nginx - nginx：[警告] 0.0.0.0:443/0.0.0.0:80 上的服务器名称“www.site.com”冲突，忽略

问题描述

在 certbot 自动更新上运行空运行时，我收到以下警告：

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
Waiting for verification...
Cleaning up challenges
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/example.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/example.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Nginx 配置的规则应该 1) 将所有 http 重定向到 https，2) 将所有非 www 重定向到 www。它做到了，这很好，但是有这个警告表明它可以改进。

我当前的配置有什么问题可能很明显，但我找不到如何在修复它时保持一切正常工作。这是我的配置文件（/etc/nginx/sites-enabled/example.com）：

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    server_name example.com;
    return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    server_name www.example.com;

    # Tell Nginx and Passenger where your app's 'public' directory is
    root /var/www/example/code/public;

    # Turn on Passenger
    passenger_enabled on;
    passenger_ruby /usr/local/rvm/gems/ruby-2.7.1/wrappers/ruby;

    location ~ ^/assets/ {
        expires 1y;
        add_header Cache-Control public;

        add_header ETag "";
    }
}

标签： nginx

解决方案

简短的回答：

第三个服务器块应该是：

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate ... etc etc 
    return 301 https://www.example.com$request_uri;
}

解释

您有两个服务器名称和两个端口，因此有 4 种组合

示例.com:80
www.example.com:80
示例.com:443
www.example.com:443

每一个都应该在你的服务器块上处理一次，并且只处理一次。然而

nginx：[警告] 0.0.0.0:80 上的服务器名称“www.example.com”冲突，已忽略

它在第一个块中声明一次，在第三个块中声明两次

nginx：[警告] 0.0.0.0:80 上的服务器名称“example.com”冲突，已忽略

第一个街区一次，第三个街区两次

nginx：[警告] 0.0.0.0:443 上的服务器名称“www.example.com”冲突，已忽略

一次在第二个街区，两次在第三个街区

nginx：[警告] 0.0.0.0:443 上的服务器名称“example.com”冲突，忽略

在第三个街区两次

您的重定向流程的一般逻辑应该是：

# handle example.com:80
# handle www.example.com:80
server {
    listen 80;

    server_name www.example.com example.com;
    return 301 https://www.example.com$request_uri;
}

# handle  example.com:443
server {
    listen 443 ssl; # managed by Certbot
    ssl_certificate ... etc etc 

    server_name example.com;
    return 301 https://www.example.com$request_uri;
}

# handle www.example.com:443
 server {
    listen 443 ssl; # managed by Certbot
    ssl_certificate ... etc etc 

    server_name www.example.com;
    root /var/www/example/code/public;
 }

请注意，即使将立即重定向，您仍然需要非 www 主机的证书。

nginx - nginx：[警告] 0.0.0.0:443/0.0.0.0:80 上的服务器名称“www.site.com”冲突，忽略

问题描述

解决方案

推荐阅读