+-
![NGinX – [emerg]“ssl_certificate”指令重复 – 添加新的SSL启用站点中断NGinx Conf](/img/no_img.png "NGinX – [emerg]“ssl_certificate”指令重复 – 添加新的SSL启用站点中断NGinx Conf")
我正在尝试为我的NGinX配置添加第二个启用SSL的站点.只有一个启用SSL的站点,一切正常,但是当我添加第二个conf – 这只是来自工作站点的编辑和复制的conf时 – 我收到以下错误.
注意:我已经测试过,如果我删除新网站,则会传递,反之亦然,如果我删除旧网站,则新网站可以使用.
root@NGinX:/etc/nginx/sites-enabled# ytitconf
* Reloading nginx configuration nginx [fail]
nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/ytit.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
这是整个非常简单的配置.
注意:第二个站点拥有多个子域,但此站点目前不会托管子域.
root@NGinX:/etc/nginx/sites-available# cat ytit.conf
#GLOBAL SSL
ssl_certificate /etc/ssl/certs/ssl-bundle-ytit.crt;
ssl_certificate_key /etc/ssl/private/server-ytit.key;
server {
listen 80;
server_name www.ytit.ca ytit.ca;
return 301 https://$server_name/;
}
server {
listen 443 ssl;
ssl on;
server_name www.ytit.ca ytit.ca;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
proxy_pass https://192.168.1.169:443/;
include /etc/nginx/proxy.conf;
}
}
这是NGinX.conf;我不认为它被修改了,但是我差不多一年前就设置了NGinX并且不记得说实话,所以我把它包括在内,因为错误说它是用NGinX.conf测试的.
root@NGinX:/etc/nginx/sites-available# cat /etc/nginx/nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
在conf.d中没什么额外的
root@NGinX:/etc/nginx/conf.d# ll
total 8
drwxr-xr-x 2 root root 4096 Jul 29 2015 ./
drwxr-xr-x 5 root root 4096 Mar 8 2016 ../
最佳答案
您的主配置文件包含包含/ etc / nginx / sites-enabled / *的行,它依次拖动指定目录中的所有配置文件.
不在命名上下文中的所有指令都默认为全局上下文,因此通过在这些文件的顶层定义ssl_certificate和ssl_certificates,您将重新定义全局指令,这会导致NginX抱怨.
你的选择是:
>在服务器上下文中移动ssl_certificate和ssl_certificates,这允许您为不同的站点配置不同的证书;
>只在全局上下文中的其中一个站点配置文件中使用ssl_certificate和ssl_certificates指令,这使得它涵盖了所有服务器.或者,将其移动到顶级nginx.conf文件将具有相同的效果.
请注意,从版本1.11开始,您可以使用多个ssl_certificate和ssl_certificates指令来涵盖不同的证书类型(RSA,ECDSA等).
点击查看更多相关文章
转载注明原文:NGinX – [emerg]“ssl_certificate”指令重复 – 添加新的SSL启用站点中断NGinx Conf - 乐贴网
