已经获取到证书,也配置好了 nginx,并且也安装了 ssl 模块,重启后 443 接口没有启动?
yozosann · 2018-05-16 17:26:57 +08:00 · 5943 次点击这是一个创建于 2171 天前的主题,其中的信息可能已经有所发展或是发生改变。
以下是我的 nginx 配置 ,证书从腾讯云那里申请的,搞了两天了 也不知道为什么一直不行。。。
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name xx.com www.xx.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://127.0.0.1:9339;
#root /;
#index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
server {
listen 80;
# listen somename:8080;
server_name myterm.xx.com;
location / {
# root html;
# index index.html index.htm;
proxy_pass http://www.yozosann.com:8256/;
}
}
# HTTPS server
#
server {
listen 443;
server_name xx.com www.xx.com;
ssl on;
ssl_certificate /usr/local/nginx/ssl/www.xx.com-ca-bundle.crt;
ssl_certificate_key /usr/local/nginx/ssl/www.xx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:9339;
# root html;
# index index.html index.htm;
}
}
}
 |
1
titanium98118 2018-05-16 17:33:08 +08:00
nginx -t 有报错吗?
|
 |
2
yozosann OP @titanium98118 木有报错啊 很尴尬 看似一切都是正确的。。 但是 443 端口就是没有开
|
|
3
yozosann OP @titanium98118
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful |
|
4
yozosann OP ```
server { listen 443; server_name www.yozosann.com; ssl on; ssl_certificate 1_www.yozosann.com_bundle.crt; ssl_certificate_key 2_www.yozosann.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:9999; # root html; # index index.html index.htm; } } ``` 目前改成了这样还是没有用 |
 |
5
elsenow 2018-05-16 17:48:20 +08:00
防火墙是否放行了 443 端口?
腾讯云控制台安全组是否放行了 443 端口? |
 |
6
w274189159 2018-05-16 17:48:51 +08:00
@yozosann 看下 nginx 的日志
|
|
7
elsenow 2018-05-16 17:53:26 +08:00
iMac:~ xxx$ telnet www.yozosann.com 443
Trying 108.61.182.82... telnet: connect to address 108.61.182.82: Connection refused telnet: Unable to connect to remote host 看了下,你这是 443 端口没放行吧?还没到 Nginx 端口这一步 |
 |
8
akira 2018-05-16 18:09:07 +08:00
errorlog 呢
|
|
9
yozosann OP @elsenow
firewall-cmd --list-ports 4200/tcp 9126/tcp 9126/udp 57575/tcp 38720/tcp 80/tcp 8756/tcp 3306/tcp 9123/udp 443/tcp 433 放行了 没有启动 |
 |
10
will1916 2018-05-16 18:24:38 +08:00
证书物理路径呢?
|
|
11
yozosann OP @w274189159
2018/05/16 16:32:22 [notice] 12518#0: signal process started 2018/05/16 16:32:22 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 16:37:27 [warn] 13122#0: invalid value "TLSv1.1" in /usr/local/nginx/conf/nginx.conf:111 2018/05/16 17:15:17 [emerg] 20339#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 17:17:12 [notice] 22994#0: signal process started 2018/05/16 17:17:12 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 17:18:44 [notice] 23179#0: signal process started 2018/05/16 17:18:44 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 17:20:30 [notice] 23412#0: signal process started 2018/05/16 17:20:30 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use) 2018/05/16 17:36:38 [emerg] 25334#0: still could not bind() 2018/05/16 18:24:15 [notice] 31318#0: signal process started |
|
13
will1916 2018-05-16 18:27:23 +08:00
@yozosann
不是要这样吗? ssl_certificate /usr/local/nginx/conf/1_www.yozosann.com_bundle.crt; ssl_certificate_key /usr/local/nginx/conf/2_www.yozosann.com.key; |
 |
14
SirLostWhite 2018-05-16 18:29:19 +08:00
unknown directive "ssl"
你这 nginx 编译没有开 ssl 模块吧 机器上有 openssl 吗? |
|
16
yozosann OP @SirLostWhite 这是之前的问题 已经解决啦 现在能成功运行 但是 443 仍然没有开
|
 |
17
mchl 2018-05-16 19:51:38 +08:00 via iPhone
listen 443 ssl;
|
 |
18
shiny 2018-05-16 20:09:34 +08:00
一般 https 网页打不开排查方式:
1. netstat -ln 检查 443 是否有打开, 如果无:检查配置文件和错误日志。 2. 服务器本机 curl 访问网址是否正常返回,如果无,检查防火墙和云服务器的安全规则是否放行。 3. 本机检查到服务器是否连同,错误表现如何,比如 DNS 问题、端口未打开、服务器返回状态码不对,都有对应的处理方式。 |
 |
19
lianyue 2018-05-16 20:27:54 +08:00
server {
listen 80; listen 443 ssl; server_name xx.com www.xx.com; ssl_certificate /usr/local/nginx/ssl/www.xx.com-ca-bundle.crt; ssl_certificate_key /usr/local/nginx/ssl/www.xx.com.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://127.0.0.1:9339; #root /; #index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } |
 |
20
cmllwxxl 2018-05-17 09:56:25 +08:00
腾讯云的服务器,看下安全组开了没,之前也是,弄半天,最后腾讯云的安全组没开 443
|
 |
22
mxywxwk 2018-09-28 14:47:20 +08:00
遇到同样的问题,不知楼主解决没有
|
|
23
mxywxwk 2018-09-28 14:51:55 +08:00
我是用的阿里云的服务器,有两个。其中一个配置成功了,可以用 https 访问,同样的方法另一台就不行了。netstat 查看看 nginx 也没有监听着 443。成功的 nginx 用的 1.13.7,失败的用的 1.8.0.
|
Select Language