apache 443 连接被拒绝错误

tag-icon tag-icon apache-2.4 firewall rackspace
apache 443 连接被拒绝错误

所以我遇到了一个非常有趣、令人沮丧和奇怪的问题。

我有一个 RackSpace 网络服务器正在运行一个网站。我们称之为dummy.com

http://dummy.com在端口上访问80没有问题。但在 Chrome 上访问时https://dummy.com出现This site can't be reached错误,在 FireFox 上也出现类似错误。

但令人困惑的是,这是https://1.11.111.1111可行的(这意味着如果我通过其 IP 访问该网站,我就能访问它)

这是VirtualHost我正在使用的配置:

<VirtualHost *:80>
        ServerName dummy.com
        ServerAlias  www.dummy.com
        DocumentRoot /var/www/vhosts/www.dummy.com

        <Directory /var/www/vhosts/www.dummy.com>
                Options -Indexes +FollowSymLinks -MultiViews
                AllowOverride All
        </Directory>
</VirtualHost>

<VirtualHost *:443>
        ServerName dummy.com
        ServerAlias  www.dummy.com 
        DocumentRoot /var/www/vhosts/www.dummy.com
        <Directory /var/www/vhosts/www.dummy.com>
                Options -Indexes +FollowSymLinks -MultiViews
                AllowOverride All
        </Directory>

        ...

        SSLEngine on
        SSLCertificateFile /var/www/ssl/DUMMY.COM.crt
        SSLCertificateKeyFile /var/www/ssl/dummy_com.key
        SSLCertificateChainFile /var/www/ssl/ov_chain.txt
</VirtualHost>

我曾想过,也许域名没有在端口上被接收,443但对于此配置的端口来说,情况确实如此80

所以还有一个问题,因为这是托管在服务器上的,RackSpace管理器中是否存在防火墙设置会导致此问题?我对此感到困惑 =(

哦,这也是netstat -tnlp片段

tcp6 0 0 :::25 :::* LISTEN 1670/master tcp6 0 0 :::443 :::* LISTEN 9013/apache2

ss -tnlp | grep :80

LISTEN 0 128 :::80 :::* users:(("apache2",9025,4),("apache2",9020,4),("apache2",9019,4),("apache2",9018,4),("apache2",9017,4),("apache2",9016,4),("apache2",9013,4))

ss -tnlp | grep :443

LISTEN 0 128 :::443 :::* users:(("apache2",9025,6),("apache2",9020,6),("apache2",9019,6),("apache2",9018,6),("apache2",9017,6),("apache2",9016,6),("apache2",9013,6))

编辑:这是服务器启动时的 apache 日志:

[Sun Oct 07 11:09:12.646647 2018] [ssl:info] [pid 10085] AH02200: Loading certificate & private key of SSL-aware server 'dummy.com:443'
[Sun Oct 07 11:09:12.647104 2018] [ssl:debug] [pid 10085] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Sun Oct 07 11:09:12.647176 2018] [ssl:info] [pid 10085] AH01914: Configuring server dummy.com:443 for SSL protocol
[Sun Oct 07 11:09:12.647722 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(791): AH01904: Configuring server certificate chain (3 CA certificates)
[Sun Oct 07 11:09:12.647742 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(328): AH01893: Configuring TLS extension handling
[Sun Oct 07 11:09:12.647750 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(838): AH02232: Configuring RSA server certificate
[Sun Oct 07 11:09:12.647952 2018] [ssl:debug] [pid 10085] ssl_util_ssl.c(407): AH02412: [dummy.com:443] Cert matches for name 'dummy.com' [subject: CN=dummy.com,OU=Secure Link SSL,OU=IT,O=Dummy Corp,street=123 Happy Ave,L=Some City,ST=XX,postalCode=12345,C=US / issuer: CN=Network Solutions OV Server CA 2,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US / serial: 501C094D916AE8257C96F3C794F0A10B / notbefore: Oct  6 00:00:00 2018 GMT / notafter: Sep 28 23:59:59 2020 GMT]
[Sun Oct 07 11:09:12.647988 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(893): AH02236: Configuring RSA server private key
[Sun Oct 07 11:09:12.682709 2018] [ssl:info] [pid 10086] AH02200: Loading certificate & private key of SSL-aware server 'dummy.com:443'
[Sun Oct 07 11:09:12.683385 2018] [ssl:debug] [pid 10086] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Sun Oct 07 11:09:12.683569 2018] [ssl:info] [pid 10086] AH01914: Configuring server dummy.com:443 for SSL protocol
[Sun Oct 07 11:09:12.684012 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(791): AH01904: Configuring server certificate chain (3 CA certificates)
[Sun Oct 07 11:09:12.684085 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(328): AH01893: Configuring TLS extension handling
[Sun Oct 07 11:09:12.684149 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(838): AH02232: Configuring RSA server certificate
[Sun Oct 07 11:09:12.684333 2018] [ssl:debug] [pid 10086] ssl_util_ssl.c(407): AH02412: [dummy.com:443] Cert matches for name 'dummy.com' [subject: CN=dummy.com,OU=Secure Link SSL,OU=IT,O=Dummy Corp,street=123 Happy Ave,L=Some City,ST=XX,postalCode=12345,C=US / issuer: CN=Network Solutions OV Server CA 2,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US / serial: 501C094D916AE8257C96F3C794F0A10B / notbefore: Oct  6 00:00:00 2018 GMT / notafter: Sep 28 23:59:59 2020 GMT]
[Sun Oct 07 11:09:12.684392 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(893): AH02236: Configuring RSA server private key

多谢你们

答案1

Rackspace 中有一个所谓的安全组的概念。
登录 Rackspace 控制台,单击您的服务器并向下滚动到“网络和安全组”。
另一种可能性是您的主机上有防火墙(iptables -L假设它是 RedHat 衍生产品之一)。您可以使用 nmap 或 nc 从外部测试端口 443 是否打开,显然您需要在远程主机上才能查看是否可以建立到端口 443 的 TCP 会话。

相关内容