遇到了一个奇怪的问题,我的 apache2 守护进程虽然应该根据 netstat 和 lsof 进行监听,但却没有响应请求。以下是我目前发现的问题。
- 确保端口 80 开放并且 apache 正在监听
lsof -I:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 6253 root 3u IPv4 1596968 0t0 TCP *:http (LISTEN)
apache2 6257 www-data 3u IPv4 1596968 0t0 TCP *:http (LISTEN)
apache2 6258 www-data 3u IPv4 1596968 0t0 TCP *:http (LISTEN)
apache2 6259 www-data 3u IPv4 1596968 0t0 TCP *:http (LISTEN)
- 确保防火墙已打开端口
table inet filter {
chain input { # handle 1
type filter hook input priority filter; policy drop;
ct state established,related accept # handle 4
ct state invalid counter packets 68 bytes 3278 drop # handle 5
...
tcp dport 80 counter packets 11 bytes 568 accept comment "HTTP" # handle 21
- 确保流量从端口 80 进入
tcpdump -n -I eth0 host 75.119.198.106 and port 80
16:39:50.317217 IP 75.119.198.106.41804 > 47.220.62.53.80: Flags [S], seq 3381923713, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
16:39:52.333431 IP 75.119.198.106.41804 > 47.220.62.53.80: Flags [S], seq 3381923713, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
16:39:56.461186 IP 75.119.198.106.41804 > 47.220.62.53.80: Flags [S], seq 3381923713, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
16:40:04.653345 IP 75.119.198.106.41804 > 47.220.62.53.80: Flags [S], seq 3381923713, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
正如您所看到的,流量正在进入但尚未被 apache 进程响应。
查看日志并/var/log/apache2没有什么不寻常的,但是当我重新启动 apache 时,在日志中apache2ctrl restart我看到了以下内容:
Jul 02 16:19:24 pve systemd[1]: Starting The Apache HTTP Server...
Jul 02 16:19:25 pve systemd[1]: Started The Apache HTTP Server.
Jul 02 16:19:25 pve dbus-daemon[8901]: [system] Rejected send message, 4 matched rules; type="method_call", sender=":1.708" (uid=33 pid=6257 comm="/usr/sbin/apache2 -k start " label="system_u:system_r:kernel_t:s0") interface="org.freedesktop.systemd1.Manager" member="GetDynamicUsers" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init " label="system_u:system_r:kernel_t:s0")
这是唯一表明出了问题的地方,我不知道它应该如何工作。在我看来,/etc/dbus-1/system.d/org.freedesktop.systemd1.conf这个文件完好无损,因为到目前为止我从未碰过它。
<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<!--
This file is part of systemd.
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
-->
<busconfig>
<policy user="root">
<allow own="org.freedesktop.systemd1"/>
<!-- Root clients can do everything -->
<allow send_destination="org.freedesktop.systemd1"/>
<allow receive_sender="org.freedesktop.systemd1"/>
<!-- systemd may receive activator requests -->
<allow receive_interface="org.freedesktop.systemd1.Activator"
receive_member="ActivationRequest"/>
</policy>
<policy context="default">
<deny send_destination="org.freedesktop.systemd1"/>
<!-- Completely open to anyone -->
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.DBus.Introspectable"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.DBus.Peer"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.DBus.Properties"
send_member="Get"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.DBus.Properties"
send_member="GetAll"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="GetUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="GetUnitByPID"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="GetUnitByInvocationID"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="LoadUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="GetJob"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ListUnits"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ListUnitsFiltered"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ListUnitsByPatterns"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ListUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ListUnitFilesByPatterns"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="GetUnitFileState"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="GetUnitProcesses"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="GetUnitFileLinks"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ListJobs"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="Subscribe"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="Unsubscribe"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="Dump"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="GetDefaultTarget"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="LookupDynamicUserByName"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="LookupDynamicUserByUID"/>
<!-- Managed via polkit or other criteria -->
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="StartUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="StartUnitReplace"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="StopUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ReloadUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="RestartUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="TryRestartUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ReloadOrRestartUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ReloadOrTryRestartUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="KillUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ResetFailedUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="SetUnitProperties"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ListUnitsByNames"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="StartTransientUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="CancelJob"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="Reload"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="Reexecute"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="RefUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="UnrefUnit"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="EnableUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="DisableUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="ReenableUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="LinkUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="RevertUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="PresetUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="PresetUnitFilesWithMode"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="MaskUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="UnmaskUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="SetDefaultTarget"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="PresetAllUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Manager"
send_member="AddDependencyUnitFiles"/>
<allow send_destination="org.freedesktop.systemd1"
send_interface="org.freedesktop.systemd1.Job"
send_member="Cancel"/>
<allow receive_sender="org.freedesktop.systemd1"/>
</policy>
</busconfig>
答案1
事实证明,罪魁祸首是 SELINUX,尽管我已经SELINUX=permissive。/etc/selinux/config我将其切换到SELINUX=disabled并重新启动,一切又恢复正常。