首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
DataPacket
CDN77
NGINX
NGINX Trac
3rd Party Modules
Security Advisories
CHANGES
OpenResty
ngx_lua
Tengine
在线学习资源
NGINX 开发从入门到精通
NGINX Modules
ngx_echo
广告
xinzi
V2EX  ›  NGINX

nginx 增加 http 块 就报证书错误,请问是什么原因,第一次见

  •   
  •   xinzi · 28 天前 · 1047 次点击

    域名已经处理 不增加 http 块,可以正常访问,证书正常,增加了 http 块就报证书错误,请教一下。全部都 docker 启动 我的 nginx 配置 如下

    worker_processes auto; # 自动设置为 CPU 核心数
worker_rlimit_nofile 100000; # 增加每个 worker 进程可以打开的文件数

events {
  worker_connections 4096; # 增加每个 worker 进程的最大连接数
  multi_accept on; # 允许每个 worker 进程同时接受多个连接
}

http {
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  sendfile on;
  keepalive_timeout 65;
  gzip on;

  server {
    listen 80;
    server_name es.x.com.cn;
    return 301 https://$server_name$request_uri;
  }

  server {
    listen 443 ssl;
    server_name es.x.com.cn;

    # SSL 证书和密钥配置
    ssl_certificate /usr/share/nginx/html/ssl-qianduan/es.x.com.cn_bundle.pem;
    ssl_certificate_key /usr/share/nginx/html/ssl-qianduan/es.x.com.cn.key;

    # SSL 优化配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    ssl_stapling on;
    ssl_stapling_verify on;

    location / {
      root /usr/share/nginx/html; # 路径改成自己的 dist 路径
      index index.html index.htm;
      try_files $uri $uri/ /index.html; #解决刷新页面变成 404 问题的代码
    }

    location /prod-api/ {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://172.16.238.13:8089/;
    }
  }

  server {
    listen 80;
    server_name esb.x.com.cn;
    return 301 https://$server_name$request_uri;
  }

  server {
    listen 443 ssl;
    server_name esb.x.com.cn;

    # SSL 证书和密钥配置
    ssl_certificate /usr/share/nginx/html/ssl-houduan/esb.x.com.cn_bundle.pem;
    ssl_certificate_key /usr/share/nginx/html/ssl-houduan/esb.x.com.cn.key;

    location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass http://172.16.238.13:8089/;
    }
  }

  # 阻止通过 IP 地址或未知的域名访问
  server {
    listen 80 default_server;
    listen 443 default_server ssl;

    # SSL 证书和密钥配置
    ssl_certificate /usr/share/nginx/html/ssl-houduan/esb.x.com.cn_bundle.pem;
    ssl_certificate_key /usr/share/nginx/html/ssl-houduan/esb.x.com.cn.key;

    server_name es.x.com.cn;
    return 444; # 返回一个非标准的状态码,通常用于阻止客户端的访问
  }
}
    11 条回复    2024-08-20 07:36:41 +08:00
    ladypxy
        1
    ladypxy  
       28 天前 via iPhone
    你好歹把具体的错误信息发出来啊……
    xinzi
        2
    xinzi  
    OP
       28 天前
    @ladypxy #1 找不到证书
    xinzi
        3
    xinzi  
    OP
       28 天前

    ```
    worker_processes auto; # 自动设置为 CPU 核心数
    worker_rlimit_nofile 100000; # 增加每个 worker 进程可以打开的文件数

    events {
    worker_connections 4096; # 增加每个 worker 进程的最大连接数
    multi_accept on; # 允许每个 worker 进程同时接受多个连接
    }

    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    gzip on;
    ```
    去掉就可以正常访问,加上就报错 没有证书
    Aluhao
        4
    Aluhao  
       28 天前
    @xinzi /usr/share/nginx/html/ssl-houduan/ 检查看看有没证书
    Aluhao
        5
    Aluhao  
       28 天前
    nginx -t 把错误报告发上来吧。
    xinzi
        6
    xinzi  
    OP
       28 天前
    @Aluhao #5

    /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
    10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
    /docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh
    /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
    /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
    /docker-entrypoint.sh: Configuration complete; ready for start up
    2024/08/19 17:26:52 [emerg] 1#1: "worker_processes" directive is not allowed here in /etc/nginx/conf.d/nginx.conf:1
    nginx: [emerg] "worker_processes" directive is not allowed here in /etc/nginx/conf.d/nginx.conf:1


    证书没问题
    YaD2x
        7
    YaD2x  
       28 天前
    /etc/nginx/conf.d/default.conf is not a file or does not exist
    f1ush
        8
    f1ush  
       28 天前
    @xinzi nginx.conf 文件写重复了吧,默认 nginx.conf 路径是 /etc/nginx/nginx.conf ,看你的报错是 /etc/nginx/conf.d/nginx.conf 路径下面又有一个了
    darkengine
        9
    darkengine  
       28 天前
    [emerg] 1#1: "worker_processes" directive is not allowed here in /etc/nginx/conf.d/nginx.conf:1

    不是提了第一行有问题?

    default.conf 那个只是 info ,不用管。
    darkengine
        10
    darkengine  
       28 天前
    https://stackoverflow.com/questions/47641559/worker-processes-directive-is-not-allowed-nginx


    Stackoverflow 有个老帖提到这个
    xinzi
        11
    xinzi  
    OP
       27 天前
    @ladypxy @Aluhao @darkengine @YaD2x @f1ush
    感谢各位
    找到问题了
    nginx 有 2 哥配置文件 一个是 /etc/nginx/nginx.conf 一个是 /etc/nginx/conf.d/nginx.conf

    因此
    worker_processes auto; # 自动设置为 CPU 核心数
    worker_rlimit_nofile 100000; # 增加每个 worker 进程可以打开的文件数

    参数需要配置在 /etc/nginx/nginx.conf 而不是 /etc/nginx/conf.d/nginx.conf
    这 2 个参数是全局参数
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   986 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 19:22 · PVG 03:22 · LAX 12:22 · JFK 15:22
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.