作業系統:Ubuntu 20.04 安裝 Virtualmin + Nginx + PHP-FPM
一切都設定得很好,但是,當我安裝SSL 憑證3 個月的試用版(完全有效的憑證)而不是來自Letscrypt(達到限制)時,一切都工作正常,但是,當我切換到Cloudflare 時,我的網站崩潰了,找不到521 伺服器。嘗試切換到不同的選項,例如靈活、完整、完整(嚴格),但沒有成功
命令
tail -f /var/log/nginx/error.log
日誌檔案中出現一堆錯誤。
root@server:~# tail -f /var/log/nginx/error.log
2020/12/29 21:59:05 [emerg] 6813#6813: bind() to 2xx.2xx.xx3.xxx:443 failed (98: Address already in use)
2020/12/29 21:59:05 [emerg] 6813#6813: bind() to [2xxx:a1xx:xxxx:8xxx::1]:443 failed (98: Address already in use)
2020/12/29 21:59:05 [emerg] 6813#6813: still could not bind()
2020/12/29 22:31:47 [emerg] 512#512: cannot load certificate “/home/example/ssl.cert”: BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/home/example/ssl.cert’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
2020/12/29 22:32:37 [emerg] 1986#1986: cannot load certificate “/home/example/ssl.cert”: BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/home/example/ssl.cert’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
2020/12/29 23:58:45 [alert] 12025#12025: *1168 open socket #17 left in connection 93
2020/12/29 23:58:45 [alert] 12025#12025: aborting
我很確定這些 SSL 檔案在那裡,但 nginx 認為是別的東西;(
這是我得到的輸出
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 678/mysqld
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1722/master
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 787/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 787/dovecot
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 19353/perl
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 19330/nginx: master
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1722/master
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 15079/systemd-resol
tcp 0 0 207.244.253.107:53 0.0.0.0:* LISTEN 575/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 575/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 630/sshd: /usr/sbin
tcp 0 0 127.0.0.1:11000 0.0.0.0:* LISTEN 1044/lookup-domain-
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1722/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 575/named
tcp 0 0 207.244.253.107:443 0.0.0.0:* LISTEN 19330/nginx: master
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 19398/perl
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 787/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 787/dovecot
tcp 0 0 127.0.0.1:33060 0.0.0.0:* LISTEN 678/mysqld
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 542/postgrey --pidf
tcp6 0 0 :::587 :::* LISTEN 1722/master
tcp6 0 0 :::2222 :::* LISTEN 8361/proftpd: (acce
tcp6 0 0 :::110 :::* LISTEN 787/dovecot
tcp6 0 0 :::143 :::* LISTEN 787/dovecot
tcp6 0 0 :::10000 :::* LISTEN 19353/perl
tcp6 0 0 :::80 :::* LISTEN 19330/nginx: master
tcp6 0 0 :::465 :::* LISTEN 1722/master
tcp6 0 0 :::21 :::* LISTEN 8361/proftpd: (acce
tcp6 0 0 ::1:53 :::* LISTEN 575/named
tcp6 0 0 :::22 :::* LISTEN 630/sshd: /usr/sbin
tcp6 0 0 :::25 :::* LISTEN 1722/master
tcp6 0 0 ::1:953 :::* LISTEN 575/named
tcp6 0 0 :::993 :::* LISTEN 787/dovecot
tcp6 0 0 :::995 :::* LISTEN 787/dovecot
tcp6 0 0 ::1:10023 :::* LISTEN 542/postgrey --pidf
root@server:~#
是的,檔案在那裡並且權限設定為 chmod 600
謝謝
答案1
首先有一個程式監聽443埠netstat -ltnp。如果 netstat 未找到您的伺服器,請安裝 net-tools 軟體套件。
其次,nginx 無法存取您的憑證。/home/example/ssl.cert
檢查一下這個證書有嗎?如果他們留在那裡,請檢查檔案權限。