![NGinX - [emerg]“ssl_certificate”指令重复 - 添加新的 SSL 启用站点会破坏 NGinx Conf](https://linux22.com/image/127341/NGinX%20-%20%5Bemerg%5D%E2%80%9Cssl_certificate%E2%80%9D%E6%8C%87%E4%BB%A4%E9%87%8D%E5%A4%8D%20-%20%E6%B7%BB%E5%8A%A0%E6%96%B0%E7%9A%84%20SSL%20%E5%90%AF%E7%94%A8%E7%AB%99%E7%82%B9%E4%BC%9A%E7%A0%B4%E5%9D%8F%20NGinx%20Conf.png)
我正在尝试将第二个启用 SSL 的站点添加到我的 NGinX 配置中。仅在一个启用 SSL 的站点上一切工作正常,但是当我添加第二个conf(它只是从工作站点编辑和复制的conf)时,我收到以下错误。
注意:我已经测试过,如果我删除新站点,conf 就会通过,反之亦然,如果我删除旧站点,新站点就可以工作。
root@NGinX:/etc/nginx/sites-enabled# ytitconf
* Reloading nginx configuration nginx [fail]
nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/ytit.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
这是整个非常简单的配置。
注意:第二个站点托管多个子域,但该站点目前不会托管子域。
root@NGinX:/etc/nginx/sites-available# cat ytit.conf
#GLOBAL SSL
ssl_certificate /etc/ssl/certs/ssl-bundle-ytit.crt;
ssl_certificate_key /etc/ssl/private/server-ytit.key;
server {
listen 80;
server_name www.ytit.ca ytit.ca;
return 301 https://$server_name/;
}
server {
listen 443 ssl;
ssl on;
server_name www.ytit.ca ytit.ca;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
proxy_pass https://192.168.1.169:443/;
include /etc/nginx/proxy.conf;
}
}
这是 NGinX.conf;我不认为它被修改了,但我大约一年前设置了 NGinX 并且不记得说实话,所以我将其包括在内,因为错误表明它与 NGinX.conf 测试有关。
root@NGinX:/etc/nginx/sites-available# cat /etc/nginx/nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
conf.d 中没有任何额外内容
root@NGinX:/etc/nginx/conf.d# ll
total 8
drwxr-xr-x 2 root root 4096 Jul 29 2015 ./
drwxr-xr-x 5 root root 4096 Mar 8 2016 ../
答案1
include /etc/nginx/sites-enabled/*您的主配置文件包含按顺序拖入指定目录中的所有配置文件的行。
所有不在命名上下文中的指令都默认为上下文,因此通过在这些文件的顶层global定义ssl_certificate和 ,您将重新定义全局指令,这会导致 NginX 抱怨。ssl_certificates
您的选择是:
- 将
ssl_certificate和移动ssl_certificates到上下文中server,这允许您为不同的站点配置不同的证书; - 在全局上下文中,仅在这些站点配置文件之一中包含
ssl_certificate和指令,这使其覆盖您的所有服务器。ssl_certificates或者,将其移动到顶级nginx.conf文件也将具有相同的效果。
请注意,从版本 1.11 开始,您可以使用多个ssl_certificate和ssl_certificates指令来涵盖不同的证书类型(RSA、ECDSA 等)。