NGINX-无法重新启动

NGINX-无法重新启动

通过以下方式安装 SSL 后Laravel Forge,我的网站根本无法加载。尝试重新启动 NGINX 时失败。如果我运行sudo nginx -t,我会得到以下结果:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/usr/share/nginx/logs/static.log" failed (2: No  such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed

这是我的 NGINX 配置:

# non-www to www redirect
server {
    listen 80;
    server_name MYDOMAIN.com;
    return 301 $scheme://www.MYDOMAIN.com$request_uri;
}
server {
    listen 80 default_server;
    server_name www.MYDOMAIN.com *.MYDOMAIN.com;
    root /home/forge/MYDOMAIN.com/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/MYDOMAIN.com/10957/server.crt;
    ssl_certificate_key /etc/nginx/ssl/MYDOMAIN.com/10957/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    index index.html index.htm index.php;

    charset utf-8;

    # Built-in filename-based cache busting

    # https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L403
    # This will route all requests for /css/style.20120716.css to /css/style.css
    # Read also this: github.com/h5bp/html5-boilerplate/wiki/cachebusting
    # This is not included by default, because it'd be better if you use the build
    # script to manage the file names.
    location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ {
       try_files $uri $1.$2;
    }

    # Expire rules for static content

    # No default expire rule. This config mirrors that of apache as outlined in the
    # html5-boilerplate .htaccess file. However, nginx applies rules by location,
    # the apache rules are defined by type. A consequence of this difference is that
    # if you use no file extension in the url and serve html, with apache you get an
    # expire time of 0s, with nginx you'd get an expire header of one month in the
    # future (if the default expire rule is 1 month). Therefore, do not use a
    # default expire rule with nginx unless your site is completely static

    # cache.appcache, your document html and data
    location ~* \.(?:manifest|appcache|html?|xml|json)$ {
      expires -1;
      access_log logs/static.log;
    }

    # Feed
    location ~* \.(?:rss|atom)$ {
      expires 1h;
      add_header Cache-Control "public";
    }

    # Media: images, icons, video, audio, HTC
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
      expires 1M;
      access_log off;
      add_header Cache-Control "public";
    }

    # CSS and Javascript
    location ~* \.(?:css|js)$ {
      expires 1y;
      access_log off;
      add_header Cache-Control "public";
    }

    # WebFonts
    # If you are NOT using cross-domain-fonts.conf, uncomment the following directive
    location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
     expires 1M;
     access_log off;
     add_header Cache-Control "public";
    }


    # How long to allow each connection to stay idle; longer values are better
    # for each individual client, particularly for SSL, but means that worker
    # connections are tied up longer. (Default: 65)
    keepalive_timeout 20;

    # Speed up file transfers by using sendfile() to copy directly
    # between descriptors rather than using read()/write().
    sendfile        on;

    # Tell Nginx not to send out partial frames; this increases throughput
    # since TCP frames are filled up before being sent out. (adds TCP_CORK)
    tcp_nopush      on;

    # Expire rules for static content

    # cache.appcache, your document html and data
    location ~* \.(?:manifest|appcache|html?|xml|json)$ {
      expires -1;
      # access_log logs/static.log; # I don't usually include a static log
    }

    # Feed
    location ~* \.(?:rss|atom)$ {
      expires 1h;
      add_header Cache-Control "public";
    }

    # Media: images, icons, video, audio, HTC
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
      expires 1M;
      access_log off;
      add_header Cache-Control "public";
    }

    # CSS and Javascript
    location ~* \.(?:css|js)$ {
      expires 1y;
      access_log off;
      add_header Cache-Control "public";
    }


    # Compression

    # Enable Gzip compressed.
    gzip on;

    # Compression level (1-9).
    # 5 is a perfect compromise between size and cpu usage, offering about
    # 75% reduction for most ascii files (almost identical to level 9).
    gzip_comp_level    5;

    # Don't compress anything that's already small and unlikely to shrink much
    # if at all (the default is 20 bytes, which is bad as that usually leads to
    # larger files after gzipping).
    gzip_min_length    256;

    # Compress data even for clients that are connecting to us via proxies,
    # identified by the "Via" header (required for CloudFront).
    gzip_proxied       any;

    # Tell proxies to cache both the gzipped and regular version of a resource
    # whenever the client's Accept-Encoding capabilities header varies;
    # Avoids the issue where a non-gzip capable client (which is extremely rare
    # today) would display gibberish if their proxy gave them the gzipped version.
    gzip_vary          on;

    # Compress all output labeled with one of the following MIME-types.
    gzip_types
      application/atom+xml
      application/javascript
      application/json
      application/ld+json
      application/manifest+json
      application/rdf+xml
      application/rss+xml
      application/schema+json
      application/vnd.geo+json
      application/vnd.ms-fontobject
      application/x-font-ttf
      application/x-javascript
      application/x-web-app-manifest+json
      application/xhtml+xml
      application/xml
      font/eot
      font/opentype
      image/bmp
      image/svg+xml
      image/vnd.microsoft.icon
      image/x-icon
      text/cache-manifest
      text/css
      text/javascript
      text/plain
      text/vcard
      text/vnd.rim.location.xloc
      text/vtt
      text/x-component
      text/x-cross-domain-policy
      text/xml;
    # text/html is always compressed by HttpGzipModule

    client_max_body_size 128M;
    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/MYDOMAIN.com-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

不确定这是否重要,但我不希望我的整个网站都使用 SSL,只希望使用特定的路由(我在应用程序中指定,本地运行良好)。我是否仍需要443在该文件中添加侦听器?权限问题也让我很困惑。非常感谢任何帮助!

额外的

运行时我还收到以下错误nginx -t

nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2015/08/06 07:59:21 [warn] 5972#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2015/08/06 07:59:21 [emerg] 5972#0: open() "/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed

答案1

答案2

我在我的 Forge 服务器上遇到了完全相同的问题,创建日志目录解决了该问题:

cd /usr/share/nginx;
sudo mkdir logs

答案3

http您需要为和拥有单独的虚拟主机https。并且您必须仅在块中指定 TLS 密钥https

在您当前的配置中,您有一个端口https服务器http,它根本无法工作。

答案4

我重启时遇到了类似的问题Nginx并发现这是操作系统请务必在禁用 SeLinux 或临时将其设置为宽容使用以下命令模式:

setenforce 0

我在日志文件中看到的错误经过上述调整后已修复:

[emerg] 21285#0: open() "/var/www/html/amaeka/logs/access.log" failed (13: Permission denied) [emerg] 21301#0: open() "/var/www/html/amaeka/logs/access.log" failed (13: Permission denied)

相关内容