Я пытаюсь запустить nginx, но он дает мне ошибки, которые я не понимаю. Я даю точную ошибку в приведенной ниже информации. Я посмотрел на ошибки, и я не могу сделать из них головы или хвосты. Я искал некоторые сведения об ошибках, но я не могу найти ничего, что поможет.Не удается запустить nginx
Независимо от проблемы, это как-то связано с одним из виртуальных хостов onyx.myhost.com. Если я удалю ссылку на файл conf для onyx.myhost.com, тогда сервер начнет работать нормально.
Следует также упомянуть, что одна и та же конфигурация отлично работала на более старой версии Linux. Ниже приводится информация об этой системе.
Я знаю, что это довольно редкая информация, с которой можно обратиться за помощью, но я действительно не знаю, куда идти. Сначала я перечислил часть своей системной информации, а затем ошибки. Я изменил свое фактическое имя хоста на «myhost».
Пожалуйста, дайте мне знать, если есть какая-либо другая информация, которую я должен опубликовать.
выход от попыток запустить сервер
[email protected] onyx.myhost.com # sudo service nginx start
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
Linux версии:
[email protected] onyx.myhost.com # cat /etc/issue
Ubuntu 16.04.1 LTS \n \l
Linux версии на сервере, в котором та же конфигурация работала:
[email protected] ~ # cat /etc/issue
Ubuntu 14.04.5 LTS \n \l
Nginx версии: Я слово завернула выход.
[email protected] onyx.myhost.com # nginx -V
nginx version: nginx/1.10.0 (Ubuntu)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now'
--prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
--with-ipv6 --with-http_ssl_module --with-http_stub_status_module
--with-http_realip_module --with-http_auth_request_module
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gunzip_module --with-http_gzip_static_module
--with-http_image_filter_module --with-http_v2_module --with-http_sub_module
--with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail
--with-mail_ssl_module --with-threads
версия Nginx на сервере, в котором такая же конфигурация работала:
[email protected] ~ # sudo nginx -V
nginx version: nginx/1.4.6 (Ubuntu)
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6
--with-http_ssl_module --with-http_stub_status_module --with-http_realip_module
--with-http_addition_module --with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module
--with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module
Выход из systemctl
[email protected] onyx.myhost.com # sudo systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2016-12-20 18:52:31 UTC; 3min 35s ago
Process: 4436 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Dec 20 18:52:31 newton systemd[1]: Starting A high performance web server and a reverse proxy server...
Dec 20 18:52:31 newton nginx[4436]: nginx: [emerg] BIO_new_file("/etc/ssl/certs/dhparam.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/certs
Dec 20 18:52:31 newton nginx[4436]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 20 18:52:31 newton systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 20 18:52:31 newton systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Dec 20 18:52:31 newton systemd[1]: nginx.service: Unit entered failed state.
Dec 20 18:52:31 newton systemd[1]: nginx.service: Failed with result 'exit-code'.
lines 1-12/12 (END)
======== ================================================== ==========
выход из journalctl -xe
[email protected] onyx.myhost.com # sudo journalctl -xe
Dec 20 18:55:30 newton sshd[4462]: Failed password for root from 116.31.116.18 port 18380 ssh2
Dec 20 18:55:32 newton sshd[4462]: Failed password for root from 116.31.116.18 port 18380 ssh2
Dec 20 18:55:33 newton sshd[4462]: Received disconnect from 116.31.116.18 port 18380:11: [preauth]
Dec 20 18:55:33 newton sshd[4462]: Disconnected from 116.31.116.18 port 18380 [preauth]
Dec 20 18:55:33 newton sshd[4462]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:56:03 newton sshd[4469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:56:05 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2
Dec 20 18:56:07 newton sudo[4471]: snapper : TTY=pts/0 ; PWD=/home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com ; USER=root ; COMMAND=/bin/systemctl status nginx.service
Dec 20 18:56:07 newton sudo[4471]: pam_unix(sudo:session): session opened for user root by snapper(uid=0)
Dec 20 18:56:07 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2
Dec 20 18:56:10 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2
Dec 20 18:56:10 newton sshd[4469]: Received disconnect from 116.31.116.18 port 12569:11: [preauth]
Dec 20 18:56:10 newton sshd[4469]: Disconnected from 116.31.116.18 port 12569 [preauth]
Dec 20 18:56:10 newton sshd[4469]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:56:42 newton sshd[4501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:56:42 newton sshd[4503]: Connection closed by 45.56.93.125 port 36628 [preauth]
Dec 20 18:56:45 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2
Dec 20 18:56:47 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2
Dec 20 18:56:49 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2
Dec 20 18:56:49 newton sshd[4501]: Received disconnect from 116.31.116.18 port 16666:11: [preauth]
Dec 20 18:56:49 newton sshd[4501]: Disconnected from 116.31.116.18 port 16666 [preauth]
Dec 20 18:56:49 newton sshd[4501]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:57:09 newton sshd[4505]: Connection closed by 83.169.58.4 port 60763 [preauth]
Dec 20 18:57:23 newton sshd[4508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:57:24 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2
Dec 20 18:57:26 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2
Dec 20 18:57:29 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2
Dec 20 18:57:29 newton sshd[4508]: Received disconnect from 116.31.116.18 port 43195:11: [preauth]
Dec 20 18:57:29 newton sshd[4508]: Disconnected from 116.31.116.18 port 43195 [preauth]
Dec 20 18:57:29 newton sshd[4508]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:57:51 newton sshd[4511]: Connection closed by 54.68.91.5 port 40026 [preauth]
Dec 20 18:57:59 newton sshd[4513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:58:01 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2
Dec 20 18:58:04 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2
Dec 20 18:58:06 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2
Dec 20 18:58:06 newton sshd[4513]: Received disconnect from 116.31.116.18 port 60900:11: [preauth]
Dec 20 18:58:06 newton sshd[4513]: Disconnected from 116.31.116.18 port 60900 [preauth]
Dec 20 18:58:06 newton sshd[4513]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:58:39 newton sshd[4516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:58:40 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2
Dec 20 18:58:43 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2
Dec 20 18:58:45 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2
Dec 20 18:58:45 newton sshd[4516]: Received disconnect from 116.31.116.18 port 31704:11: [preauth]
Dec 20 18:58:45 newton sshd[4516]: Disconnected from 116.31.116.18 port 31704 [preauth]
Dec 20 18:58:45 newton sshd[4516]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:59:15 newton sshd[4520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:59:17 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2
Dec 20 18:59:19 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2
Dec 20 18:59:21 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2
Dec 20 18:59:21 newton sshd[4520]: Received disconnect from 116.31.116.18 port 30979:11: [preauth]
Dec 20 18:59:21 newton sshd[4520]: Disconnected from 116.31.116.18 port 30979 [preauth]
Dec 20 18:59:21 newton sshd[4520]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root
Dec 20 18:59:21 newton sudo[4471]: pam_unix(sudo:session): session closed for user root
Dec 20 18:59:37 newton sudo[4522]: snapper : TTY=pts/0 ; PWD=/home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com ; USER=root ; COMMAND=/bin/journalctl -xe
Dec 20 18:59:37 newton sudo[4522]: pam_unix(sudo:session): session opened for user root by snapper(uid=0)
lines 959-1013/1013 (END)
onyx.myhost.com файл конфигурации
# nginx configuration for onyx.myhost.com
server {
# listen on port 80
# listen 80;
# SSL
listen 443 ssl;
server_name onyx.myhost.com;
ssl_certificate /etc/letsencrypt/live/onyx.myhost.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/onyx.myhost.com/privkey.pem;
# set log paths
access_log /srv/www/onyx.myhost.com/logs/access.log;
error_log /srv/www/onyx.myhost.com/logs/error.log;
# rewrite
# rewrite (/[0-9a-z\-]+)$ $1.pl last;
rewrite (.*/[0-9a-z\-]+)$ $1.pl last;
# restrict access by password
# sudo sh -c "echo -n 'snapper:' >> /etc/nginx/htpasswd"
# sudo sh -c "openssl passwd -apr1 >> /etc/nginx/htpasswd"
# auth_basic "closed website";
# auth_basic_user_file /etc/nginx/htpasswd;
# set document root
root /home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com/pages;
# rewrite xdo files
# rewrite ^(/.*\.xdo)$ /xdo.pl last;
# set index files
# location/{
# index index.xdo index.pl index.html;
# }
# set admin restriction
# location /admin/ {
# allow 1.2.3.4; # Allow a single remote host
# deny all; # Deny everyone else
# }
# handle .pl files
# location ~ \.pl$ {
# gzip off;
# include /etc/nginx/fastcgi_params;
# fastcgi_pass unix:/var/run/fcgiwrap.socket;
# fastcgi_index index.pl;
# fastcgi_param SCRIPT_FILENAME /home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com/pages$fastcgi_script_name;
# }
# not sure what this does, but it's for SSL
location ~ /.well-known {
allow all;
}
# Diffie-Hellman
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
}
server {
listen 80;
server_name onyx.myhost.com;
return 301 https://onyx.myhost.com$request_uri;
}
Похоже, у меня нет этого файла. На самом деле на сервере нет dhparam.pem. Означает ли это, что я неправильно использую Диффи-Хеллмана? Я скопировал этот код из Интернета. Я признаю, что теперь я не могу найти страницу, на которой я ее получил. Можете ли вы предложить, куда идти отсюда? – tscheingeld
Я никогда не использую файл с параметрами DH, но похоже, что вы должны просто сгенерировать его. Https://scaron.info/blog/improve-your-nginx-ssl-configuration.html –
Я проверю это и отправлю обратно это получается. Благодаря! – tscheingeld