配置nginx ssl证书问题排查
小程序的ssl证书过期了,重新生成证书,替换证书后,在小程序还提示连接超时,看网上说https不安全也有这个提示。
访问访问,果然提示证书过期了。
检查nginx配置文件
server {
listen 80;
server_name bjubi.com;// 你的域名
rewrite ^(.*)$ https://$host$1 permanent;// 把http的域名请求转成https
}
server {
listen 443;
server_name bjubi.com; // 你的域名
ssl on;
root /var/www/bjubi.com; // 前台文件存放文件夹,可改成别的
index index.html index.htm;// 上面配置的文件夹里面的index.html ssl_certificate cert/214292799730473.pem;// 改成你的证书的名字 ssl_certificate_key cert/214292799730473.key;// 你的证书的名字 ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
}
觉得配置没问题,继续排查
配置完成后,检查一下nginx配置文件是否可用,有successful表示可用。
$ nginx -t // 检查nginx配置文件
返回结果如下:
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
觉得配置应该没问题。
为了使配置生效
nginx -s reload // 使配置生效
shell提示: nginx: [alert] kill(1617, 1) failed (3: No such process)
果然出问题了。
[root@localhost /]# whereis ngnix
ngnix:[root@localhost/]#
[root@localhost /]# find / -name nginx
/usr/local/src/nginx/sbin/nginx
[root@localhost /]# find / -name nginx.conf
/usr/local/nginx
/usr/local/nginx/sbin/nginx
/usr/bin/nginx
/etc/rc.d/init.d/nginx
[root@localhost /]# /usr/local/src/nginx/sbin/nginx -c nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()
端口被绑定了,需要先kill掉占用的线程
netstat -ntlp
shell返回结果如下:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 28256/mysqld
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 3301/nginx: worker
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 919/pure-ftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2565/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 3301/nginx: worker
tcp6 0 0 :::21 :::* LISTEN 919/pure-ftpd
使用命令 kill -9 3301
再制定配置 /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nginx -s reload
重启nginx,果然证书生效了。
关注公众号“大模型全栈程序员”回复“小程序”获取1000个小程序打包源码。更多免费资源在http://www.gitweixin.com/?p=2627
