 curl 访问网址是否正常返回,如果无,检查防火墙和云服务器的安全规则是否放行。 3. 本机检查到服务器是否连同,错误表现如何,比如 DNS 问题、端口未打开、服务器返回状态码不对,都有对应的处理方式。 |
 | 19 lianyue 2018-05-16 20:27:54 +08:00 server { listen 80; listen 443 ssl; server_name xx.com www.xx.com; ssl_certificate /usr/local/nginx/ssl/www.xx.com-ca-bundle.crt; ssl_certificate_key /usr/local/nginx/ssl/www.xx.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://127.0.0.1:9339; #root /; #index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } |
 | 20 cmllwxxl 2018-05-17 09:56:25 +08:00 腾讯云的服务器,看下安全组开了没,之前也是,弄半天,最后腾讯云的安全组没开 443 |
 | 22 mxywxwk 2018-09-28 14:47:20 +08:00 遇到同样的问题,不知楼主解决没有 |
| 23 mxywxwk 2018-09-28 14:51:55 +08:00 我是用的阿里云的服务器,有两个。其中一个配置成功了,可以用 https 访问,同样的方法另一台就不行了。netstat 查看看 nginx 也没有监听着 443。成功的 nginx 用的 1.13.7,失败的用的 1.8.0. |
Select Language