Nginx startup fails ssl no such file or directory

Solution 1:

Are you sure that the Nginx user has access to the directory?

Also check the permissions of the .pem file, if Nginx cannot access it, it can show as 'no such file or directory'.

If the permissions are right, you might check the actual path again. How you pasted it (which I know you removed the dir) there is no beginning / which could be the problem.

EDIT

Try moving your SSL setup into the following structure (as well as change the nginx.conf to reflect):

sudo mkdir /etc/nginx/ssl
sudo chown -R root:root /etc/nginx/ssl
sudo chmod -R 600 /etc/nginx/ssl

Nginx could be failing on your .pem because the permissions are too open (need source to verify that Nginx does this) but the above setup should work fine.

Solution 2:

I will leave my answer for my problem, in case someone come across this topic.

I have nginx run inside docker container, and have the same error trying to access the private key file. After scratching my head for several hours, I come to a realization that my docker's nginx does not have the mount volume that contains my data.

The only option to add mount volume is to remove and re-create the container with the -v option: https://docs.docker.com/engine/tutorials/dockervolumes/

docker run -d -P --name docker-nginx -v /etc/ssl/certs:/etc/ssl/certs nginx

Sometimes, trivial things are hard to see. Hope this help.

Solution 3:

A possible scenario:

sometimes it might happens that, when configuring SSL files (private key and certificate) for the Virtualhost which is being configured,it was forgotten to specify the absolute path where these files reside.

For example, if you follow this official doc from Nginx: http://nginx.org/en/docs/http/configuring_https_servers.html

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     tdmssl.crt;
    ssl_certificate_key tdmssl.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}

Suppose that you store the SSL files inside "/etc/nginx/conf.d":

root@ilg40:/etc/nginx/conf.d# pwd
/etc/nginx/conf.d
root@ilg40:/etc/nginx/conf.d# ll
total 16
drwxr-xr-x 2 root root 4096 Jan 24 17:39 ./
drwxr-xr-x 5 root root 4096 Jan 24 21:15 ../
-rw-r--r-- 1 root root 1359 Jan 24 17:39 tdmssl.crt
-rw-r--r-- 1 root root 1675 Jan 24 17:39 tdmssl.key

What happens?

By default, when not specified the absolute path for an ordinary file which is used by Nginx, Nginx will search for the files at "/etc/nginx"

From /var/log/nginx/error.log

2017/01/24 21:05:10 [emerg] 13113#0: 
BIO_new_file("/etc/nginx/tdmssl.crt") 
failed(SSL:error:02001002:system library:fopen:
No such file or directory:fopen('/etc/nginx/tdmssl.crt','r') 
error:2006D080:BIO routines:BIO_new_file:no such file)

What must be done ?

To specify the absolute path of the additional files which are used by your Virtualhost configuration.

Like this:

root@ilg40:/etc/nginx/conf.d# cd
root@ilg40:~# cat /etc/nginx/sites-available/tdm 
server {

    listen          443 ssl;
    server_name         tjsdatamanager.redtjs.com;
    ssl_certificate     /etc/nginx/conf.d/tdmssl.crt;
    ssl_certificate_key /etc/nginx/conf.d/tdmssl.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
        include proxy_params;
        proxy_pass http://unix:/etc/tdm/flask/wsgi.sock;
    }

}

Tags:

Nginx

Debian

Web Server

Recent Posts