ssl - nginx listen ... ssl 指令错误，但没有设置 ssl 指令

Question

我不明白 nginx 在哪里听... ssl 来自的指令。它会阻止 nginx 启动...

/docker-entrypoint.sh: Configuration complete; ready for start up

2020/11/16 10:25:45 [emerg] 1#1: no "ssl_certificate" is defined for the "listen ... ssl" directive in etc/nginx/conf.d/default.conf:28

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/conf.d/default.conf:28

我的 conf.d/default.conf:

# redirect all traffic to https
#server {
#    listen 80 default_server;
#    listen [::]:80 default_server;
#    server_name _;
#    return 301 https://$host$request_uri;
#}

server {
    listen           80 default_server;
    listen      [::]:80 default_server;
    server_name _;

    # Write Access and Error logs
    access_log        /var/log/nginx/.access.log;
    error_log         /var/log/nginx/error.log;

    # CertBot needs either port 80 or 443 open to connect to the
    location ^~ /.well-known/acme-challenge/ {
        root           /var/www/letsencrypt;
    }

#    location / {
#        return 301 https://$host$request_uri;
#    }
}

server {
    listen       443;
    listen  [::]:443;
    server_name  _;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    # Certificates
#    ssl_certificate         /etc/letsencrypt/live/.../fullchain.pem;
#    ssl_certificate_key     /etc/letsencrypt/live/.../fullchain.pem;
    # verify chain of trust of OCSP response using Root CA and Intermediate certs
#    ssl_trusted_certificate /etc/letsencrypt/live/.../fullchain.pem;

#    include ssl.conf;

    set $upstream_webfuse_com JS_upstream;

    location / {
        # allow CORS
        #add_header 'Access-Control-Allow-Origin' '*' always;

        include proxy.conf;
        resolver 127.0.0.11 valid=30s;
        proxy_pass http://$upstream_webfuse_com:3000;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;

        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/htpasswd;
    }

    #location / {
    #    root   /usr/share/nginx/html;
    #    index  index.html index.htm;
    #}

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

    #location ~ \.php$ {
    #    root           /usr/share/nginx/html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one

    #location ~ /\.ht {
    #    deny  all;
    #}
}

server {
    listen      443;
# ssl http2;
    listen [::]:443;
# ssl http2;

    server_name coder.*;

    # Certificates
    #ssl_certificate         /etc/letsencrypt/live/.../fullchain.pem;
    #ssl_certificate_key     /etc/letsencrypt/live/.../fullchain.pem;
    # verify chain of trust of OCSP response using Root CA and Intermediate certs
    #ssl_trusted_certificate /etc/letsencrypt/live/.../fullchain.pem;

    #include ssl.conf;

    client_max_body_size 0;

    # CertBot needs either port 80 or 443 open to connect to the
    location ^~ /.well-known/acme-challenge/ {
        root           /var/www/letsencrypt;
    }

    location / {
        include proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_code_server coder;
        proxy_pass http://$upstream_code_server:8443;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
    }
}

Answer 1

您在端口 443 上监听。它是 SSL 端口。

server {
listen       443;
listen  [::]:443;

您不需要监听端口 443 或添加证书。如果没有，它将无法正常工作