Ubuntu 上面 Nginx 配置了 https,死活无法访问,不知道啥问题

2021-07-18 10:27:24 +08:00
 miv
root@VM-0-10-ubuntu:/etc/nginx/conf.d# uname -a
Linux VM-0-10-ubuntu 4.15.0-118-generic #119-Ubuntu SMP Tue Sep 8 12:30:01 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@VM-0-10-ubuntu:/etc/nginx/conf.d# pwd
/etc/nginx/conf.d
root@VM-0-10-ubuntu:/etc/nginx/conf.d# cat default.conf 
server {
    listen 443 ssl;
    server_name  www.site.top;

    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
 
    ssl_certificate  /book/swb/site.top_bundle.crt;
    ssl_certificate_key  /book/swb/site.top.key;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm; 
    }

}

nginx 信息

root@VM-0-10-ubuntu:/etc/nginx/conf.d# service nginx status
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/nginx.service.d
           └─override.conf
   Active: active (running) since Sun 2021-07-18 10:24:26 CST; 2min 50s ago
     Docs: man:nginx(8)
  Process: 14799 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 14826 ExecStartPost=/bin/sleep 0.1 (code=exited, status=0/SUCCESS)
  Process: 14811 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 14800 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 14813 (nginx)
    Tasks: 3 (limit: 4464)
   CGroup: /system.slice/nginx.service
           ├─14813 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─14827 nginx: worker process
           └─14828 nginx: worker process

Jul 18 10:24:26 VM-0-10-ubuntu systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 18 10:24:26 VM-0-10-ubuntu systemd[1]: Started A high performance web server and a reverse proxy server.
2963 次点击
所在节点    Linux
19 条回复
learningman
2021-07-18 10:30:18 +08:00
无法访问具体定义一下? curl 输出什么? openssl s_client -connect 又输出什么?
miv
2021-07-18 10:31:55 +08:00
部署在腾讯云上面,安全组 443 、80 端口是打开的。
系统上面防火墙是关闭的
telnet 127.0.0.1 的 443 可以成功
nginx 相关的端口状态

root@VM-0-10-ubuntu:/etc/nginx/conf.d# netstat -tlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN 14813/nginx: master
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 14813/nginx: master
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 965/systemd-resolve
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 2228/sshd
tcp6 0 0 [:::8001 [:::* LISTEN 12614/java
tcp6 0 0 [:::8008 [:::* LISTEN 12570/java
tcp6 0 0 [:::http [:::* LISTEN 14813/nginx: master
miv
2021-07-18 10:33:38 +08:00
@learningman #1 curl localhost 可以访问
yufeng0681
2021-07-18 10:44:47 +08:00
access.log 看看呢,请求有没有到 nginx
liuyulvv
2021-07-18 10:52:28 +08:00
前几天刚好也在腾讯云上用了腾讯提供的免费 ssl,这是按照他们官网写的,我是直接修改的

```nginx
server {
listen 443 ssl;

root /var/www/hexo;

index index.html;

server_name site.top;

location / {
try_files $uri $uri/ =404;
}

ssl_certificate /etc/nginx/conf.d/1_site.top_bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/2_site.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
}

server {
listen 80;

server_name site.top;

return 301 https://$host$request_uri;
}
```
miv
2021-07-18 10:54:41 +08:00
@yufeng0681 #4 tail -f /var/log/nginx/access.log 查看这个文件,443 的请求监听不到,80 的就可以
miv
2021-07-18 10:55:31 +08:00
@liuyulvv #5 感谢,我试试
miv
2021-07-18 11:06:03 +08:00
@liuyulvv #5
好像还不行,访问 80 端口出现这个问题
```
ubuntu@VM-0-10-ubuntu:~$ curl http://www.softwareborn.top
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.21.1</center>
</body>
</html>
```
配置如下
```
server {
listen 80;

server_name site.top;

return 301 https://$host$request_uri;
}
```
chendy
2021-07-18 11:15:12 +08:00
server_name www.site.top;
你的网站名字是 www.site.top ???
liuxu
2021-07-18 11:18:45 +08:00
腾讯管理后台"安全组 443 打开的"的截图贴出来看看
xeathen
2021-07-18 11:29:17 +08:00
你在试图访问 www.softwareborn.top ,但是你的 servername 却是 www.site.top
westoy
2021-07-18 11:32:39 +08:00
ufw 443 放行了没
ik
2021-07-18 11:40:52 +08:00
443 端口不通

$ curl -v https://www.softwarebor n.top/
* About to connect() to www.softwareborn.top port 4 43 (#0)
* Trying 49.235.242.113...
* Connection timed out
* Failed connect to www.softwareborn.top:443; Conne ction timed out
* Closing connection 0
curl: (7) Failed connect to www.softwareborn.top:44 3; Connection timed out
holoto
2021-07-18 11:56:41 +08:00
直接 ip:443 访问 试试
有条件的 nmap ip 下
lindas
2021-07-18 13:41:29 +08:00
你用别的端口试一下,前几天我弄华为云的 443 端口也是,死活找不到原因,最后换个端口就行了
msg7086
2021-07-18 14:03:46 +08:00
conf.d ?
nginx 不是一直用 sites-enabled 的吗?还是说 Ubuntu 下不一样?
Junzhou
2021-07-18 21:04:23 +08:00
修改过配置文件后,执行 nginx -s reload 生效
yin1999
2021-07-18 22:16:57 +08:00
@msg7086 你说的用法其实是从 apache 过来的,nginx 官方源安装后,默认用的 conf.d,如果用 Ubuntu 默认的源,的确是 sites-enabled 。
yufeng0681
2021-07-19 11:14:04 +08:00
那就先在底层抓包吧,用 tcpdump 命令,抓 443 端口有没有报文来到服务器;
nginx 的 access 日志里,肯定看不到 https 字样,记录下来的都是请求内容,和你要求保存的字段信息

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/790169

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX