我已经在 Nginx 服务器上设置了 LetsEncrypt,但无法通过 https 连接。如果我运行
curl https://my.domain.com
然后我收到错误
curl: (7) Failed to connect to my.domain.com port 443: Connection refused
因此,由于某种原因,我的 Nginx 服务器没有监听端口 443。如果我运行“sudo netstat -anltp”,那么我肯定可以看到这个
tcp 0 0 0.0.0.0:4747 0.0.0.0:*
LISTEN 16145/sshd
tcp 0 0 0.0.0.0:111 0.0.0.0:*
LISTEN 155/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 15413/nginx: master
tcp 0 0 0.0.0.0:25 0.0.0.0:*
LISTEN 507/master
tcp 0 0 168.235.68.234:4747 204.148.137.74:10163
ESTABLISHED 17096/0
tcp6 0 0 :::4747 :::*
LISTEN 16145/sshd
tcp6 0 0 :::111 :::*
LISTEN 155/rpcbind
tcp6 0 0 :::80 :::*
LISTEN 15413/nginx: master
tcp6 0 0 :::25 :::*
LISTEN 507/master
我的站点可用配置文件:
server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
root /var/www/my_domain/html/;
index index.html index.htm index.php;
server_name my.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/my_domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my_domain.com/privkey.pem;
location / {
root /var/www/my_domain.com/html/;
index index.html index.php;
}
location /robots.txt/ {
root /var/www/my_domain.com/html/robots.txt;
}
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
我的Nginx.conf:
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
load_module /etc/nginx/modules/ngx_http_fancyindex_module.so;
events {
worker_connections 1024;
}
http {
include mime.types;
include /etc/nginx/sites-enabled/*;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTPS server
#
#server {
#listen 443 ssl;
#server_name localhost;
#ssl_certificate
/etc/letsencrypt/live/my.domain.com/fullchain.pem;
#ssl_certificate_key
/etc/letsencrypt/live/my.domain.com/privkey.pem;
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
#location / {
#root html;
#index index.html index.htm;
#}
#}
}
我的 UFW 状态:
To Action From
-- ------ ----
22 DENY Anywhere
4747 DENY Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
22 (v6) DENY Anywhere (v6)
4747 (v6) DENY Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
希望我的两个 conf 文件不要太乱。如果有人知道为什么端口 443 被拒绝,我将不胜感激。我想这可能与我的 .key 文件的位置有关,但不确定。运行“nginx -t”也没有错误。
是的,我知道这篇文章NGINX 不会监听端口 443存在,但它被投票为“离题”,因为创建者放弃了该帖子,所以没有找到解决方案。
答案1
您的配置文件位于目录中sites-available,但您的 nginx 配置包含来自的文件sites-enabled。您必须将文件移动到正确的目录,或者,如果您更喜欢 Debian 方式,请在中创建指向配置文件的符号链接sites-enabled。然后重新启动或重新加载 nginx。
答案2
我遇到过类似的情况。就我而言,我尝试加载的网站的 sites-enabled 目录中的权限不同。我取消了无法连接的网站的链接,然后重新链接。现在该网站的加载效果与其他网站一样好。lrwxrwxrwx