Не удается запустить nginx

Question

Я пытаюсь запустить nginx, но он дает мне ошибки, которые я не понимаю. Я даю точную ошибку в приведенной ниже информации. Я посмотрел на ошибки, и я не могу сделать из них головы или хвосты. Я искал некоторые сведения об ошибках, но я не могу найти ничего, что поможет.

Независимо от проблемы, это как-то связано с одним из виртуальных хостов onyx.myhost.com. Если я удалю ссылку на файл conf для onyx.myhost.com, тогда сервер начнет работать нормально.

Следует также упомянуть, что одна и та же конфигурация отлично работала на более старой версии Linux. Ниже приводится информация об этой системе.

Я знаю, что это довольно редкая информация, с которой можно обратиться за помощью, но я действительно не знаю, куда идти. Сначала я перечислил часть своей системной информации, а затем ошибки. Я изменил свое фактическое имя хоста на «myhost».

Пожалуйста, дайте мне знать, если есть какая-либо другая информация, которую я должен опубликовать.

---

выход от попыток запустить сервер

snapper@newton onyx.myhost.com # sudo service nginx start 
Job for nginx.service failed because the control process exited with error code. 
See "systemctl status nginx.service" and "journalctl -xe" for details. 

---

Linux версии:

snapper@newton onyx.myhost.com # cat /etc/issue 
Ubuntu 16.04.1 LTS \n \l 

---

Linux версии на сервере, в котором та же конфигурация работала:

snapper@myhost-jan ~ # cat /etc/issue 
Ubuntu 14.04.5 LTS \n \l 

---

Nginx версии: Я слово завернула выход.

snapper@newton onyx.myhost.com # nginx -V 
nginx version: nginx/1.10.0 (Ubuntu) 
built with OpenSSL 1.0.2g 1 Mar 2016 
TLS SNI support enabled 
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong 
-Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' 
--with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 
--prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf 
--http-log-path=/var/log/nginx/access.log 
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock 
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body 
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi 
--http-proxy-temp-path=/var/lib/nginx/proxy 
--http-scgi-temp-path=/var/lib/nginx/scgi 
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit 
--with-ipv6 --with-http_ssl_module --with-http_stub_status_module 
--with-http_realip_module --with-http_auth_request_module 
--with-http_addition_module --with-http_dav_module --with-http_geoip_module 
--with-http_gunzip_module --with-http_gzip_static_module 
--with-http_image_filter_module --with-http_v2_module --with-http_sub_module 
--with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail 
--with-mail_ssl_module --with-threads 

---

версия Nginx на сервере, в котором такая же конфигурация работала:

snapper@myhost-jan ~ # sudo nginx -V 
nginx version: nginx/1.4.6 (Ubuntu) 
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) 
TLS SNI support enabled 
configure arguments: --with-cc-opt='-g -O2 -fstack-protector 
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' 
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --prefix=/usr/share/nginx 
--conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log 
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock 
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body 
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi 
--http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi 
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 
--with-http_ssl_module --with-http_stub_status_module --with-http_realip_module 
--with-http_addition_module --with-http_dav_module --with-http_geoip_module 
--with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module 
--with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module 

---

Выход из systemctl

snapper@newton onyx.myhost.com # sudo systemctl status nginx.service 
● nginx.service - A high performance web server and a reverse proxy server 
    Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) 
    Active: failed (Result: exit-code) since Tue 2016-12-20 18:52:31 UTC; 3min 35s ago 
    Process: 4436 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE) 

Dec 20 18:52:31 newton systemd[1]: Starting A high performance web server and a reverse proxy server... 
Dec 20 18:52:31 newton nginx[4436]: nginx: [emerg] BIO_new_file("/etc/ssl/certs/dhparam.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/certs 
Dec 20 18:52:31 newton nginx[4436]: nginx: configuration file /etc/nginx/nginx.conf test failed 
Dec 20 18:52:31 newton systemd[1]: nginx.service: Control process exited, code=exited status=1 
Dec 20 18:52:31 newton systemd[1]: Failed to start A high performance web server and a reverse proxy server. 
Dec 20 18:52:31 newton systemd[1]: nginx.service: Unit entered failed state. 
Dec 20 18:52:31 newton systemd[1]: nginx.service: Failed with result 'exit-code'. 
lines 1-12/12 (END) 

======== ================================================== ==========

выход из journalctl -xe

snapper@newton onyx.myhost.com # sudo journalctl -xe 
Dec 20 18:55:30 newton sshd[4462]: Failed password for root from 116.31.116.18 port 18380 ssh2 
Dec 20 18:55:32 newton sshd[4462]: Failed password for root from 116.31.116.18 port 18380 ssh2 
Dec 20 18:55:33 newton sshd[4462]: Received disconnect from 116.31.116.18 port 18380:11: [preauth] 
Dec 20 18:55:33 newton sshd[4462]: Disconnected from 116.31.116.18 port 18380 [preauth] 
Dec 20 18:55:33 newton sshd[4462]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:56:03 newton sshd[4469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:56:05 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2 
Dec 20 18:56:07 newton sudo[4471]:  snapper : TTY=pts/0 ; PWD=/home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com ; USER=root ; COMMAND=/bin/systemctl status nginx.service 
Dec 20 18:56:07 newton sudo[4471]: pam_unix(sudo:session): session opened for user root by snapper(uid=0) 
Dec 20 18:56:07 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2 
Dec 20 18:56:10 newton sshd[4469]: Failed password for root from 116.31.116.18 port 12569 ssh2 
Dec 20 18:56:10 newton sshd[4469]: Received disconnect from 116.31.116.18 port 12569:11: [preauth] 
Dec 20 18:56:10 newton sshd[4469]: Disconnected from 116.31.116.18 port 12569 [preauth] 
Dec 20 18:56:10 newton sshd[4469]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:56:42 newton sshd[4501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:56:42 newton sshd[4503]: Connection closed by 45.56.93.125 port 36628 [preauth] 
Dec 20 18:56:45 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2 
Dec 20 18:56:47 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2 
Dec 20 18:56:49 newton sshd[4501]: Failed password for root from 116.31.116.18 port 16666 ssh2 
Dec 20 18:56:49 newton sshd[4501]: Received disconnect from 116.31.116.18 port 16666:11: [preauth] 
Dec 20 18:56:49 newton sshd[4501]: Disconnected from 116.31.116.18 port 16666 [preauth] 
Dec 20 18:56:49 newton sshd[4501]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:57:09 newton sshd[4505]: Connection closed by 83.169.58.4 port 60763 [preauth] 
Dec 20 18:57:23 newton sshd[4508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:57:24 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2 
Dec 20 18:57:26 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2 
Dec 20 18:57:29 newton sshd[4508]: Failed password for root from 116.31.116.18 port 43195 ssh2 
Dec 20 18:57:29 newton sshd[4508]: Received disconnect from 116.31.116.18 port 43195:11: [preauth] 
Dec 20 18:57:29 newton sshd[4508]: Disconnected from 116.31.116.18 port 43195 [preauth] 
Dec 20 18:57:29 newton sshd[4508]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:57:51 newton sshd[4511]: Connection closed by 54.68.91.5 port 40026 [preauth] 
Dec 20 18:57:59 newton sshd[4513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:58:01 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2 
Dec 20 18:58:04 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2 
Dec 20 18:58:06 newton sshd[4513]: Failed password for root from 116.31.116.18 port 60900 ssh2 
Dec 20 18:58:06 newton sshd[4513]: Received disconnect from 116.31.116.18 port 60900:11: [preauth] 
Dec 20 18:58:06 newton sshd[4513]: Disconnected from 116.31.116.18 port 60900 [preauth] 
Dec 20 18:58:06 newton sshd[4513]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:58:39 newton sshd[4516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:58:40 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2 
Dec 20 18:58:43 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2 
Dec 20 18:58:45 newton sshd[4516]: Failed password for root from 116.31.116.18 port 31704 ssh2 
Dec 20 18:58:45 newton sshd[4516]: Received disconnect from 116.31.116.18 port 31704:11: [preauth] 
Dec 20 18:58:45 newton sshd[4516]: Disconnected from 116.31.116.18 port 31704 [preauth] 
Dec 20 18:58:45 newton sshd[4516]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:59:15 newton sshd[4520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:59:17 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2 
Dec 20 18:59:19 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2 
Dec 20 18:59:21 newton sshd[4520]: Failed password for root from 116.31.116.18 port 30979 ssh2 
Dec 20 18:59:21 newton sshd[4520]: Received disconnect from 116.31.116.18 port 30979:11: [preauth] 
Dec 20 18:59:21 newton sshd[4520]: Disconnected from 116.31.116.18 port 30979 [preauth] 
Dec 20 18:59:21 newton sshd[4520]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.18 user=root 
Dec 20 18:59:21 newton sudo[4471]: pam_unix(sudo:session): session closed for user root 
Dec 20 18:59:37 newton sudo[4522]:  snapper : TTY=pts/0 ; PWD=/home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com ; USER=root ; COMMAND=/bin/journalctl -xe 
Dec 20 18:59:37 newton sudo[4522]: pam_unix(sudo:session): session opened for user root by snapper(uid=0) 
lines 959-1013/1013 (END) 

---

onyx.myhost.com файл конфигурации

# nginx configuration for onyx.myhost.com 

server { 
    # listen on port 80 
    # listen 80; 

    # SSL 
    listen    443 ssl; 
    server_name   onyx.myhost.com; 
    ssl_certificate  /etc/letsencrypt/live/onyx.myhost.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/onyx.myhost.com/privkey.pem; 

    # set log paths 
    access_log /srv/www/onyx.myhost.com/logs/access.log; 
    error_log  /srv/www/onyx.myhost.com/logs/error.log; 

    # rewrite 
    # rewrite (/[0-9a-z\-]+)$ $1.pl last; 
    rewrite (.*/[0-9a-z\-]+)$ $1.pl last; 

    # restrict access by password 
    # sudo sh -c "echo -n 'snapper:' >> /etc/nginx/htpasswd" 
    # sudo sh -c "openssl passwd -apr1 >> /etc/nginx/htpasswd" 
    # auth_basic "closed website"; 
    # auth_basic_user_file /etc/nginx/htpasswd; 

    # set document root 
    root   /home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com/pages; 

    # rewrite xdo files 
    # rewrite ^(/.*\.xdo)$ /xdo.pl last; 

    # set index files 
    # location/{ 
    # index index.xdo index.pl index.html; 
    # } 

    # set admin restriction 
    # location /admin/ { 
    # allow 1.2.3.4; # Allow a single remote host 
    # deny all;  # Deny everyone else 
    # } 

    # handle .pl files 
    # location ~ \.pl$ { 
    # gzip off; 
    # include /etc/nginx/fastcgi_params; 
    # fastcgi_pass unix:/var/run/fcgiwrap.socket; 
    # fastcgi_index index.pl; 
    # fastcgi_param SCRIPT_FILENAME /home/snapper/projects/newton-site/dev/trunk/sites/onyx.myhost.com/pages$fastcgi_script_name; 
    # } 

    # not sure what this does, but it's for SSL 
    location ~ /.well-known { 
     allow all; 
    } 

    # Diffie-Hellman 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_prefer_server_ciphers on; 
    ssl_dhparam /etc/ssl/certs/dhparam.pem; 
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 
    ssl_session_timeout 1d; 
    ssl_session_cache shared:SSL:50m; 
    ssl_stapling on; 
    ssl_stapling_verify on; 
    add_header Strict-Transport-Security max-age=15768000; 
} 

server { 
    listen 80; 
    server_name onyx.myhost.com; 
    return 301 https://onyx.myhost.com$request_uri; 
} 

Answer 1

Вы уверены, что Термическое У вас есть такой файл /etc/ssl/certs/dhparam.pem в этом каталоге, и Nginx может читать Это?

Answer 2

Вот ваша ошибка: Dec 20 18:52:31 newton nginx[4436]: nginx: [emerg] BIO_new_file("/etc/ssl/certs/dhparam.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/ssl/certs

Похож /etc/ssl/certs не существует или разрешения не установлены правильно.

Можете ли вы сделать ls -l /etc/ssl/certs?

Answer 3

ОК, это неловко, но я все равно отправлю решение в надежде помочь другим. Я не установил letencrypt. Мои файлы конфигурации были основаны на сертификатах, которые никогда не были созданы.

Спасибо за помощь, всем, я не мог бы исправить это без вас. :-)