nginx ssl_证书指令不';无法在服务器块内工作,浏览器显示错误连接关闭或错误连接重置
我试图使用Nginx v1.8.0从单个VPS中为多个TLS安全域提供服务,但出于某些原因,它只是没有在服务器块中进行证书配置。当我将nginx ssl_证书指令不';无法在服务器块内工作,浏览器显示错误连接关闭或错误连接重置,ssl,nginx,Ssl,Nginx,我试图使用Nginx v1.8.0从单个VPS中为多个TLS安全域提供服务,但出于某些原因,它只是没有在服务器块中进行证书配置。当我将ssl\u certificate和ssl\u certificate\u key指令放入http块时,它工作正常。但是当我尝试将它们放入服务器块时,启动时没有错误,日志中没有任何内容,但是chrome给了我一条ERR\u CONNECTION\u CLOSED消息。这必须比看起来容易 以下是有效的设置: nginx-V输出: nginx version: ngi
ssl\u certificate
和ssl\u certificate\u key
指令放入http块时,它工作正常。但是当我尝试将它们放入服务器块时,启动时没有错误,日志中没有任何内容,但是chrome给了我一条ERR\u CONNECTION\u CLOSED
消息。这必须比看起来容易
以下是有效的设置:
nginx-V输出:
nginx version: nginx/1.8.0
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
我的主nginx.conf:
user http;
worker_processes 3;
pid /var/run/nginx.pid;
error_log /var/log/nginx_error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type text/plain;
sendfile on;
keepalive_timeout 65;
index index.php index.html;
log_format main '$remote_addr - $remote_user [$time_local], "$scheme://$host$request_uri", '
'file: "$request_filename", http: $status, sent: $body_bytes_sent, ref: "$http_referer", '
'"$http_user_agent", "$http_x_forwarded_for"';
access_log /var/log/nginx_access.log main;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server {
listen 80;
server_name "";
return 410;
}
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
include vhosts/*.conf;
}
我的vhosts目录列表:
site1.conf
site2.conf
最后,我的site1.conf文件(site2.conf基本相同):
如您所见,ssl…
指令位于主配置文件http块中。该配置工作正常。但是,如果我将它们从该位置删除,并将它们放入site1.conf vhost文件的服务器块中(如下所示),我会得到ERR\u CONNECTION\u CLOSED
error
# Server block that redirects www.site1.com requests to site1.com
server {
listen 443;
server_name www.site1.com;
return 301 https://site1.com$request_uri;
}
# Server block that serves site1.com;
server {
listen 443 ssl;
server_name site1.com;
root /srv/www/site1/public_html;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
error_log /var/log/nginx_err_site1.log error;
access_log /var/log/nginx_acc_site1.log main;
include global_restrictions.conf;
location / {
try_files $uri /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm_site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
我就是搞不懂
感谢您提供的帮助。一个多月后才回到这里(好吧,所以我的发布有点延迟,不管怎样!)) 事实上,答案和我想象的一样简单 我把那些小小的“www.”重定向块看作是简单的反弹,出于某种原因,我觉得不必在这些块中包含有关证书的信息。但是,由于安全连接的工作方式,服务器必须在发出响应(即重定向指令)之前完全建立安全连接,因此,由于我没有在这些小重定向块中包含证书信息,它给了我错误(令人沮丧的是,它没有告诉我这些错误是什么) 因此,最终的解决方案只是在端口443上侦听的每个服务器块中添加有效的
ssl\u证书
和ssl\u证书
指令。现在一切都好了
为了充分说明这一点,这是我更新和工作的site1.conf(和site2.conf,实际上是相同的):
我的nginx.conf文件现在不再包含ssl_证书行。在一个多月后才回到这个问题上(好吧,所以我的启动有点延迟,不管怎样!)) 事实上,答案和我想象的一样简单 我把那些小小的“www.”重定向块看作是简单的反弹,出于某种原因,我觉得不必在这些块中包含有关证书的信息。但是,由于安全连接的工作方式,服务器必须在发出响应(即重定向指令)之前完全建立安全连接,因此,由于我没有在这些小重定向块中包含证书信息,它给了我错误(令人沮丧的是,它没有告诉我这些错误是什么) 因此,最终的解决方案只是在端口443上侦听的每个服务器块中添加有效的
ssl\u证书
和ssl\u证书
指令。现在一切都好了
为了充分说明这一点,这是我更新和工作的site1.conf(和site2.conf,实际上是相同的):
我的nginx.conf文件现在不再包含ssl_证书行。nginx错误日志中有任何内容吗?@Richard,错误日志和访问日志中没有任何内容。就好像连服务器都没有碰到一样。今晚回家后,我将尝试启用调试日志。nginx错误日志中有任何内容吗?@Richard,错误日志中没有任何内容,访问日志中也没有。就好像连服务器都没有碰到一样。今晚回家后,我将尝试启用调试日志。
# Server block that redirects www.site1.com requests to site1.com
server {
listen 443;
server_name www.site1.com;
return 301 https://site1.com$request_uri;
}
# Server block that serves site1.com;
server {
listen 443 ssl;
server_name site1.com;
root /srv/www/site1/public_html;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
error_log /var/log/nginx_err_site1.log error;
access_log /var/log/nginx_acc_site1.log main;
include global_restrictions.conf;
location / {
try_files $uri /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm_site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
# Server block that redirects www.site1.com requests to site1.com
server {
listen 443 ssl;
server_name www.site1.com;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
return 301 https://site1.com$request_uri;
}
# Server block that serves site1.com requests
server {
listen 443 ssl;
server_name site1.com www.site1.com;
root /srv/www/site1/public_html;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
index index.php index.html index.htm;
error_log /var/log/nginx_err_site1.log error;
access_log /var/log/nginx_acc_site1.log main;
include global_restrictions.conf;
location / {
try_files $uri /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm_site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}