Nginxの起動時に警告とエラー「the “ssl” directive is deprecated」「duplicate default server」

事象

nginxをリバースプロキシとして起動。マルチサイトのため、2つのconfファイルを配置。

  • /etc/nginx/conf.d/dc.conf
  • /etc/nginx/conf.d/fx.conf
dc_proxy | nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/dc.conf:6
dc_proxy | nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /etc/nginx/conf.d/fx.conf:3

原因

cat proxy/etc/nginx/conf/dc.conf

3行目のlisten 443 default_server ssl; と 6行目のssl on; が被ってる

server{

    listen 443 default_server ssl;
    server_name dc.xxxxxxxxxx.com;

    ssl on;
    ssl_certificate     /etc/letsencrypt/live/xxxxxxxxxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxxx.com/privkey.pem;

    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location / {
        proxy_pass   http://dc:8100;
    }

    location ^~ /.well-known/acme-challenge/ {
        allow all;
        root /var/www/html;
        try_files $uri =404;
    }

}

cat proxy/etc/nginx/conf/fx.conf

server{

    listen 443 default_server ssl;
    server_name fx.xxxxxxxxxx.com;

    ssl on;
    ssl_certificate     /etc/letsencrypt/live/xxxxxxxxxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxxx.com/privkey.pem;

    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location / {
        proxy_pass   http://fx:8000;
    }

    location ^~ /.well-known/acme-challenge/ {
        allow all;
        root /var/www/html;
        try_files $uri =404;
    }

}

対応

confファイルを書き換え

  • 3行目のlisten 443 default_server ssl; → listen 443;
  • 6行目のssl on; 削除するとつかなくなるので、警告はそのままにしておく

/etc/nginx/conf.d/dc.conf

server{

    listen 443;
    server_name dc.xxxxxxxxxx.com;

    ssl on;
    ssl_certificate     /etc/letsencrypt/live/xxxxxxxxxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxxx.com/privkey.pem;

    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location / {
        proxy_pass   http://dc:8100;
    }

    location ^~ /.well-known/acme-challenge/ {
        allow all;
        root /var/www/html;
        try_files $uri =404;
    }

}
  • /etc/nginx/conf.d/fx.conf
server{

    listen 443;
    server_name fx.xxxxxxxxxx.com;

    ssl on;
    ssl_certificate     /etc/letsencrypt/live/xxxxxxxxxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxxx.com/privkey.pem;

    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location / {
        proxy_pass   http://fx:8000;
    }

    location ^~ /.well-known/acme-challenge/ {
        allow all;
        root /var/www/html;
        try_files $uri =404;
    }

}                                                                                                                               

タグ: ,

About: ken


コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です

このサイトはスパムを低減するために Akismet を使っています。コメントデータの処理方法の詳細はこちらをご覧ください