将 SSL 证书添加到页面并尝试使用命令时:
这是我正在使用的配置:
server {
listen 80 default_server;
server_name piotrzak.design;
rewrite ^/(.*) https://piotrzak.design/$1 permanent;
listen [::]:80 default_server;
server_name piotrzak.design;
ssl_certificate /home/pz/piotrzak.design.chained.pem;
ssl_certificate_key /home/pz/piotrzak.design.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /home/pz/Potfolio-v.1.0.1;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name piotrzak.design;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
autoindex on;
try_files $uri $uri/ =404;
root /home/pz/Portfolio-v.1.0.1;
proxy_pass http://167.99.140.31:85;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
我应该在哪里找到此类错误的解决方案?
编辑:
1) 输入:systemctl -l 状态 nginx
输出:
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2018-08-17 19:51:40 UTC; 2h 11min ago
Process: 16205 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Process: 16481 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Main PID: 1637 (code=exited, status=0/SUCCESS)
2)输入:sudo nginx -t
输出 :
nginx: [emerg] BIO_new_file("/home/sammy/piotrzak.design.chained.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/home/sammy/piotrzak.design.chained.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
谢谢,这个命令告诉我错误在哪里,我需要更正路径,当我这样做时,下一个错误是:
1)输入:sudo nginx -t
输出 :
nginx: [emerg] PEM_read_bio_X509_AUX("/home/pz/piotrzak.design.chained.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed
编辑#2:
嗯,目前证书提供了4个文件:
a) 企业社会责任
b)私钥
c) 中级证书(这里有 4 个密钥)
d) SSL 证书
因此,创建:
domain.key-私钥
domain.pem-证书
middle.pem-从中间文件复制一个密钥到这里
答案1
该消息Expecting: TRUSTED CERTIFICATE表明证书文件存在问题("/home/pz/piotrzak.design.chained.crt")
事实上,您的 crt 文件的名称中包含“chained”,这看起来像是一个问题。
我建议将文件名从 crt 更改为 pem,看看 NGINX 是否更喜欢这样。
如果失败,您的链式文件是否仅包含公共证书和中间证书?如果不是,我会尝试仅包含这两个证书的 pem。