nginx配置ssl，ssl没有生效，现在只能通过域名+端口号访问

daylife

vim  /usr/local/nginx/conf/nginx.conf

server {
  listen 80;
  # 填写绑定证书的域名
  server_name  www.daylife.tech;
  # 单域名重定向
  if ($host = 'www.daylife.tech'){
    return 301 https://www.daylife.tech$request_uri;
  }
  # 把http的域名请求转成https
  return 301 https://$host$request_uri;

}

server {
  # SSL 访问端口号为 443
  listen 443 ssl;
  # 填写绑定证书的域名
  server_name  www.daylife.tech;
  client_max_body_size 1024m;

  # 需要将cert-file-name.pem替换成已上传的证书文件的名称。
  ssl_certificate /cert/4258508_daylife.tech.pem;
  # 需要将cert-file-name.key替换成已上传的证书密钥文件的名称。
  ssl_certificate_key /cert/4258508_daylife.tech.key;
  ssl_session_timeout 5m;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  # 表示使用的加密套件的类型。
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  # 表示使用的TLS协议的类型。
  ssl_prefer_server_ciphers on;

  location / {
    proxy_pass http://127.0.0.1:8090/;
    proxy_set_header HOST $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

sudo nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
www.daylife.tech ssl证书到期时间 2021年7月25日已签发
端口号80、8090、443都打开了，现在http://www.daylife.tech:8090/可以访问
ssl失效不知道修改了请求帮助，谢谢各位

Ryan Wang 👍

╭─ryanwang at ryanwang's mac in ~
╰─○ nc -vz -w 2 www.daylife.tech 8090
Connection to www.daylife.tech port 8090 [tcp/*] succeeded!
╭─ryanwang at ryanwang's mac in ~
╰─○ nc -vz -w 2 www.daylife.tech 80
Connection to www.daylife.tech port 80 [tcp/http] succeeded!
╭─ryanwang at ryanwang's mac in ~
╰─○ nc -vz -w 2 www.daylife.tech 443
nc: connectx to www.daylife.tech port 443 (tcp) failed: Connection refused
╭─ryanwang at ryanwang's mac in ~
╰─○

443 端口不通。

daylife

Ryan Wang 👍
[root@daylife ~]# firewall-cmd --query-port=443/tcp yes [root@daylife ~]# firewall-cmd --reload success
443开了，是不是我的nginx.cofig配置有问题

x-god-lab

daylife 你80端口没有映射到8090

Ryan Wang 👍

daylife 通过这种方式开，不一定真的可以开，去服务商看看

Ryan Wang 👍

x-god-lab 这样是可以的，http 请求重定向到 https。

daylife

x-god-lab
请问怎么修改，对nginx.config的配置看的不是很懂

daylife

Ryan Wang 👍
服务器的安全组我刚又把重新设置了一下443
授权策略优先级协议类型端口范围授权对象描述创建时间
允许 1 自定义 TCP 目的: 443/443 源: 0.0.0.0/0 2021年4月2日10:45:31
请问还需要服务商那些配置

x-god-lab

daylife listen 80;
server_name javafuture.cn www.javafuture.cn;

    rewrite ^(.*)$ https://$host$1;
    #charset koi8-r;

    #access_log  logs/host.access.log  main;
    client_max_body_size 1024m;
    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://127.0.0.1:8090/;
    }

80端口我是这么写的，我也是最近学的nginx

daylife

x-god-lab
能贴个完整的吗？谢谢

x-god-lab

daylife server {
listen 80;
server_name javafuture.cn www.javafuture.cn;

    rewrite ^(.*)$ https://$host$1;
    #charset koi8-r;

    #access_log  logs/host.access.log  main;
    client_max_body_size 1024m;
    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://127.0.0.1:8090/;
    }

x-god-lab

daylife server {
listen 443 ssl;
server_name javafuture.cn www.javafuture.cn;

   ssl_certificate      "/usr/local/nginx/conf/cert/5276741_javafuture.cn.pem";
   ssl_certificate_key  "/usr/local/nginx/conf/cert/5276741_javafuture.cn.key";

   ssl_session_timeout 10m;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_ciphers HIGH:!aNULL:!MD5;

   location / {
       proxy_pass http://127.0.0.1:8090/;


       proxy_set_header HOST $host;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

   }

}

Ryan Wang 👍

daylife 你说有没有可能是没有备案呢？我遇到过未备案封了443端口的。

daylife

Ryan Wang 👍 我都😂，我去年备案的还用Halo搭建好了博客一直没有使用，最近想把博客重新搭建一遍，现在出现了这个情况
我还是先问问阿里客服🤣

daylife

Ryan Wang 👍

nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-03-28 09:51:36 CST; 5 days ago
     Docs: http://nginx.org/en/docs/
 Main PID: 3618 (nginx)
    Tasks: 2
   Memory: 992.0K
   CGroup: /system.slice/nginx.service
           ├─ 3618 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           └─30028 nginx: worker process

我感觉是这个导致的 vendor preset: disabled

rastyu

我是把halo设置里的地址改成代理后的网址后，就正常工作了顺便贴一下自己的config给你参考一下
server {
listen 1443 ssl;
server_name blog.gfddfg.top;
ssl_certificate /etc/nginx/ssl/gfddfg.top/gfddfg.top.cer;
ssl_certificate_key /etc/nginx/ssl/gfddfg.top/gfddfg.top.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://192.168.10.6:8090/;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

daylife

rastyu 好的，谢谢

yangsihao00

upstream halo {
server 127.0.0.1:8090;//8090是初始未修改的halo博客端口号
}
server {
listen 80;
listen [::]:80;
server_name 域名 www.域名;//这里写你的域名包括加www的前缀
client_max_body_size 1024m;
return 301 https://$host$request_uri;//https访问
}
server {//前缀为www.你的域名配置文件及ssl证书
#SSL 访问端口号为 443
listen 443 ssl;
#填写绑定证书的域名
server_name www.域名;
#证书文件名称
ssl_certificate 1_www.域名_bundle.crt;
#私钥文件名称
ssl_certificate_key 2_www.域名.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM- SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://halo;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}
按这个试试，把证书解压里面两个文件放到.conf文件上一级