Nginx

聽 443 ssl 中斷 nginx

  • February 5, 2020

我已經在 GCE vm 上安裝了 nginx 來託管個人網站。我設置了它,它適用於 http 連接。但是,在從 certbot 安裝證書後啟用 https 破壞了 nginx。

server {
   listen 80;
   listen [::]:80;

   # SSL configuration
   #
   #listen 443 ssl;
   # listen [::]:443 ssl default_server;
   # Note: You should disable gzip for SSL traffic.
   # See: https://bugs.debian.org/773332
   #
   # Read up on ssl_ciphers to ensure a secure configuration.
   # See: https://bugs.debian.org/765782
   #
   # Self signed certs generated by the ssl-cert package
   # Don't use them in a production server!
   #
   # include snippets/snakeoil.conf;

   root /home/Urvish/www;

   # Add index.php to the list if you are using PHP
   index index.html index.htm index.nginx-debian.html;

   server_name openrados.ddns.net;

   location / {
       # First attempt to serve request as file, then
       # as directory, then fall back to displaying a 404.
       try_files $uri $uri/ =404;
   }


   # pass PHP scripts to FastCGI server
   #
   #location ~ \.php$ {
   #   include snippets/fastcgi-php.conf;
   #
   #   # With php-fpm (or other unix sockets):
   #   fastcgi_pass unix:/run/php/php7.3-fpm.sock;
   #   # With php-cgi (or other tcp sockets):
   #   fastcgi_pass 127.0.0.1:9000;
   #}

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   #location ~ /\.ht {
   #   deny all;
   #}

       listen [::]:443 ssl; # managed by Certbot
       listen 443 ssl; # managed by Certbot
       ssl_certificate /etc/letsencrypt/live/openrados.ddns.net/fullchain.pem; # managed by Certbot
       ssl_certificate_key /etc/letsencrypt/live/openrados.ddns.net/privkey.pem; # managed by Certbot
       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

現在,使用 sudo systemctl restart nginx 重新啟動 nginx 不再起作用並給出以下錯誤:

Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

systemctl status nginx.service 返回以下內容:

● nginx.service - A high performance web server and a reverse proxy server
  Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
  Active: failed (Result: exit-code) since Wed 2020-02-05 12:48:27 UTC; 1min 11s ago
    Docs: man:nginx(8)
 Process: 6208 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Process: 6209 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)

我該如何解決?我很困惑。

編輯:

我執行了 nginx -t 它返回以下內容:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

但是,/var/log/nginx/error.log 下的錯誤日誌顯示如下:

2020/02/05 13:03:29 [emerg] 6392#6392: bind() to [::]:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: bind() to [::]:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: bind() to [::]:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: bind() to [::]:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: bind() to [::]:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: bind() to 0.0.0.0:443 failed (98: Address already in use)
2020/02/05 13:03:29 [emerg] 6392#6392: still could not bind()

您使用的這些命令都沒有真正描述 nginx 無法重新啟動的原因。

當服務失敗時,開始嘗試找出 nginx 問題的一個好地方是執行journalctl -u nginxnginx -t。這將為您提供有關失敗原因的更好線索,並且在您的情況下最有可能指向配置文件錯誤及其所在的行。

最好的做法是使用正確的縮進使您的配置文件盡可能整潔,同時刪除不必要的註釋以使其管理更加容易。

引用自:https://serverfault.com/questions/1001884