Apache SSL 配置连接被拒绝 connect:errno=111

Apache SSL 配置连接被拒绝 connect:errno=111

我正在尝试在旧的 opensuse 服务器上配置 SSL:

openSUSE 11.4 (x86_64)
VERSION = 11.4
CODENAME = Celadon

我启用了 apache SSL 模块:

apache2ctl -M
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_file_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_default_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 dir_module (shared)
 env_module (shared)
 expires_module (shared)
 include_module (shared)
 log_config_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 setenvif_module (shared)
 ssl_module (shared)
 userdir_module (shared)
 php5_module (shared)
 reqtimeout_module (shared)
 deflate_module (shared)
 headers_module (shared)
 rewrite_module (shared)
Syntax OK

并配置提供 SSL 证书的虚拟主机(通过复制和编辑 vhost-ssl.template 并将其重命名为 https.xxxxxxxx.conf)并重新启动 apache。

当我尝试连接时出现此错误:

openssl s_client -connect localhost:443
connect: Connection refused
connect:errno=111

这是安装的 openssl 版本:

OpenSSL 1.0.1p 9 Jul 2015 (Library: OpenSSL 1.0.0c 2 Dec 2010)

如果它可以帮助这是我的 iptables 配置:

iptables -L -vn
Chain INPUT (policy ACCEPT 4641 packets, 815K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1691 packets, 4745K bytes)
 pkts bytes target     prot opt in     out     source               destination   

您能帮我理解为什么我无法在 localhost 中连接到 443 端口吗?

编辑:

我相信这是 apache 和附加 https.xxxxxxx.conf 文件的问题:

httpd2 -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80                   is a NameVirtualHost
         default server xxxxxxxx.it (/etc/apache2/vhosts.d/xxxxxxxx.conf:3)
         port 80 namevhost xxxxxxxx.it (/etc/apache2/vhosts.d/xxxxxxxx.it.conf:3)
         port 80 namevhost XXX.XXX.XXX.XXX (/etc/apache2/vhosts.d/xxxxxxxx.it.conf:9)

在我的listen.conf中,如果启用了SSL模块,它应该监听443:

Listen 80


<IfDefine SSL>
    <IfDefine !NOSSL>
        <IfModule mod_ssl.c>

            Listen 443

        </IfModule>
    </IfDefine>
</IfDefine>

这是 netstat 的输出:

netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      8105/mysqld         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1847/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2179/master         
tcp        0      0 :::80                   :::*                    LISTEN      13330/httpd2-prefor 
tcp        0      0 :::21                   :::*                    LISTEN      1930/vsftpd         
tcp        0      0 :::22                   :::*                    LISTEN      1847/sshd           
tcp        0      0 ::1:25                  :::*                    LISTEN      2179/master   

我修改了 /etc/sysconfig/apache2 文件以打开 SSL 模块

APACHE_SERVER_FLAGS="SSL"

现在它似乎可以在本地和远程正确响应机器人:

openssl s_client -connect localhost:443
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1

自从我从浏览器获取以来,我仍然遇到问题:

This site can’t be reached
xxxxxxxx.it unexpectedly closed the connection.
Try:

Checking the connection
Checking the proxy and the firewall
Running Network Diagnostics
ERR_CONNECTION_CLOSED

但我相信这个问题不相关

答案1

终于想通了!默认 Apache Listen.conf 没有分配给机器的 IP 地址的条目。呃。我认为“listen 80”会覆盖机器的所有IP地址。

相关内容