单IP两个HTTPS站,提示443端口重复
配置了个www,然后配置了个test两个配置文件一模一样,除了域名和指向的目录
Starting nginx... nginx: duplicate listen options for 0.0.0.0:443 in /usr/local/nginx/conf/vhost/www.17huiwei.com.conf:12
两个域名得host文件如下,证书已经各自正确设置
server {
listen 80;
listen [::]:80;
if ($scheme = http) {
return 301 https://www.xxx.com$request_uri;
}
}
server
{
listen 443 ssl http2 fastopen=3 reuseport;
listen [::]:443 ssl http2 fastopen=3 reuseport;
server_name www.xxx.com;
index index.php;
root /web/www.xxx.com;
ssl_certificate /usr/local/nginx/conf/ssl/www.xxx.com.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/www.xxx.com.key;
我查了一下nginx -V,
TLS SNI support enabled
按理说没问题呀
[ 本帖最后由 loren 于 2018-3-4 22:38 编辑 ] 贴出的这几行配置没有问题,这个错误提示肯定是有地方有重复的listen 443 不是说有了SNI就无所谓SSL端口重复的么?
我两个都是配置的443端口,不行么?还是SSL端口不能一样,比方443、444、445这样分开才行?
回复 3# 的帖子
sni和端口没关系,你可以搜索一下sni的具体说明前面没说要你改成其它端口,上面说的意思是一个server 段里listen 443有多个重复
你配置文件本来就贴的不全,要不你就贴上完整的配置给你看看也可以联系QQ或旺旺付费进行排查 以下为u.xx.com的全配置文件,还有一个www.xx.com,仅仅将u.xx.com做了www.xx.com批量替换(包括路径)
也就是说两个配置文件的配置方法一模一样。
server {
listen 80;
listen [::]:80;
if ($scheme = http) {
return 301 https://u.xxx.com$request_uri;
}
}
server
{
listen 443 ssl http2 fastopen=3 reuseport;
listen [::]:443 ssl http2 fastopen=3 reuseport;
server_name u.xxx.com;
index index.php;
root /web/u.xxx.com;
ssl_certificate /usr/local/nginx/conf/ssl/u.xxx.com.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/u.xxx.com.key;
ssl_session_timeout 6h;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
include other.conf;
#error_page 404 /404.html;
include enable-php.conf;
location ~ [^/]\.php(/|$)
{
# comment try_files $uri =404; to enable pathinfo
try_files $uri =404;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|webm|bmp|htm|html|xml|swf|flv|mp4|mp3|js|css|ico)$
{
expires 30d;
}
location ~ /\.
{
deny all;
}
access_log off;
} 这个问题能帮忙回答一下么,多谢 原帖由 loren 于 2018-3-8 12:41 发表 http://bbs.vpser.net/images/common/back.gif
这个问题能帮忙回答一下么,多谢 server {
listen 80;
listen [::]:80;
if ($scheme = http) {
return 301 https://u.xxx.com$request_uri;
}
}
server
{
listen 443 ssl http2 fastopen=3 reuseport;
listen [::]:443 ssl http2 fastopen=3 reuseport;
随便瞎说两句啊,你有IPV6真幸福。[::]我都没用过。
第一个SERVER块,IF的那句是不是该从花括号里迁出来?还有,这个SERVER块似乎写废了,既然是80端口,何必又写$SCHEME=HTTP?肯定是HTTP了,否则就是443端口了吧。所以你第一个SERVER块加个SERVER_NAME _之后就直接RETURN 301不就成了?
第二个SERVER块第一个起始那个花括号往上提一行,变成
server {
listen 443 ssl http2
}
这个样子。不知道是否有影响,不过NIGNX的小侄子CADDY是有这样的要求的。
另外,官方范例中没见过有同时LISTEN 两个一样的端口号的,官方文档中涉及到一个IP两个站的说明(https://nginx.org/en/docs/http/configuring_https_servers.html)是先听80再听443
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
...
}
页:
[1]