我有一个这样的配置已经工作多年:
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://domain.com$request_uri;
}
# !!!!
# line 10
server {
listen 443 ssl http2;
server_name www.domain.com;
return 301 https://domain.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_timeout 180m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
add_header Strict-Transport-Security 'max-age=31536000';
# [.................]
}
现在由于错误而开始失败:
no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/domain.com:10
nginx 发生了什么变化?如何修复它?
答案1
您的server块缺少ssl_certificate声明ssl_certificate_key。
您可以将这些语句移到任何块之外server,以便所有块都使用相同的证书server(假设您只有一个证书)。
Nginx 对于“没有定义“ssl_certificate””错误可以稍微放松一些。我怀疑如果server颠倒这些块,错误可能会神秘地消失。但为了正确性,您应该为每个server需要证书的块定义一个证书,或者在http所有服务器的块范围内定义一个证书。