我不明白nginx从哪里得到监听ssl来自的指令。它阻止nginx启动。。。
/doker-entrypoint.sh:配置完成;准备启动
2020/11/16 10:25:45[emerg]1:否;ssl_证书";定义为";听ssl";etc/nginx/conf.d/default.conf:28 中的指令
nginx:[emerg]no"ssl_证书";定义为";听ssl";/etc/nginx/conf.d/default.conf:28 中的指令
my conf.d/default.conf:
# redirect all traffic to https
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# return 301 https://$host$request_uri;
#}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Write Access and Error logs
access_log /var/log/nginx/.access.log;
error_log /var/log/nginx/error.log;
# CertBot needs either port 80 or 443 open to connect to the
location ^~ /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# location / {
# return 301 https://$host$request_uri;
# }
}
server {
listen 443;
listen [::]:443;
server_name _;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
# Certificates
# ssl_certificate /etc/letsencrypt/live/.../fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/.../fullchain.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
# ssl_trusted_certificate /etc/letsencrypt/live/.../fullchain.pem;
# include ssl.conf;
set $upstream_webfuse_com JS_upstream;
location / {
# allow CORS
#add_header 'Access-Control-Allow-Origin' '*' always;
include proxy.conf;
resolver 127.0.0.11 valid=30s;
proxy_pass http://$upstream_webfuse_com:3000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/htpasswd;
}
#location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ .php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#location ~ .php$ {
# root /usr/share/nginx/html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#location ~ /.ht {
# deny all;
#}
}
server {
listen 443;
# ssl http2;
listen [::]:443;
# ssl http2;
server_name coder.*;
# Certificates
#ssl_certificate /etc/letsencrypt/live/.../fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/.../fullchain.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /etc/letsencrypt/live/.../fullchain.pem;
#include ssl.conf;
client_max_body_size 0;
# CertBot needs either port 80 or 443 open to connect to the
location ^~ /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
location / {
include proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_code_server coder;
proxy_pass http://$upstream_code_server:8443;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
您在端口443上侦听。那是SSL端口。
server {
listen 443;
listen [::]:443;
您需要删除端口443上的侦听,或者添加证书。否则,它将不起作用。
事实上,有一个不同的答案,我相信这是正确的答案。
在同一nginx实例中的任何其他vhosts中使用listen 443 ssl
或ssl on
会产生优先级,并强制在443上侦听的其他所有vhosts定义ssl_certificate。在我看来,这显然是一个错误,我浪费了大约4个小时来调试这种奇怪的行为。
我今天早上才发现,官方文件中似乎没有记录。
Debian 11牛眼和nginx 1.18.0来自官方回购。