nginx 显示默认页面而不是网站

nginx 显示默认页面而不是网站

nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";
    gzip_static on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    server {
        # If your host is not IPv6 ready use listen 80; here.
        # Add ipv6only=off to your listen directive that has default_server.
        # Or this one if this is your only vhost. Do not add it to both!
      listen [::]:80;
      server_name iitians.xyz www.iitians.xyz;

      location / {
        return 301 https://$server_name$request_uri;
      }
    }


    server {
      listen [::]:443 ssl;  # Same rules as for listen [::]:80 apply.

      server_name www.iitians.xyz;

      location / {
        return 301 https://iitians.xyz$request_uri;
      }

      # SSL setup

          # This file should also include any necessary intermediate certificates.
          # For example for StartSSL that would be https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
          # For Let's Encrypt use /etc/letsencrypt/live/diaspora.example.org/fullchain.pem
          # and /etc/letsencrypt/diaspora.example.org/privkey.pem
      ssl_certificate /etc/letsencrypt/live/iitians.xyz/cert.pem;
      ssl_certificate_key /etc/letsencrypt/live/iitians.xyz/privkey.pem;

          # Taken from https://wiki.mozilla.org/Security/Server_Side_TLS
          # You might want to make these global

          # generate with openssl dhparam 2048 > /path/to/dhparam.pem
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
      ssl_session_timeout 5m;
      ssl_prefer_server_ciphers on;
      ssl_session_cache shared:SSL:50m;
    }

    # Actual proxy

    server {
      listen [::]:443 ssl; # Same rules as for listen [::]:80 apply.
      server_name iitians.xyz;
      root /home/diaspora/diaspora/public;

        # Configure maximum picture size
        # Note that Diaspora has a client side check set at 4M
      client_max_body_size 5M;
      client_body_buffer_size 256K;

        # SSL setup

        # This file should also include any necessary intermediate certificates.
        # For example for StartSSL that would be https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
        # For Let's Encrypt use /etc/letsencrypt/live/diaspora.example.org/fullchain.pem
        # and /etc/letsencrypt/diaspora.example.org/privkey.pem
      ssl_certificate /etc/letsencrypt/live/iitians.xyz/cert.pem;
      ssl_certificate_key /etc/letsencrypt/live/iitians.xyz/privkey.pem;

        # Taken from https://wiki.mozilla.org/Security/Server_Side_TLS
        # You might want to make these global

        # generate with openssl dhparam 2048 > /path/to/dhparam.pem
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
      ssl_session_timeout 5m;
      ssl_prefer_server_ciphers on;
      ssl_session_cache shared:SSL:50m;

        # Proxy if requested file not found
      try_files $uri @diaspora;

      location /assets/ {
        expires max;
        add_header Cache-Control public;
      }

        # Camo support
        #location /camo/ {
        #  proxy_redirect off;
        #  proxy_pass http://camo/;
        #  break;
        #}

       location @diaspora {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto https;
         proxy_set_header Host $http_host;
         proxy_redirect off;

         proxy_pass http://127.0.0.1:8080;
       }
    }

      # Proxy destination
      # Add as many server directives as you want
      # Also takes a socket, like unix:/path/to/some/socket.sock
    upstream diaspora_server {
      server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
    }

      # Camo support
      #upstream camo {
      #  server 127.0.0.1:8081;
      #}  

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

默认位于 /etc/nginx/sites-available

# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#   listen 80;
#   listen [::]:80;
#
#   server_name example.com;
#
#   root /var/www/example.com;
#   index index.html;
#
#   location / {
#       try_files $uri $uri/ =404;
#   }
#}

server {

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;
    server_name iitians.xyz www.iitians.xyz; # managed by Certbot


    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #   include snippets/fastcgi-php.conf;
    #
    #   # With php7.0-cgi alone:
    #   fastcgi_pass 127.0.0.1:9000;
    #   # With php7.0-fpm:
    #   fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #   deny all;
    #}


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/iitians.xyz/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/iitians.xyz/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



}
server {
    if ($host = www.iitians.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = iitians.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 ;
    listen [::]:80 ;
    server_name iitians.xyz www.iitians.xyz;
    return 404; # managed by Certbot




}






nginx -t

nginx:[alert] 无法打开错误日志文件:open()“/var/log/nginx/error.log”失败(13:权限被拒绝)2019/06/29 23:13:42 [warn] 4552#4552:“user”指令仅当主进程以超级用户权限运行时才有意义,在/etc/nginx/nginx.conf:1中被忽略 2019/06/29 23:13:42 [emerg] 4552#4552:BIO_new_file(“/etc/letsencrypt/live/iitians.xyz/cert.pem”)失败(SSL:错误:0200100D:系统库:fopen:权限被拒绝:fopen('/etc/letsencrypt/live/iitians.xyz/cert.pem','r')错误:2006D002:BIO例程:BIO_new_file:system lib)nginx:配置文件/etc/nginx/nginx.conf测试失败

相关内容