nginx 增加 http 块 就报证书错误,请问是什么原因,第一次见

121 天前
 xinzi

域名已经处理 不增加 http 块,可以正常访问,证书正常,增加了 http 块就报证书错误,请教一下。全部都 docker 启动 我的 nginx 配置 如下

worker_processes auto; # 自动设置为 CPU 核心数
worker_rlimit_nofile 100000; # 增加每个 worker 进程可以打开的文件数

events {
  worker_connections 4096; # 增加每个 worker 进程的最大连接数
  multi_accept on; # 允许每个 worker 进程同时接受多个连接
}

http {
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  sendfile on;
  keepalive_timeout 65;
  gzip on;

  server {
    listen 80;
    server_name es.x.com.cn;
    return 301 https://$server_name$request_uri;
  }

  server {
    listen 443 ssl;
    server_name es.x.com.cn;

    # SSL 证书和密钥配置
    ssl_certificate /usr/share/nginx/html/ssl-qianduan/es.x.com.cn_bundle.pem;
    ssl_certificate_key /usr/share/nginx/html/ssl-qianduan/es.x.com.cn.key;

    # SSL 优化配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    ssl_stapling on;
    ssl_stapling_verify on;

    location / {
      root /usr/share/nginx/html; # 路径改成自己的 dist 路径
      index index.html index.htm;
      try_files $uri $uri/ /index.html; #解决刷新页面变成 404 问题的代码
    }

    location /prod-api/ {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://172.16.238.13:8089/;
    }
  }

  server {
    listen 80;
    server_name esb.x.com.cn;
    return 301 https://$server_name$request_uri;
  }

  server {
    listen 443 ssl;
    server_name esb.x.com.cn;

    # SSL 证书和密钥配置
    ssl_certificate /usr/share/nginx/html/ssl-houduan/esb.x.com.cn_bundle.pem;
    ssl_certificate_key /usr/share/nginx/html/ssl-houduan/esb.x.com.cn.key;

    location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://172.16.238.13:8089/;
    }
  }

  # 阻止通过 IP 地址或未知的域名访问
  server {
    listen 80 default_server;
    listen 443 default_server ssl;

    # SSL 证书和密钥配置
    ssl_certificate /usr/share/nginx/html/ssl-houduan/esb.x.com.cn_bundle.pem;
    ssl_certificate_key /usr/share/nginx/html/ssl-houduan/esb.x.com.cn.key;

    server_name es.x.com.cn;
    return 444; # 返回一个非标准的状态码,通常用于阻止客户端的访问
  }
}
1540 次点击
所在节点    NGINX
11 条回复
ladypxy
121 天前
你好歹把具体的错误信息发出来啊……
xinzi
121 天前
@ladypxy #1 找不到证书
xinzi
121 天前

```
worker_processes auto; # 自动设置为 CPU 核心数
worker_rlimit_nofile 100000; # 增加每个 worker 进程可以打开的文件数

events {
worker_connections 4096; # 增加每个 worker 进程的最大连接数
multi_accept on; # 允许每个 worker 进程同时接受多个连接
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
```
去掉就可以正常访问,加上就报错 没有证书
Aluhao
121 天前
@xinzi /usr/share/nginx/html/ssl-houduan/ 检查看看有没证书
Aluhao
121 天前
nginx -t 把错误报告发上来吧。
xinzi
121 天前
@Aluhao #5

/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/08/19 17:26:52 [emerg] 1#1: "worker_processes" directive is not allowed here in /etc/nginx/conf.d/nginx.conf:1
nginx: [emerg] "worker_processes" directive is not allowed here in /etc/nginx/conf.d/nginx.conf:1


证书没问题
YaD2x
121 天前
/etc/nginx/conf.d/default.conf is not a file or does not exist
f1ush
121 天前
@xinzi nginx.conf 文件写重复了吧,默认 nginx.conf 路径是 /etc/nginx/nginx.conf ,看你的报错是 /etc/nginx/conf.d/nginx.conf 路径下面又有一个了
darkengine
121 天前
[emerg] 1#1: "worker_processes" directive is not allowed here in /etc/nginx/conf.d/nginx.conf:1

不是提了第一行有问题?

default.conf 那个只是 info ,不用管。
darkengine
121 天前
https://stackoverflow.com/questions/47641559/worker-processes-directive-is-not-allowed-nginx


Stackoverflow 有个老帖提到这个
xinzi
120 天前
@ladypxy @Aluhao @darkengine @YaD2x @f1ush
感谢各位
找到问题了
nginx 有 2 哥配置文件 一个是 /etc/nginx/nginx.conf 一个是 /etc/nginx/conf.d/nginx.conf

因此
worker_processes auto; # 自动设置为 CPU 核心数
worker_rlimit_nofile 100000; # 增加每个 worker 进程可以打开的文件数

参数需要配置在 /etc/nginx/nginx.conf 而不是 /etc/nginx/conf.d/nginx.conf
这 2 个参数是全局参数

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/1066197

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX