実現したいこと
さくらのVPSでSSL(JPRS ドメイン認証型)を申し込み、NginXに設定したいと思っているのですが、confファイルの設定が上手くいかず、エラーとなってしまいます。
前提
さくらのVPSでSSL(JPRS ドメイン認証型)を申し込み、SSL証明書・中間CA証明書のダウンロード・結合・インストールを行ったのですが、最後のnginxの設定ができず、SSLを反映することができません。 どなたか正しい設定方法などをご存じありませんでしょうか。
発生している問題・エラーメッセージ
設定ファイル(ssl.conf)を更新後、「sudo systemctl restart nginx.service」でnginxを再起動しようとすると、下記のエラーが出力されます。
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
該当のソースコード
ディレクトリ構成
・/etc/nginx/:
- default.d
- conf.d:
○ssl.conf(設定ファイル)
○server.key(秘密鍵)
○server.csr
○server.crt
○JPRS_DVCA_G4_PEM.cer
○ssl.pem(上記2つを結合したもの)
設定ファイル
server { listen 80; server_name .nikukyu.com www.nikukyu.com; rewrite ^ https://nikukyu.com$request_uri?; } server { listen 443 ssl http2; #listen [::]:443 ssl http2; server_name nikukyu.com www.nikukyu.com; root /var/www/html; ssl_certificate "/etc/nginx/ssl.crt/ssl.pem"; ssl_certificate_key "/etc/nginx/ssl.key/server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED'; index index.html; }
試したこと
様々な解説記事を読み、「SSL」の指定方法や「http2」の有無などを変えて試してみましたが、いずれも効果はありませんでした。
補足情報(FW/ツールのバージョンなど)
なお、confファイルを削除するか、SSLに関する記述をコメントアウトすればnginxそのものは正しく動作するようになります。
補足(2023/9/11 15:24)
nginxのエラーログについてですが、数えきれないほど同様のエラーが発生していました。
知識不足のためどのあたりをコピーすればよいかわかりませんので、最近の7,000字ほどを記載します。
2023/09/11 08:59:53 [error] 208887#208887: *30367 open() "/var/www/html/.env" failed (2: No such file or directory), client: 149.102.235.76, server: nikukyu.com, request: "HEAD /.env HTTP/1.1", host: "160.16.68.34" 2023/09/11 09:20:54 [notice] 208886#208886: signal 3 (SIGQUIT) received from 1, shutting down 2023/09/11 09:20:54 [notice] 208887#208887: gracefully shutting down 2023/09/11 09:20:54 [notice] 208888#208888: gracefully shutting down 2023/09/11 09:20:54 [notice] 208887#208887: exiting 2023/09/11 09:20:54 [notice] 208888#208888: exiting 2023/09/11 09:20:54 [notice] 208888#208888: exit 2023/09/11 09:20:54 [notice] 208887#208887: exit 2023/09/11 09:20:55 [notice] 208886#208886: signal 17 (SIGCHLD) received from 208887 2023/09/11 09:20:55 [notice] 208886#208886: worker process 208887 exited with code 0 2023/09/11 09:20:55 [notice] 208886#208886: signal 29 (SIGIO) received 2023/09/11 09:20:55 [notice] 208886#208886: signal 17 (SIGCHLD) received from 208888 2023/09/11 09:20:55 [notice] 208886#208886: worker process 208888 exited with code 0 2023/09/11 09:20:55 [notice] 208886#208886: exit 2023/09/11 09:20:55 [warn] 1616623#1616623: conflicting server name "nikukyu.com" on 0.0.0.0:80, ignored 2023/09/11 09:20:55 [warn] 1616623#1616623: conflicting server name "www.nikukyu.com" on 0.0.0.0:80, ignored 2023/09/11 09:20:55 [warn] 1616625#1616625: conflicting server name "nikukyu.com" on 0.0.0.0:80, ignored 2023/09/11 09:20:55 [warn] 1616625#1616625: conflicting server name "www.nikukyu.com" on 0.0.0.0:80, ignored 2023/09/11 09:20:55 [notice] 1616625#1616625: using the "epoll" event method 2023/09/11 09:20:55 [notice] 1616625#1616625: nginx/1.22.1 2023/09/11 09:20:55 [notice] 1616625#1616625: built by gcc 11.3.1 20221121 (Red Hat 11.3.1-4) (GCC) 2023/09/11 09:20:55 [notice] 1616625#1616625: OS: Linux 5.14.0-22.el9.x86_64 2023/09/11 09:20:55 [notice] 1616625#1616625: getrlimit(RLIMIT_NOFILE): 1024:524288 2023/09/11 09:20:55 [notice] 1616626#1616626: start worker processes 2023/09/11 09:20:55 [notice] 1616626#1616626: start worker process 1616627 2023/09/11 09:20:55 [notice] 1616626#1616626: start worker process 1616628 2023/09/11 09:27:35 [error] 1616628#1616628: *1 open() "/var/www/html/actuator/gateway/routes" failed (2: No such file or directory), client: 83.97.73.87, server: nikukyu.com, request: "GET /actuator/gateway/routes HTTP/1.1", host: "160.16.68.34:80" 2023/09/11 09:40:45 [notice] 1616626#1616626: signal 3 (SIGQUIT) received from 1, shutting down 2023/09/11 09:40:45 [notice] 1616627#1616627: gracefully shutting down 2023/09/11 09:40:45 [notice] 1616628#1616628: gracefully shutting down 2023/09/11 09:40:45 [notice] 1616627#1616627: exiting 2023/09/11 09:40:45 [notice] 1616628#1616628: exiting 2023/09/11 09:40:45 [notice] 1616628#1616628: exit 2023/09/11 09:40:45 [notice] 1616627#1616627: exit 2023/09/11 09:40:45 [notice] 1616626#1616626: signal 17 (SIGCHLD) received from 1616628 2023/09/11 09:40:45 [notice] 1616626#1616626: worker process 1616628 exited with code 0 2023/09/11 09:40:45 [notice] 1616626#1616626: signal 29 (SIGIO) received 2023/09/11 09:40:45 [notice] 1616626#1616626: signal 17 (SIGCHLD) received from 1616627 2023/09/11 09:40:45 [notice] 1616626#1616626: worker process 1616627 exited with code 0 2023/09/11 09:40:45 [notice] 1616626#1616626: exit 2023/09/11 09:40:45 [emerg] 1616776#1616776: cannot load certificate "/etc/nginx/conf.d/ssl.crt/ssl.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/conf.d/ssl.crt/ssl.pem, r) error:10000080:BIO routines::no such file) 2023/09/11 09:41:01 [emerg] 1616794#1616794: cannot load certificate "/etc/nginx/conf.d/ssl.crt/ssl.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/conf.d/ssl.crt/ssl.pem, r) error:10000080:BIO routines::no such file) 2023/09/11 09:41:18 [emerg] 1616801#1616801: cannot load certificate "/etc/nginx/conf.d/ssl.crt/ssl.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/conf.d/ssl.crt/ssl.pem, r) error:10000080:BIO routines::no such file) 2023/09/11 09:42:24 [emerg] 1616846#1616846: cannot load certificate "/etc/nginx/conf.d/ssl.crt/ssl.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/conf.d/ssl.crt/ssl.pem, r) error:10000080:BIO routines::no such file) 2023/09/11 12:36:57 [emerg] 1617418#1617418: cannot load certificate "/etc/nginx/conf.d/ssl.crt/ssl.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/conf.d/ssl.crt/ssl.pem, r) error:10000080:BIO routines::no such file) 2023/09/11 12:38:54 [warn] 1617436#1617436: conflicting server name "nikukyu.com" on 0.0.0.0:80, ignored 2023/09/11 12:38:54 [warn] 1617436#1617436: conflicting server name "www.nikukyu.com" on 0.0.0.0:80, ignored 2023/09/11 12:38:54 [warn] 1617437#1617437: conflicting server name "nikukyu.com" on 0.0.0.0:80, ignored 2023/09/11 12:38:54 [warn] 1617437#1617437: conflicting server name "www.nikukyu.com" on 0.0.0.0:80, ignored 2023/09/11 12:38:54 [notice] 1617437#1617437: using the "epoll" event method 2023/09/11 12:38:54 [notice] 1617437#1617437: nginx/1.22.1 2023/09/11 12:38:54 [notice] 1617437#1617437: built by gcc 11.3.1 20221121 (Red Hat 11.3.1-4) (GCC) 2023/09/11 12:38:54 [notice] 1617437#1617437: OS: Linux 5.14.0-22.el9.x86_64 2023/09/11 12:38:54 [notice] 1617437#1617437: getrlimit(RLIMIT_NOFILE): 1024:524288 2023/09/11 12:38:54 [notice] 1617438#1617438: start worker processes 2023/09/11 12:38:54 [notice] 1617438#1617438: start worker process 1617439 2023/09/11 12:38:54 [notice] 1617438#1617438: start worker process 1617440 2023/09/11 12:39:07 [error] 1617439#1617439: *1 open() "/var/www/html/class.js" failed (2: No such file or directory), client: 134.180.155.234, server: nikukyu.com, request: "GET /class.js HTTP/1.1", host: "nikukyu.com", referrer: "http://nikukyu.com/" 2023/09/11 12:39:08 [error] 1617440#1617440: *3 open() "/var/www/html/audio/pon.mp3" failed (2: No such file or directory), client: 134.180.155.234, server: nikukyu.com, request: "GET /audio/pon.mp3 HTTP/1.1", host: "nikukyu.com", referrer: "http://nikukyu.com/" 2023/09/11 12:39:08 [error] 1617440#1617440: *3 open() "/var/www/html/audio/pon.wav" failed (2: No such file or directory), client: 134.180.155.234, server: nikukyu.com, request: "GET /audio/pon.wav HTTP/1.1", host: "nikukyu.com", referrer: "http://nikukyu.com/" 2023/09/11 12:56:00 [notice] 1617438#1617438: signal 3 (SIGQUIT) received from 1, shutting down 2023/09/11 12:56:00 [notice] 1617439#1617439: gracefully shutting down 2023/09/11 12:56:00 [notice] 1617439#1617439: exiting 2023/09/11 12:56:00 [notice] 1617440#1617440: gracefully shutting down 2023/09/11 12:56:00 [notice] 1617440#1617440: exiting 2023/09/11 12:56:00 [notice] 1617440#1617440: exit 2023/09/11 12:56:00 [notice] 1617439#1617439: exit 2023/09/11 12:56:00 [notice] 1617438#1617438: signal 17 (SIGCHLD) received from 1617440 2023/09/11 12:56:00 [notice] 1617438#1617438: worker process 1617440 exited with code 0 2023/09/11 12:56:00 [notice] 1617438#1617438: signal 29 (SIGIO) received 2023/09/11 12:56:00 [notice] 1617438#1617438: signal 17 (SIGCHLD) received from 1617439 2023/09/11 12:56:00 [notice] 1617438#1617438: worker process 1617439 exited with code 0 2023/09/11 12:56:00 [notice] 1617438#1617438: exit 2023/09/11 12:56:00 [emerg] 1617547#1617547: unknown directive " listen " in /etc/nginx/conf.d/ssl.conf:2 2023/09/11 12:56:09 [emerg] 1617558#1617558: unknown directive " listen " in /etc/nginx/conf.d/ssl.conf:2 2023/09/11 13:41:48 [emerg] 1617647#1617647: unknown directive " listen " in /etc/nginx/conf.d/ssl.conf:2 2023/09/11 13:59:40 [emerg] 1617698#1617698: unknown directive " listen " in /etc/nginx/conf.d/ssl.conf:2
よろしくお願いします。
0 コメント