Ich brauche Unterstützung bei der Diagnose und Lösung dieses Problems. Welche Schritte kann ich unternehmen, um zu beheben, warum mein Server nach der Aktivierung von SSL mit Certbot nicht über HTTPS erreichbar ist? Gibt es häufige Fallstricke oder Konfigurationseinstellungen, die ich möglicherweise übersehen habe?
Ich wäre für jede Hilfe oder Anleitung zur Lösung dieses SSL-Problems sehr dankbar.
ich habe diesen Befehl verwendet certbot command sudo certbot --nginx und die Syntax ist erfolgreich nach dem certbot-Befehl kann ich nicht auf meinen Server zugreifen, es funktioniert in http, aber nicht in https
Dies ist die Datei unter sites-available. Dateiname default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
#listen 443;
#listen [::]:443;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html/waste-management-dev/public;
# Add index.php to the list if you are using PHP
index index.php;
server_name yourdomain.in;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param SCRIPT_NAME $fastcgi_script_name;
#include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/yourserver.in/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/yourserver.in/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
if ($host = yourserver.in) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name myserver;
return 404; # managed by Certbot
}
Antwort1
Da du im Grunde nur wenige Informationen gepostet hast, könnte die Konfiguration auf dieser Grundlage funktionieren:
# Default server configuration
# which means its a catch all for these that are not configured, if you use only one site, for this server you dont need a specific host
# /etc/nginx/sites-enabled/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
location ~ \.cgi$ {
gzip off;
include fastcgi.conf;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
#### NEW FILE !!!!!!
#### /etc/nginx/sites-enabled/unwaste.in
##start file
server {
server_name unwaste.in;
listen 80;
return 307 https://$host$request_uri;
}
server {
# enable http2 support - if module if avaible
listen 443 ssl http2;
listen [::]:443 ssl http2;
# enable http1.1 support - if module if avaible
# listen 443 ssl;
# listen [::]:443 ssl;
root /var/www/html/waste-management-dev/public;
# Add index.php to the list if you are using PHP
index index.php;
server_name unwaste.in;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param SCRIPT_NAME $fastcgi_script_name;
#include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/letsencrypt/live/unwaste.in/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/unwaste.in/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
#EOF
Denken Sie daran, dass /etc/nginx/sites-enabled mehrere Dateien verwenden kann und Sie dies deshalb tun sollten, und berühren Sie nicht die Datei nginx.conf. Die meisten Debian-basierten Systeme wie Ubuntu und Co. weisen dasselbe Verhalten auf.
falls die Datei(en) nicht geladen werden, muss am Ende von nginx Folgendes ausgeführt werden:
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
Und bitte erst diskutieren statt runtervoten, danke ;)