已经获取到证书,也配置好了 nginx,并且也安装了 ssl 模块,重启后 443 接口没有启动?

2018-05-16 17:26:57 +08:00
 yozosann

以下是我的 nginx 配置 ,证书从腾讯云那里申请的,搞了两天了 也不知道为什么一直不行。。。

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;


    server {
        listen       80;
        server_name xx.com  www.xx.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
         proxy_pass http://127.0.0.1:9339;
        #root   /;
            #index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    server {
        listen       80;
    #    listen       somename:8080;
        server_name  myterm.xx.com;

        location / {
    #        root   html;
    #        index  index.html index.htm;
    proxy_pass  http://www.yozosann.com:8256/;
        }
    }


    # HTTPS server
    #
    server {
         listen       443;
         server_name  xx.com  www.xx.com;

         ssl                  on;
         ssl_certificate      /usr/local/nginx/ssl/www.xx.com-ca-bundle.crt;
         ssl_certificate_key  /usr/local/nginx/ssl/www.xx.com.key;

         ssl_session_timeout  5m;

         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers  HIGH:!aNULL:!MD5;
         ssl_prefer_server_ciphers   on;

        location / {
             proxy_pass http://127.0.0.1:9339;
    #        root   html;
    #        index  index.html index.htm;
         }
     }

}
6180 次点击
所在节点    问与答
23 条回复
titanium98118
2018-05-16 17:33:08 +08:00
nginx -t 有报错吗?
yozosann
2018-05-16 17:44:24 +08:00
@titanium98118 木有报错啊 很尴尬 看似一切都是正确的。。 但是 443 端口就是没有开
yozosann
2018-05-16 17:44:54 +08:00
@titanium98118
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
yozosann
2018-05-16 17:47:17 +08:00
```
server {
listen 443;
server_name www.yozosann.com;

ssl on;
ssl_certificate 1_www.yozosann.com_bundle.crt;
ssl_certificate_key 2_www.yozosann.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://127.0.0.1:9999;
# root html;
# index index.html index.htm;
}
}
```

目前改成了这样还是没有用
elsenow
2018-05-16 17:48:20 +08:00
防火墙是否放行了 443 端口?

腾讯云控制台安全组是否放行了 443 端口?
w274189159
2018-05-16 17:48:51 +08:00
@yozosann 看下 nginx 的日志
elsenow
2018-05-16 17:53:26 +08:00
iMac:~ xxx$ telnet www.yozosann.com 443
Trying 108.61.182.82...
telnet: connect to address 108.61.182.82: Connection refused
telnet: Unable to connect to remote host

看了下,你这是 443 端口没放行吧?还没到 Nginx 端口这一步
akira
2018-05-16 18:09:07 +08:00
errorlog 呢
yozosann
2018-05-16 18:19:00 +08:00
@elsenow

firewall-cmd --list-ports
4200/tcp 9126/tcp 9126/udp 57575/tcp 38720/tcp 80/tcp 8756/tcp 3306/tcp 9123/udp 443/tcp

433 放行了 没有启动
will1916
2018-05-16 18:24:38 +08:00
证书物理路径呢?
yozosann
2018-05-16 18:25:27 +08:00
@w274189159
2018/05/16 16:32:22 [notice] 12518#0: signal process started
2018/05/16 16:32:22 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 16:37:27 [warn] 13122#0: invalid value "TLSv1.1" in /usr/local/nginx/conf/nginx.conf:111
2018/05/16 17:15:17 [emerg] 20339#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 17:17:12 [notice] 22994#0: signal process started
2018/05/16 17:17:12 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 17:18:44 [notice] 23179#0: signal process started
2018/05/16 17:18:44 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 17:20:30 [notice] 23412#0: signal process started
2018/05/16 17:20:30 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: still could not bind()
2018/05/16 18:24:15 [notice] 31318#0: signal process started
yozosann
2018-05-16 18:26:01 +08:00
@will1916 物理路径就在 usr/local/nginx/conf 下
will1916
2018-05-16 18:27:23 +08:00
@yozosann
不是要这样吗?
ssl_certificate /usr/local/nginx/conf/1_www.yozosann.com_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/2_www.yozosann.com.key;
SirLostWhite
2018-05-16 18:29:19 +08:00
unknown directive "ssl"
你这 nginx 编译没有开 ssl 模块吧
机器上有 openssl 吗?
yozosann
2018-05-16 19:06:17 +08:00
@will1916 是了没有用
yozosann
2018-05-16 19:06:50 +08:00
@SirLostWhite 这是之前的问题 已经解决啦 现在能成功运行 但是 443 仍然没有开
mchl
2018-05-16 19:51:38 +08:00
listen 443 ssl;
shiny
2018-05-16 20:09:34 +08:00
一般 https 网页打不开排查方式:
1. netstat -ln 检查 443 是否有打开, 如果无:检查配置文件和错误日志。
2. 服务器本机 curl 访问网址是否正常返回,如果无,检查防火墙和云服务器的安全规则是否放行。
3. 本机检查到服务器是否连同,错误表现如何,比如 DNS 问题、端口未打开、服务器返回状态码不对,都有对应的处理方式。
lianyue
2018-05-16 20:27:54 +08:00
server {
listen 80;
listen 443 ssl;
server_name xx.com www.xx.com;

ssl_certificate /usr/local/nginx/ssl/www.xx.com-ca-bundle.crt;
ssl_certificate_key /usr/local/nginx/ssl/www.xx.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
proxy_pass http://127.0.0.1:9339;
#root /;
#index index.html index.htm;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
cmllwxxl
2018-05-17 09:56:25 +08:00
腾讯云的服务器,看下安全组开了没,之前也是,弄半天,最后腾讯云的安全组没开 443

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/455353

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX