nginx - nginx:[警告] 0.0.0.0:443/0.0.0.0:80 上的服务器名称“www.site.com”冲突,忽略
问题描述
在 certbot 自动更新上运行空运行时,我收到以下警告:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
Waiting for verification...
Cleaning up challenges
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/example.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Nginx 配置的规则应该 1) 将所有 http 重定向到 https,2) 将所有非 www 重定向到 www。它做到了,这很好,但是有这个警告表明它可以改进。
我当前的配置有什么问题可能很明显,但我找不到如何在修复它时保持一切正常工作。这是我的配置文件(/etc/nginx/sites-enabled/example.com
):
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name www.example.com;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/example/code/public;
# Turn on Passenger
passenger_enabled on;
passenger_ruby /usr/local/rvm/gems/ruby-2.7.1/wrappers/ruby;
location ~ ^/assets/ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
}
}
解决方案
简短的回答:
第三个服务器块应该是:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate ... etc etc
return 301 https://www.example.com$request_uri;
}
解释
您有两个服务器名称和两个端口,因此有 4 种组合
- 示例.com:80
- www.example.com:80
- 示例.com:443
- www.example.com:443
每一个都应该在你的服务器块上处理一次,并且只处理一次。然而
nginx:[警告] 0.0.0.0:80 上的服务器名称“www.example.com”冲突,已忽略
- 它在第一个块中声明一次,在第三个块中声明两次
nginx:[警告] 0.0.0.0:80 上的服务器名称“example.com”冲突,已忽略
- 第一个街区一次,第三个街区两次
nginx:[警告] 0.0.0.0:443 上的服务器名称“www.example.com”冲突,已忽略
- 一次在第二个街区,两次在第三个街区
nginx:[警告] 0.0.0.0:443 上的服务器名称“example.com”冲突,忽略
- 在第三个街区两次
您的重定向流程的一般逻辑应该是:
# handle example.com:80
# handle www.example.com:80
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
# handle example.com:443
server {
listen 443 ssl; # managed by Certbot
ssl_certificate ... etc etc
server_name example.com;
return 301 https://www.example.com$request_uri;
}
# handle www.example.com:443
server {
listen 443 ssl; # managed by Certbot
ssl_certificate ... etc etc
server_name www.example.com;
root /var/www/example/code/public;
}
请注意,即使将立即重定向,您仍然需要非 www 主机的证书。
推荐阅读
- python - Pandas DataFrames:有效地在一列中找到下一个值,而另一列的值更大
- excel - 进行更改时突出显示单元格
- javascript - 为什么我在画布右侧的绘图会改变画布左侧的像素?
- apache-beam - 在 Apache Beam 中将参数放入 DoFn 的 onElement 方法的最佳方法
- r - 在 R 中的特定列上求和 NA
- git - Gitlab 显示的提交作者与 git config --global user.name 不同
- flutter - 是否有 Flutter 包来计算和绘制使用墨卡托投影的地图中的最短路径?
- python - 有没有办法解决 FORBIDDEN FOR url?
- python - 使用 python 从 S3 显示图像
- javascript - getHeadline 返回报纸标题,我们将根据位置和出现的超级英雄知道