Nginxの起動時に警告とエラー「the “ssl” directive is deprecated」「duplicate default server」
事象
nginxをリバースプロキシとして起動。マルチサイトのため、2つのconfファイルを配置。
- /etc/nginx/conf.d/dc.conf
- /etc/nginx/conf.d/fx.conf
dc_proxy | nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/dc.conf:6
dc_proxy | nginx: [emerg] a duplicate default server for 0.0.0.0:443 in /etc/nginx/conf.d/fx.conf:3
原因
cat proxy/etc/nginx/conf/dc.conf
3行目のlisten 443 default_server ssl; と 6行目のssl on; が被ってる
server{
listen 443 default_server ssl;
server_name dc.xxxxxxxxxx.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/xxxxxxxxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxxx.com/privkey.pem;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://dc:8100;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/html;
try_files $uri =404;
}
}
cat proxy/etc/nginx/conf/fx.conf
server{
listen 443 default_server ssl;
server_name fx.xxxxxxxxxx.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/xxxxxxxxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxxx.com/privkey.pem;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://fx:8000;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/html;
try_files $uri =404;
}
}
対応
confファイルを書き換え
- 3行目のlisten 443 default_server ssl; → listen 443;
- 6行目のssl on; 削除するとつかなくなるので、警告はそのままにしておく
/etc/nginx/conf.d/dc.conf
server{
listen 443;
server_name dc.xxxxxxxxxx.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/xxxxxxxxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxxx.com/privkey.pem;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://dc:8100;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/html;
try_files $uri =404;
}
}
- /etc/nginx/conf.d/fx.conf
server{
listen 443;
server_name fx.xxxxxxxxxx.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/xxxxxxxxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxxxxxxxxx.com/privkey.pem;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://fx:8000;
}
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/html;
try_files $uri =404;
}
}
[2019/09/29 追記]
nginxの使い方(confの書き方)など、なんとなくで使っているので、
いちど体系的に理解したいと考えていました。
nginxのことがよくまとめられている「nginx実践入門」という本を見つけたので共有します。
この一冊、いままでコピペしてきたことが理解できる、なかなかの良著です。