我有一台装有 Raspberry Pi OS Lite 的 Raspberry Pi 4,并且在那里设置了一个 Apache 服务器按照本教程。我还设置了 DuckDNS,这样我就可以用 duckdns 子域指向我的公共 IP 地址。但是我只能通过 LAN 或私有 Wireguard VPN 访问此服务器,我想通过我的公共 IP 访问它。端口 80 和端口 443 似乎都不起作用。
起初我以为这可能是端口转发的问题,我读到过一些路由器或 ISP 阻止了端口 80 和 443,但我尝试在我的个人电脑上启动一个简单的 HTTP Python 服务器(使用python -m http.server <port>替换<port>为 80 和 443 来测试两者)并且我可以通过查询我的公共 IP 地址来访问 python 服务器,所以我猜端口转发正在工作。(注意:测试 python 服务器后,我将端口重定向到 Raspberry Pi 本地 IP,但仍然不起作用)
这只能让我假设 Apache 配置错误或防火墙阻止了它?我没有在 Raspberry Pi 上手动设置任何防火墙,因此任何这方面的配置都是默认配置,而 Apache 配置我想说它也是一样的,所以我不知道会发生什么。
我怎样才能“调试”正在发生的事情或者谁阻止了这些请求?
这些是配置文件,希望它们能有所帮助。除了nextcloud.conf,我认为其他的都是默认的。
/etc/apache2/sites-available/nextcloud.conf
Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerAdmin example@example
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
/etc/apache2/sites-available/default-ssl.conf
这个文件很大,我会删除评论
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
/etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
/etc/apache2/apache2.conf
我隐藏了这个文件中的评论,否则它会变得非常大
# This is the main Apache server configuration file...
# ...
# The directory where shm and other runtime files will be stored.
DefaultRuntimeDir ${APACHE_RUN_DIR}
# PidFile: The file in which the server should record...
PidFile ${APACHE_PID_FILE}
# Timeout: The number of seconds...
Timeout 300
# KeepAlive: Whether or not to allow persistent connections...
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow...
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request...
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
# HostnameLookups: Log the names of clients or just their IP addresses...
HostnameLookups Off
# ErrorLog: The location of the error log file
ErrorLog ${APACHE_LOG_DIR}/error.log
# LogLevel: Control the severity of messages...
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server...
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# AccessFileName: The name of the file to look...
AccessFileName .htaccess
# The following lines prevent .htaccess and .htpasswd files...
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
# The following directives define some format nicknames...
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
答案1
最后,就我的具体情况而言,我的 Wireguard VPN 干扰了收到的请求,因为我已设置AllowedIPs为捕获所有目标 IP。
所以我的所有流量都被通过 VPN 重定向。