Nginx “Falha ao iniciar um servidor web de alto desempenho e um servidor proxy reverso.”

tag-icon tag-icon linux proxy ssl certificate nginx
Nginx “Falha ao iniciar um servidor web de alto desempenho e um servidor proxy reverso.”

Meu certificado SSL expirou recentemente. Para renovar o certificado usei o certbot, mas agora o certificado será renovado automaticamente pela minha hospedagem. Mas antes que isso aconteça devo fazer o redirecionamento de http para https no servidor. Você pode me ajudar com isso?

status do systemctl nginx.service:

nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
   Active: failed (Result: exit-code) since Sun 2019-08-18 07:42:13 CEST; 2 days
     Docs: man:nginx(8)
  Process: 11855 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5
  Process: 11590 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s
  Process: 27222 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (cod
  Process: 27214 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process
 Main PID: 11583 (code=exited, status=0/SUCCESS)

Aug 18 07:42:11 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:443 fai
Aug 18 07:42:11 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:80 fail
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:443 fai
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:80 fail
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:443 fai
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:80 fail
Aug 18 07:42:13 vps685363 nginx[27222]: nginx: [emerg] still could not bind()
Aug 18 07:42:13 vps685363 systemd[1]: nginx.service: Control process exited, cod
Aug 18 07:42:13 vps685363 systemd[1]: nginx.service: Failed with result 'exit-co
Aug 18 07:42:13 vps685363 systemd[1]: Failed to start A high performance web ser

nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

     gzip_vary on;
     gzip_proxied any;
     gzip_comp_level 6;
     gzip_buffers 16 8k;
     gzip_http_version 1.1;
     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

padrão:

server {
    server_name domukasi.pl www.domukasi.pl;
        location / {


                proxy_pass http://127.0.0.1:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }



    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domukasi.pl/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domukasi.pl/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}server {
    if ($host = www.domukasi.pl) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = domukasi.pl) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name domukasi.pl www.domukasi.pl;
    listen 80;
    return 404; # managed by Certbot




}

Este erro ocorre no meu site (domukasi.pl):

ERR_TOO_MANY_REDIRECTS

Também não consigo reiniciar meu servidor nginx.

Responder1

É estranho que você esteja recebendo um ERR_TOO_MANY_REDIRECTSerro no seu navegador, pois o seu nginxservidor não foi iniciado.

Parece que algum outro servidor já está escutando nas portas 80 e 443, o que está causando esses redirecionamentos e também falhando nginxna inicialização.

No log de erros você está recebendo

Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:443 fai
Aug 18 07:42:12 vps685363 nginx[27222]: nginx: [emerg] bind() to 0.0.0.0:80 fail

o que indica que nginxnão é possível vincular-se a essas portas, o que indica que elas já estão sendo usadas por outro processo ou que nginxnão possui privilégios suficientes para vincular-se a essas portas (já que estão abaixo de 1024). Acho que você já tem outro servidor rodando nesta máquina que está utilizando essas portas.

Você pode verificar se essas portas já estão sendo usadas emitindo

sudo lsof -i :80e

sudo lsof -i :443

ou

sudo netstat -ltnp | grep -w ':80'e

sudo netstat -ltnp | grep -w ':443'

Experimente este arquivo padrão

##############################################
#
#   HTTP (port 80) domukasi.pl
#
##############################################

server {

    server_name domukasi.pl www.domukasi.pl;
    listen 80;

    # redirect EVERYTHING from HTTP to HTTPS
    location / {
      return 301 https://$host$request_uri;
    }
}

##############################################
#
#   HTTPS (port 443) domukasi.pl
#
##############################################

server {

    server_name domukasi.pl www.domukasi.pl;
    listen 443 ssl; # managed by Certbot

    ssl_certificate /etc/letsencrypt/live/domukasi.pl/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domukasi.pl/privkey.pem; # managed by Certbot

    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    #######################################
    # location /websocket {
    #   # proxy_http_version 1.1;
    #   proxy_read_timeout 31536000;
    #   proxy_set_header Upgrade $http_upgrade;
    #   proxy_set_header Connection "upgrade";
    #   proxy_pass http://127.0.0.1:3000/websocket;
    # }
    #######################################

    location / {
      proxy_http_version 1.1;
      proxy_set_header  Host $host;
      proxy_set_header  Name $server_name;
      proxy_set_header  X-Forwarded-Host $host;
      proxy_set_header  X-Forwarded-Name $server_name;
      proxy_set_header  X-Forwarded-IP   $remote_addr;
      proxy_set_header  X-Forwarded-Port $server_port;
      proxy_set_header  X-Forwarded-Remote-IP   $remote_addr;
      proxy_set_header  X-Forwarded-Remote-Port $remote_port;
      proxy_set_header  X-Forwarded-Server-IP   $server_addr;
      proxy_set_header  X-Forwarded-Server-Port $server_port;
      proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
      proxy_set_header  X-Forwarded-Proto $scheme;
      proxy_pass http://127.0.0.1:3000/;
    }
}

informação relacionada