V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Distributions
Ubuntu
Fedora
CentOS
中文资源站
网易开源镜像站
miv
V2EX  ›  Linux

Ubuntu 上面 Nginx 配置了 https,死活无法访问,不知道啥问题

  •  
  •   miv · 2021-07-18 10:27:24 +08:00 · 2665 次点击
    这是一个创建于 984 天前的主题,其中的信息可能已经有所发展或是发生改变。
    root@VM-0-10-ubuntu:/etc/nginx/conf.d# uname -a
    Linux VM-0-10-ubuntu 4.15.0-118-generic #119-Ubuntu SMP Tue Sep 8 12:30:01 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
    root@VM-0-10-ubuntu:/etc/nginx/conf.d# pwd
    /etc/nginx/conf.d
    root@VM-0-10-ubuntu:/etc/nginx/conf.d# cat default.conf 
    server {
        listen 443 ssl;
        server_name  www.site.top;
    
        ssl_session_cache   shared:SSL:10m;
        ssl_session_timeout 10m;
     
        ssl_certificate  /book/swb/site.top_bundle.crt;
        ssl_certificate_key  /book/swb/site.top.key;
        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm; 
        }
    
    }
    

    nginx 信息

    root@VM-0-10-ubuntu:/etc/nginx/conf.d# service nginx status
    ● nginx.service - A high performance web server and a reverse proxy server
       Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
      Drop-In: /etc/systemd/system/nginx.service.d
               └─override.conf
       Active: active (running) since Sun 2021-07-18 10:24:26 CST; 2min 50s ago
         Docs: man:nginx(8)
      Process: 14799 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
      Process: 14826 ExecStartPost=/bin/sleep 0.1 (code=exited, status=0/SUCCESS)
      Process: 14811 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
      Process: 14800 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
     Main PID: 14813 (nginx)
        Tasks: 3 (limit: 4464)
       CGroup: /system.slice/nginx.service
               ├─14813 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
               ├─14827 nginx: worker process
               └─14828 nginx: worker process
    
    Jul 18 10:24:26 VM-0-10-ubuntu systemd[1]: Starting A high performance web server and a reverse proxy server...
    Jul 18 10:24:26 VM-0-10-ubuntu systemd[1]: Started A high performance web server and a reverse proxy server.
    
    第 1 条附言  ·  2021-07-18 15:45:22 +08:00
    天地良心,重启了一下服务器可以了。
    帖子下层了,谢谢各位吴彦祖。
    learningman
        1
    learningman  
       2021-07-18 10:30:18 +08:00
    无法访问具体定义一下? curl 输出什么? openssl s_client -connect 又输出什么?
    miv
        2
    miv  
    OP
       2021-07-18 10:31:55 +08:00
    部署在腾讯云上面,安全组 443 、80 端口是打开的。
    系统上面防火墙是关闭的
    telnet 127.0.0.1 的 443 可以成功
    nginx 相关的端口状态

    root@VM-0-10-ubuntu:/etc/nginx/conf.d# netstat -tlp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN 14813/nginx: master
    tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 14813/nginx: master
    tcp 0 0 localhost:domain 0.0.0.0:* LISTEN 965/systemd-resolve
    tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 2228/sshd
    tcp6 0 0 [:::8001 [:::* LISTEN 12614/java
    tcp6 0 0 [:::8008 [:::* LISTEN 12570/java
    tcp6 0 0 [:::http [:::* LISTEN 14813/nginx: master
    miv
        3
    miv  
    OP
       2021-07-18 10:33:38 +08:00
    @learningman #1 curl localhost 可以访问
    yufeng0681
        4
    yufeng0681  
       2021-07-18 10:44:47 +08:00
    access.log 看看呢,请求有没有到 nginx
    liuyulvv
        5
    liuyulvv  
       2021-07-18 10:52:28 +08:00
    前几天刚好也在腾讯云上用了腾讯提供的免费 ssl,这是按照他们官网写的,我是直接修改的

    ```nginx
    server {
    listen 443 ssl;

    root /var/www/hexo;

    index index.html;

    server_name site.top;

    location / {
    try_files $uri $uri/ =404;
    }

    ssl_certificate /etc/nginx/conf.d/1_site.top_bundle.crt;
    ssl_certificate_key /etc/nginx/conf.d/2_site.top.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    }

    server {
    listen 80;

    server_name site.top;

    return 301 https://$host$request_uri;
    }
    ```
    miv
        6
    miv  
    OP
       2021-07-18 10:54:41 +08:00
    @yufeng0681 #4 tail -f /var/log/nginx/access.log 查看这个文件,443 的请求监听不到,80 的就可以
    miv
        7
    miv  
    OP
       2021-07-18 10:55:31 +08:00
    @liuyulvv #5 感谢,我试试
    miv
        8
    miv  
    OP
       2021-07-18 11:06:03 +08:00
    @liuyulvv #5
    好像还不行,访问 80 端口出现这个问题
    ```
    ubuntu@VM-0-10-ubuntu:~$ curl http://www.softwareborn.top
    <html>
    <head><title>301 Moved Permanently</title></head>
    <body>
    <center><h1>301 Moved Permanently</h1></center>
    <hr><center>nginx/1.21.1</center>
    </body>
    </html>
    ```
    配置如下
    ```
    server {
    listen 80;

    server_name site.top;

    return 301 https://$host$request_uri;
    }
    ```
    chendy
        9
    chendy  
       2021-07-18 11:15:12 +08:00
    server_name www.site.top;
    你的网站名字是 www.site.top ???
    liuxu
        10
    liuxu  
       2021-07-18 11:18:45 +08:00
    腾讯管理后台"安全组 443 打开的"的截图贴出来看看
    xeathen
        11
    xeathen  
       2021-07-18 11:29:17 +08:00
    你在试图访问 www.softwareborn.top ,但是你的 servername 却是 www.site.top
    westoy
        12
    westoy  
       2021-07-18 11:32:39 +08:00
    ufw 443 放行了没
    ik
        13
    ik  
       2021-07-18 11:40:52 +08:00 via iPhone
    443 端口不通

    $ curl -v https://www.softwarebor n.top/
    * About to connect() to www.softwareborn.top port 4 43 (#0)
    * Trying 49.235.242.113...
    * Connection timed out
    * Failed connect to www.softwareborn.top:443; Conne ction timed out
    * Closing connection 0
    curl: (7) Failed connect to www.softwareborn.top:44 3; Connection timed out
    holoto
        14
    holoto  
       2021-07-18 11:56:41 +08:00
    直接 ip:443 访问 试试
    有条件的 nmap ip 下
    lindas
        15
    lindas  
       2021-07-18 13:41:29 +08:00
    你用别的端口试一下,前几天我弄华为云的 443 端口也是,死活找不到原因,最后换个端口就行了
    msg7086
        16
    msg7086  
       2021-07-18 14:03:46 +08:00
    conf.d ?
    nginx 不是一直用 sites-enabled 的吗?还是说 Ubuntu 下不一样?
    Junzhou
        17
    Junzhou  
       2021-07-18 21:04:23 +08:00
    修改过配置文件后,执行 nginx -s reload 生效
    yin1999
        18
    yin1999  
       2021-07-18 22:16:57 +08:00 via iPad
    @msg7086 你说的用法其实是从 apache 过来的,nginx 官方源安装后,默认用的 conf.d,如果用 Ubuntu 默认的源,的确是 sites-enabled 。
    yufeng0681
        19
    yufeng0681  
       2021-07-19 11:14:04 +08:00
    那就先在底层抓包吧,用 tcpdump 命令,抓 443 端口有没有报文来到服务器;
    nginx 的 access 日志里,肯定看不到 https 字样,记录下来的都是请求内容,和你要求保存的字段信息
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   我们的愿景   ·   实用小工具   ·   5006 人在线   最高记录 6543   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 27ms · UTC 09:47 · PVG 17:47 · LAX 02:47 · JFK 05:47
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.