已经获取到证书，也配置好了 nginx，并且也安装了 ssl 模块，重启后 443 接口没有启动?

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

For Existing Member Sign In

This topic created in 2916 days ago, the information mentioned may be changed or developed.

以下是我的 nginx 配置，证书从腾讯云那里申请的，搞了两天了也不知道为什么一直不行。。。

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;


    server {
        listen       80;
        server_name xx.com  www.xx.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
         proxy_pass http://127.0.0.1:9339;
        #root   /;
            #index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    server {
        listen       80;
    #    listen       somename:8080;
        server_name  myterm.xx.com;

        location / {
    #        root   html;
    #        index  index.html index.htm;
    proxy_pass  http://www.yozosann.com:8256/;
        }
    }


    # HTTPS server
    #
    server {
         listen       443;
         server_name  xx.com  www.xx.com;

         ssl                  on;
         ssl_certificate      /usr/local/nginx/ssl/www.xx.com-ca-bundle.crt;
         ssl_certificate_key  /usr/local/nginx/ssl/www.xx.com.key;

         ssl_session_timeout  5m;

         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers  HIGH:!aNULL:!MD5;
         ssl_prefer_server_ciphers   on;

        location / {
             proxy_pass http://127.0.0.1:9339;
    #        root   html;
    #        index  index.html index.htm;
         }
     }

}

23 replies • 2018-09-28 14:51:55 +08:00

titanium98118

May 16, 2018

nginx -t 有报错吗？

yozosann

May 16, 2018

@titanium98118 木有报错啊很尴尬看似一切都是正确的。。但是 443 端口就是没有开

yozosann

May 16, 2018

@titanium98118
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

yozosann

May 16, 2018

```
server {
listen 443;
server_name www.yozosann.com;

ssl on;
ssl_certificate 1_www.yozosann.com_bundle.crt;
ssl_certificate_key 2_www.yozosann.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://127.0.0.1:9999;
# root html;
# index index.html index.htm;
}
}
```

目前改成了这样还是没有用

elsenow

May 16, 2018

防火墙是否放行了 443 端口？

腾讯云控制台安全组是否放行了 443 端口？

w274189159

May 16, 2018

@yozosann 看下 nginx 的日志

elsenow

May 16, 2018

iMac:~ xxx$ telnet www.yozosann.com 443
Trying 108.61.182.82...
telnet: connect to address 108.61.182.82: Connection refused
telnet: Unable to connect to remote host

看了下，你这是 443 端口没放行吧？还没到 Nginx 端口这一步

akira

May 16, 2018

errorlog 呢

yozosann

May 16, 2018

@elsenow

firewall-cmd --list-ports
4200/tcp 9126/tcp 9126/udp 57575/tcp 38720/tcp 80/tcp 8756/tcp 3306/tcp 9123/udp 443/tcp

433 放行了没有启动

will1916

May 16, 2018

证书物理路径呢？

yozosann

May 16, 2018

@w274189159
2018/05/16 16:32:22 [notice] 12518#0: signal process started
2018/05/16 16:32:22 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 16:37:27 [warn] 13122#0: invalid value "TLSv1.1" in /usr/local/nginx/conf/nginx.conf:111
2018/05/16 17:15:17 [emerg] 20339#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 17:17:12 [notice] 22994#0: signal process started
2018/05/16 17:17:12 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 17:18:44 [notice] 23179#0: signal process started
2018/05/16 17:18:44 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 17:20:30 [notice] 23412#0: signal process started
2018/05/16 17:20:30 [emerg] 9468#0: unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:105
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2018/05/16 17:36:38 [emerg] 25334#0: still could not bind()
2018/05/16 18:24:15 [notice] 31318#0: signal process started

yozosann

May 16, 2018

@will1916 物理路径就在 usr/local/nginx/conf 下

will1916

May 16, 2018

@yozosann
不是要这样吗？
ssl_certificate /usr/local/nginx/conf/1_www.yozosann.com_bundle.crt;
ssl_certificate_key /usr/local/nginx/conf/2_www.yozosann.com.key;

SirLostWhite

May 16, 2018

unknown directive "ssl"
你这 nginx 编译没有开 ssl 模块吧
机器上有 openssl 吗?

yozosann

May 16, 2018

@will1916 是了没有用

yozosann

May 16, 2018

@SirLostWhite 这是之前的问题已经解决啦现在能成功运行但是 443 仍然没有开

mchl

May 16, 2018 via iPhone

listen 443 ssl;

shiny

PRO

May 16, 2018

一般 https 网页打不开排查方式：
1. netstat -ln 检查 443 是否有打开, 如果无：检查配置文件和错误日志。
2. 服务器本机 curl 访问网址是否正常返回，如果无，检查防火墙和云服务器的安全规则是否放行。
3. 本机检查到服务器是否连同，错误表现如何，比如 DNS 问题、端口未打开、服务器返回状态码不对，都有对应的处理方式。

lianyue

May 16, 2018

server {
listen 80;
listen 443 ssl;
server_name xx.com www.xx.com;

ssl_certificate /usr/local/nginx/ssl/www.xx.com-ca-bundle.crt;
ssl_certificate_key /usr/local/nginx/ssl/www.xx.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
proxy_pass http://127.0.0.1:9339;
#root /;
#index index.html index.htm;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

cmllwxxl

May 17, 2018

腾讯云的服务器，看下安全组开了没，之前也是，弄半天，最后腾讯云的安全组没开 443

yozosann

May 17, 2018

@shiny
1. 443 没有卡，查看日志没有报错
2. 查看了防火墙已经放行了

mxywxwk

Sep 28, 2018

遇到同样的问题，不知楼主解决没有

mxywxwk

Sep 28, 2018

我是用的阿里云的服务器，有两个。其中一个配置成功了，可以用 https 访问，同样的方法另一台就不行了。netstat 查看看 nginx 也没有监听着 443。成功的 nginx 用的 1.13.7，失败的用的 1.8.0.