Ich verwende letsencrypt, um SSL für ein Django-Projekt einzurichten, das im Produktionsmodus mit Nginx und Gunicorn gehostet wird
Das verwendete Betriebssystem ist: Amazon Linux 2
Immer wenn ich versuche, den Server auszuführen, wird mir die Standardseite von Amazon Linux 2 angezeigt. Wenn ich die Fehlerprotokolle überprüfe, wird mir die folgende Fehlermeldung angezeigt:
2021/09/11 11:59:14 [error] 18402#18402: *1961 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 122.174.182.129, server: example.com, request: "GET /favicon.ico HTTP/2.0", host: "www.example.com", referrer: "https://www.example.com/"
Ausgabe von sudo nginx -T:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
#if ($host = www.example.com) {
# return 301 https://$host$request_uri;
#} # managed by Certbot
#
# if ($host = example.com) {
# return 301 https://$host$request_uri;
# } # managed by Certbot
listen 80;
server_name example.com www.example.com;
root /home/ec2-user/buisness;
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
location = /favicon.ico { access_log off; log_not_found off; }
location /static {
root /home/ec2-user/buisness;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock;
}
}
# server {
# listen 80;
# listen [::]:80;
# server_name _;
# root /home/ec2-user/buisness;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
# error_page 404 /404.html;
# location = /404.html {
# }
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
#}
# Settings for a TLS enabled server.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com www.example.com;
root /home/ec2-user/buisness/;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
Beim Ausführen sudo nginx -terhalte ich keine Fehler:
PS: Dies ist mein erstes Mal, dass ich SSL mit Letsencrypt und Nginx hoste, daher tut es mir nicht leid, wenn die .conf-Datei sehr gruppiert aussieht.
Ich wäre für jede Hilfe sehr dankbar, vielen Dank!
Antwort1
Ok, also ich habe es gelöst
KURZE ANTWORT: Sie müssen die im Serverblock 80 enthaltenen Regeln zum Serverblock 443 hinzufügen.
LANGE ANTWORT: Meine nginx.conf-Datei:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name example.com www.example.com;
root /home/ec2-user/buisness;
if ($host = www.example.com) {
return 301 https://$server_name$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$server_name$request_uri;
} # managed by Certbot
location = /favicon.ico { access_log off; log_not_found off; }
location /static {
root /home/ec2-user/buisness;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock;
}
}
# Settings for a TLS enabled server.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;
include /etc/nginx/conf.d/*.conf;
# include /home/ec2-user/buisness/Main;
location = /favicon.ico { access_log off; log_not_found off; }
location /static {
root /home/ec2-user/buisness;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock;
}
}
}
DerRegelnerwähnt werden:
location = /favicon.ico { access_log off; log_not_found off; }
location /static {
root /home/ec2-user/buisness;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock;
}
Führen Sie nach dem Ändern Ihrer .confDatei die folgenden Schritte aus:
sudo nginx -t: Dies gibt eine Bestätigung zurück, ob Ihre Datei Syntaxfehler enthältsudo systemctl restart nginx: Dadurch wird Ihr nginx aktualisiert
Einige Warnungen für zukünftige Leser:
- Überprüfen Sie, ob Ihr Stammpfad tatsächlich existiert
- Ändern Sie Ihren Proxy-Pass, je nachdem, wo sich Ihre
.sockDatei befindet
Grüße an bobby(bobbyiliev) von digital ocean - Er hat mir geholfen, das Problem zu lösen
Schauen Sie sich auch den in den Kommentaren von einem Mod verlinkten Chat an, um die von vorgeschlagenen Verbesserungen zu erfahren nikitaund sich auch bei ihm zu bedanken Michael Hampton.
Link zur auf Digital Ocean gestellten Frage:Frage