Q&A2つのRailsアプリをSSL通信させて運営したくてSSL証明書を発行しました。
$ /usr/local/certbot/certbot-auto certonly --webroot -w /usr/share/nginx/html/ -d hunter-chan.com -w /usr/share/nginx/html/edamame -d fujiyoshi-nouen.com
実行したら以下のように表示されました。
Requesting to rerun /usr/local/certbot/certbot-auto with root privileges... [sudo] password for daiko: Upgrading certbot-auto 0.36.0 to 0.37.0... Replacing certbot-auto... Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/hunter-chan.com.conf) It contains these names: hunter-chan.com You requested these names for the new certificate: hunter-chan.com, fujiyoshi-nouen.com. Do you want to expand and replace this existing certificate with the new certificate? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (E)xpand/(C)ancel: E Renewing an existing certificate Performing the following challenges: http-01 challenge for fujiyoshi-nouen.com Using the webroot path /usr/share/nginx/html/edamame for all unmatched domains. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/hunter-chan.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/hunter-chan.com/privkey.pem Your cert will expire on 2019-11-06. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
これででちゃんとできているのかわかりません?
とりあえずSSL証明書のファイルの場所を確認しました。
# ls /etc/letsencrypt/live/hunter-chan.com README cert.pem chain.pem fullchain.pem privkey.pem
Nginxへの設定は以下のようにしています。
upstream app_server { server unix:/usr/share/nginx/html/current/tmp/sockets/.unicorn.sock fail_timeout=0; } map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl http2; server_name hunter-chan.com; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; location / { deny 212.64.88.231; deny 181.24.23.164; allow all; root /usr/share/nginx/html/current/public; index index.html index.htm; try_files $uri/index.html $uri.html $uri @app; } ssl_protocols TLSv1.2; ssl_ciphers EECDH+AESGCM:EECDH+AES; ssl_ecdh_curve prime256v1; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_certificate /etc/letsencrypt/live/hunter-chan.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/hunter-chan.com/privkey.pem; proxy_connect_timeout 130; proxy_read_timeout 130; proxy_send_timeout 130; #ssl_certificate /etc/letsencrypt/live/hunter-chan.com/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/hunter-chan.com/privkey.pem; client_max_body_size 2G; error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html/current/public; } error_page 500 502 504 /50x.html; location = /500.html { root /usr/share/nginx/html/current/public; } location @app { deny 212.64.88.231; deny 181.24.23.164; allow all; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://app_server; } set $maintenance false; if (-e /var/tmp/do_maintenance) { set $maintenance true; } if ($uri ~ "^/maintenance/") { set $maintenance false; } if ($remote_addr = 153.127.8.129) { set $maintenance false; } error_page 503 /maintenance/maintenance.html; location /maintenance/ { root /var/www; } if ($maintenance = true) { return 503; } }
このようにしています。
この状態でアクセスすると 502Bad Gateway nginx/1.16.0 となり
アクセスできなくなっていました。
原因も対策方法もわからずに困っています。
どなたか解決方法を教えていただけませんでしょうか?
宜しくお願いいたします。
追記
エラーlogをみるとNo such file or directoryがたくさんでていました。
/etc/nginx/conf.d/https.conf 2019/08/09 06:53:56 [error] 2144#2144: *57 open() "/usr/share/nginx/html/phpmyadmin/index.php" failed (2: No such file or directory), client: 35.190.141.79, server: localhost, request: "GET /phpmyadmin/index.php HTTP/1.1", host: "153.127.8.129" 2019/08/09 06:53:56 [error] 2144#2144: *57 open() "/usr/share/nginx/html/404.html" failed (2: No such file or directory), client: 35.190.141.79, server: localhost, request: "GET /phpmyadmin/index.php HTTP/1.1", host: "153.127.8.129" 2019/08/09 09:33:51 [crit] 2144#2144: *63 connect() to unix:/usr/share/nginx/html/edamame/current/tmp/sockets/.unicorn.sock failed (2: No such file or directory) while connecting to upstream, client: 185.220.101.31, server: fujiyoshi-nouen.com, request: "GET /.git/config HTTP/1.1", upstream: "http://unix:/usr/share/nginx/html/edamame/current/tmp/sockets/.unicorn.sock:/.git/config", host: "fujiyoshi-nouen.com" 2019/08/09 09:33:51 [crit] 2144#2144: *63 connect() to unix:/usr/share/nginx/html/edamame/current/tmp/sockets/.unicorn.sock failed (2: No such file or directory) while connecting to upstream, client: 185.220.101.31, server: fujiyoshi-nouen.com, request: "GET /.git/config HTTP/1.1", upstream: "http://unix:/usr/share/nginx/html/edamame/current/tmp/sockets/.unicorn.sock:/50x.html", host: "fujiyoshi-nouen.com" 2019/08/09 09:33:52 [error] 2144#2144: *66 open() "/usr/share/nginx/html/edamame/.git/config" failed (2: No such file or directory), client: 192.42.116.24, server: fujiyoshi-nouen.com, request: "GET /.git/config HTTP/1.1", host: "fujiyoshi-nouen.com" 2019/08/09 09:33:52 [error] 2144#2144: *66 open() "/usr/share/nginx/html/edamame/404.html" failed (2: No such file or directory), client: 192.42.116.24, server: fujiyoshi-nouen.com, request: "GET /.git/config HTTP/1.1", host: "fujiyoshi-nouen.com" 2019/08/09 09:42:53 [crit] 2144#2144: *74 connect() to unix:/usr/share/nginx/html/current/tmp/sockets/.unicorn.sock failed (2: No such file or directory) while connecting to upstream, client: 153.211.54.55, server: hunter-chan.com, request: "GET / HTTP/2.0", upstream: "http://unix:/usr/share/nginx/html/current/tmp/sockets/.unicorn.sock:/", host: "hunter-chan.com" 2019/08/09 09:42:53 [crit] 2144#2144: *74 connect() to unix:/usr/share/nginx/html/current/tmp/sockets/.unicorn.sock failed (2: No such file or directory) while connecting to upstream, client: 153.211.54.55, server: hunter-chan.com, request: "GET / HTTP/2.0", upstream: "http://unix:/usr/share/nginx/html/current/tmp/sockets/.unicorn.sock:/50x.html", host: "hunter-chan.com" 2019/08/09 09:42:53 [crit] 2144#2144: *74 connect() to unix:/usr/share/nginx/html/current/tmp/sockets/.unicorn.sock failed (2: No such file or directory) while connecting to upstream, client: 153.211.54.55, server: hunter-chan.com, request: "GET /favicon.ico HTTP/2.0", upstream: "http://unix:/usr/share/nginx/html/current/tmp/sockets/.unicorn.sock:/favicon.ico", host: "hunter-chan.com", referrer: "https://hunter-chan.com/" 2019/08/09 09:42:53 [crit] 2144#2144: *74 connect() to unix:/usr/share/nginx/html/current/tmp/sockets/.unicorn.sock failed (2: No such file or directory) while connecting to upstream, client: 153.211.54.55, server: hunter-chan.com, request: "GET /favicon.ico HTTP/2.0", upstream: "http://unix:/usr/share/nginx/html/current/tmp/sockets/.unicorn.sock:/50x.html", host: "hunter-chan.com", referrer: "https://hunter-chan.com/"
回答1件
0
自己解決
解決したわけではないのですが、デプロイ前なのでディレクトリやファイルが存在していなくて発生しているエラーがほとんどでした。
とりあえずデプロイしてみます。
投稿2019/08/09 02:03
総合スコア458
あなたの回答
tips
プレビュー
バッドをするには、ログインかつ
こちらの条件を満たす必要があります。