NGINX - Falha ao reiniciar

1

Depois de instalar um SSL por meio do Laravel Forge , meu site não carrega nada. Ao tentar reiniciar o NGINX, ele falha. Se eu executar sudo nginx -t , obtenho o seguinte:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] open() "/usr/share/nginx/logs/static.log" failed (2: No  such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed

Aqui está minha configuração do NGINX:

# non-www to www redirect
server {
    listen 80;
    server_name MYDOMAIN.com;
    return 301 $scheme://www.MYDOMAIN.com$request_uri;
}
server {
    listen 80 default_server;
    server_name www.MYDOMAIN.com *.MYDOMAIN.com;
    root /home/forge/MYDOMAIN.com/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/MYDOMAIN.com/10957/server.crt;
    ssl_certificate_key /etc/nginx/ssl/MYDOMAIN.com/10957/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    index index.html index.htm index.php;

    charset utf-8;

    # Built-in filename-based cache busting

    # https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L403
    # This will route all requests for /css/style.20120716.css to /css/style.css
    # Read also this: github.com/h5bp/html5-boilerplate/wiki/cachebusting
    # This is not included by default, because it'd be better if you use the build
    # script to manage the file names.
    location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ {
       try_files $uri $1.$2;
    }

    # Expire rules for static content

    # No default expire rule. This config mirrors that of apache as outlined in the
    # html5-boilerplate .htaccess file. However, nginx applies rules by location,
    # the apache rules are defined by type. A consequence of this difference is that
    # if you use no file extension in the url and serve html, with apache you get an
    # expire time of 0s, with nginx you'd get an expire header of one month in the
    # future (if the default expire rule is 1 month). Therefore, do not use a
    # default expire rule with nginx unless your site is completely static

    # cache.appcache, your document html and data
    location ~* \.(?:manifest|appcache|html?|xml|json)$ {
      expires -1;
      access_log logs/static.log;
    }

    # Feed
    location ~* \.(?:rss|atom)$ {
      expires 1h;
      add_header Cache-Control "public";
    }

    # Media: images, icons, video, audio, HTC
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
      expires 1M;
      access_log off;
      add_header Cache-Control "public";
    }

    # CSS and Javascript
    location ~* \.(?:css|js)$ {
      expires 1y;
      access_log off;
      add_header Cache-Control "public";
    }

    # WebFonts
    # If you are NOT using cross-domain-fonts.conf, uncomment the following directive
    location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
     expires 1M;
     access_log off;
     add_header Cache-Control "public";
    }


    # How long to allow each connection to stay idle; longer values are better
    # for each individual client, particularly for SSL, but means that worker
    # connections are tied up longer. (Default: 65)
    keepalive_timeout 20;

    # Speed up file transfers by using sendfile() to copy directly
    # between descriptors rather than using read()/write().
    sendfile        on;

    # Tell Nginx not to send out partial frames; this increases throughput
    # since TCP frames are filled up before being sent out. (adds TCP_CORK)
    tcp_nopush      on;

    # Expire rules for static content

    # cache.appcache, your document html and data
    location ~* \.(?:manifest|appcache|html?|xml|json)$ {
      expires -1;
      # access_log logs/static.log; # I don't usually include a static log
    }

    # Feed
    location ~* \.(?:rss|atom)$ {
      expires 1h;
      add_header Cache-Control "public";
    }

    # Media: images, icons, video, audio, HTC
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
      expires 1M;
      access_log off;
      add_header Cache-Control "public";
    }

    # CSS and Javascript
    location ~* \.(?:css|js)$ {
      expires 1y;
      access_log off;
      add_header Cache-Control "public";
    }


    # Compression

    # Enable Gzip compressed.
    gzip on;

    # Compression level (1-9).
    # 5 is a perfect compromise between size and cpu usage, offering about
    # 75% reduction for most ascii files (almost identical to level 9).
    gzip_comp_level    5;

    # Don't compress anything that's already small and unlikely to shrink much
    # if at all (the default is 20 bytes, which is bad as that usually leads to
    # larger files after gzipping).
    gzip_min_length    256;

    # Compress data even for clients that are connecting to us via proxies,
    # identified by the "Via" header (required for CloudFront).
    gzip_proxied       any;

    # Tell proxies to cache both the gzipped and regular version of a resource
    # whenever the client's Accept-Encoding capabilities header varies;
    # Avoids the issue where a non-gzip capable client (which is extremely rare
    # today) would display gibberish if their proxy gave them the gzipped version.
    gzip_vary          on;

    # Compress all output labeled with one of the following MIME-types.
    gzip_types
      application/atom+xml
      application/javascript
      application/json
      application/ld+json
      application/manifest+json
      application/rdf+xml
      application/rss+xml
      application/schema+json
      application/vnd.geo+json
      application/vnd.ms-fontobject
      application/x-font-ttf
      application/x-javascript
      application/x-web-app-manifest+json
      application/xhtml+xml
      application/xml
      font/eot
      font/opentype
      image/bmp
      image/svg+xml
      image/vnd.microsoft.icon
      image/x-icon
      text/cache-manifest
      text/css
      text/javascript
      text/plain
      text/vcard
      text/vnd.rim.location.xloc
      text/vtt
      text/x-component
      text/x-cross-domain-policy
      text/xml;
    # text/html is always compressed by HttpGzipModule

    client_max_body_size 128M;
    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/MYDOMAIN.com-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

Não tenho certeza se isso é importante, mas não quero todo o meu site em SSL, apenas rotas específicas (que especifico em meu aplicativo e que funcionam bem localmente). Ainda preciso adicionar um ouvinte para 443 nesse arquivo, potencialmente? Esse problema de permissão também está me jogando por um loop. Eu realmente aprecio qualquer ajuda!

Adicional

Também estou recebendo o seguinte erro ao executar nginx -t :

nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2015/08/06 07:59:21 [warn] 5972#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2015/08/06 07:59:21 [emerg] 5972#0: open() "/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed
    
por Zach 06.08.2015 / 12:16

4 respostas

0

Esclarecimento por favor: escreva permissões / usr / share / nginx / www | DigitalOcean

    
por 06.08.2015 / 15:26
2

Eu tive exatamente o mesmo problema no meu servidor de forja, criando o diretório de logs que resolveu o problema:

cd /usr/share/nginx;
sudo mkdir logs
    
por 30.01.2016 / 13:24
0

Você precisa ter um host virtual separado para http e https . E você deve especificar as chaves TLS somente no bloco https .

Na sua configuração atual, você está tendo um https server em http port, o que não funcionará de forma alguma.

    
por 06.08.2015 / 20:04
-1

Eu enfrentei um problema semelhante ao reiniciar o Nginx e descobri que ele é uma causa do SeLinux . Certifique-se de tentar depois de desativar o SeLinux ou temporariamente configurá-lo para o modo Permissivo usando o comando abaixo:

setenforce 0

Erros que eu estava vendo no arquivo de log que foi corrigido após o ajuste acima:

[emerg] 21285#0: open() "/var/www/html/amaeka/logs/access.log" failed (13: Permission denied) [emerg] 21301#0: open() "/var/www/html/amaeka/logs/access.log" failed (13: Permission denied)

    
por 11.10.2016 / 16:44