We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Letsencrypt: проблемы с Nginx и сертификатом Topic is solved
Letsencrypt: проблемы с Nginx и сертификатом
Когда включаю SSL Letsencrypt то не рестартует Nginx и при заходе на сайте пишет, что сертификат истек, дата от 2015 по 2016 год (серверное время в норме), и имя домена там не фигурирует(а вроде бы имя Хоста).
Хотя в интерфейсе показывает 2019 год сертификат, все верно.
Темплейты разные пробовал, например
На другом сервере удалось завести, но там phpfpm
Темплейт такой
Как сделать чтобы рестартовал nginx и сертификат был верным?
Хотя в интерфейсе показывает 2019 год сертификат, все верно.
Темплейты разные пробовал, например
Code: Select all
server {
listen %ip%:%proxy_ssl_port%;
server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
error_log /var/log/httpd/domains/%domain%.error.log error;
location / {
proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%;
access_log /var/log/httpd/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location @fallback {
proxy_pass https://%ip%:%web_ssl_port%;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include %home%/%user%/conf/web/snginx.%domain%.conf*;
}
Темплейт такой
Code: Select all
server {
listen %ip%:%web_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
try_files $uri $uri/ /index.php?$args;
access_log off;
log_not_found off;
}
location / {
try_files $uri $uri/ /index.php?$args;
if (!-e $request_filename)
{
rewrite ^(.+)$ /index.php?q=$1 last;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_buffers 8 256k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_cache microcache;
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid 200 301 302 30s;
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/web/%domain%/stats/auth.conf*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
}
Re: Letsencrypt: проблемы с Nginx и сертификатом
Какая ОС на сервере? Какая ошибка при рестарте nginx
Code: Select all
service nginx restart
Re: Letsencrypt: проблемы с Nginx и сертификатом
CentOS 6.1
Nginx.confnginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (2: No such file or directory)
2019/04/09 21:51:45 [emerg] 30624#30624: open() "/var/log/nginx/error.log" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
Code: Select all
# Server globals
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
load_module "modules/ngx_http_geoip_module.so";
# Worker config
events {
worker_connections 1024;
use epoll;
}
http {
# Main settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 1m;
client_body_timeout 1m;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 100m;
large_client_header_buffers 4 8k;
send_timeout 30;
keepalive_timeout 60 60;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
### GeoIP start
geoip_country /usr/share/GeoIP/GeoIP.dat;
geoip_city /usr/share/GeoIP/GeoLiteCity.dat;
### SET FASTCGI Variables ###
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
###geo ip apache###
proxy_set_header GEOIP_COUNTRY_CODE $geoip_country_code;
proxy_set_header GEOIP_COUNTRY_CODE3 $geoip_country_code3;
proxy_set_header GEOIP_COUNTRY_NAME $geoip_country_name;
proxy_set_header GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
proxy_set_header GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
proxy_set_header GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
proxy_set_header GEOIP_REGION $geoip_region;
proxy_set_header GEOIP_CITY $geoip_city;
proxy_set_header GEOIP_POSTAL_CODE $geoip_postal_code;
proxy_set_header GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
proxy_set_header GEOIP_LATITUDE $geoip_latitude;
proxy_set_header GEOIP_LONGITUDE $geoip_longitude;
# Log format
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format bytes '$body_bytes_sent';
#access_log /var/log/nginx/access.log main;
access_log off;
# Mime settings
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Compression
gzip on;
gzip_comp_level 9;
gzip_min_length 512;
gzip_buffers 8 64k;
gzip_types text/plain text/css text/javascript
application/x-javascript;
gzip_proxied any;
# Proxy settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
# Cloudflare https://www.cloudflare.com/ips
set_real_ip_from ИП-АДРЕС/21;
set_real_ip_from ИП-АДРЕС/20;
#set_real_ip_from 2400:cb00::/32;
#set_real_ip_from 2606:4700::/32;
#set_real_ip_from 2803:f800::/32;
#set_real_ip_from 2405:b500::/32;
#set_real_ip_from 2405:8100::/32;
real_ip_header CF-Connecting-IP;
# SSL PCI Compliance
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:bla-bla-bla-bla-bla.......";
# Error pages
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 502 503 504 /error/50x.html;
# Cache
proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
proxy_temp_path /var/cache/nginx/temp;
proxy_cache_key "$host$request_uri $cookie_user";
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_valid any 3d;
map $http_cookie $no_cache {
default 0;
~SESS 1;
~wordpress_logged_in 1;
}
# Wildcard include
include /etc/nginx/conf.d/*.conf;
server {
location ~ \.php$ {
if (!-e $request_filename) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
include /etc/nginx/fastcgi_params;
}
}
}
Re: Letsencrypt: проблемы с Nginx и сертификатом
Доступ сможете предоставить? Посмотрим что с LE
Re: Letsencrypt: проблемы с Nginx и сертификатом
Спасибо за предложение, сейчас пока еще сам пытаюсь крутить.
Сейчас при рестарте nginx уже вижу что-то более понятное
Теперь то же самое пишет, но про порт 443.
Сейчас при рестарте nginx уже вижу что-то более понятное
Но что с этим делать пока не ясно.nginx: [emerg] bind() to ЗДЕСЬ-ИП:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
Code: Select all
айпишки затер, верхний так и был с ноликами
/etc/nginx$ netstat -ant | grep -i listen | grep ':80'
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 176.000000:8080 0.0.0.0:* LISTEN
tcp 0 0 178.000000:8080 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8081 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8084 0.0.0.0:* LISTEN
netstat показывает по 443nginx: [emerg] bind() to ЗДЕСЬ-ИП:443 failed (98: Address already in use)
tcp 0 0 :::443 :::* LISTEN 2488/httpd
Code: Select all
/etc/httpd/conf.d/149.202.139.49.conf:NameVirtualHost 149.000000:8443
/etc/httpd/conf.d/149.202.139.49.conf:Listen 149.000000:8443
/etc/httpd/conf.d/176.31.252.120.zzz:NameVirtualHost 176.000000:8443
/etc/httpd/conf.d/176.31.252.120.zzz:Listen 176.000000:8443
/etc/httpd/conf.d/178.33.202.49.conf:NameVirtualHost 178.000000:8443
/etc/httpd/conf.d/178.33.202.49.conf:Listen 178.000000:8443
/etc/httpd/conf.d/178.33.202.50.conf:NameVirtualHost 178.000000:8443
/etc/httpd/conf.d/178.33.202.50.conf:Listen 178.000000:8443
/etc/httpd/conf.d/178.33.202.51.conf:NameVirtualHost 178.000000:8443
/etc/httpd/conf.d/178.33.202.51.conf:Listen 178.000000:8443
/etc/httpd/conf.d/178.32.4.210.conf:NameVirtualHost 178.000000:8443
/etc/httpd/conf.d/178.32.4.210.conf:Listen 178.000000:8443
/etc/httpd/conf.d/ssl.conf:Listen 443
/etc/httpd/conf.d/ssl.conf:<VirtualHost _default_:443>
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
/etc/httpd/conf.d/149.202.137.179.conf:NameVirtualHost 149.000000:8443
/etc/httpd/conf.d/149.202.137.179.conf:Listen 149.000000:8443
/etc/httpd/conf.d/178.32.4.211.conf:NameVirtualHost 178.000000:8443
/etc/httpd/conf.d/178.32.4.211.conf:Listen 178.000000:8443
/etc/httpd/conf.d/178.32.4.208.conf:NameVirtualHost 178.000000:8443
/etc/httpd/conf.d/178.32.4.208.conf:Listen 178.000000:8443
/etc/httpd/conf.d/178.33.202.48.conf:NameVirtualHost 178.000000:8443
/etc/httpd/conf.d/178.33.202.48.conf:Listen 178.000000:8443
/etc/httpd/conf.d/178.32.4.209.conf:NameVirtualHost 178.000000:8443
/etc/httpd/conf.d/178.32.4.209.conf:Listen 178.000000:8443
/etc/httpd/conf.d/94.23.211.178.conf:NameVirtualHost 176.000000:8443
/etc/httpd/conf.d/94.23.211.178.conf:Listen 176.000000:8443
Re: Letsencrypt: проблемы с Nginx и сертификатом
Если остановить панель, затем httpd, и перезапустить nginx,
то потом не поднимается обратно httpd
они видимо мешают друг другу, но как устранить не знаю..
в /etc/httpd/conf.d/ssl.conf Listen 443
и в конфигах айпишек, 149.202.137.179.conf
то потом не поднимается обратно httpd
Code: Select all
/etc/httpd/conf.d$ service httpd start
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 176.31.252.120:8443 has no VirtualHosts
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 178.32.4.210:8443 has no VirtualHosts
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 178.32.4.211:8443 has no VirtualHosts
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 178.32.4.208:8443 has no VirtualHosts
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 178.32.4.209:8443 has no VirtualHosts
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 149.202.137.179:8443 has no VirtualHosts
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 178.33.202.49:8443 has no VirtualHosts
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 178.33.202.48:8443 has no VirtualHosts
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 178.33.202.51:8443 has no VirtualHosts
[Wed Apr 10 12:22:27 2019] [warn] NameVirtualHost 178.33.202.50:8443 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
в /etc/httpd/conf.d/ssl.conf Listen 443
и в конфигах айпишек, 149.202.137.179.conf
Code: Select all
NameVirtualHost 149.202.137.179:8080
Listen 149.202.137.179:8080
NameVirtualHost 149.202.137.179:8443
Listen 149.202.137.179:8443
Re: Letsencrypt: проблемы с Nginx и сертификатом
Попробуйте выполнить
Code: Select all
service nginx stop
service httpd stop
killall httpd
killall nginx
service httpd start
service nginx start
Re: Letsencrypt: проблемы с Nginx и сертификатом
Лучше будет если вы предоставите доступ и мы посмотрим прямо на сервере
Re: Letsencrypt: проблемы с Nginx и сертификатом
Кажется удалось победить, пока тестирую
Поменял здесь /etc/httpd/conf.d/ssl.conf
Listen с 443 на 1500
Нормальный вариант?
Но в шаблонах /home/domain.ru/conf/web/domain.ru.nginx.ssl.conf
Порты все равно 443, 8443 стоит
---------
Еще такой момент, если блокируете на сервере ботов по Юзер Агенту, то может срезаться бот letsencrypt, не знаю какой у них UA, пришлось пока отключить блокировку по UA. От этого может возникать ошибка .well-known/acme-challenge/