我收到 SSL 错误,我的网站
但它总是给我 ERR_CONNECTION_REFUSED
sudo netstat -anp |grep :443|监听
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1165/nginx
tcp6 0 0 :::443 :::* LISTEN 1165/nginx
sudo netstat --numeric -l -p -A ip | grep tcp
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1130/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1165/nginx
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1241/php-fpm.conf)
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1214/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1165/nginx
root@05A:~# sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
443/tcp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
23.253.246.119 443/tcp ALLOW IN Anywhere
443/tcp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
-------------------nginx.conf-------------------------------------------
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
autoindex off;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
#include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
log_format main '$remote_addr - $remote_user [$time_local] "$request "'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
map $scheme $fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}
keepalive_timeout 10;
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;
}
- - - - - - - - - -默认 - - - - - - - - - - - - - -
server {
listen 80;
server_name pontebuso.com;
add_header Access-Control-Allow-Origin sub.pontebuso.com;
root /home/sites/pontebuso/;
autoindex off;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
access_log off;
expires max;
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location @handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off; ## Do not cache dynamic content
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
}
-------------------pontebuso.conf-------------------------------------------
#server {
# listen 80;
# server_name localhost;
# rewrite ^/(.*) https://pontebuso.com/$1 permanent;
# }
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/pontebuso.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/pontebuso.key;
server_name pontebuso.com;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
add_header Access-Control-Allow-Origin sub.pontebuso.com;
root /home/sites/pontebuso/;
autoindex off;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
access_log off;
expires max;
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location @handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off; ## Do not cache dynamic content
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
}
答案1
我发布这个不是最终答案,而是一个正在进行中的答案。我修改了您的配置文件pontebuso.conf,但它可能还不起作用。我注释掉了其中的一些部分,因为我认为它们对于第一个可行的解决方案来说不是必需的。当基本配置正常工作时,它们可能会在稍后添加。我假设您正在运行一个 wordpress 博客?此外,您的配置显示 nginx 正在将错误日志写入error_log /var/log/nginx/nginx.vhost.error.log;。有关更多帮助,内容确实很重要。如果文件为空,则可能存在另一个配置错误问题。
编辑:删除了配置部分。不知道它应该为 magento 商店提供服务。请查看https://www.ashsmith.io/2012/12/creating-a-faster-magento-store-part-one-server-setup/并省略 varnish 部分。检查你的 nginx 配置并将其与网站建议的配置进行比较。