Ubuntu 上面 Nginx 配置了 https，死活无法访问，不知道啥问题

Distributions

中文资源站

› 网易开源镜像站

This topic created in 1764 days ago, the information mentioned may be changed or developed.

root@VM-0-10-ubuntu:/etc/nginx/conf.d# uname -a
Linux VM-0-10-ubuntu 4.15.0-118-generic #119-Ubuntu SMP Tue Sep 8 12:30:01 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@VM-0-10-ubuntu:/etc/nginx/conf.d# pwd
/etc/nginx/conf.d
root@VM-0-10-ubuntu:/etc/nginx/conf.d# cat default.conf 
server {
    listen 443 ssl;
    server_name  www.site.top;

    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
 
    ssl_certificate  /book/swb/site.top_bundle.crt;
    ssl_certificate_key  /book/swb/site.top.key;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm; 
    }

}

nginx 信息

root@VM-0-10-ubuntu:/etc/nginx/conf.d# service nginx status
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/nginx.service.d
           └─override.conf
   Active: active (running) since Sun 2021-07-18 10:24:26 CST; 2min 50s ago
     Docs: man:nginx(8)
  Process: 14799 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 14826 ExecStartPost=/bin/sleep 0.1 (code=exited, status=0/SUCCESS)
  Process: 14811 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 14800 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 14813 (nginx)
    Tasks: 3 (limit: 4464)
   CGroup: /system.slice/nginx.service
           ├─14813 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─14827 nginx: worker process
           └─14828 nginx: worker process

Jul 18 10:24:26 VM-0-10-ubuntu systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 18 10:24:26 VM-0-10-ubuntu systemd[1]: Started A high performance web server and a reverse proxy server.

Supplement 1 · Jul 18, 2021

天地良心，重启了一下服务器可以了。
帖子下层了，谢谢各位吴彦祖。

19 replies

learningman

Jul 18, 2021

无法访问具体定义一下？ curl 输出什么？ openssl s_client -connect 又输出什么？

miv

Jul 18, 2021

部署在腾讯云上面，安全组 443 、80 端口是打开的。
系统上面防火墙是关闭的
telnet 127.0.0.1 的 443 可以成功
nginx 相关的端口状态

root@VM-0-10-ubuntu:/etc/nginx/conf.d# netstat -tlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN 14813/nginx: master
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 14813/nginx: master
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 965/systemd-resolve
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 2228/sshd
tcp6 0 0 [:::8001 [:::* LISTEN 12614/java
tcp6 0 0 [:::8008 [:::* LISTEN 12570/java
tcp6 0 0 [:::http [:::* LISTEN 14813/nginx: master

miv

Jul 18, 2021

@learningman #1 curl localhost 可以访问

yufeng0681

Jul 18, 2021

access.log 看看呢，请求有没有到 nginx

liuyulvv

Jul 18, 2021

前几天刚好也在腾讯云上用了腾讯提供的免费 ssl，这是按照他们官网写的，我是直接修改的

```nginx
server {
listen 443 ssl;

root /var/www/hexo;

index index.html;

server_name site.top;

location / {
try_files $uri $uri/ =404;
}

ssl_certificate /etc/nginx/conf.d/1_site.top_bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/2_site.top.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
}

server {
listen 80;

server_name site.top;

return 301 https://$host$request_uri;
}
```

miv

Jul 18, 2021

@yufeng0681 #4 tail -f /var/log/nginx/access.log 查看这个文件，443 的请求监听不到，80 的就可以

miv

Jul 18, 2021

@liuyulvv #5 感谢，我试试

miv

Jul 18, 2021

@liuyulvv #5
好像还不行，访问 80 端口出现这个问题
```
ubuntu@VM-0-10-ubuntu:~$ curl http://www.softwareborn.top
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.21.1</center>
</body>
</html>
```
配置如下
```
server {
listen 80;

server_name site.top;

return 301 https://$host$request_uri;
}
```

chendy

Jul 18, 2021

server_name www.site.top;
你的网站名字是 www.site.top ???

liuxu

Jul 18, 2021

腾讯管理后台"安全组 443 打开的"的截图贴出来看看

xeathen

Jul 18, 2021

你在试图访问 www.softwareborn.top ，但是你的 servername 却是 www.site.top ？

westoy

Jul 18, 2021

ufw 443 放行了没

Jul 18, 2021 via iPhone

443 端口不通

$ curl -v https://www.softwarebor n.top/
* About to connect() to www.softwareborn.top port 4 43 (#0)
* Trying 49.235.242.113...
* Connection timed out
* Failed connect to www.softwareborn.top:443; Conne ction timed out
* Closing connection 0
curl: (7) Failed connect to www.softwareborn.top:44 3; Connection timed out