这是一个创建于 1216 天前的主题,其中的信息可能已经有所发展或是发生改变。
root@VM-0-10-ubuntu:/etc/nginx/conf.d# uname -a
Linux VM-0-10-ubuntu 4.15.0-118-generic #119-Ubuntu SMP Tue Sep 8 12:30:01 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@VM-0-10-ubuntu:/etc/nginx/conf.d# pwd
/etc/nginx/conf.d
root@VM-0-10-ubuntu:/etc/nginx/conf.d# cat default.conf
server {
listen 443 ssl;
server_name www.site.top;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate /book/swb/site.top_bundle.crt;
ssl_certificate_key /book/swb/site.top.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
nginx 信息
root@VM-0-10-ubuntu:/etc/nginx/conf.d# service nginx status
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/nginx.service.d
└─override.conf
Active: active (running) since Sun 2021-07-18 10:24:26 CST; 2min 50s ago
Docs: man:nginx(8)
Process: 14799 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 14826 ExecStartPost=/bin/sleep 0.1 (code=exited, status=0/SUCCESS)
Process: 14811 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 14800 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 14813 (nginx)
Tasks: 3 (limit: 4464)
CGroup: /system.slice/nginx.service
├─14813 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─14827 nginx: worker process
└─14828 nginx: worker process
Jul 18 10:24:26 VM-0-10-ubuntu systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 18 10:24:26 VM-0-10-ubuntu systemd[1]: Started A high performance web server and a reverse proxy server.
第 1 条附言 · 2021-07-18 15:45:22 +08:00
天地良心,重启了一下服务器可以了。
帖子下层了,谢谢各位吴彦祖。
帖子下层了,谢谢各位吴彦祖。
 |
1
learningman 2021-07-18 10:30:18 +08:00
无法访问具体定义一下? curl 输出什么? openssl s_client -connect 又输出什么?
|
 |
2
miv OP 部署在腾讯云上面,安全组 443 、80 端口是打开的。
系统上面防火墙是关闭的 telnet 127.0.0.1 的 443 可以成功 nginx 相关的端口状态 root@VM-0-10-ubuntu:/etc/nginx/conf.d# netstat -tlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN 14813/nginx: master tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 14813/nginx: master tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 965/systemd-resolve tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 2228/sshd tcp6 0 0 [:::8001 [:::* LISTEN 12614/java tcp6 0 0 [:::8008 [:::* LISTEN 12570/java tcp6 0 0 [:::http [:::* LISTEN 14813/nginx: master |
|
3
miv OP @learningman #1 curl localhost 可以访问
|
 |
4
yufeng0681 2021-07-18 10:44:47 +08:00
access.log 看看呢,请求有没有到 nginx
|
 |
5
liuyulvv 2021-07-18 10:52:28 +08:00
前几天刚好也在腾讯云上用了腾讯提供的免费 ssl,这是按照他们官网写的,我是直接修改的
```nginx server { listen 443 ssl; root /var/www/hexo; index index.html; server_name site.top; location / { try_files $uri $uri/ =404; } ssl_certificate /etc/nginx/conf.d/1_site.top_bundle.crt; ssl_certificate_key /etc/nginx/conf.d/2_site.top.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; } server { listen 80; server_name site.top; return 301 https://$host$request_uri; } ``` |
|
6
miv OP @yufeng0681 #4 tail -f /var/log/nginx/access.log 查看这个文件,443 的请求监听不到,80 的就可以
|
|
8
miv OP @liuyulvv #5
好像还不行,访问 80 端口出现这个问题 ``` ubuntu@VM-0-10-ubuntu:~$ curl http://www.softwareborn.top <html> <head><title>301 Moved Permanently</title></head> <body> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx/1.21.1</center> </body> </html> ``` 配置如下 ``` server { listen 80; server_name site.top; return 301 https://$host$request_uri; } ``` |
 |
9
chendy 2021-07-18 11:15:12 +08:00
|
 |
10
liuxu 2021-07-18 11:18:45 +08:00
腾讯管理后台"安全组 443 打开的"的截图贴出来看看
|
 |
11
xeathen 2021-07-18 11:29:17 +08:00
你在试图访问 www.softwareborn.top ,但是你的 servername 却是 www.site.top ?
|
 |
12
westoy 2021-07-18 11:32:39 +08:00
ufw 443 放行了没
|
 |
13
ik 2021-07-18 11:40:52 +08:00 via iPhone
443 端口不通
$ curl -v https://www.softwarebor n.top/ * About to connect() to www.softwareborn.top port 4 43 (#0) * Trying 49.235.242.113... * Connection timed out * Failed connect to www.softwareborn.top:443; Conne ction timed out * Closing connection 0 curl: (7) Failed connect to www.softwareborn.top:44 3; Connection timed out |
 |
14
holoto 2021-07-18 11:56:41 +08:00
直接 ip:443 访问 试试
有条件的 nmap ip 下 |
 |
15
lindas 2021-07-18 13:41:29 +08:00
你用别的端口试一下,前几天我弄华为云的 443 端口也是,死活找不到原因,最后换个端口就行了
|
 |
16
msg7086 2021-07-18 14:03:46 +08:00
conf.d ?
nginx 不是一直用 sites-enabled 的吗?还是说 Ubuntu 下不一样? |
 |
17
Junzhou 2021-07-18 21:04:23 +08:00
修改过配置文件后,执行 nginx -s reload 生效
|
 |
18
yin1999 2021-07-18 22:16:57 +08:00 via iPad
@msg7086 你说的用法其实是从 apache 过来的,nginx 官方源安装后,默认用的 conf.d,如果用 Ubuntu 默认的源,的确是 sites-enabled 。
|
|
19
yufeng0681 2021-07-19 11:14:04 +08:00
那就先在底层抓包吧,用 tcpdump 命令,抓 443 端口有没有报文来到服务器;
nginx 的 access 日志里,肯定看不到 https 字样,记录下来的都是请求内容,和你要求保存的字段信息 |
Select Language