我在 centos7 服务器上通过 nginx 设置了一些虚拟主机。我使用 letsencrypt certbot 获取证书。默认情况下,certbot 将 vhost 信息写入文件/etc/nginx/nginx.conf。这不是我想要的行为。我使用/sites-available和/site-enabled文件夹,每个 vhost 都有单独的 .conf 文件。如果我连接到在中列出了 vhost 和 ssl 信息的站点,nginx.conf它就可以正常工作。但是,如果我将指令复制出来并将它们放在site-available文件夹中的新 conf 文件中(带有符号链接sites-enabled),它会提供错误的证书。它提供与另一个 vhost 相关的证书。我真的很想将我的 vhost 配置保存在单独的文件中,而不是将它们构建到 nginx.conf 中,但我似乎无法做到这一点。
更新:
根据要求,以下是我的调用内容nginx -T。不过,conf 之外的任何服务器块均未显示在此处。它们通过以下行加载include /etc/nginx/sites-enabled/*.conf。
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server_names_hash_bucket_size 128;
server {
server_name stairwell-soundboard-api.lonewolfdigital.com; # managed by Certbot
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/stairwell-soundboard-api.lonewolfdigital.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/stairwell-soundboard-api.lonewolfdigital.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = stairwell-soundboard-api.lonewolfdigital.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name stairwell-soundboard-api.lonewolfdigital.com;
return 404; # managed by Certbot
}
}
# configuration file /usr/share/nginx/modules/mod-http-image-filter.conf:
load_module "/usr/lib64/nginx/modules/ngx_http_image_filter_module.so";
# configuration file /usr/share/nginx/modules/mod-http-perl.conf:
load_module "/usr/lib64/nginx/modules/ngx_http_perl_module.so";
# configuration file /usr/share/nginx/modules/mod-http-xslt-filter.conf:
load_module "/usr/lib64/nginx/modules/ngx_http_xslt_filter_module.so";
# configuration file /usr/share/nginx/modules/mod-mail.conf:
load_module "/usr/lib64/nginx/modules/ngx_mail_module.so";
# configuration file /usr/share/nginx/modules/mod-stream.conf:
load_module "/usr/lib64/nginx/modules/ngx_stream_module.so";
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/letsencrypt/options-ssl-nginx.conf:
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "THIS-CONTENT-REMOVED";
更新2
我的 /etc/nginx/sites-enabled/stairwell-soundboard-player.lonewolfdigital.com.conf 文件
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name stairwell-soundboard-player.lonewolfdigital.com; # managed by Certbot
root /opt/soundboard-player/build;
index index.html index.htm;
location / {
try_files $uri /index.html;
}
ssl_certificate /etc/letsencrypt/live/stairwell-soundboard-player.lonewolfdigital.com/fullchain.pem; #managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/stairwell-soundboard-player.lonewolfdigital.com/privkey.pem; #managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = stairwell-soundboard-player.lonewolfdigital.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name stairwell-soundboard-player.lonewolfdigital.com;
return 404; # managed by Certbot
}
更新 3:
根据要求,这是两个文件夹的输出
可用站点:
➜ ~ cd /etc/nginx/sites-available
➜ sites-available ls -l
total 24
-rw-r--r-- 1 root root 612 Feb 15 2018 draft.indygaa.com.conf
-rw-r--r-- 1 root root 1492 Oct 28 14:49 fullcontactmotherhood.conf
-rw-r--r-- 1 root root 424 Oct 25 2017 indygaa.com.conf
-rw-r--r-- 1 root root 639 Sep 7 2019 lonewolfdigital.com.conf
-rw-r--r-- 1 root root 996 Oct 29 21:43 stairwell-soundboard-player.lonewolfdigital.com
-rw-r--r-- 1 root root 556 Oct 27 20:39 webhooks.lonewolfdigital.com.conf
已启用站点:
➜ sites-available cd ../sites-enabled
➜ sites-enabled ls -l
total 8
lrwxrwxrwx 1 root root 53 Oct 29 21:05 fullcontactmotherhood.conf -> /etc/nginx/sites-available/fullcontactmotherhood.conf
lrwxrwxrwx 1 root root 51 Oct 29 21:44 lonewolfdigital.com.conf -> /etc/nginx/sites-available/lonewolfdigital.com.conf
lrwxrwxrwx 1 root root 74 Oct 28 15:33 stairwell-soundboard-player.lonewolfdigital.com -> /etc/nginx/sites-available/stairwell-soundboard-player.lonewolfdigital.com
lrwxrwxrwx 1 root root 60 Oct 29 21:07 webhooks.lonewolfdigital.com.conf -> /etc/nginx/sites-available/webhooks.lonewolfdigital.com.conf
答案1
您的包含行是,include /etc/nginx/sites-enabled/*.conf;因此您要包含以 .conf 结尾的文件。根据我的要求,您启用站点的 vhost 配置文件是:
➜ sites-available cd ../sites-enabled
➜ sites-enabled ls -l
total 8
lrwxrwxrwx 1 root root 53 Oct 29 21:05 fullcontactmotherhood.conf -> /etc/nginx/sites-available/fullcontactmotherhood.conf
lrwxrwxrwx 1 root root 51 Oct 29 21:44 lonewolfdigital.com.conf -> /etc/nginx/sites-available/lonewolfdigital.com.conf
lrwxrwxrwx 1 root root 74 Oct 28 15:33 stairwell-soundboard-player.lonewolfdigital.com -> /etc/nginx/sites-available/stairwell-soundboard-player.lonewolfdigital.com
lrwxrwxrwx 1 root root 60 Oct 29 21:07 webhooks.lonewolfdigital.com.conf -> /etc/nginx/sites-available/webhooks.lonewolfdigital.com.conf`
请注意,stairwell-soundboard-player.lonewolfdigital.com 不是以 .conf 结尾,而是以 .com 结尾。删除该链接并创建一个以 .conf 结尾的新链接,然后重新加载您的 nginx:
ln -s /etc/nginx/sites-enabled/stairwell-soundboard-player.lonewolfdigital.com.conf /etc/nginx/sites-available/stairwell-soundboard-player.lonewolfdigital.com
systemctl reload nginx