"SSL" conflicts

Ce site est optimisé pour être consulté depuis un navigateur moderne dans lequel JavaScript est activé.

"SSL" conflicts

Teebo

Bonsoir,

J'ai installé, il y a quelques mois "Lufi" sur mon serveur sans aucun problème... Je viens de louer un nouveau serveur, j'ai donc décidé de refaire l'installation en gardant les fichiers de config du premier pour éviter de galérer et m'éviter les problèmes... Voilà pour la théorie...

Dans la pratique, je rencontre effectivement un problème...

Voici le message d'erreur au lancement de nginx :

nginx: [emerg] the size 10485760 of shared memory zone "SSL" conflicts with already declared size 52428800 in /etc/nginx/sites-enabled/lufi.conf:23

Donc pour l'instant, j'ai commenté les lignes qui posent problème afin de pouvoir lancer nginx mais comme le problème n'ap as été rencontré sur mon premier serveur cela m'intrigue...

Voici donc mes fichiers :

### nano /etc/nginx/sites-enabled/lutim.conf

server {
    listen 80;
    server_name file.domaine.tld;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name file.domaine.tld;

    root /var/www/lufi/;

    access_log /var/log/nginx/lufi.access.log;
    error_log /var/log/nginx/lufi.error.log;

   ssl_certificate /etc/letsencrypt/live/domaine.tld/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/domaine.tld/privkey.pem;

   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers "EECDH+AESGCM:AES128+EECDH:AES256+EECDH";
   ssl_ecdh_curve secp384r1;

#   ssl_session_cache
#shared:SSL:10M;
#   ssl_session_timeout 10m;

   add_header X-Frame-Options SAMEORIGIN;
   add_header X-Content-Type-Options "nosniff";

   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/nginx/ssl/dhparams.pem;

   client_max_body_size 10G;

   location ~* ^/(img|css|font|js)/ {
        try_files $uri @lufi;
        add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT";
        add_header Cache-Control "public, max-age=315360000";

        #HTTPS only header, improves security
        add_header Strict-Transport-Security "max-age=15768000";
    }

    location / {
        try_files $uri @lufi;

        #HTTPS only header, improves security
        add_header Strict-Transport-Security "max-age=15768000";
    }

    location @lufi {
        # Adapt this to your configuration

       proxy_pass  http://127.0.0.1:8080;

        # Really important! Lufi uses WebSocket, it won't work without this
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # If you want to log the remote port of the image senders, you'll need that
        proxy_set_header X-Remote-Port $remote_port;

        proxy_set_header X-Forwarded-Proto $scheme;

        # We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
proxy_redirect     off;
    }
}

### nano /etc/nginx/ssl/params.conf

ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_ecdh_curve secp384r1;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES$

    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;

    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_trusted_certificate /etc/letsencrypt/live/domaine.tld/fullchain.pem;

    resolver 8.8.8.8;

### nano /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
    use epoll; # gestionnaire d'évènements epoll (kernel 2.6+)
}

http {
# fastcgi_cache_path /usr/share/nginx/cache levels=1:2 keys_zone=mycache:10m inactive=1h max_size=256m;
    include /etc/nginx/ssl/params.conf;
    include /etc/nginx/mime.types;
    default_type  application/octet-stream;

    access_log /var/log/nginx/access.log combined;
    error_log /var/log/nginx/error.log error;

    sendfile on;
    keepalive_timeout 15;
    keepalive_disable msie6;
    keepalive_requests 100;
    tcp_nopush on;
    tcp_nodelay off;
    server_tokens off;

    gzip on;
    gzip_comp_level 5;
    gzip_min_length 512;
    gzip_buffers 4 8k;
    gzip_proxied any;
    gzip_vary on;
    gzip_disable "msie6";
    gzip_types
        text/css
        text/javascript
        text/xml
        text/plain
        text/x-component
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/rss+xml
        application/vnd.ms-fontobject
        font/truetype
        font/opentype
        image/svg+xml;

    include /etc/nginx/sites-enabled/*.conf;
}

Merci par avance.

xavier

Salut

donc édite ton fichier

### nano /etc/nginx/sites-enabled/lutim.conf

server {
    listen 80;
    server_name file.domaine.tld;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name file.domaine.tld;

    root /var/www/lufi/;

    access_log /var/log/nginx/lufi.access.log;
    error_log /var/log/nginx/lufi.error.log;

   ssl_certificate /etc/letsencrypt/live/domaine.tld/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/domaine.tld/privkey.pem;

   add_header X-Frame-Options SAMEORIGIN;
   add_header X-Content-Type-Options "nosniff";

   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/nginx/ssl/dhparams.pem;

   client_max_body_size 10G;

   location ~* ^/(img|css|font|js)/ {
        try_files $uri @lufi;
        add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT";
        add_header Cache-Control "public, max-age=315360000";

        #HTTPS only header, improves security
        add_header Strict-Transport-Security "max-age=15768000";
    }

    location / {
        try_files $uri @lufi;

        #HTTPS only header, improves security
        add_header Strict-Transport-Security "max-age=15768000";
    }

    location @lufi {
        # Adapt this to your configuration

       proxy_pass  http://127.0.0.1:8080;

        # Really important! Lufi uses WebSocket, it won't work without this
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # If you want to log the remote port of the image senders, you'll need that
        proxy_set_header X-Remote-Port $remote_port;

        proxy_set_header X-Forwarded-Proto $scheme;

        # We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
proxy_redirect     off;
    }
}

Normalement c’est tout car tu a déjà un "include /etc/nginx/ssl/params.conf;" dans nginx.conf

Teebo

Problème résolu !

Merci xavier

xavier

Super, juste un petit doublon du ssl