トップに関する質問 Rails + AWS + nginxでエラー(nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf)

編集履歴

質問編集履歴

質問の内容を大幅に変更、結論を前方に要約しました。

2019/10/17 06:27

投稿

begenner

スコア79

test CHANGED Viewed

	@@ -1 +1 @@
1	- Rails + AWS で~~HTTPSに対応させたい~~(nginx ~~403~~ Fo~~rbi~~dden ~~エラー~~)
1	+ Rails + AWS + nginxでエラー(nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf)

test CHANGED Viewed

@@ -16,47 +16,47 @@
 を参考にしました。
-しかし上記タイトルのエラーが発生したため、他のサイトを探しましたが、
+しかし上記タイトルのエラーが発生したため、他のサイトを探しましたが、該当するような記事が見つからなかったため、
-- 設定がどれも微妙に違う
-- 添削の仕方がわからない(nginxに関しては初心者です)
-であるためnginxの設定ファイルをどのように編集すればいいか全くわかりません(m_ _m)
+nginxの設定ファイルをどのように編集すればいいか全くわかりません(m_ _m)
 もしわかる方がいらっしゃればご教授いただきますようよろしくお願いいたします(m_ _m)
+## *結論(解決策)
+上記の2 で実行、反映された状態で
+`/etc/nginx/conf.d/webapp.conf` 内に
+ `include /etc/letsencrypt/options-ssl-nginx.conf;`
+という行があり(追加され)、
+`/etc/nginx/conf.d/webapp.conf`の`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
+`/etc/letsencrypt/options-ssl-nginx.conf`の `ssl_protocols TLSv1.2;`
-### デプロイ、HTTPS対応させるために参考にしてきたサイト
+で重複が発生していたため `warning`が発生していました。
+`/etc/nginx/conf.d/webapp.conf`の`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
+の行をコメントアウト(もしくは)削除することで`warning`は発生しなくなりました。
-1. アプリのデプロイまで
+経緯は回答の方にあります。
-[(デプロイ編②)世界一丁寧なAWS解説。EC2を利用して、RailsアプリをAWSにあげるまで - Qiita](https://qiita.com/naoki_mochizuki/items/5a1757d222806cbe0cd1)
-2. HTTPS対応のために参考にした記事(2つ)
-[[Rails][Nginx][AWS] Let's EncryptをEC2上のRailsに入れてHttpsにする - Qiita](https://qiita.com/Masahiro_T/items/9b81b31b3c21bd03fc09)
-[Amazon Linux2とLet's EncryptでSSL対応サーバを0から爆速構築 - Qiita](https://qiita.com/MysteriousMonky/items/4d3d857c0e68d4bfff39)
+[yu_1985](https://teratail.com/users/yu_1985#reply)さん、本当にありがとうございました!!
-3. nginx設定ファイルの参考にしたサイト
-[RailsアプリをAWS EC2で公開する超簡単な手順 【独自ドメイン／HTTPS対応】 - ひろこま Hack Log](https://www.mahirokazuko.com/entry/2018/09/11/112010)
-4. nginxとunicornの設定について(これを利用して編集はしていません)
-[【Ruby on Rails】Nginxとunicornを使ってHTTPS（SSL）対応する方法 | Y-hilite](https://y-hilite.com/2908/)
@@ -106,59 +106,259 @@
 ### エラー内容
-1. nginx を再起動してブラウザにアクセスすると`nginx 403 Forbidden`が発生
-2. 下記の設定ファイルを保存し`sudo nginx -t`を実行した時`[warn] duplicate value "TLSv1.2"`と警告が出る
+- 下記の設定ファイルを保存し`sudo nginx -t`を実行した時`[warn] duplicate value "TLSv1.2"`と警告が出る
 (ファイルに同じ文字列は存在しない)
-3. `/var/www/rails/webapp/log/nginx.error.log`を確認すると下記のエラーが表示されている
+### nginxのシンタックスチェック、再起動後のステータス確認結果
 ```bash
+[username@ip-xxx-xxx-xxx-xxx ~]$ sudo nginx -t
+# nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
+# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+# nginx: configuration file /etc/nginx/nginx.conf test is successful
+[username@ip-xxx-xxx-xxx-xxx ~]$ sudo service nginx restart
+# Redirecting to /bin/systemctl restart nginx.service
+[username@ip-xxx-xxx-xxx-xxx ~]$ sudo service nginx status
+# Redirecting to /bin/systemctl status nginx.service
+# ● nginx.service - The nginx HTTP and reverse proxy server
+#    Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
+#    Active: active (running) since 火 2019-10-15 23:08:09 JST; 4s ago
+#   Process: 11316 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
+#   Process: 11313 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
+#   Process: 11311 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
+#  Main PID: 11319 (nginx)
+#    CGroup: /system.slice/nginx.service
+#            ├─11319 nginx: master process /usr/sbin/nginx
+#            └─11320 nginx: worker process
+#
+# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
-[error] 28121#0: *1 directory index of "/var/www/rails/webapp/public/" is forbidden, client: 211.1.206.206, server: domainName, request: "GET / HTTP/1.1", host: "domainName"
+# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
+# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: configuration file /etc/nginx/nginx.conf test is successful
+# 10月 15 23:08:09 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11316]: nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
+# 10月 15 23:08:09 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal systemd[1]: Started The nginx HTTP and reverse proxy server.
 ```
-- /etc/nginx/　配下の構成は下記のようになっています
+### nginxの設定ファイル1(/etc/nginx/nginx.conf)
 ```bash
-conf.d      # ディレクトリ
-default.d   # ディレクトリ
-fastcgi.conf
-fastcgi.conf.default
-fastcgi_params
-fastcgi_params.default
-koi-utf
-koi-win
-mime.types
-mime.types.default
-nginx.conf
-nginx.conf.default
-scgi_params
-scgi_params.default
-uwsgi_params
-uwsgi_params.default
-win-utf
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+events {
+    worker_connections 1024;
+}
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+    server {
+        listen       80 default_server;
+        listen       [::]:80 default_server;
+        server_name  _;
+        root         /usr/share/nginx/html;
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+        location / {
+        }
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+# Settings for a TLS enabled server.
+#
+#    server {
+#        listen       443 ssl http2 default_server;
+#        listen       [::]:443 ssl http2 default_server;
+#        server_name  _;
+#        root         /usr/share/nginx/html;
+#
+#        ssl_certificate "/etc/pki/nginx/server.crt";
+#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
+#        ssl_session_cache shared:SSL:1m;
+#        ssl_session_timeout  10m;
+#        ssl_ciphers HIGH:!aNULL:!MD5;
+#        ssl_prefer_server_ciphers on;
+#
+#        # Load configuration files for the default server block.
+#        include /etc/nginx/default.d/*.conf;
+#
+#        location / {
+#        }
+#
+#        error_page 404 /404.html;
+#            location = /40x.html {
+#        }
+#
+#        error_page 500 502 503 504 /50x.html;
+#            location = /50x.html {
+#        }
+#    }
 ```
@@ -168,440 +368,138 @@
-### nginxのシンタックスチェック、再起動後のステータス確認結果
+### nginxの設定ファイル2(/etc/nginx/conf.d/webapp.conf)
 ```bash
-[username@ip-xxx-xxx-xxx-xxx ~]$ sudo nginx -t
-# nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
-# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-# nginx: configuration file /etc/nginx/nginx.conf test is successful
-[username@ip-xxx-xxx-xxx-xxx ~]$ sudo service nginx restart
-# Redirecting to /bin/systemctl restart nginx.service
-[username@ip-xxx-xxx-xxx-xxx ~]$ sudo service nginx status
-# Redirecting to /bin/systemctl status nginx.service
-# ● nginx.service - The nginx HTTP and reverse proxy server
-#    Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
-#    Active: active (running) since 火 2019-10-15 23:08:09 JST; 4s ago
-#   Process: 11316 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
-#   Process: 11313 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
-#   Process: 11311 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
-#  Main PID: 11319 (nginx)
-#    CGroup: /system.slice/nginx.service
-#            ├─11319 nginx: master process /usr/sbin/nginx
-#            └─11320 nginx: worker process
-#
-# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
-# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
-# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: configuration file /etc/nginx/nginx.conf test is successful
-# 10月 15 23:08:09 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11316]: nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
-# 10月 15 23:08:09 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal systemd[1]: Started The nginx HTTP and reverse proxy server.
+```bash
+# /etc/nginx/conf.d/webapp.conf
+# log directory
+error_log  /var/www/rails/webapp/log/nginx.error.log;
+access_log /var/www/rails/webapp/log/nginx.access.log;
+# max body size
+#client_max_body_size 2G;
+upstream app_server {
+  # for UNIX domain socket setups
+  server unix:/var/www/rails/webapp/tmp/sockets/.unicorn.sock fail_timeout=0;
+}
+server {
+  listen 443 ssl;
+  server_name domainName;
+  # 接続制限の設定(nginx so increasing this is generally safe..)
+  # 接続を保つ秒数
+  keepalive_timeout 5;
+  # クライアントからのリクエストボディは2Gまで許容
+  client_max_body_size 2G;
+  # path for static files
+  root /var/www/rails/webapp/public;
+  # page cache loading
+  try_files $uri/index.html $uri.html $uri @app;
+  location @app {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+  }
+  # Railsエラーページ
+  error_page 500 502 503 504 /500.html;
+  location = /500.html {
+    root /var/www/rails/webapp/public;
+  }
+    # listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/domainName/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/domainName/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+}
+server {
+  listen      80;
+  server_name domainName;
+  return      301 https://$host$request_uri;
+}
 ```
-### nginxの設定ファイル1(/etc/nginx/nginx.conf)
-```bash
-# For more information on configuration, see:
-#   * Official English Documentation: http://nginx.org/en/docs/
-#   * Official Russian Documentation: http://nginx.org/ru/docs/
-user nginx;
-worker_processes auto;
-error_log /var/log/nginx/error.log;
-pid /run/nginx.pid;
-# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
-include /usr/share/nginx/modules/*.conf;
-events {
-    worker_connections 1024;
-}
-http {
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-    access_log  /var/log/nginx/access.log  main;
-    sendfile            on;
-    tcp_nopush          on;
-    tcp_nodelay         on;
-    keepalive_timeout   65;
-    types_hash_max_size 2048;
-    include             /etc/nginx/mime.types;
-    default_type        application/octet-stream;
-    # Load modular configuration files from the /etc/nginx/conf.d directory.
-    # See http://nginx.org/en/docs/ngx_core_module.html#include
-    # for more information.
-    include /etc/nginx/conf.d/*.conf;
-    server {
-        listen       80 default_server;
-        listen       [::]:80 default_server;
-        server_name  _;
-        root         /usr/share/nginx/html;
-        # Load configuration files for the default server block.
-        include /etc/nginx/default.d/*.conf;
-        location / {
-        }
-        error_page 404 /404.html;
-            location = /40x.html {
-        }
-        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
-        }
-    }
-# Settings for a TLS enabled server.
-#
-#    server {
-#        listen       443 ssl http2 default_server;
-#        listen       [::]:443 ssl http2 default_server;
-#        server_name  _;
-#        root         /usr/share/nginx/html;
-#
-#        ssl_certificate "/etc/pki/nginx/server.crt";
-#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
-#        ssl_session_cache shared:SSL:1m;
-#        ssl_session_timeout  10m;
-#        ssl_ciphers HIGH:!aNULL:!MD5;
-#        ssl_prefer_server_ciphers on;
-#
-#        # Load configuration files for the default server block.
-#        include /etc/nginx/default.d/*.conf;
-#
-#        location / {
-#        }
-#
-#        error_page 404 /404.html;
-#            location = /40x.html {
-#        }
-#
-#        error_page 500 502 503 504 /50x.html;
-#            location = /50x.html {
-#        }
-#    }
-```
-### nginxの設定ファイル2(/etc/nginx/conf.d/webapp.conf)
-```bash
-```bash
-# /etc/nginx/conf.d/webapp.conf
-# log directory
-error_log  /var/www/rails/webapp/log/nginx.error.log;
-access_log /var/www/rails/webapp/log/nginx.access.log;
-# max body size
-#client_max_body_size 2G;
-upstream app_server {
-  # for UNIX domain socket setups
-  server unix:/var/www/rails/webapp/tmp/sockets/.unicorn.sock fail_timeout=0;
-}
-server {
-  listen 443 ssl;
-  server_name domainName;
-  # 接続制限の設定(nginx so increasing this is generally safe..)
-  # 接続を保つ秒数
-  keepalive_timeout 5;
-  # クライアントからのリクエストボディは2Gまで許容
-  client_max_body_size 2G;
-  # path for static files
-  root /var/www/rails/webapp/public;
-  # page cache loading
-  try_files $uri/index.html $uri.html $uri @app;
-  location @app {
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-  }
-  # Railsエラーページ
-  error_page 500 502 503 504 /500.html;
-  location = /500.html {
-    root /var/www/rails/webapp/public;
-  }
-    # listen 443 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/domainName/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/domainName/privkey.pem; # managed by Certbot
-    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-}
-server {
-  listen      80;
-  server_name domainName;
-  return      301 https://$host$request_uri;
-}
-```
-### 追記1(権限関係の確認)
-```bash
-[username@ip-xxx-xxx-xxx-xxx ~]$ cd /;ls -la
-# drwx-----x  20 username username  280 10月  4 13:44 var
-[username@ip-xxx-xxx-xxx-xxx ~]$ cd /var/;ls -la
-# drwx-----x  4 username username   38 10月 14 17:45 www
-[username@ip-xxx-xxx-xxx-xxx ~]$ cd /www/;ls -la
-# drwx-----x 3 username username 43 10月  4 14:12 rails
-[username@ip-xxx-xxx-xxx-xxx ~]$ cd /rails/;ls -la
-# drwxrwxrwx 15 username username 302 10月 14 14:03 webapp
-[username@ip-xxx-xxx-xxx-xxx ~]$ cd /webapp/;ls -la
-# drwxrwxrwx 15 username username 302 10月 14 14:03 public
-```
-### 追記2
-httpsでURLにアクセス -> httpでURLにアクセス　すると下記の状態が表示されます
-![イメージ説明](843dc5b59f02e91181b703dfec06f82a.png)

httpでURLにアクセスした場合の画像を追加しました

2019/10/17 06:27

投稿

begenner

スコア79

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -560,7 +560,7 @@
-### 追記(権限関係の確認)
+### 追記1(権限関係の確認)
 ```bash
@@ -593,3 +593,15 @@
 # drwxrwxrwx 15 username username 302 10月 14 14:03 public
 ```
+### 追記2
+httpsでURLにアクセス -> httpでURLにアクセス　すると下記の状態が表示されます
+![イメージ説明](843dc5b59f02e91181b703dfec06f82a.png)

webapp 関連のファイル権限を追記しました

2019/10/17 02:58

投稿

begenner

スコア79

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -557,3 +557,39 @@
 }
 ```
+### 追記(権限関係の確認)
+```bash
+[username@ip-xxx-xxx-xxx-xxx ~]$ cd /;ls -la
+# drwx-----x  20 username username  280 10月  4 13:44 var
+[username@ip-xxx-xxx-xxx-xxx ~]$ cd /var/;ls -la
+# drwx-----x  4 username username   38 10月 14 17:45 www
+[username@ip-xxx-xxx-xxx-xxx ~]$ cd /www/;ls -la
+# drwx-----x 3 username username 43 10月  4 14:12 rails
+[username@ip-xxx-xxx-xxx-xxx ~]$ cd /rails/;ls -la
+# drwxrwxrwx 15 username username 302 10月 14 14:03 webapp
+[username@ip-xxx-xxx-xxx-xxx ~]$ cd /webapp/;ls -la
+# drwxrwxrwx 15 username username 302 10月 14 14:03 public
+```

エラー内容に log/nginx.error.log　の内容を追記しました

2019/10/16 22:15

投稿

begenner

スコア79

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -112,6 +112,14 @@
 (ファイルに同じ文字列は存在しない)
+3. `/var/www/rails/webapp/log/nginx.error.log`を確認すると下記のエラーが表示されている
+```bash
+[error] 28121#0: *1 directory index of "/var/www/rails/webapp/public/" is forbidden, client: 211.1.206.206, server: domainName, request: "GET / HTTP/1.1", host: "domainName"
+```
 - /etc/nginx/　配下の構成は下記のようになっています

ファイル内容の順番を入れ替えました

2019/10/16 14:10

投稿

begenner

スコア79

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -114,10 +114,6 @@
-### 追記1
 - /etc/nginx/　配下の構成は下記のようになっています
 ```bash
@@ -160,10 +156,82 @@
-- ファイル`/etc/nginx/nginx.conf`は下記の設定になっています
+### nginxのシンタックスチェック、再起動後のステータス確認結果
 ```bash
+[username@ip-xxx-xxx-xxx-xxx ~]$ sudo nginx -t
+# nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
+# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+# nginx: configuration file /etc/nginx/nginx.conf test is successful
+[username@ip-xxx-xxx-xxx-xxx ~]$ sudo service nginx restart
+# Redirecting to /bin/systemctl restart nginx.service
+[username@ip-xxx-xxx-xxx-xxx ~]$ sudo service nginx status
+# Redirecting to /bin/systemctl status nginx.service
+# ● nginx.service - The nginx HTTP and reverse proxy server
+#    Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
+#    Active: active (running) since 火 2019-10-15 23:08:09 JST; 4s ago
+#   Process: 11316 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
+#   Process: 11313 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
+#   Process: 11311 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
+#  Main PID: 11319 (nginx)
+#    CGroup: /system.slice/nginx.service
+#            ├─11319 nginx: master process /usr/sbin/nginx
+#            └─11320 nginx: worker process
+#
+# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
+# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
+# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: configuration file /etc/nginx/nginx.conf test is successful
+# 10月 15 23:08:09 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11316]: nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
+# 10月 15 23:08:09 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal systemd[1]: Started The nginx HTTP and reverse proxy server.
+```
+### nginxの設定ファイル1(/etc/nginx/nginx.conf)
+```bash
 # For more information on configuration, see:
 #   * Official English Documentation: http://nginx.org/en/docs/
@@ -344,204 +412,140 @@
-### nginxのシンタックスチェック、再起動後のステータス確認結果
+### nginxの設定ファイル2(/etc/nginx/conf.d/webapp.conf)
 ```bash
-[username@ip-xxx-xxx-xxx-xxx ~]$ sudo nginx -t
-# nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
-# nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-# nginx: configuration file /etc/nginx/nginx.conf test is successful
-[username@ip-xxx-xxx-xxx-xxx ~]$ sudo service nginx restart
-# Redirecting to /bin/systemctl restart nginx.service
-[username@ip-xxx-xxx-xxx-xxx ~]$ sudo service nginx status
-# Redirecting to /bin/systemctl status nginx.service
-# ● nginx.service - The nginx HTTP and reverse proxy server
-#    Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
-#    Active: active (running) since 火 2019-10-15 23:08:09 JST; 4s ago
-#   Process: 11316 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
-#   Process: 11313 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
-#   Process: 11311 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
-#  Main PID: 11319 (nginx)
-#    CGroup: /system.slice/nginx.service
-#            ├─11319 nginx: master process /usr/sbin/nginx
-#            └─11320 nginx: worker process
-#
-# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
-# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
-# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
-# 10月 15 23:08:08 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11313]: nginx: configuration file /etc/nginx/nginx.conf test is successful
-# 10月 15 23:08:09 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal nginx[11316]: nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/conf.d/webapp.conf:66
-# 10月 15 23:08:09 ip-xxx-xxx-xxx-xxx.ap-northeast-1.compute.internal systemd[1]: Started The nginx HTTP and reverse proxy server.
+```bash
+# /etc/nginx/conf.d/webapp.conf
+# log directory
+error_log  /var/www/rails/webapp/log/nginx.error.log;
+access_log /var/www/rails/webapp/log/nginx.access.log;
+# max body size
+#client_max_body_size 2G;
+upstream app_server {
+  # for UNIX domain socket setups
+  server unix:/var/www/rails/webapp/tmp/sockets/.unicorn.sock fail_timeout=0;
+}
+server {
+  listen 443 ssl;
+  server_name domainName;
+  # 接続制限の設定(nginx so increasing this is generally safe..)
+  # 接続を保つ秒数
+  keepalive_timeout 5;
+  # クライアントからのリクエストボディは2Gまで許容
+  client_max_body_size 2G;
+  # path for static files
+  root /var/www/rails/webapp/public;
+  # page cache loading
+  try_files $uri/index.html $uri.html $uri @app;
+  location @app {
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+  }
+  # Railsエラーページ
+  error_page 500 502 503 504 /500.html;
+  location = /500.html {
+    root /var/www/rails/webapp/public;
+  }
+    # listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/domainName/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/domainName/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+}
+server {
+  listen      80;
+  server_name domainName;
+  return      301 https://$host$request_uri;
+}
 ```
-### nginxの設定ファイル(/etc/nginx/conf.d/webapp.conf)
-```bash
-```bash
-# /etc/nginx/conf.d/webapp.conf
-# log directory
-error_log  /var/www/rails/webapp/log/nginx.error.log;
-access_log /var/www/rails/webapp/log/nginx.access.log;
-# max body size
-#client_max_body_size 2G;
-upstream app_server {
-  # for UNIX domain socket setups
-  server unix:/var/www/rails/webapp/tmp/sockets/.unicorn.sock fail_timeout=0;
-}
-server {
-  listen 443 ssl;
-  server_name domainName;
-  # 接続制限の設定(nginx so increasing this is generally safe..)
-  # 接続を保つ秒数
-  keepalive_timeout 5;
-  # クライアントからのリクエストボディは2Gまで許容
-  client_max_body_size 2G;
-  # path for static files
-  root /var/www/rails/webapp/public;
-  # page cache loading
-  try_files $uri/index.html $uri.html $uri @app;
-  location @app {
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-  }
-  # Railsエラーページ
-  error_page 500 502 503 504 /500.html;
-  location = /500.html {
-    root /var/www/rails/webapp/public;
-  }
-    # listen 443 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/domainName/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/domainName/privkey.pem; # managed by Certbot
-    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-}
-server {
-  listen      80;
-  server_name domainName;
-  return      301 https://$host$request_uri;
-}
-```

追記依頼の内容を追記しました

2019/10/16 13:35

投稿

begenner

スコア79

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -114,6 +114,236 @@
+### 追記1
+- /etc/nginx/　配下の構成は下記のようになっています
+```bash
+conf.d      # ディレクトリ
+default.d   # ディレクトリ
+fastcgi.conf
+fastcgi.conf.default
+fastcgi_params
+fastcgi_params.default
+koi-utf
+koi-win
+mime.types
+mime.types.default
+nginx.conf
+nginx.conf.default
+scgi_params
+scgi_params.default
+uwsgi_params
+uwsgi_params.default
+win-utf
+```
+- ファイル`/etc/nginx/nginx.conf`は下記の設定になっています
+```bash
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+events {
+    worker_connections 1024;
+}
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+    server {
+        listen       80 default_server;
+        listen       [::]:80 default_server;
+        server_name  _;
+        root         /usr/share/nginx/html;
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+        location / {
+        }
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+# Settings for a TLS enabled server.
+#
+#    server {
+#        listen       443 ssl http2 default_server;
+#        listen       [::]:443 ssl http2 default_server;
+#        server_name  _;
+#        root         /usr/share/nginx/html;
+#
+#        ssl_certificate "/etc/pki/nginx/server.crt";
+#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
+#        ssl_session_cache shared:SSL:1m;
+#        ssl_session_timeout  10m;
+#        ssl_ciphers HIGH:!aNULL:!MD5;
+#        ssl_prefer_server_ciphers on;
+#
+#        # Load configuration files for the default server block.
+#        include /etc/nginx/default.d/*.conf;
+#
+#        location / {
+#        }
+#
+#        error_page 404 /404.html;
+#            location = /40x.html {
+#        }
+#
+#        error_page 500 502 503 504 /50x.html;
+#            location = /50x.html {
+#        }
+#    }
+```
 ### nginxのシンタックスチェック、再起動後のステータス確認結果
 ```bash

タイトルを変更しました

2019/10/16 03:03

投稿

begenner

スコア79

test CHANGED Viewed

	@@ -1 +1 @@
1	- Rails + AWS でHTTPS対応をしたい(nginx 403 Forbidden エラー)
1	+ Rails + AWS でHTTPSに対応させたい(nginx 403 Forbidden エラー)

test CHANGED Viewed

File without changes

参考にしてきたサイトを追加しました

2019/10/15 14:55

投稿

begenner

スコア79

test CHANGED Viewed

File without changes

test CHANGED Viewed

@@ -32,6 +32,34 @@
+### デプロイ、HTTPS対応させるために参考にしてきたサイト
+1. アプリのデプロイまで
+[(デプロイ編②)世界一丁寧なAWS解説。EC2を利用して、RailsアプリをAWSにあげるまで - Qiita](https://qiita.com/naoki_mochizuki/items/5a1757d222806cbe0cd1)
+2. HTTPS対応のために参考にした記事(2つ)
+[[Rails][Nginx][AWS] Let's EncryptをEC2上のRailsに入れてHttpsにする - Qiita](https://qiita.com/Masahiro_T/items/9b81b31b3c21bd03fc09)
+[Amazon Linux2とLet's EncryptでSSL対応サーバを0から爆速構築 - Qiita](https://qiita.com/MysteriousMonky/items/4d3d857c0e68d4bfff39)
+3. nginx設定ファイルの参考にしたサイト
+[RailsアプリをAWS EC2で公開する超簡単な手順 【独自ドメイン／HTTPS対応】 - ひろこま Hack Log](https://www.mahirokazuko.com/entry/2018/09/11/112010)
+4. nginxとunicornの設定について(これを利用して編集はしていません)
+[【Ruby on Rails】Nginxとunicornを使ってHTTPS（SSL）対応する方法 | Y-hilite](https://y-hilite.com/2908/)
 ### 動作環境
 Rails