我曾经遇到过这个问题,后来发现是nginx在加载TLS证书时出错导致无法启动。但是vagrant up
命令并没有报告nginx启动失败或任何端口绑定失败的情况。
为了诊断这个问题,我按照以下步骤操作:
$ nmap homestead.app
Starting Nmap 7.01 ( https://nmap.org ) at 2017-10-03 16:16 NZDT
Nmap scan report for homestead.app (192.168.10.10)
Host is up (0.00077s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
1025/tcp open NFS-or-IIS
3306/tcp open mysql
5432/tcp open postgresql
列表中没有80端口。让我们仔细检查一下80端口。
$ nmap homestead.app -p 80
...
Host is up (0.00020s latency).
PORT STATE SERVICE
80/tcp closed http
所以它肯定是关闭的。客人日志上说了什么?vagrant ssh
然后...
$ systemctl status nginx.service
...
Active: failed (Result: exit-code) since Tue 2017-10-03 03:06:12 UTC; 1min 30s ago
...
homestead systemd[1]: Starting A high performance web server and a reverse proxy server...
homestead nginx[1250]: nginx: [emerg] PEM_read_bio_X509_AUX("/etc/nginx/ssl/homestead.app.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICA
homestead nginx[1250]: nginx: configuration file /etc/nginx/nginx.conf test failed
homestead systemd[1]: nginx.service: Control process exited, code=exited status=1
homestead systemd[1]: Failed to start A high performance web server and a reverse proxy server.
homestead systemd[1]: nginx.service: Unit entered failed state.
homestead systemd[1]: nginx.service: Failed with result 'exit-code'.
由于配置错误,Nginx启动失败。
PEM_read_bio_X509_AUX
错误指向文件
/etc/nginx/ssl/homestead.app.crt
。该文件在配置中的使用位置是什么?
$ sudo vim /etc/nginx/sites-enabled/homestead.app
我将相关行注释掉了:
@@ -1,6 +1,6 @@
server {
listen 80;
- listen 443 ssl http2;
+# listen 443 ssl http2;
server_name homestead.app;
root "/home/vagrant/Code/public";
@@ -42,7 +42,7 @@ server {
deny all;
}
- ssl_certificate /etc/nginx/ssl/homestead.app.crt;
- ssl_certificate_key /etc/nginx/ssl/homestead.app.key;
+# ssl_certificate /etc/nginx/ssl/homestead.app.crt;
+# ssl_certificate_key /etc/nginx/ssl/homestead.app.key;
}
使用$ sudo service start nginx
启动nginx,并从主机上再次运行nmap
。
$ nmap homestead.app -p 80,443
...
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
端口80已经打开,现在应该可以从http://homestead.app访问。当然,TLS不起作用,但您应该能够通过生成新的证书来解决它。我不确定证书无法加载的原因。