代码之家  ›  专栏  ›  技术社区  ›  André Luiz

NGINX+让我们加密:无法自动找到匹配的服务器块

nginx-config certbot lets-encrypt nginx
  •  0
  • André Luiz  · 技术社区  · 6 年前

    this article 但在尝试安装时,我收到了一条消息: 

    IMPORTANT NOTES:
 - Unable to install the certificate
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/dev.anything.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/dev.anything.com/privkey.pem
   Your cert will expire on 2019-03-17. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"

    /etc/nginx/sites-available/snow_service.nginx : 

    server {
    listen 80;
    listen 443 ssl;
    server_name dev.anything.com
    server_tokens off;
    ssl_certificate /etc/letsencrypt/live/dev.anything.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dev.anything.com/privkey.pem;

    charset utf-8;
    client_max_body_size 1M;

    location /static {
        gzip            on;
        gzip_buffers    8 256k;
        uwsgi_buffers   8 256k;

        alias /webapps/englobe_snow_pyramid_rest_api/pyramid_rest_api/static;
        expires 1d;
    }
    location / {
        gzip            on;
        gzip_buffers    8 256k;
        uwsgi_buffers   8 256k;

        try_files $uri @yourapplication;
    }
    location @yourapplication {
        gzip            on;
        gzip_buffers    8 256k;
        uwsgi_buffers   8 256k;

        server_tokens off;
        include uwsgi_params;
        proxy_set_header Host $host;
        proxy_set_header real_scheme $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://127.0.0.1:8999;
    }
}

    我也尝试用域名重命名文件,但效果不太好。 我手动放置的ssl证书的路径,因为我在堆栈溢出的另一个答案中看到了它。

    1 回复  |  直到 4 年前
        1
  •  5
  •   André Luiz    6 年前

    解决方案如下: 我在更改文件 sites-available 文件夹,而不更改 sites-enabled 文件夹。以下是最终文件内容: 

    server {
    listen 80 default_server;
    server_name dev.anything.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name elglobe_snow_service
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/dev.anything.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dev.anything.com/privkey.pem;

    charset utf-8;
    client_max_body_size 1M;

    location /static {
        gzip            on;
        gzip_buffers    8 256k;
        uwsgi_buffers   8 256k;

        alias /webapps/englobe_snow_pyramid_rest_api/pyramid_rest_api/static;
        expires 1d;
    }
    location / {
        gzip            on;
        gzip_buffers    8 256k;
        uwsgi_buffers   8 256k;

        try_files $uri @yourapplication;
    }
    location @yourapplication {
        gzip            on;
        gzip_buffers    8 256k;
        uwsgi_buffers   8 256k;

        server_tokens off;
        include uwsgi_params;
        proxy_set_header Host $host;
        proxy_set_header real_scheme $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://127.0.0.1:8999;
    }
}
        2
  •  1
  •   cookiejar    4 年前

    您应该只编辑可用站点中的站点,然后运行

    已启用cd/etc/nginx/sites ln-s../可用站点/您的-站点.conf

    如果要禁用该站点,只需在启用的站点中删除该链接。

    推荐文章
    Jonas Lewin  ·  traefik+lets encrypt+CloudFlare=6103:X-Auth-Key标头的格式无效
    7 年前
    martins  ·  配置要回复的Nginxhttp://my-domain.com/.well-known/acme-challenge/XXXX
    7 年前
    Øystein Amundsen  ·  在Node Express应用程序中使用letsencrypt
    7 年前
    SoftTimur  ·  手动续订让我们加密SSL证书
    7 年前
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号