无法启动nginx
我正在尝试启动nginx,但它给了我一些我不理解的错误。我在下面的信息中给出了确切的错误。我看了错误,看不出头绪。我用谷歌搜索了错误中的一些信息,但找不到任何有帮助的 不管问题是什么,它都与其中一个虚拟主机onyx.myhost.com有关。如果我删除onyx.myhost.com的conf文件的链接,那么服务器就会正常启动 我还应该提到,相同的配置在旧版本的Linux上运行良好。我将在下面介绍有关该系统的信息 我知道这是一个非常稀疏的信息来寻求帮助,但我真的不知道该怎么办。首先,我将列出一些系统信息,然后列出错误。我将我的实际主机名改为“myhost” 请让我知道,如果有任何其他信息,我应该张贴无法启动nginx,nginx,Nginx,我正在尝试启动nginx,但它给了我一些我不理解的错误。我在下面的信息中给出了确切的错误。我看了错误,看不出头绪。我用谷歌搜索了错误中的一些信息,但找不到任何有帮助的 不管问题是什么,它都与其中一个虚拟主机onyx.myhost.com有关。如果我删除onyx.myhost.com的conf文件的链接,那么服务器就会正常启动 我还应该提到,相同的配置在旧版本的Linux上运行良好。我将在下面介绍有关该系统的信息 我知道这是一个非常稀疏的信息来寻求帮助,但我真的不知道该怎么办。首先,我将列出一些系
尝试启动服务器的输出
snapper@newton onyx.myhost.com # sudo service nginx start
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
Linux版本:
snapper@newton onyx.myhost.com # cat /etc/issue
Ubuntu 16.04.1 LTS \n \l
使用相同配置的服务器上的Linux版本:
snapper@myhost-jan ~ # cat /etc/issue
Ubuntu 14.04.5 LTS \n \l
snapper@myhost-jan ~ # sudo nginx -V
nginx version: nginx/1.4.6 (Ubuntu)
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6
--with-http_ssl_module --with-http_stub_status_module --with-http_realip_module
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module
--with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module
nginx版本:我用word包装了输出
snapper@newton onyx.myhost.com # nginx -V
nginx version: nginx/1.10.0 (Ubuntu)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now'
--prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
--with-ipv6 --with-http_ssl_module --with-http_stub_status_module
--with-http_realip_module --with-http_auth_request_module
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gunzip_module --with-http_gzip_static_module
--with-http_image_filter_module --with-http_v2_module --with-http_sub_module
--with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail
--with-mail_ssl_module --with-threads
使用相同配置的服务器上的nginx版本:
snapper@myhost-jan ~ # cat /etc/issue
Ubuntu 14.04.5 LTS \n \l
snapper@myhost-jan ~ # sudo nginx -V
nginx version: nginx/1.4.6 (Ubuntu)
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6
--with-http_ssl_module --with-http_stub_status_module --with-http_realip_module
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module
--with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module
systemctl的输出
snapper@newton onyx.myhost.com # sudo systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2016-12-20 18:52:31 UTC; 3min 35s ago
Process: 4436 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Dec 20 18:52:31 newton systemd[1]: Starting A high performance web server and a reverse proxy server...
Dec 20 18:52:31 newton nginx[4436]: nginx: [emerg] BIO_new_file("/etc/ssl/certs/dhparam.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/certs
Dec 20 18:52:31 newton nginx[4436]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 20 18:52:31 newton systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 20 18:52:31 newton systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Dec 20 18:52:31 newton systemd[1]: nginx.service: Unit entered failed state.
Dec 20 18:52:31 newton systemd[1]: nginx.service: Failed with result 'exit-code'.
lines 1-12/12 (END)
snapper@newton onyx.myhost.com # sudo journalctl -xe
Dec 20 18:55:30 newton sshd[4462]: Failed password for root from 116.31.116.18 port 18380 ssh2
Dec 20 18:55:32 newton sshd[4462]: Failed password for root from 116.31.116.18 port 18380 ssh2
Dec 20 18:55:33 newton sshd[4462]: Received disconnect from 116.31.116.18 port 18380:11: [preauth]
Dec 20 18:55:33 newton sshd[4462]: Disconnected from 116.31.116.18 port 18380 [preauth]
Dec 20 18:55:33 newton sshd[4462]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:56:03 newton sshd[4469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:56:05 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2
Dec 20 18:56:07 newton sudo[4471]: snapper : TTY=pts/0 ; PWD=/home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com ; USER=root ; COMMAND=/bin/systemctl status nginx.service
Dec 20 18:56:07 newton sudo[4471]: pam_unix(sudo:session): session opened for user root by snapper(uid=0)
Dec 20 18:56:07 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2
Dec 20 18:56:10 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2
Dec 20 18:56:10 newton sshd[4469]: Received disconnect from 116.31.116.18 port 12569:11: [preauth]
Dec 20 18:56:10 newton sshd[4469]: Disconnected from 116.31.116.18 port 12569 [preauth]
Dec 20 18:56:10 newton sshd[4469]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:56:42 newton sshd[4501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:56:42 newton sshd[4503]: Connection closed by 45.56.93.125 port 36628 [preauth]
Dec 20 18:56:45 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2
Dec 20 18:56:47 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2
Dec 20 18:56:49 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2
Dec 20 18:56:49 newton sshd[4501]: Received disconnect from 116.31.116.18 port 16666:11: [preauth]
Dec 20 18:56:49 newton sshd[4501]: Disconnected from 116.31.116.18 port 16666 [preauth]
Dec 20 18:56:49 newton sshd[4501]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:57:09 newton sshd[4505]: Connection closed by 83.169.58.4 port 60763 [preauth]
Dec 20 18:57:23 newton sshd[4508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:57:24 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2
Dec 20 18:57:26 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2
Dec 20 18:57:29 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2
Dec 20 18:57:29 newton sshd[4508]: Received disconnect from 116.31.116.18 port 43195:11: [preauth]
Dec 20 18:57:29 newton sshd[4508]: Disconnected from 116.31.116.18 port 43195 [preauth]
Dec 20 18:57:29 newton sshd[4508]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:57:51 newton sshd[4511]: Connection closed by 54.68.91.5 port 40026 [preauth]
Dec 20 18:57:59 newton sshd[4513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:58:01 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2
Dec 20 18:58:04 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2
Dec 20 18:58:06 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2
Dec 20 18:58:06 newton sshd[4513]: Received disconnect from 116.31.116.18 port 60900:11: [preauth]
Dec 20 18:58:06 newton sshd[4513]: Disconnected from 116.31.116.18 port 60900 [preauth]
Dec 20 18:58:06 newton sshd[4513]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:58:39 newton sshd[4516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:58:40 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2
Dec 20 18:58:43 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2
Dec 20 18:58:45 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2
Dec 20 18:58:45 newton sshd[4516]: Received disconnect from 116.31.116.18 port 31704:11: [preauth]
Dec 20 18:58:45 newton sshd[4516]: Disconnected from 116.31.116.18 port 31704 [preauth]
Dec 20 18:58:45 newton sshd[4516]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:59:15 newton sshd[4520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:59:17 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2
Dec 20 18:59:19 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2
Dec 20 18:59:21 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2
Dec 20 18:59:21 newton sshd[4520]: Received disconnect from 116.31.116.18 port 30979:11: [preauth]
Dec 20 18:59:21 newton sshd[4520]: Disconnected from 116.31.116.18 port 30979 [preauth]
Dec 20 18:59:21 newton sshd[4520]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:59:21 newton sudo[4471]: pam_unix(sudo:session): session closed for user root
Dec 20 18:59:37 newton sudo[4522]: snapper : TTY=pts/0 ; PWD=/home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com ; USER=root ; COMMAND=/bin/journalctl -xe
Dec 20 18:59:37 newton sudo[4522]: pam_unix(sudo:session): session opened for user root by snapper(uid=0)
lines 959-1013/1013 (END)
onyx.myhost.com配置文件
# nginx configuration for onyx.myhost.com
server {
# listen on port 80
# listen 80;
# SSL
listen 443 ssl;
server_name onyx.myhost.com;
ssl_certificate /etc/letsencrypt/live/onyx.myhost.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/onyx.myhost.com/privkey.pem;
# set log paths
access_log /srv/www/onyx.myhost.com/logs/access.log;
error_log /srv/www/onyx.myhost.com/logs/error.log;
# rewrite
# rewrite (/[0-9a-z\-]+)$ $1.pl last;
rewrite (.*/[0-9a-z\-]+)$ $1.pl last;
# restrict access by password
# sudo sh -c "echo -n 'snapper:' >> /etc/nginx/htpasswd"
# sudo sh -c "openssl passwd -apr1 >> /etc/nginx/htpasswd"
# auth_basic "closed website";
# auth_basic_user_file /etc/nginx/htpasswd;
# set document root
root /home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com/pages;
# rewrite xdo files
# rewrite ^(/.*\.xdo)$ /xdo.pl last;
# set index files
# location / {
# index index.xdo index.pl index.html;
# }
# set admin restriction
# location /admin/ {
# allow 1.2.3.4; # Allow a single remote host
# deny all; # Deny everyone else
# }
# handle .pl files
# location ~ \.pl$ {
# gzip off;
# include /etc/nginx/fastcgi_params;
# fastcgi_pass unix:/var/run/fcgiwrap.socket;
# fastcgi_index index.pl;
# fastcgi_param SCRIPT_FILENAME /home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com/pages$fastcgi_script_name;
# }
# not sure what this does, but it's for SSL
location ~ /.well-known {
allow all;
}
# Diffie-Hellman
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
}
server {
listen 80;
server_name onyx.myhost.com;
return 301 https://onyx.myhost.com$request_uri;
}
你确定你在这个目录中有这样的文件,并且nginx可以读取它吗?这是你的错误:
Dec 20 18:52:31 newton nginx[4436]:nginx:[emerg]BIO_new_文件(“/etc/ssl/certs/dhparam.pem”)失败(ssl:error:0201002:system library:fopen:No这样的文件或目录:fopen)('/etc/ssl/certs/etc/ssl/certs你能做一个
ls-l/etc/ssl/certs谢谢大家的帮助,没有你们我是无法修复的。:-)看起来我没有该文件。事实上,服务器上不存在dhparam.pem。这是否表明我没有正确地实现Diffie Hellman?我从网上复制了该代码。我承认我现在似乎找不到从中获取该文件的页面。你能建议从这里转到哪里吗?我从未使用带有DH参数的文件,但看起来你应该这样做只需生成它,我会检查它,然后发回它的工作原理。谢谢!ls-l/etc/ssl/certs提供了一个相当长的.pem文件列表。该目录确实存在。下面是/etc/ssl的列表snapper@newton~#ls-l/etc/ssl总计44 drwxr-xr-x 2根根目录24576 Dec 10 01:39证书-rw-r--r--1根目录10835 Sep 23 12:25 openssl.cnf drwx--x--2根ssl证书4096 Dec 10 01:39 privateIs
dhparam.pemsudo openssl dhparam-out/etc/ssl/certs/dhparam.pem 2048