我有一个nginx的服务器设置为似乎每天崩溃的反向代理。从来没有与服务器的任何问题,最近出现,但(一个月左右前)我开始注意到,nginx的不运行,我必须登录到服务器,以重新启动安装过程了。
我无法找到任何在日志中有用。我会很感激在诊断问题的任何帮助。
nginx的版本:nginx的/ 1.10.3(Ubuntu的)
OS:Ubuntu的16.04.4 LTS(在LXC运行)
# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Sat 2018-06-23 21:49:46 UTC; 1min 23s ago
Process: 13485 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=1/FAILURE)
Process: 13402 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 13401 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 13403 (code=exited, status=0/SUCCESS)
Jun 23 10:30:17 nginx systemd[1]: Starting A high performance web server and a reverse proxy server...
Jun 23 10:30:17 nginx systemd[1]: Started A high performance web server and a reverse proxy server.
猫/var/log/nginx/error.log
2018/06/23 21:49:46 [notice] 13484#13484: signal process started
有没有在access.log文件可疑。
让我知道,如果有任何这将是有帮助的更多信息
我有同样的问题,这是错误的同一来源:certbot被关闭nginx的服务器,是不能够续约后再次启动的。
您可以检查是否通过检查以下日志遇到同样的问题。首先nginx的日志:
tail -n 100 /var/log/nginx/error.log
结果:
2019/02/05 12:07:37 [notice] 1629#1629: signal process started
2019/02/05 12:07:37 [error] 1629#1629: open() "/run/nginx.pid" failed (2: No such file or directory)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to 0.0.0.0:80 failed (98: Address already in use)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to 0.0.0.0:443 failed (98: Address already in use)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to [::]:443 failed (98: Address already in use)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to 0.0.0.0:444 failed (98: Address already in use)
2019/02/05 12:07:38 [emerg] 1655#1655: bind() to [::]:444 failed (98: Address already in use)
[...]
2019/02/05 12:07:38 [emerg] 1655#1655: still could not bind()
2019/02/05 12:07:41 [alert] 1631#1631: unlink() "/run/nginx.pid" failed (2: No such file or directory)
我们看到nginx的不成功尝试重新启动。
您可以检查系统日志太:
tail -n 100 /var/log/syslog
并寻找相同的时间戳:
Feb 5 12:07:30 systemd[1]: Starting Certbot...
Feb 5 12:07:31 systemd[1]: Stopping A high performance web server and a reverse proxy server...
Feb 5 12:07:31 systemd[1]: Stopped A high performance web server and a reverse proxy server.
Feb 5 12:07:38 systemd[1]: Starting A high performance web server and a reverse proxy server...
我们看到,certbot似乎会导致问题。
就我而言,我有一个老版本certbot的。您可以使用certbot --version命令来检查您的版本。在我来说,我有certbot 0.10.2 ...
所以首先,升级你的certbot的应用程序,并添加nginx的插件:
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx
检查新版本:certbot --version - > certbot 0.28.0。
然后,你将不得不相应地修改更新配置文件新版本,并使用nginx的插件。更新的conf文件在/etc/letsencrypt/renewal/*目录。需要注意的是certbot文档劝阻你手动修改...
我从修改所有更新配置文件:
# renew_before_expiry = 30 days
version = 0.10.2
archive_dir = /etc/letsencrypt/archive/yourdomain
cert = /etc/letsencrypt/live/yourdomain/cert.pem
privkey = /etc/letsencrypt/live/yourdomain/privkey.pem
chain = /etc/letsencrypt/live/yourdomain/chain.pem
fullchain = /etc/letsencrypt/live/yourdomain/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = standalone
post_hook = service nginx start
account = yourkey
pre_hook = service nginx stop
installer = nginx
至:
# renew_before_expiry = 30 days
version = 0.28.0
archive_dir = /etc/letsencrypt/archive/yourdomain
cert = /etc/letsencrypt/live/yourdomain/cert.pem
privkey = /etc/letsencrypt/live/yourdomain/privkey.pem
chain = /etc/letsencrypt/live/yourdomain/chain.pem
fullchain = /etc/letsencrypt/live/yourdomain/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = yourkey
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = nginx
installer = nginx
(注意,只有版本和认证器线已被修改,服务器线已被添加,和pre_hook和post_hook线已被删除)。
然后,你可以检查你的下一个更新会顺利进行,通过模拟一个更新,使用以下命令:
certbot renew --dry-run
你应该为每个证书的下面,没有红色的错误:
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/yourdomain/fullchain.pem
它出现的问题的解决方案在/var/log/syslog被发现。 certbot是为了试图续订证书关闭nginx的服务器,但由于一些配置问题,(我的错),它会失败,而不是把nginx的服务器重新开启。