个人中心
gpt4 book ai didi

ssl - nginx ssl_certificate 指令在服务器 block 内不起作用,浏览器显示 ERR_CONNECTION_CLOSED 或 ERR_CONNECTION_RESET

转载 作者:太空宇宙 更新时间:2023-11-03 13:16:17 26 4
gpt4 key购买 nike

我正在尝试使用 Nginx v1.8.0 从单个 VPS 中为多个 TLS 安全域提供服务,但出于某种原因,它只是没有在服务器 block 中进行证书配置。当我将 ssl_certificatessl_certificate_key 指令放在 http block 中时,它工作正常。但是当我尝试将它们放入服务器 block 时,启动时没有错误,日志中也没有任何错误,但是 chrome 给我一条 ERR_CONNECTION_CLOSED 消息。这必须比看起来容易....

这是有效的设置:

nginx -V 输出:

nginx version: nginx/1.8.0
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04) 
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled

我的主要 nginx.conf:

user  http;
worker_processes  3;
pid /var/run/nginx.pid;

error_log  /var/log/nginx_error.log error;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  text/plain;
    sendfile        on;
    keepalive_timeout  65;
    index index.php index.html;

    log_format  main  '$remote_addr - $remote_user [$time_local], "$scheme://$host$request_uri", '
                    'file: "$request_filename", http: $status, sent: $body_bytes_sent, ref: "$http_referer", '
                    '"$http_user_agent", "$http_x_forwarded_for"';

    access_log /var/log/nginx_access.log main;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    server {
      listen 80;
      server_name "";
      return 410;
    }

    ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
    include vhosts/*.conf;
}

我的 vhosts 目录列表:

site1.conf
site2.conf

最后,我的 site1.conf 文件(site2.conf 本质上是一样的):

# Server block that redirects www.site1.com requests to site1.com
server {
  listen 443;
  server_name www.site1.com;
  return 301 https://site1.com$request_uri;
}

# Server block that serves site1.com;
server {
  listen 443 ssl;
  server_name  site1.com;
  root /srv/www/site1/public_html;
  index index.php index.html index.htm;

  error_log /var/log/nginx_err_site1.log error;
  access_log /var/log/nginx_acc_site1.log main;

  include global_restrictions.conf;

  location / {
    try_files $uri /index.php?q=$uri&$args;
  }

  location ~ \.php$ {
    try_files $uri = 404;
    include        fastcgi_params;
    fastcgi_pass   unix:/var/run/php-fpm_site1.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }
}

如您所见,ssl... 指令位于主配置文件 http block 中。该配置工作正常。但是,如果我从该位置删除它们,并将它们放入 site1.conf 虚拟主机文件的服务器 block 中,如下所示,我会收到 ERR_CONNECTION_CLOSED 错误。

# Server block that redirects www.site1.com requests to site1.com
server {
  listen 443;
  server_name www.site1.com;
  return 301 https://site1.com$request_uri;
}

# Server block that serves site1.com;
server {
  listen 443 ssl;
  server_name  site1.com;
  root /srv/www/site1/public_html;
  index index.php index.html index.htm;

  ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;

  error_log /var/log/nginx_err_site1.log error;
  access_log /var/log/nginx_acc_site1.log main;

  include global_restrictions.conf;

  location / {
    try_files $uri /index.php?q=$uri&$args;
  }

  location ~ \.php$ {
    try_files $uri = 404;
    include        fastcgi_params;
    fastcgi_pass   unix:/var/run/php-fpm_site1.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }
}

我就是想不通!

感谢您提供的任何帮助。

最佳答案

一个多月后才回到这个问题(好吧,所以我的发布有点延迟,无论如何!;))。

的确,答案和我想象的一样简单。

我看过那些小“www”。将 block 重定向为简单的反弹,出于某种原因,我觉得我不必在这些 block 中包含有关证书的信息。但是,由于安全连接的工作方式,服务器必须在发出响应(即重定向指令)之前完全建立安全连接,所以因为我没有在那些小的重定向 block 中包含证书信息,所以它给了我错误(令人沮丧的是,它没有告诉我这些错误是什么)。

所以最后,解决方案就是在每个监听端口 443 的服务器 block 中添加有效的 ssl_certificatessl_certificate_key 指令。现在一切正常!

为了充分说明这一点,这是我更新后的工作 site1.conf(和 site2.conf,几乎完全相同):

# Server block that redirects www.site1.com requests to site1.com
server {
  listen 443 ssl;
  server_name www.site1.com;
  ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
  return 301 https://site1.com$request_uri;
}

# Server block that serves site1.com requests
server {
  listen 443 ssl;
  server_name  site1.com www.site1.com;
  root /srv/www/site1/public_html;
  ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
  index index.php index.html index.htm;

  error_log /var/log/nginx_err_site1.log error;
  access_log /var/log/nginx_acc_site1.log main;

  include global_restrictions.conf;

  location / {
    try_files $uri /index.php?q=$uri&$args;
  }

  location ~ \.php$ {
    try_files $uri = 404;
    include        fastcgi_params;
    fastcgi_pass   unix:/var/run/php-fpm_site1.sock;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }
}

我的 nginx.conf 文件现在不再包含 ssl_certificate 行。

关于ssl - nginx ssl_certificate 指令在服务器 block 内不起作用,浏览器显示 ERR_CONNECTION_CLOSED 或 ERR_CONNECTION_RESET,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35677044/

26 4 0
文章推荐: python - 如何在 python 中将 float ('nan' ) 转换为二进制?
文章推荐: Python:检索受 SQL DELETE 查询影响的行数
文章推荐: python - 在 python 中复制时排除一些子文件夹(我使用 copytree)
文章推荐: django - SSL 证书未正确安装在 nginx 网络服务器上(Django 网络应用程序)
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com