我无法在我的 NGINX / Ubuntu18.04 实例上启动并运行 certbot 。我在
处完成了演练我选择了 certbot 重定向,它更新了我网站的配置文件。
我的配置文件如下:
server {
listen 80;
listen [::]:80;
root /var/www/punkmap.com/html;
index index.html index.htm index.nginx-debian.html;
server_name punkmap.com www.punkmap.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/punkmap.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/punkmap.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
certbot 对我的配置文件所做的添加破坏了我的站点。删除 certbot 添加到我的配置文件中的代码行即可轻松解决。但是,我在互联网上找不到可以解决该问题的信息。
我的站点配置应该是什么样的?
谢谢!
泰勒
答案 0 :(得分:0)
问题是您在同一服务器块中有两个listen指令。最好的解决方案是手动编辑nginx配置以拆分为两个服务器块。 non-ssl(端口80)块应重定向到ssl(端口443)块。这样的事情应该起作用:
server {
listen 80;
listen [::]:80;
server_name punkmap.com www.punkmap.com;
return 301 https://$host$request_uri;
}
server {
root /var/www/punkmap.com/html;
index index.html index.htm index.nginx-debian.html;
server_name punkmap.com www.punkmap.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/punkmap.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/punkmap.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
然后在将来进行升级时,请确保传递--cert-only参数,以免再次破坏您的配置。请注意,我删除了所有由Certbot管理的#注释,因为在此之后,它们将由您管理。