NGinX - [emerg]“ssl_certificate”指令重复 - 添加新的 SSL 启用站点会破坏 NGinx Conf

NGinX - [emerg]“ssl_certificate”指令重复 - 添加新的 SSL 启用站点会破坏 NGinx Conf

我正在尝试将第二个启用 SSL 的站点添加到我的 NGinX 配置中。仅在一个启用 SSL 的站点上一切工作正常,但是当我添加第二个conf(它只是从工作站点编辑和复制的conf)时,我收到以下错误。

注意:我已经测试过,如果我删除新站点,conf 就会通过,反之亦然,如果我删除旧站点,新站点就可以工作。

root@NGinX:/etc/nginx/sites-enabled# ytitconf
 * Reloading nginx configuration nginx                                                           [fail]
nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/ytit.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed

这是整个非常简单的配置。

注意:第二个站点托管多个子域,但该站点目前不会托管子域。

root@NGinX:/etc/nginx/sites-available# cat ytit.conf
#GLOBAL SSL
ssl_certificate /etc/ssl/certs/ssl-bundle-ytit.crt;
ssl_certificate_key /etc/ssl/private/server-ytit.key;


server {
       listen         80;
       server_name    www.ytit.ca ytit.ca;

       return         301 https://$server_name/;
}

server {
listen 443 ssl;
ssl on;
server_name www.ytit.ca ytit.ca;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;

location / {

      proxy_pass           https://192.168.1.169:443/;
      include             /etc/nginx/proxy.conf;

    }
}

这是 NGinX.conf;我不认为它被修改了,但我大约一年前设置了 NGinX 并且不记得说实话,所以我将其包括在内,因为错误表明它与 NGinX.conf 测试有关。

root@NGinX:/etc/nginx/sites-available# cat /etc/nginx/nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # nginx-naxsi config
        ##
        # Uncomment it if you installed nginx-naxsi
        ##

        #include /etc/nginx/naxsi_core.rules;

        ##
        # nginx-passenger config
        ##
        # Uncomment it if you installed nginx-passenger
        ##

        #passenger_root /usr;
        #passenger_ruby /usr/bin/ruby;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

conf.d 中没有任何额外内容

root@NGinX:/etc/nginx/conf.d# ll
total 8
drwxr-xr-x 2 root root 4096 Jul 29  2015 ./
drwxr-xr-x 5 root root 4096 Mar  8  2016 ../

答案1

include /etc/nginx/sites-enabled/*您的主配置文件包含按顺序拖入指定目录中的所有配置文件的行。

所有不在命名上下文中的指令都默认为上下文,因此通过在这些文件的顶层global定义ssl_certificate和 ,您将重新定义全局指令,这会导致 NginX 抱怨。ssl_certificates

您的选择是:

  • ssl_certificate和移动ssl_certificates到上下文中server,这允许您为不同的站点配置不同的证书;
  • 在全局上下文中,仅在这些站点配置文件之一中包含ssl_certificate和指令,这使其覆盖您的所有服务器。ssl_certificates或者,将其移动到顶级nginx.conf文件也将具有相同的效果。

请注意,从版本 1.11 开始,您可以使用多个ssl_certificatessl_certificates指令来涵盖不同的证书类型(RSA、ECDSA 等)。

相关内容