Nginx "Error al iniciar un servidor web de alto rendimiento y un servidor proxy inverso".

tag-icon tag-icon linux proxy ssl certificate nginx
Nginx "Error al iniciar un servidor web de alto rendimiento y un servidor proxy inverso".

Mi certificado SSL expiró recientemente. Para renovar el certificado utilicé certbot, pero ahora mi hosting renovará automáticamente el certificado. Pero antes de que eso suceda debo hacer la redirección de http a https en el servidor. ¿Me puede ayudar con eso?

estado systemctl nginx.servicio:

nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
   Active: failed (Result: exit-code) since Sun 2019-08-18 07:42:13 CEST; 2 days
     Docs: man:nginx(8)
  Process: 11855 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5
  Process: 11590 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s
  Process: 27222 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (cod
  Process: 27214 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process
 Main PID: 11583 (code=exited, status=0/SUCCESS)

Aug 18 07:42:11 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:443 fai
Aug 18 07:42:11 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:80 fail
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:443 fai
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:80 fail
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:443 fai
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:80 fail
Aug 18 07:42:13 vps685363 nginx[27222]: nginx: [emerg] still could not bind()
Aug 18 07:42:13 vps685363 systemd[1]: nginx.service: Control process exited, cod
Aug 18 07:42:13 vps685363 systemd[1]: nginx.service: Failed with result 'exit-co
Aug 18 07:42:13 vps685363 systemd[1]: Failed to start A high performance web ser

nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

     gzip_vary on;
     gzip_proxied any;
     gzip_comp_level 6;
     gzip_buffers 16 8k;
     gzip_http_version 1.1;
     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

por defecto:

server {
    server_name domukasi.pl www.domukasi.pl;
        location / {


                proxy_pass http://127.0.0.1:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }



    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domukasi.pl/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domukasi.pl/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}server {
    if ($host = www.domukasi.pl) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = domukasi.pl) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name domukasi.pl www.domukasi.pl;
    listen 80;
    return 404; # managed by Certbot




}

Este error ocurre en mi sitio web (domukasi.pl):

ERR_TOO_MANY_REDIRECTS

Tampoco puedo reiniciar mi servidor nginx.

Respuesta1

Es extraño que reciba un ERR_TOO_MANY_REDIRECTSerror en su navegador, ya que su nginxservidor no se inició.

Parece que algún otro servidor ya está escuchando en los puertos 80 y 443, lo que provoca esas redirecciones y nginxno se inicia.

En el registro de errores que estás obteniendo

Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:443 fai
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:80 fail

lo que indica que nginxno puede vincularse a esos puertos, lo que indica que ya están siendo utilizados por otro proceso o que nginxno tiene suficientes privilegios para vincularse a esos puertos (ya que están por debajo de 1024). Creo que ya tiene otro servidor ejecutándose en esta máquina que utiliza esos puertos.

Puede comprobar si esos puertos ya se están utilizando emitiendo

sudo lsof -i :80y

sudo lsof -i :443

o

sudo netstat -ltnp | grep -w ':80'y

sudo netstat -ltnp | grep -w ':443'

Pruebe este archivo predeterminado

##############################################
#
#   HTTP (port 80) domukasi.pl
#
##############################################

server {

    server_name domukasi.pl www.domukasi.pl;
    listen 80;

    # redirect EVERYTHING from HTTP to HTTPS
    location / {
      return 301 https://$host$request_uri;
    }
}

##############################################
#
#   HTTPS (port 443) domukasi.pl
#
##############################################

server {

    server_name domukasi.pl www.domukasi.pl;
    listen 443 ssl; # managed by Certbot

    ssl_certificate /etc/letsencrypt/live/domukasi.pl/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domukasi.pl/privkey.pem; # managed by Certbot

    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    #######################################
    # location /websocket {
    #   # proxy_http_version 1.1;
    #   proxy_read_timeout 31536000;
    #   proxy_set_header Upgrade $http_upgrade;
    #   proxy_set_header Connection "upgrade";
    #   proxy_pass http://127.0.0.1:3000/websocket;
    # }
    #######################################

    location / {
      proxy_http_version 1.1;
      proxy_set_header  Host $host;
      proxy_set_header  Name $server_name;
      proxy_set_header  X-Forwarded-Host $host;
      proxy_set_header  X-Forwarded-Name $server_name;
      proxy_set_header  X-Forwarded-IP   $remote_addr;
      proxy_set_header  X-Forwarded-Port $server_port;
      proxy_set_header  X-Forwarded-Remote-IP   $remote_addr;
      proxy_set_header  X-Forwarded-Remote-Port $remote_port;
      proxy_set_header  X-Forwarded-Server-IP   $server_addr;
      proxy_set_header  X-Forwarded-Server-Port $server_port;
      proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header  X-Forwarded-Proto $scheme;
      proxy_pass http://127.0.0.1:3000/;
    }
}

información relacionada