在配置多个域和一些子域在 nginx 下运行后,我设法使多个服务器块正常工作。仍然留下如下所示的混乱结果。
这是在设置多个域之后,使用 certbot 创建证书并编辑 nginx 配置文件。
查看 nginx 配置文件,如果原始默认配置文件中删除注释行,显然会干净得多。在默认配置文件中仍然可以看到一些奇怪的域服务器块重复。
我使用 nginx 为 domain.tld 和 www.domain.tld 提供的静态文件,并使用 nodejs 为 blah.domain.tld 提供服务,但这种组合将来可能会有所不同。
那么,关于好/坏做法,我有几个简单的问题。 - 一个证书涵盖 domain.tld、www.domain.tld 和 blah.domain.tld ? - /etc/nginx/sites-available/default 是否应排除对 /etc/nginx/sites-available/domain.tld 中配置的各个域的所有服务器块引用? - certbot 似乎编辑了 /etc/nginx/sites-available/default 以添加对各个域配置的引用。我不愿意编辑 certbot 编辑的任何配置文件,但混乱的重复文件表明可以进行清理。
另外:可疑的符号可能是什么?
sudo nginx -t
nginx: [warn] server name "blah.domain.tld/" has suspicious symbols in /etc/nginx/sites-enabled/blah.domain.tld:41
nginx: [warn] conflicting server name "www.domain.tld" on [::]:443, ignored
nginx: [warn] conflicting server name "blah.domain.tld" on [::]:443, ignored
nginx: [warn] conflicting server name "www.domain.tld" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "blah.domain.tld" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.domain.tld" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "blah.domain.tld" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.domain.tld" on [::]:80, ignored
nginx: [warn] conflicting server name "blah.domain.tld" on [::]:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
下一个区块
ubuntu@blah:/etc/nginx/sites-available$ grep -rn ' domain.tld' /etc/nginx/sites-available/
/etc/nginx/sites-available/domain.tld:39: server_name domain.tld;
/etc/nginx/sites-available/domain.tld:96: if ($host = domain.tld) {
/etc/nginx/sites-available/domain.tld:104: server_name domain.tld;
下一个区块
ubuntu@blah:/etc/nginx/sites-available$ grep -rn ' www.domain.tld' /etc/nginx/sites-available/
/etc/nginx/sites-available/blah.domain.tld:110: server_name www.domain.tld; # managed by Certbot
/etc/nginx/sites-available/blah.domain.tld:148: if ($host = www.domain.tld) {
/etc/nginx/sites-available/blah.domain.tld:155: server_name www.domain.tld;
/etc/nginx/sites-available/default:110: server_name www.domain.tld; # managed by Certbot
/etc/nginx/sites-available/default:148: if ($host = www.domain.tld) {
/etc/nginx/sites-available/default:155: server_name www.domain.tld;
下一个区块
ubuntu@blah:/etc/nginx/sites-available$ grep -rn ' blah.domain.tld' /etc/nginx/sites-available/
/etc/nginx/sites-available/blah.domain.tld:41: server_name blah.domain.tld/;
/etc/nginx/sites-available/blah.domain.tld:182: server_name blah.domain.tld; # managed by Certbot
/etc/nginx/sites-available/blah.domain.tld:219: if ($host = blah.domain.tld) {
/etc/nginx/sites-available/blah.domain.tld:226: server_name blah.domain.tld;
/etc/nginx/sites-available/default:182: server_name blah.domain.tld; # managed by Certbot
/etc/nginx/sites-available/default:219:
if ($host = blah.domain.tld) {
/etc/nginx/sites-available/default:226: server_name blah.domain.tld;
答案1
出现“服务器名称冲突”问题的原因可能是您配置了 2 个不同的服务器块来监听同一个 uri。一个用于 ipv6,一个用于 ipv4
我认为您应该创建 1 个服务器块,同时监听 ipv4 和 ipv6。
答案2
对于这个问题的混乱,我深表歉意,并感谢您的初步答复,睡了一觉之后,解决办法就显而易见了。
- certbot 在 /etc/nginx/sites-available/default 中插入服务器块,导致 *.domain.tld 的服务器块重复
- 将 /etc/nginx/sites-available/*.domain.tld 从 /etc/nginx/sites-available/ 中移出,消除了大量“nginx:[警告] 服务器名称冲突”消息。
- /etc/nginx/sites-available/default 中的小修复,以确保 http | https | www.domain.tld | domain.tld | subdomain.domain.tld 的所有变体均按预期处理。
下面是现在正在运行的 /etc/nginx/sites-available/default 的副本。显然,为了最佳实践,这应该分成默认、domain.tld 和 subdomain.domain.tld,并清理符号链接。
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
server {
root /var/www/domain.tld/html;
index index.html;
server_name www.domain.tld domain.tld; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
#redirect from http to https for www.domain.tld
server {
if ($host = www.domain.tld) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.domain.tld;
return 404; # managed by Certbot
}
#redirect from http to https for domain.tld
server {
if ($host = domain.tld) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name domain.tld;
return 404; # managed by Certbot
}
server {
root /var/www/subdomain.domain.tld/html;
index index.html;
server_name subdomain.domain.tld; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
proxy_pass http://localhost:4000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = subdomain.domain.tld) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name subdomain.domain.tld;
return 404; # managed by Certbot
}
潜在的问题是,当为子域添加证书时,certbot 似乎默认复制服务器块,而为域创建了原始证书。
修复方法是删除单独的服务器配置文件,默认清理所有服务器块直到正常工作。