使用 NGINX 和 SSL 时的问题

使用 NGINX 和 SSL 时的问题

将 SSL 证书添加到页面并尝试使用命令时:

这是我正在使用的配置:

server {
        listen 80 default_server;
        server_name piotrzak.design;
        rewrite ^/(.*) https://piotrzak.design/$1 permanent;
        listen [::]:80 default_server;



        server_name piotrzak.design;
        ssl_certificate /home/pz/piotrzak.design.chained.pem;
        ssl_certificate_key /home/pz/piotrzak.design.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        # SSL configuration
        #
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /home/pz/Potfolio-v.1.0.1;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name piotrzak.design;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                autoindex on;
                try_files $uri $uri/ =404;
                root /home/pz/Portfolio-v.1.0.1;

                proxy_pass http://167.99.140.31:85;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

我应该在哪里找到此类错误的解决方案?


编辑:

1) 输入:systemctl -l 状态 nginx

输出:

 nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2018-08-17 19:51:40 UTC; 2h 11min ago
  Process: 16205 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
  Process: 16481 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
 Main PID: 1637 (code=exited, status=0/SUCCESS)

2)输入:sudo nginx -t

输出 :

nginx: [emerg] BIO_new_file("/home/sammy/piotrzak.design.chained.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/sammy/piotrzak.design.chained.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

谢谢,这个命令告诉我错误在哪里,我需要更正路径,当我这样做时,下一个错误是:

1)输入:sudo nginx -t

输出 :

nginx: [emerg] PEM_read_bio_X509_AUX("/home/pz/piotrzak.design.chained.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed

编辑#2:

嗯,目前证书提供了4个文件:

a) 企业社会责任

b)私钥

c) 中级证书(这里有 4 个密钥)

d) SSL 证书

因此,创建:

domain.key-私钥

domain.pem-证书

middle.pem-从中间文件复制一个密钥到这里

答案1

该消息Expecting: TRUSTED CERTIFICATE表明证书文件存在问题("/home/pz/piotrzak.design.chained.crt")

事实上,您的 crt 文件的名称中包含“chained”,这看起来像是一个问题。

我建议将文件名从 crt 更改为 pem,看看 NGINX 是否更喜欢这样。

如果失败,您的链式文件是否仅包含公共证书和中间证书?如果不是,我会尝试仅包含这两个证书的 pem。

相关内容