Nginx
NGinX -emerg____和米和rGemerg“ssl_certificate”指令是重複的 - 添加新的啟用 SSL 的站點會破壞 NGinx Conf
我正在嘗試將第二個啟用 SSL 的站點添加到我的 NGinX 配置中。僅在一個啟用 SSL 的站點上一切正常,但是當我添加第二個 conf(它只是從工作站點編輯和複製的 conf)時,我收到以下錯誤。
注意:我已經測試過,如果我刪除新站點,則 conf 通過,反之亦然,如果我刪除舊站點,新站點可以工作。
root@NGinX:/etc/nginx/sites-enabled# ytitconf * Reloading nginx configuration nginx [fail] nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/ytit.conf:2 nginx: configuration file /etc/nginx/nginx.conf test failed這是整個非常簡單的配置。
注意:第二個站點託管多個子域,但該站點目前不會託管子域。
root@NGinX:/etc/nginx/sites-available# cat ytit.conf #GLOBAL SSL ssl_certificate /etc/ssl/certs/ssl-bundle-ytit.crt; ssl_certificate_key /etc/ssl/private/server-ytit.key; server { listen 80; server_name www.ytit.ca ytit.ca; return 301 https://$server_name/; } server { listen 443 ssl; ssl on; server_name www.ytit.ca ytit.ca; access_log /var/log/nginx/nginx.vhost.access.log; error_log /var/log/nginx/nginx.vhost.error.log; location / { proxy_pass https://192.168.1.169:443/; include /etc/nginx/proxy.conf; } }這是NGinX.conf;我不認為它被修改過,但我大約一年前設置了 NGinX,不記得說實話,所以我將它包括在內,因為錯誤表明它與 NGinX.conf 測試有關。
root@NGinX:/etc/nginx/sites-available# cat /etc/nginx/nginx.conf user www-data; worker_processes 4; pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # nginx-passenger config ## # Uncomment it if you installed nginx-passenger ## #passenger_root /usr; #passenger_ruby /usr/bin/ruby; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #}conf.d 中沒有任何額外內容
root@NGinX:/etc/nginx/conf.d# ll total 8 drwxr-xr-x 2 root root 4096 Jul 29 2015 ./ drwxr-xr-x 5 root root 4096 Mar 8 2016 ../
您的主配置文件包含
include /etc/nginx/sites-enabled/*按順序拖入指定目錄中所有配置文件的行。不在命名上下文中的所有指令都預設為
global上下文,因此通過在這些文件的頂層定義ssl_certificate和重新定義全域指令,這會導致 NginX 抱怨。ssl_certificates您的選擇是:
- 將
ssl_certificateand移動到ssl_certificates一個server上下文中,這允許您為不同的站點配置不同的證書;- 僅在全域上下文中的這些站點 conf 文件之一中具有
ssl_certificateandssl_certificates指令,這使其覆蓋所有伺服器。或者,將其移動到頂級nginx.conf文件將具有相同的效果。請注意,從 1.11 版開始,您可以使用多個
ssl_certificate和ssl_certificates指令來涵蓋不同的證書類型(RSA、ECDSA 等)。