ssl - nginx listen ... ssl 指令错误,但没有设置 ssl 指令
问题描述
我不明白 nginx 从哪里得到 listen ... ssl指令。它会阻止 nginx 启动...
/docker-entrypoint.sh:配置完成;准备启动
2020/11/16 10:25:45 [emerg] 1#1:没有为 etc/nginx/conf.d/default.conf:28 中的“listen ... ssl”指令定义“ssl_certificate”
nginx:[emerg] 没有为 /etc/nginx/conf.d/default.conf:28 中的“listen ... ssl”指令定义“ssl_certificate”
我的 conf.d/default.conf:
# redirect all traffic to https
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# return 301 https://$host$request_uri;
#}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Write Access and Error logs
access_log /var/log/nginx/.access.log;
error_log /var/log/nginx/error.log;
# CertBot needs either port 80 or 443 open to connect to the
location ^~ /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# location / {
# return 301 https://$host$request_uri;
# }
}
server {
listen 443;
listen [::]:443;
server_name _;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
# Certificates
# ssl_certificate /etc/letsencrypt/live/.../fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/.../fullchain.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
# ssl_trusted_certificate /etc/letsencrypt/live/.../fullchain.pem;
# include ssl.conf;
set $upstream_webfuse_com JS_upstream;
location / {
# allow CORS
#add_header 'Access-Control-Allow-Origin' '*' always;
include proxy.conf;
resolver 127.0.0.11 valid=30s;
proxy_pass http://$upstream_webfuse_com:3000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
#auth_basic "Restricted";
#auth_basic_user_file /config/nginx/htpasswd;
}
#location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#location ~ \.php$ {
# root /usr/share/nginx/html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 443;
# ssl http2;
listen [::]:443;
# ssl http2;
server_name coder.*;
# Certificates
#ssl_certificate /etc/letsencrypt/live/.../fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/.../fullchain.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /etc/letsencrypt/live/.../fullchain.pem;
#include ssl.conf;
client_max_body_size 0;
# CertBot needs either port 80 or 443 open to connect to the
location ^~ /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
location / {
include proxy.conf;
resolver 127.0.0.11 valid=30s;
set $upstream_code_server coder;
proxy_pass http://$upstream_code_server:8443;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
}
解决方案
您在端口 443 上侦听。它是 SSL 端口。
server {
listen 443;
listen [::]:443;
您不需要侦听端口 443 或添加证书。如果没有,它将无法正常工作
推荐阅读
- javascript - 如何重复数组中的不同元素?
- amazon-web-services - 当流量为零时,Lambda 是否会关闭整个容器?
- android - Android MediaCodec 解码超级慢
- css - 如何根据 woocommerce 父产品类别更改页面的 css?
- pandas - 有没有办法在 Pandas 中合并 2 个数据框,以保持 df1 的值不变
- python-2.x - 有没有办法在 Python 2.x 中使用 csv.reader() 模块读取固定长度的文件
- google-sheets - 为什么我不能制作使用 importrange 的 Google 表格项目的精确副本?
- c# - 在某个目录中检查哪些文件具有某个名称前缀并删除相同的前缀
- bash - 为什么此命令“google-auth”在终端中有效,但在 bash 脚本中无效?
- tabulator - 在制表器中显示/隐藏或切换嵌套表子项