我想将 SSL 与 nginx 结合使用。我创建了必要的证书:
[root@arch ssl]# pwd
/etc/nginx/ssl
[root@arch ssl]# ls -l
total 12
-rwx------ 1 root root 1346 Aug 3 14:36 server.crt
-rwx------ 1 root root 1115 Aug 3 14:36 server.csr
-rwx------ 1 root root 1743 Aug 3 14:35 server.key
但是 nginx 无法加载这些文件。它说找不到它们:
systemctl -l status nginx
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled)
Active: failed (Result: exit-code) since Sun 2014-08-03 14:50:04 EDT; 21min ago
Process: 21391 ExecStart=/usr/bin/nginx -g pid /run/nginx.pid; error_log stderr; (code=exited, status=1/FAILURE)
Main PID: 16458 (code=exited, status=0/SUCCESS)
Aug 03 14:50:04 arch nginx[21391]: 2014/08/03 14:50:04 [emerg] 21391#0: BIO_new_file("/etc/gninx/ssl/server.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/gninx/ssl/server.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Aug 03 14:50:04 arch systemd[1]: nginx.service: control process exited, code=exited status=1
Aug 03 14:50:04 arch systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Aug 03 14:50:04 arch systemd[1]: Unit nginx.service entered failed state.
这是我的配置:
server {
server_name localhost;
listen 443;
ssi on;
ssl on;
ssl_certificate /etc/gninx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
client_max_body_size 4G;
location = / {
...
}
}
有人能告诉我我错过了什么吗?
提前感谢您的帮助和时间。
杰尼亚。
答案1
我敢打赌nginx它不会以 root 身份运行。您对密钥/证书对的权限只有 root 才可读。
我通常会创建一个www组并制作密钥root:www 440和证书root:www 444(证书会公开发送给每个连接;因此没有理由保密;只要确保它不可编辑即可)。然后我确保apache(或nginx按照您的喜好)以 身份运行www:www。
--哦耶... 确保密钥上没有密码短语;或者,如果有(这样更安全),确保nginx有规定允许您在启动时提交密码短语。(抱歉,我从未尝试使用nginx)。然后准备好让它挂起并等待每次重新启动,直到您可以到达控制台。
答案2
问题出在路线上,正如你设置 /etc/格宁克斯/ssl/server.crt;应该是/etc/nginx/ssl/服务器.crt;