Nginx HTTPS 连接 443 端口被拒绝

Nginx HTTPS 连接 443 端口被拒绝

我已经在 Nginx 服务器上设置了 LetsEncrypt,但无法通过 https 连接。如果我运行

curl https://my.domain.com

然后我收到错误

curl: (7) Failed to connect to my.domain.com port 443: Connection refused

因此,由于某种原因,我的 Nginx 服务器没有监听端口 443。如果我运行“sudo netstat -anltp”,那么我肯定可以看到这个

tcp        0      0 0.0.0.0:4747            0.0.0.0:*               
LISTEN      16145/sshd      
tcp        0      0 0.0.0.0:111             0.0.0.0:*               
LISTEN      155/rpcbind     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               
LISTEN      15413/nginx: master
tcp        0      0 0.0.0.0:25              0.0.0.0:*               
LISTEN      507/master      
tcp        0      0 168.235.68.234:4747     204.148.137.74:10163    
ESTABLISHED 17096/0         
tcp6       0      0 :::4747                 :::*                    
LISTEN      16145/sshd      
tcp6       0      0 :::111                  :::*                    
LISTEN      155/rpcbind     
tcp6       0      0 :::80                   :::*                    
LISTEN      15413/nginx: master
tcp6       0      0 :::25                   :::*                    
LISTEN      507/master     

我的站点可用配置文件:

server {

    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;

    root /var/www/my_domain/html/;
    index index.html index.htm index.php;

    server_name my.domain.com;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/my_domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/my_domain.com/privkey.pem;



    location / {
            root /var/www/my_domain.com/html/;
            index index.html index.php;
    }

    location /robots.txt/ {
            root /var/www/my_domain.com/html/robots.txt;

    }

    location /.well-known/acme-challenge {
            root /var/www/letsencrypt;
    }

我的Nginx.conf:

worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

load_module /etc/nginx/modules/ngx_http_fancyindex_module.so;
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    include /etc/nginx/sites-enabled/*;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] 
"$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
   }

# HTTPS server
    #
    #server {
        #listen       443 ssl;
        #server_name  localhost;

        #ssl_certificate 
/etc/letsencrypt/live/my.domain.com/fullchain.pem;
        #ssl_certificate_key  
/etc/letsencrypt/live/my.domain.com/privkey.pem;

        #ssl_session_cache    shared:SSL:1m;
        #ssl_session_timeout  5m;

        #ssl_ciphers  HIGH:!aNULL:!MD5;
        #ssl_prefer_server_ciphers  on;

        #location / {
            #root   html;
            #index  index.html index.htm;
        #}
    #}


}

我的 UFW 状态:

To                         Action      From
--                         ------      ----
22                         DENY        Anywhere                  
4747                       DENY        Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
22 (v6)                    DENY        Anywhere (v6)             
4747 (v6)                  DENY        Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6) 

希望我的两个 conf 文件不要太乱。如果有人知道为什么端口 443 被拒绝,我将不胜感激。我想这可能与我的 .key 文件的位置有关,但不确定。运行“nginx -t”也没有错误。

是的,我知道这篇文章NGINX 不会监听端口 443存在,但它被投票为“离题”,因为创建者放弃了该帖子,所以没有找到解决方案。

答案1

您的配置文件位于目录中sites-available,但您的 nginx 配置包含来自的文件sites-enabled。您必须将文件移动到正确的目录,或者,如果您更喜欢 Debian 方式,请在中创建指向配置文件的符号链接sites-enabled。然后重新启动或重新加载 nginx。

答案2

我遇到过类似的情况。就我而言,我尝试加载的网站的 sites-enabled 目录中的权限不同。我取消了无法连接的网站的链接,然后重新链接。现在该网站的加载效果与其他网站一样好。lrwxrwxrwx

相关内容