按照手册,在nginx下部署完成seafile,也可以通过域名访问了,但是配置ssl时又遇到了问题。按照手册“nginx下启用HTTPS”的指导,修改nginx的配置文件,保存。用
nginx -t
命令查看状态,提示如下:
nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead in /usr/local/nginx/conf/nginx.conf:113
应该怎么修改呢?
把ssl指令删了,在listen的地方端口号后面加上ssl,如:
listen 443 ssl;谢谢,这个问题解决了,又有个新问题,错误提示如下:
nginx: [emerg] the size 10485760 of shared memory zone “SSL” conflicts with already declared size 5242880 in /usr/local/nginx/conf/vhost/www.jeezy.cn.conf
我这个服务器本来有网站,是不是有什么冲突的意思?
nginx配置文件贴出来看看
整个文件就是这样。
user www www;
worker_processes auto;
worker_cpu_affinity auto;error_log /home/wwwlogs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;events
{
use epoll;
worker_connections 51200;
multi_accept off;
accept_mutex off;
}http
{
include mime.types;
default_type application/octet-stream;server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 50m; sendfile on; sendfile_max_chunk 512k; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 256k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_disable "MSIE [1-6]\."; #limit_conn_zone $binary_remote_addr zone=perip:10m; ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section. server_tokens off; access_log off;server
{
listen 80 default_server reuseport;
#listen [::]:80 default_server ipv6only=on;
server_name _;
index index.html index.htm index.php;
root /home/wwwroot/default;#error_page 404 /404.html; # Deny access to PHP files in specific directory #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; } include enable-php.conf; location /nginx_status { stub_status on; access_log off; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*\.(js|css)?$ { expires 12h; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } access_log /home/wwwlogs/access.log; }server {
listen 80;
server_name file.jeezy.cn;
rewrite ^ https://$http_host$request_uri? permanent;
server_tokens off;
}
server {
listen 443 ssl;
#ssl on;
ssl_certificate /etc/ssl/cacert.pem; #cacert.pem 文件路径
ssl_certificate_key /etc/ssl/privkey.pem; #privkey.pem 文件路径
server_name file.jeezy.cn;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;# secure settings (A+ at SSL Labs ssltest at time of writing) # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS'; ssl_prefer_server_ciphers on; proxy_set_header X-Forwarded-For $remote_addr; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; server_tokens off; location / { proxy_pass http://127.0.0.1:8001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto https; proxy_read_timeout 1200s; # used for view/edit office file via Office Online Server client_max_body_size 0; access_log /usr/local/nginx/seahub.access.log; error_log /usr/local/nginx/seahub.error.log; }If you are using FastCGI,
which is not recommended, you should use the following config for location
/.location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_read_timeout 36000;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp { rewrite ^/seafhttp(.*)$ $1 break; proxy_pass http://127.0.0.1:8082; client_max_body_size 0; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 36000s; proxy_read_timeout 36000s; proxy_send_timeout 36000s; send_timeout 36000s; } location /media { root /opt/seafile/seafile-server-latest/seahub; }}
include vhost/*.conf;
}
/usr/local/nginx/conf/vhost/www.jeezy.cn.conf 的内容
ssl_session_cache定义重复了,你贴的配置里面有一句
ssl_session_cache shared:SSL:5m;
估计在www.jeezy.cn.conf中还有1句,类似
ssl_session_cache shared:SSL:10m;
www.jeezy.cn.conf里确实有一句
ssl_session_cache builtin:1000 shared:SSL:10m;
我把nginx.conf里也改成10m了。检查配置成功,重新加载nginx,然后出现了新问题。打开seafile的页面,显示不被信任的证书。
我是完全按照手册操作的,我查看了证书,确实是我填的信息,应该不是用错了证书,那还会是什么问题呢?
直接信任,就进去了,浏览器也挂上了
,是不是就可以了呢?
可以了,浏览器出现警告是因为你的证书是自签名证书。
openssl 簽的?
自簽cert 是會有錯誤的. 如果給網外用試用letsencrypt.
谢谢两位,在你们的耐心指导下顺利搞定了,再次感谢!
