nginx 监听 ... ssl 指令错误,但没有设置 ssl 指令 [英] nginx listen ... ssl directive error, but there is no ssl directive set
问题描述
我不明白 nginx 从哪里获得 listen ... ssl 指令.它会阻止 nginx 启动...
<块引用>/docker-entrypoint.sh:配置完成;准备启动
<块引用>
2020/11/16 10:25:45 [emerg] 1#1:没有ssl_certificate";是为listen ... ssl"定义的.etc/nginx/conf.d/default.conf:28
中的指令<块引用>
nginx: [emerg] 没有ssl_certificate";是为listen ... ssl"定义的./etc/nginx/conf.d/default.conf:28
中的指令我的 conf.d/default.conf:
# 将所有流量重定向到 https#服务器 {# 听 80 default_server;# 听 [::]:80 default_server;# 服务器名称 _;# 返回 301 https://$host$request_uri;#}服务器 {听 80 default_server;听 [::]:80 default_server;服务器名称 _;# 写入访问和错误日志access_log/var/log/nginx/.access.log;error_log/var/log/nginx/error.log;# CertBot 需要打开端口 80 或 443 才能连接到位置 ^~/.well-known/acme-challenge/{根/var/www/letsencrypt;}# 地点/{# 返回 301 https://$host$request_uri;# }}服务器 {听 443;听 [::]:443;服务器名称 _;#charset koi8-r;#access_log/var/log/nginx/host.access.log main;# 证书# ssl_certificate/etc/letsencrypt/live/.../fullchain.pem;# ssl_certificate_key/etc/letsencrypt/live/.../fullchain.pem;# 使用根 CA 和中间证书验证 OCSP 响应的信任链# ssl_trusted_certificate/etc/letsencrypt/live/.../fullchain.pem;# 包括 ssl.conf;设置 $upstream_webfuse_com JS_upstream;地点/{# 允许 CORS#add_header 'Access-Control-Allow-Origin' '*' 总是;包括proxy.conf;解析器 127.0.0.11 有效 = 30 秒;proxy_pass http://$upstream_webfuse_com:3000;proxy_set_header 升级 $http_upgrade;proxy_set_header 连接升级;#auth_basic受限";#auth_basic_user_file/config/nginx/htpasswd;}#地点/{# root/usr/share/nginx/html;# index index.html index.htm;#}#error_page 404/404.html;# 将服务器错误页面重定向到静态页面/50x.html#error_page 500 502 503 504/50x.html;位置 =/50x.html {根目录/usr/share/nginx/html;}# 代理 PHP 脚本到 Apache 监听 127.0.0.1:80##location ~ \.php$ {# proxy_pass http://127.0.0.1;#}# 将 PHP 脚本传递给 FastCGI 服务器,监听 127.0.0.1:9000#location ~ \.php$ {# root/usr/share/nginx/html;#fastcgi_pass 127.0.0.1:9000;# fastcgi_index index.php;# fastcgi_param SCRIPT_FILENAME/scripts$fastcgi_script_name;# 包括 fastcgi_params;#}# 拒绝访问 .htaccess 文件,如果 Apache 的文档根目录# 同意 nginx 的一个#location ~/\.ht {# 全部拒绝;#}}服务器 {听 443;# ssl http2;听 [::]:443;# ssl http2;server_name 编码器.*;# 证书#ssl_certificate/etc/letsencrypt/live/.../fullchain.pem;#ssl_certificate_key/etc/letsencrypt/live/.../fullchain.pem;# 使用根 CA 和中间证书验证 OCSP 响应的信任链#ssl_trusted_certificate/etc/letsencrypt/live/.../fullchain.pem;#include ssl.conf;client_max_body_size 0;# CertBot 需要打开端口 80 或 443 才能连接到位置 ^~/.well-known/acme-challenge/{根/var/www/letsencrypt;}地点/{包括proxy.conf;解析器 127.0.0.11 有效 = 30 秒;设置 $upstream_code_server 编码器;proxy_pass http://$upstream_code_server:8443;proxy_set_header 升级 $http_upgrade;proxy_set_header 连接升级;}}
您监听端口 443.这是 SSL 端口.
服务器{听 443;听 [::]:443;
您不需要侦听端口 443 或添加证书.如果没有,它将不起作用
I don't understand where nginx is getting the listen ... ssl directive from. It prevents nginx from starting...
/docker-entrypoint.sh: Configuration complete; ready for start up
2020/11/16 10:25:45 [emerg] 1#1: no "ssl_certificate" is defined for the "listen ... ssl" directive in etc/nginx/conf.d/default.conf:28
nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/conf.d/default.conf:28
my conf.d/default.conf:
# redirect all traffic to https
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# return 301 https://$host$request_uri;
#}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Write Access and Error logs
access_log /var/log/nginx/.access.log;
error_log /var/log/nginx/error.log;
# CertBot needs either port 80 or 443 open to connect to the
location ^~ /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# location / {
# return 301 https://$host$request_uri;
# }
}
server {
listen 443;
listen [::]:443;
server_name _;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
# Certificates
# ssl_certificate /etc/letsencrypt/live/.../fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/.../fullchain.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
# ssl_trusted_certificate /etc/letsencrypt/live/.../fullchain.pem;
# include ssl.conf;
set $upstream_webfuse_com JS_upstream;
location / {
# allow CORS
#add_header 'Access-Control-Allow-Origin' '*' always;
include proxy.conf;
resolver 127.0.0.11 valid=30s;
proxy_pass http://$upstream_webfuse_com:3000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/htpasswd;
}
#location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#location ~ \.php$ {
# root /usr/share/nginx/html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 443;
# ssl http2;
listen [::]:443;
# ssl http2;
server_name coder.*;
# Certificates
#ssl_certificate /etc/letsencrypt/live/.../fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/.../fullchain.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /etc/letsencrypt/live/.../fullchain.pem;
#include ssl.conf;
client_max_body_size 0;
# CertBot needs either port 80 or 443 open to connect to the
location ^~ /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
location / {
include proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_code_server coder;
proxy_pass http://$upstream_code_server:8443;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
You listen on port 443. It's the SSL port.
server {
listen 443;
listen [::]:443;
You need to do not listen on port 443 or to add a certificate. If not it will not work
这篇关于nginx 监听 ... ssl 指令错误,但没有设置 ssl 指令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!