我无法在我的NGINX / Ubuntu18.04实例上运行certbot并运行。我跑过了演练
我选择了certbot重定向,并更新了我的网站配置文件。
我的配置文件如下所示:
server {
listen 80;
listen [::]:80;
root /var/www/punkmap.com/html;
index index.html index.htm index.nginx-debian.html;
server_name punkmap.com www.punkmap.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/punkmap.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/punkmap.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
certbot对我的配置文件的添加会破坏我的网站。通过删除certbot添加到配置文件中的代码行很容易修复。但是,我在互联网上找不到显示如何纠正问题的信息。
我的网站配置应该是什么样的?
谢谢!
泰勒
问题是你在同一个服务器块中有两个listen指令。您最好的解决方案是手动编辑nginx配置以拆分为两个服务器块。非ssl(端口80)块应重定向到ssl(端口443)块。这样的事情应该有效:
server {
listen 80;
listen [::]:80;
server_name punkmap.com www.punkmap.com;
return 301 https://$host$request_uri;
}
server {
root /var/www/punkmap.com/html;
index index.html index.htm index.nginx-debian.html;
server_name punkmap.com www.punkmap.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/punkmap.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/punkmap.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
然后在将来升级时,请确保传递--cert-only参数,以便不再破坏您的配置。请注意,我删除了所有由Certbot注释管理的#,因为在此之后,它们将由您管理。