服务器中没有定义“ssl_certificate”

服务器中没有定义“ssl_certificate”

尝试设置我的常规网络服务器,并遇到这个障碍,无论我如何尝试都不起作用,这是我已经做过数百次的事情,但我没有主意了。

典型的 Web 服务器设置,centos 8 在 pm2 上运行节点进程,firewall-cmd 带有 http、https 和我的应用程序的端口,访问 http://ip:port 时应用程序运行良好。

我已将域名指向服务器并确认它指向该服务器并已解析。

问题出现在尝试使用 let's encrypt 证书设置 nginx 时,在浏览器中访问域时/var/log/nginx/error.log出现错误。以下是我的 nginx conf 文件。no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking

nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

默认配置文件

server {
  listen       80 default_server;
  listen       443 ssl default_server;
  listen       [::]:80 default_server;
  listen       [::]:443 ssl default_server;

  server_name  _;

  root          /var/www/;
  index index.html index.htm index.nginx-debian.html;

  include /etc/nginx/default.d/*.conf;

  location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
    add_header Access-Control-Allow-Origin "*";
    expires 7d;
    access_log off;
  }

  location / {
    try_files $uri $uri/ =404;
  }

  error_page 404 /404.html;
      location = /40x.html {
  }

  error_page 500 502 503 504 /50x.html;
      location = /50x.html {
  }

  #return 301 http://$host$request_uri;
}

我的网站配置文件

server {
  server_name www.mywebsite.com;
  return 301 https://mywebsite.com;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = mywebsite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  server_name mywebsite.com;
  return 301 https://$host$request_uri;


}

server {
  listen 443 ssl;
  server_name mywebsite.com;

  location / {
          proxy_set_header        Host $host;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_pass              "http://127.0.0.1:3100";
          proxy_redirect http:// https://;
  }

    ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
}
server {
    if ($host = www.mywebsite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  server_name www.mywebsite.com;
    return 404; # managed by Certbot
}

所有文件都存在,nginx 配置没有错误。有什么想法吗?如果您需要更多信息,请告诉我。

答案1

您的默认虚拟主机配置为侦听 IPv4 和 IPv6:

listen       80 default_server;
listen       443 ssl default_server;
listen       [::]:80 default_server;
listen       [::]:443 ssl default_server;

但是,您的其他虚拟主机仅监听 IPv4:

listen 443 ssl; # managed by Certbot
listen 80;
listen 443 ssl;
listen 80;

由于默认 vhost 没有配置任何 SSL 密钥,这意味着当通过 IPv6 连接时,nginx 没有任何东西可用。

要解决此问题,请向其他虚拟主机添加 IPv6 的监听指令。

相关内容