我甚至无法弄清楚启动时收到的错误文本
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
Active: failed (Result: exit-code) since Fri 2015-06-05 16:52:14 UTC; 8s ago
Process: 17285 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 17273 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 17386 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Main PID: 17275 (code=exited, status=0/SUCCESS)
Jun 05 16:52:14 ip-172-31-33-65 systemd[1]: Starting A high performance web server and a reverse proxy server...
Jun 05 16:52:14 ip-172-31-33-65 nginx[17386]: nginx: [emerg] BIO_new_file("/etc/ssl/www_mydomain_me.pem") failed (SSL: error:02001002:system libr...ch file)
Jun 05 16:52:14 ip-172-31-33-65 nginx[17386]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 05 16:52:14 ip-172-31-33-65 systemd[1]: nginx.service: control process exited, code=exited status=1
Jun 05 16:52:14 ip-172-31-33-65 systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Jun 05 16:52:14 ip-172-31-33-65 systemd[1]: Unit nginx.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
我在“sites-available”下的“默认”中的附加“服务器”配置是:
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/www_example_com.pem;
ssl_certificate_key /etc/ssl/www_example_com.key;
access_log /var/www/laravel/access.log;
error_log /var/www/laravel/error.log;
server_name example.com;
}
如果我删除此阻止,我的 NGNIX 将正确重新启动并通过端口 80 为我们的 Web 应用程序提供服务。我的目标是支持 HTTPS,甚至将任何 HTTP 调用重定向到 HTTPS。我不希望我的网站上出现不安全的流量。
我们今天刚刚从赛门铁克获得了 EV SSL 证书,但我无法让 NGNIX 服务器接受它或它的配置。
答案1
首先检查你指定的路径是否正确
$ ls /etc/ssl/www_mydomain_me.{pem,key}
如果是,请检查权限是否适合他们。如果不适合,请按如下方式更新:
$ chown root:root /etc/ssl/www_mydomain_me.{pem,key} $ chmod 600 /etc/ssl/www_mydomain_me.{pem,key}
编辑:第一个答案和我的类似。抱歉,大约是同一时间。
答案2
我将假设相关省略错误代码的全文应该是:
error:02001002:system library:fopen:No such file
您的文件路径不正确,或者权限/etc/ssl/www_mydomain_me.pem
不正确。所有权是 root:root,除非您使用 ssl_cert 组,并且权限最多应为 600。