[英]nginx: [warn] conflicting server name “www.site.com” on 0.0.0.0:443/0.0.0.0:80, ignored
While running a dry-run on certbot autorenewal, I'm getting the following warnings:在 certbot 自动更新上运行空运行时,我收到以下警告:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
Waiting for verification...
Cleaning up challenges
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/example.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The rules of the Nginx configuration should 1) redirect all http to https, 2) redirect all non-www to www. Nginx 配置的规则应该 1) 将所有 http 重定向到 https,2) 将所有非 www 重定向到 www。 It does it, which is good, but there's this warning which shows it could be improved.
它做到了,这很好,但是有这个警告表明它可以改进。
It's probably very obvious what is wrong with my current config, but I couldn't find how to keep everything working correctly while fixing it.我当前的配置有什么问题可能很明显,但我找不到如何在修复它时保持一切正常工作。 Here is my config file (
/etc/nginx/sites-enabled/example.com
):这是我的配置文件(
/etc/nginx/sites-enabled/example.com
):
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name www.example.com;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/example/code/public;
# Turn on Passenger
passenger_enabled on;
passenger_ruby /usr/local/rvm/gems/ruby-2.7.1/wrappers/ruby;
location ~ ^/assets/ {
expires 1y;
add_header Cache-Control public;
add_header ETag "";
}
}
Short answer:简短的回答:
The third server block should be just:第三个服务器块应该是:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate ... etc etc
return 301 https://www.example.com$request_uri;
}
Explanation解释
You have two server names and two ports, therefore 4 combinations您有两个服务器名称和两个端口,因此有 4 种组合
Each one of those should be handled once and only once on your servers blocks.每一个都应该在你的服务器块上处理一次,并且只处理一次。 However
然而
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx:[警告] 0.0.0.0:80 上的服务器名称“www.example.com”冲突,已忽略
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:80, ignored
nginx:[警告] 0.0.0.0:80 上的服务器名称“example.com”冲突,已忽略
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:443, ignored
nginx:[警告] 0.0.0.0:443 上的服务器名称“www.example.com”冲突,已忽略
nginx: [warn] conflicting server name "example.com" on 0.0.0.0:443, ignored
nginx:[警告] 0.0.0.0:443 上的服务器名称“example.com”冲突,已忽略
the general logic of your redirection flow should be:您的重定向流程的一般逻辑应该是:
# handle example.com:80
# handle www.example.com:80
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
# handle example.com:443
server {
listen 443 ssl; # managed by Certbot
ssl_certificate ... etc etc
server_name example.com;
return 301 https://www.example.com$request_uri;
}
# handle www.example.com:443
server {
listen 443 ssl; # managed by Certbot
ssl_certificate ... etc etc
server_name www.example.com;
root /var/www/example/code/public;
}
Please note you still need a certificate for non www host even if will be inmediately redirected.请注意,即使将立即重定向,您仍然需要非 www 主机的证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.