我正在尝试将我的django项目托管在Digital Ocean服务器上,以通过certbot重定向到https。我可以访问我的网站,但其中提到连接不安全。每当我运行certbot --nginx时,都会收到消息:Congratulations! You have successfully enabled https://example.com。从同一命令中,我还收到类似以下消息:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/default
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
我还运行过nginx -T,一切正常,除了前两行生成的内容:
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
我已经用这个错误查看了多个线程,但是似乎找不到任何有意义的东西。在我的sites-available目录中,我只有一个default文件。没有其他的。在我的sites-enabled目录中,我只有两个文件。这些文件是myapp.conf和default。没有隐藏文件。我的default目录中的sites-available文件与我的default目录中的sites-enabled文件相同。我看到很多提及,我的域服务器名称应该只有一个服务器块。虽然,我在这个服务器领域没有经验,并且不想在询问之前删除任何内容。
SSLLabs尝试验证我的证书时显示以下消息:Certificate name mismatch
下面是我的nginx目录中的文件。这就是我所能找到的。每个文件中都有更多信息,但我认为它很敏感。这里马上有什么问题吗?
/etc/nginx/sites-enabled/myapp.conf
server {
listen 80;
listen 443 ssl;
server_name example.com;
error_log [path] info;
# Deny illegal Host headers
if ($host !~* ^(example.com)$) {
return 444;
}
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_pass http://myapp;
}
...
}
/etc/nginx/sites-enabled/default
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name example.com; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
...
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name example.com;
return 404; # managed by Certbot
}
/etc/nginx/sites-available/default
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name example.com; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name example.com;
return 404; # managed by Certbot
}