简介--场景
我对 Linux 服务器配置以及 Microsoft Azure 云服务还比较陌生。
我在 Ubuntu 16.04 上安装了一台 VM,其中包含 Nginx、Varnish、PHP7-FPM、MariaDB、FAIL2BAN 等堆栈。
Wordpress Multisite 已安装。据我所知,Nginx 和 Varnish .conf 文件以及 Wordpress 安装中的所有内容均已正确配置。
端口 80 和 443 均已打开。主域和联网站点域均解析为虚拟机的 IP。
所有这些都是使用 debops-wordpress(Ansible 项目的扩展)部署的。
问题
问题是主站点运行正常,但所有联网站点都会导致 ERR_EMPTY_RESPONSE 错误。据我所知,这些请求不会生成任何日志。例如,varnishlog
当我请求主域时,将报告所有预期的 varnish 活动(很多)。当我请求联网站点域时,它根本不会生成任何活动。我由此得出结论,该请求甚至从未到达 varnish。
日志文件
当我对联网站点(Wordpress 多站点)发出 http 请求时,Varnish 访问日志中会写入一个基本条目。(见下文)。但 Nginx 日志中没有任何条目。Varnish 或 Nginx 错误日志中也没有任何条目。
::ffff:122.57.253.24 - - [17/Jul/2017:01:58:35 +0000] "GET /favicon.ico HTTP/1.1" 204 0 "http://www.sewalunafoundation.nz/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
因此,域请求至少可以到达堆栈,但它会因空响应错误而中止。
我在想,也许我忽略了 Azure 方面的一些事情,这阻止了对任何联网站点域的请求真正到达服务器堆栈。虽然我不太清楚是怎么回事,但因为必要的端点(80 和 443)是开放的,并且对主域来说工作正常,现在我看到辅助(WP 联网)域确实至少到达了 varnish,足以让它创建一个日志条目,这让我认为它不太可能与网络有关。
配置
漆
server {
listen [::]:80 default_server ipv6only=off;
server_name www.primarydomain.nz;
server_name primarydomain.nz;
server_name www.2nd-domain.org.uk;
server_name 2nd-domain.org.uk;
server_name www.3rd-domain.org.za;
server_name 3rd-domain.org.za;
server_name 4th-domain.ca;
server_name www.4th-domain.ca;
include snippets/acme-challenge.conf;
keepalive_timeout 60;
access_log /var/log/nginx/varnish.www.primarydomain.nz_access.log;
error_log /var/log/nginx/varnish.www.primarydomain.nz_error.log;
client_max_body_size 32M;
if ($host != $server_name) {
return 444;
}
location = /nginx_status {
stub_status on;
access_log on;
allow 127.0.0.1/32;
allow ::1/128;
allow 10.0.0.8;
deny all;
}
include /etc/nginx/sites-default.d/*.conf;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 80;
proxy_pass http://varnish;
}
}
Nginx
server {
listen 8080 default_server ipv6only=off;
server_name www.primarydomain.nz;
server_name primarydomain.nz;
server_name www.2nd-domain.org.uk;
server_name 2nd-domain.org.uk;
server_name www.3rd-domain.org.za;
server_name 3rd-domain.org.za;
server_name 4th-domain.ca;
server_name www.4th-domain.ca;
root /var/www/www.primarydomain.nz;
keepalive_timeout 60;
access_log /var/log/nginx/www.primarydomain.nz_access.log;
error_log /var/log/nginx/www.primarydomain.nz_error.log;
index index.html index.htm index.php;
client_max_body_size 32M;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/schema+json
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
image/bmp
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
text/cache-manifest
text/css
text/javascript
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml;
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Disallow access to hidden files and directories
location ~ /\. {
return 404;
}
location = /favicon.ico {
try_files /favicon.ico =204;
access_log off;
log_not_found off;
}
location = /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1/32;
allow ::1/128;
allow 10.0.0.8;
deny all;
}
include /etc/nginx/sites-default.d/*.conf;
location ~ /(\.|wp-config.php|readme.html|license.txt|wp-cli.local.yml|wp-cli.yml) {
return 404;
}
location ~* ^.+\.(css|js|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
expires max;
add_header Cache-Control "public";
}
location = /robots.txt {
access_log off;
log_not_found off;
try_files /robots.txt /index.php;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ ^(?!.+\.php/)(?<script_name>.+\.php)$ {
limit_except GET HEAD POST { deny all; }
try_files $script_name =404;
include fastcgi.conf;
set $php_https off;
if ($http_x_forwarded_proto = "https") {
set $php_https on;
}
fastcgi_param HTTPS $php_https;
fastcgi_next_upstream error timeout invalid_header http_500;
# Mitigate HTTPOXY attacks (https://httpoxy.org/)
fastcgi_param HTTP_PROXY "";
fastcgi_index index.php;
fastcgi_pass php-wordpress;
}
location ~ ^(?<script_name>.+\.php)(?<path_info>/.*)$ {
limit_except GET HEAD POST { deny all; }
try_files $script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param PATH_TRANSLATED $document_root$path_info;
set $php_https off;
if ($http_x_forwarded_proto = "https") {
set $php_https on;
}
fastcgi_param HTTPS $php_https;
fastcgi_next_upstream error timeout invalid_header http_500;
# Mitigate HTTPOXY attacks (https://httpoxy.org/)
fastcgi_param HTTP_PROXY "";
fastcgi_index index.php;
fastcgi_pass php-wordpress;
}
}
内容/etc/default/varnish
(删除所有注释行)
START=yes
NFILES=131072
MEMLOCK=82000
DAEMON_OPTS="-a :6081 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
内容/etc/varnish/default.vcl
(删除所有注释行)
vcl 4.0;
import std;
import directors;
backend wordpress {
.host = "127.0.0.1";
.port = "8080";
.max_connections = 300;
.first_byte_timeout = 300s;
.connect_timeout = 5s;
.between_bytes_timeout = 2s;
}
acl purge {
"10.0.0.8";
"127.0.0.1";
"::1";
}
sub vcl_init {
new vdir = directors.round_robin();
vdir.add_backend(wordpress);
}
sub vcl_recv {
set req.backend_hint = vdir.backend(); # send all traffic to the vdir director
set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
unset req.http.proxy;
if (req.method == "PURGE") {
if (!std.ip(req.http.X-Real-IP, "0.0.0.0") ~ purge) {
return (synth(405, "This IP is not allowed to send PURGE requests."));
}
return (purge);
}
if (req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "PATCH" &&
req.method != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
if (req.http.Upgrade ~ "(?i)websocket") {
return (pipe);
}
if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}
if (req.url ~ "(\?|&)(utm_(campaign|medium|source|term)|gclid|cx|ie|cof|siteurl)=") {
set req.url = regsuball(req.url, "&(utm_(campaign|medium|source|term)|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
set req.url = regsuball(req.url, "\?(utm_(campaign|medium|source|term)|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
set req.url = regsub(req.url, "\?&", "?");
set req.url = regsub(req.url, "\?$", "");
}
if (req.url ~ "\#") {
set req.url = regsub(req.url, "\#.*$", "");
}
if (req.url ~ "\?$") {
set req.url = regsub(req.url, "\?$", "");
}
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress-settings-[0-9]+?=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress-settings-time-[0-9]+?=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__gads=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "__atuv.=[^;]+(; )?", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
if (req.http.cookie ~ "^\s*$") {
unset req.http.cookie;
}
if (req.http.Cache-Control ~ "(?i)no-cache") {
if (! (req.http.Via || req.http.User-Agent ~ "(?i)bot" || req.http.X-Purge)) {
return(purge); # Couple this with restart in vcl_purge and X-Purge header to avoid loops
}
}
if (req.url ~ "^[^?]*\.(7z|avi|bz2|flac|flv|gz|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|rar|tar|tgz|tbz|txz|wav|webm|xz|zip)(\?.*)?$") {
unset req.http.Cookie;
return (hash);
}
if (req.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|otf|ogg|ogm|opus|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") {
unset req.http.Cookie;
return (hash);
}
if (req.http.Cookie ~ "wordpress_" || req.http.Cookie ~ "comment_") {
return (pass);
}
if (req.url ~ "wp-(admin|cron|login)" || req.url ~ "preview=true" || req.url ~ "xmlrpc.php") {
return (pass);
}
set req.http.Surrogate-Capability = "key=ESI/1.0";
if (req.http.Authorization) {
return (pass);
}
return (hash);
}
sub vcl_pipe {
if (req.http.upgrade) {
set bereq.http.upgrade = req.http.upgrade;
}
return (pipe);
}
sub vcl_pass {
}
sub vcl_hash {
hash_data(req.url);
if (req.http.host) {
hash_data(req.http.host);
} else {
hash_data(server.ip);
}
if (req.http.Cookie) {
hash_data(req.http.Cookie);
}
}
sub vcl_hit {
if (obj.ttl >= 0s) {
return (deliver);
}
if (!std.healthy(req.backend_hint) && (obj.ttl + obj.grace > 0s)) {
return (deliver);
} else {
return (fetch);
}
if (std.healthy(req.backend_hint)) {
if (obj.ttl + 10s > 0s) {
return (deliver);
} else {
return(fetch);
}
} else {
if (obj.ttl + obj.grace > 0s) {
return (deliver);
} else {
return (fetch);
}
}
return (fetch); # Dead code, keep as a safeguard
}
sub vcl_miss {
return (fetch);
}
sub vcl_backend_response {
if (beresp.http.Surrogate-Control ~ "ESI/1.0") {
unset beresp.http.Surrogate-Control;
set beresp.do_esi = true;
}
if (bereq.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip|webm)(\?.*)?$") {
unset beresp.http.set-cookie;
}
if (bereq.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|gz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av]|webm)(\?.*)?$") {
unset beresp.http.set-cookie;
set beresp.do_stream = true; # Check memory usage it'll grow in fetch_chunksize blocks (128k by default) if the backend doesn't send a Content-Length header, so only enable it for big objects
set beresp.do_gzip = false; # Don't try to compress it for storage
}
if (beresp.status == 301 || beresp.status == 302) {
set beresp.http.Location = regsub(beresp.http.Location, ":[0-9]+", "");
}
if (beresp.http.Set-Cookie && bereq.url !~ "wp-(login|admin)") {
unset beresp.http.Set-Cookie;
}
if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") {
set beresp.ttl = 120s;
set beresp.uncacheable = true; # Flags the response as hit-for-pass
return (deliver);
}
if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
return (abandon);
}
set beresp.grace = 6h;
return (deliver);
}
sub vcl_deliver {
if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
set resp.http.X-Cache-Hits = obj.hits;
unset resp.http.X-Powered-By;
unset resp.http.Server;
unset resp.http.X-Drupal-Cache;
unset resp.http.X-Varnish;
unset resp.http.Via;
unset resp.http.Link;
unset resp.http.X-Generator;
unset resp.http.X-Clacks-Overhead;
return (deliver);
}
sub vcl_purge {
if (req.method != "PURGE") {
set req.http.X-Purge = "Yes";
return(restart);
}
}
sub vcl_synth {
if (resp.status == 720) {
set resp.http.Location = resp.reason;
set resp.status = 301;
return (deliver);
} elseif (resp.status == 721) {
set resp.http.Location = resp.reason;
set resp.status = 302;
return (deliver);
}
return (deliver);
}
sub vcl_fini {
return (ok);
}
的结果netstat -ant|grep 80
$ netstat -ant|grep 80
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.8:58972 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58912 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58888 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:44180 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:58948 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58984 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58828 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58998 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58840 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58900 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58924 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58960 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:59014 168.63.129.16:80 TIME_WAIT
tcp 1 0 10.0.0.8:58972 169.254.169.254:80 CLOSE_WAIT
tcp 0 0 10.0.0.8:58872 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58936 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58816 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58852 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:54180 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:58804 168.63.129.16:80 TIME_WAIT
tcp 0 0 10.0.0.8:58874 168.63.129.16:80 TIME_WAIT
tcp6 0 0 :::80 :::* LISTEN
的结果netstat -ant|grep 443
tcp 0 0 10.0.0.8:54514 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54622 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54626 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44560 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54480 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:50576 13.66.176.26:443 TIME_WAIT
tcp 0 0 10.0.0.8:44576 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54660 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44528 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54504 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44636 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54502 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44478 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:50572 13.66.176.26:443 TIME_WAIT
tcp 0 0 10.0.0.8:44468 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54466 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44610 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54482 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54578 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44466 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:44672 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54646 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54454 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54662 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:50570 13.66.176.26:443 TIME_WAIT
tcp 0 0 10.0.0.8:54456 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54506 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44624 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:44598 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54636 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54492 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44526 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:50666 13.66.176.26:443 TIME_WAIT
tcp 0 0 10.0.0.8:50682 13.66.176.26:443 TIME_WAIT
tcp 0 0 10.0.0.8:54648 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44660 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:44492 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54548 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54470 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54650 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44538 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54658 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54610 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44540 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:44658 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54638 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44586 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54562 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54458 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44514 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54574 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44490 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:44562 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54634 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54600 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44504 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54614 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:50660 13.66.176.26:443 TIME_WAIT
tcp 0 0 10.0.0.8:54526 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54612 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54550 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:50662 13.66.176.26:443 TIME_WAIT
tcp 0 0 10.0.0.8:54490 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54598 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54590 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54602 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54552 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44480 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54468 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54518 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54588 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54528 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44502 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54576 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44622 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:44646 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54564 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44588 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:44612 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54530 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54624 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54478 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:54516 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44600 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:44670 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:44648 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54566 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:50668 13.66.176.26:443 TIME_WAIT
tcp 0 0 10.0.0.8:44574 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54494 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44516 52.239.148.164:443 TIME_WAIT
tcp 0 0 10.0.0.8:54586 13.77.184.72:443 TIME_WAIT
tcp 0 0 10.0.0.8:44634 52.239.148.164:443 TIME_WAIT
公共 IP
服务器的公网 IP 是52.183.115.144
问题
我的问题是:
- 我该如何解决此问题并找出原因?
- 您是否想到了其他域访问 Azure 上的 VM 所必须采取的步骤?
- 上述详细信息是否表明了该问题可能的原因?
答案1
经过很多天,我终于找到了解决方案。
这对其他使用debops-wordpres部署 Wordpress Multisite,使用自定义域。我不能说云环境是否有任何不同(Azure,而不是其他选项)。开发人员似乎认为我遇到的问题是因为他没有针对 Azure 进行测试和调整。但我真的不明白这有什么不同。Ubuntu 16.04 VM 是相同的,无论它托管在哪里(据我所知)。
我已经将此解决方案告知了debops-wordpres 项目他告诉我,我实际上所做的是这样的:
看来你所做的就是通过 nginx vhost 直接进入 varnish。
无论出于什么原因,为了使多边自定义域正常运行,直接使用 varnish 是必要的。
本质上,需要编辑所有对 Nginx 和 Varnish 监听的端口有影响的配置文件。我采取了以下步骤:
- 删除第二个 Nginx .conf 文件。即
/etc/nginx/sites-enabled/varnish.www.sewalunafoundation.nz.conf
。您只是删除了一个符号链接;实际文件仍保留在/sites-available/
文件夹中 - 编辑
/etc/nginx/sites-enabled/default
,使行listen [::]:80 default_server;
更改为listen 8080;
- 编辑
/etc/systemd/system/varnish.service
。在ExecStart
设置中,更改-a *:6081
为-a *:80
。该设置的最终结果是:
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -P /run/varnishd.pid -F -a *:80 -T localhost:6082 -t 120 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,1715.0
- 编辑
/etc/default/varnish
,更改DAEMON_OPTS="-a :6081 \
为DAEMON_OPTS="-a :80 \
完成这些更改后,运行以下命令:
sudo systemctl daemon-reload sudo service nginx restart sudo service varnish restart sudo service varnish status (check Varnish has loaded okay) sudo netstat -tulnp (check the right ports are being listened to)
最后一个命令应该产生以下内容:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1842/mysqld tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1475/redis-server l tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1325/varnishd tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1517/nginx -g daemo tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1412/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2293/master tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 1325/varnishd tcp6 0 0 :::80 :::* LISTEN 1325/varnishd tcp6 0 0 :::22 :::* LISTEN 1412/sshd tcp6 0 0 :::25 :::* LISTEN 2293/master udp 0 0 0.0.0.0:68 0.0.0.0:* 1006/dhclient
您将看到 Varnish 正在监听tcp 80
、 和tcpv6 80
。它还在监听6082
。Nginx 正在监听tcp 8080
。
您的站点现在应该可以在主域和多站点域上加载。您可能需要重新启动 Azure VM。我这样做了,但我不能说这是否是让一切正常运转的必要条件(在进行上述更改之后)。
SSL
debops-wordpress 的开发人员告诉我,SSL 无法在修改后的配置下工作。这很不幸,我将研究是否有办法解决这个问题。即使这意味着放弃所有 SSL 请求的 Varnish,我也会这么做,但只是需要弄清楚如何解决。