更新:所以看来我可以从 LAN 之外的计算机访问该网站,当我尝试从与服务器位于同一 LAN 上的任何计算机上拉取时,我遇到了问题。据我所知,这似乎是 NAT 问题。我不完全理解这个问题,但我知道这与路由器如何处理试图访问实际托管在连接到路由器的服务器上的公共域的流量有关。我的路由器具有 IP 触发功能,根据我的记忆,这可能是我需要配置的功能。
我正在尝试通过在 VirtualBox 中设置测试服务器虚拟机并托管我自己的 WordPress 博客来自学一些服务器基础知识。这主要是为了我完成论文时做准备,其中将包括我希望能够自己托管的数字/网络版本。一切都进行得很顺利。我设置了一台 LAMP,创建了几个测试虚拟主机,安装了 WordPress,并且能够从 LAN 内访问所有虚拟主机,包括我的 WordPress 博客的虚拟主机。我遇到麻烦的地方是尝试将服务器开放到互联网。我购买了一个域名并使用以下命令设置了动态 DNS(我使用的是住宅 Comcast 帐户)本指南,这似乎有效,但在我的一生中,我似乎无法让它发挥作用,而且我也没有解决问题的想法。
设置详情:
- 虚拟机所在的桌面运行的是 Windows 7,不确定您是否都需要硬件细节,但它是一台具有相当功能的游戏机。
- 我使用 VirtualBox 作为虚拟机,并设置了桥接连接。
- VM上的操作系统为Ubuntu Server 14.04
- 使用 LAMP 设置,我将文档根目录更改为 /srv,这对我来说更有意义。
- 使用 Namecheap.com 进行动态 DNS。我使用上面的指南进行了设置,并收到了成功消息。它还更新了 namecheap.com 主机设置中的 IP,所有这些都让我相信我的动态 DNS 可能配置正确。
- 在我的路由器上,我转发了端口 80、443 甚至 8080,以防万一。我还将我的服务器置于 DMZ 中,甚至尝试将防火墙全部关闭。
- 我使用的是康卡斯特的调制解调器和路由器二合一。它正在运行“eMTA & DOCSIS 软件版本:7.6.116”。
不确定所有日志/配置信息会有什么帮助,所以希望这不是矫枉过正......
Apache2.conf
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
# Trying to fix internet acessability issue...
# ServerName anarchoanthro.com <-- this got rid of that startup error, but otherwise didn't work.
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /srv/>
Options FollowSymLinks IncludesNOEXEC
XBitHack on
AllowOverride None
Require all granted
</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
UserDir disabled root
端口配置文件
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 8080
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
my-wpsite.conf<-- 这是唯一启用的站点,我刚刚复制了 default.conf 并对其进行了编辑。
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin [email protected]
ServerName www.anarchoanthro.com
ServerAlias anarchoanthro.com
DocumentRoot /srv/wp-anarchoanthro
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# Set /srv/testsite1/cgibin/ as CGI script directory.
ScriptAlias "/cgi-bin/" "/srv/wp-anarchoanthro/cgi-bin/"
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
这是我的日志。在获取这些之前,我尝试加载我的博客 anarchoanthro.com。另外,我只包含今天的日志,希望这能缩小范围。
访问日志
95.134.193.184 - - [01/Aug/2015:04:17:41 -0500] "\x0fK\x17\xaf$W\xff'" 200 28811 "-" "-"
199.30.228.129 - - [01/Aug/2015:05:07:30 -0500] "GET / HTTP/1.1" 200 7795 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 GTB7.1"
38.105.109.12 - - [01/Aug/2015:05:12:36 -0500] "GET / HTTP/1.1" 200 29152 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:38 -0500] "GET / HTTP/1.1" 200 29151 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-content/themes/arcade-basic/library/js/html5.js HTTP/1.1" 200 2734 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.3 HTTP/1.1" 200 14953 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1" 200 96260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1" 200 7506 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/bootstrap.min.js?ver=3.0.3 HTTP/1.1" 200 6980 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/fillsize.js?ver=4.2.3 HTTP/1.1" 200 2576 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/jquery.arctext.js?ver=4.2.3 HTTP/1.1" 200 10612 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/theme.js?ver=4.2.3 HTTP/1.1" 200 3052 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
64.69.91.210 - - [01/Aug/2015:06:02:54 -0500] "GET / HTTP/1.1" 200 29128 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
192.187.110.98 - - [01/Aug/2015:06:54:53 -0500] "GET http://testp2.czar.bielawa.pl/testproxy.php HTTP/1.1" 404 356 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
141.212.122.59 - - [01/Aug/2015:07:56:56 -0500] "CONNECT proxytest.zmap.io:80 HTTP/1.1" 200 27778 "-" "Mozilla/5.0 zgrab/0.x"
141.212.122.59 - - [01/Aug/2015:07:56:57 -0500] "GET / HTTP/1.1" 200 30504 "-" "Mozilla/5.0 zgrab/0.x"
104.238.194.164 - - [01/Aug/2015:09:32:09 -0500] "GET / HTTP/1.1" 200 29153 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"
46.172.71.251 - - [01/Aug/2015:12:12:51 -0500] "GET /rom-0 HTTP/1.1" 404 367 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
错误日志
[Sat Aug 01 06:54:53.947240 2015] [:error] [pid 4035] [client 192.187.110.98:56439] script '/srv/wp-anarchoanthro/testproxy.php' not found or unable to stat
[Sat Aug 01 11:23:56.393436 2015] [mpm_prefork:notice] [pid 3918] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 11:23:57.476298 2015] [mpm_prefork:notice] [pid 4943] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 11:23:57.476333 2015] [core:notice] [pid 4943] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 01 12:30:02.492747 2015] [mpm_prefork:notice] [pid 4943] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 12:30:03.513348 2015] [mpm_prefork:notice] [pid 5037] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 12:30:03.513384 2015] [core:notice] [pid 5037] AH00094: Command line: '/usr/sbin/apache2'
other_vhosts_access.log
127.0.1.1:80 216.218.206.68 - - [01/Aug/2015:01:31:36 -0500] "\x16\x03\x01" 400 0 "-" "-"
127.0.1.1:80 141.212.122.42 - - [01/Aug/2015:03:15:26 -0500] "\x16\x03\x01" 400 0 "-" "-"
127.0.1.1:80 65.31.172.201 - - [01/Aug/2015:06:20:06 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"
127.0.1.1:80 50.77.106.104 - - [01/Aug/2015:06:44:22 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"
127.0.1.1:80 71.174.188.128 - - [01/Aug/2015:07:29:10 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"
127.0.1.1:80 98.251.14.214 - - [01/Aug/2015:09:31:43 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"
127.0.1.1:80 89.248.171.137 - - [01/Aug/2015:10:22:04 -0500] "\x16\x03\x01" 400 0 "-" "-"
anarchoanthro.com:80 177.206.182.186 - - [01/Aug/2015:12:08:54 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"
route命令结果
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
答案1
首先,我会检查是否可以从 LAN 上的第二台 PC 访问 Web 服务器。您可能需要在hosts文件中添加一个条目来将域名映射到内部地址。这将确认服务器已正确桥接且未受防火墙保护,并且可以路由到 LAN。
然后我会检查服务器是否有指向您的网关的默认路由。如果没有这个,它就无法回复 - 甚至无法确认 - 入站请求。
最后,我会在服务器上运行网络嗅探器(例如 Wireshark),并监视来自 LAN 外部的受控入站连接。这将确认流量已正确路由。
一些 ISP(尤其是美国的 ISP)会阻止端口 80 的流量。如果它适合您的情况,您也需要检查一下。
http 需要端口 80,https 需要端口 443。您不需要 8080。您可能想要转发或至少让您的路由器响应 ping。
许多家庭路由器无法处理对其外部 IP 地址的内部请求,然后我们将其在内部转发。从您的测试中排除这种情况,至少在开始时是这样。
答案2
把它一块一块地分解。当您尝试访问时,请检查 apache 访问/错误日志。如果 apache 没有记录任何内容,请使用 tcpdump 确认您的请求是否到达服务器。如果您甚至不确定网络是否允许请求通过,那么深入挖掘您的配置是没有意义的。