%20%E5%A4%B1%E8%B4%A5%EF%BC%88111%EF%BC%9A%E8%BF%9E%E6%8E%A5%E8%A2%AB%E6%8B%92%E7%BB%9D%EF%BC%89.png)
nginx错误:
2020/12/01 06:54:05 [error] 4718#4718: *1 connect() failed (111:Connection refused while connecting to upstream, client 192.168.1.1, server: www.some-place.org, request: "Get /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
问题于 2020 年 12 月 6 日星期日 09:36 CET 更新。
问题如下:
无法通过“http://127.0.0.1:8090”访问 bigbluebutton/api(我们的在线课堂平台)
- 检查端口 8090 是否处于活动状态:(已在路由器中端口转发)
(教室公网IP地址:XXX.X.XX.XX)
- sudo telnet XXX.X.XX.XX 8090
telnet:无法连接到远程主机:连接被拒绝
- 检查错误日志(2条日志):
sudo bbb-conf--debug
- /var/log/nginx/error.log 中发现错误:(10 个错误,与上面的标题相同)
2020/12/01 06:54:05 [error] 4718#4718: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
2020/12/01 06:54:05 [error] 4718#4718: *1 open() "/var/www/nginx-default/50x.html" failed (2: No such file or directory), client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
2020/12/01 06:54:06 [error] 4718#4718: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
2020/12/01 06:54:06 [error] 4718#4718: *3 open() "/var/www/nginx-default/50x.html" failed (2: No such file or directory), client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
2020/12/01 06:54:07 [error] 4718#4718: *5 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
2020/12/01 06:54:07 [error] 4718#4718: *5 open() "/var/www/nginx-default/50x.html" failed (2: No such file or directory), client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org" 2020/12/01 06:54:08 [error] 4718#4718: *7 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
2020/12/01 06:54:08 [error] 4718#4718: *7 open() "/var/www/nginx-default/50x.html" failed (2: No such file or directory), client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
2020/12/01 06:54:09 [error] 4718#4718: *9 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
2020/12/01 06:54:09 [error] 4718#4718: *9 open() "/var/www/nginx-default/50x.html" failed (2: No such file or directory), client: 192.168.1.1, server: www.some-place.org, request: "GET /bigbluebutton/api HTTP/1.1", upstream: "http://127.0.0.1:8090/bigbluebutton/api", host: "www.some-place.org"
- /var/log/syslog 中发现错误(2 个错误):
Dec 1 06:53:44 bbb-server red5-shutdown.sh[4167]: Exception connecting to 127.0.0.1 Dec 1 06:53:44 bbb-server red5-shutdown.sh[4167]: java.lang.ArrayIndexOutOfBoundsException: 0
- 检查所有应用程序是否正在运行:
sudo bbb-conf--status
14 已检查活动(nginx;freeswitch;redis-server;bbb-apps-akka;bbb-transcode-akka;bbb-fesl-akka;red5;tomcat7;mongod;bbb-html5;bbb-webrtc-sfu;kurento-media-server;etherpad;bbb-web)。
- 接下来,检查是否有任何防火墙处于活动状态:
sudo ufw 状态
状态:不活跃
- 接下来,检查 bbb-web 是否正在监听端口 8090:
sudo netstat -atnp¦grep 8090
tcp6 0 0 127.0.0.1:8090 :::* LISTEN 1464/java
- 接下来,执行 nginx 转储并将结果传送到 nano 编辑器:
sudo nginx -T¦nano
由于此命令的输出大于此正文允许的 30,000 个字符,因此我今天发布了后半部分。然后,我将在几天后用前半部分替换它,以方便那些错过的人。
# configuration file /etc/bigbluebutton/nginx/presentation-slides.nginx:
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the
# Free Software Foundation; either version 3.0 of the License, or (at your option) any later version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
# Have nginx serve the presentation slides instead of tomcat as large files causes tomcat to OOM. (ralam sept 20, 2018)
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/svg\/(?<page_num>\d+)$ {
default_type image/svg+xml;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/svgs/slide$page_num.svg;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/slide\/(?<page_num>\d+)$ {
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/slide-$page_num.swf;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/thumbnail\/(?<page_num>\d+)$ {
default_type image/png;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/thumbnails/thumb-$page_num.png;
}
location ~^\/bigbluebutton\/presentation\/(?<meeting_id_1>[A-Za-z0-9\-]+)\/(?<meeting_id_2>[A-Za-z0-9\-]+)\/(?<pres_id>[A-Za-z0-9\-]+)\/textfiles\/(?<page_num>\d+)$ {
default_type text/plain;
alias /var/bigbluebutton/$meeting_id_2/$meeting_id_2/$pres_id/textfiles/slide-$page_num.txt;
}
# configuration file /etc/bigbluebutton/nginx/presentation.nginx:
#
# BigBlueButton open source conferencing system - http://www.bigbluebutton.org/
#
# Copyright (c) 2012 BigBlueButton Inc. and by respective authors (see below).
#
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the
# Free Software Foundation; either version 3.0 of the License, or (at your option) any later version.
#
# BigBlueButton is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along with BigBlueButton; if not, see <http://www.gnu.org/licenses/>.
#
location /playback/presentation/playback.html {
return 301 /playback/presentation/0.81/playback.html?$query_string;
# If you have recordings from 0.9.0 beta versions and are sure that you will never want to play recordings made with BigBlueButton 0.81,
#comment the line above and uncomment the following line: return 301 /playback/presentation/0.9.0/playback.html?$query_string;
}
location /playback/presentation {
root /var/bigbluebutton;
index index.html index.htm;
}
location /presentation {
root /var/bigbluebutton/published;
index index.html index.htm;
}
# configuration file /etc/bigbluebutton/nginx/screenshare.nginx:
# Handle desktop sharing tunneling. Forwards requests to Red5 on port 5080.
location /screenshare {
proxy_pass http://127.0.0.1:5080;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
}
# configuration file /etc/nginx/fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# configuration file /etc/bigbluebutton/nginx/sip.nginx:
location /ws {
proxy_pass https://192.168.1.51:7443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
}
# configuration file /etc/bigbluebutton/nginx/verto.nginx:
location /verto {
proxy_pass https://127.0.0.1:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
# configuration file /etc/bigbluebutton/nginx/web.nginx:
# Handle request to bbb-web running within a SpringBoot Tomcat embedded servlet container. This is for BBB-API and Presentation.
location /bigbluebutton {
proxy_http_version 1.1;
location /bigbluebutton {
proxy_pass http://127.0.0.1:8090;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
}
location ~ "^\/bigbluebutton\/presentation\/(?<prestoken>[a-zA-Z0-9_-]+)/upload$" {
proxy_pass http://127.0.0.1:8090;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
# Allow 30M uploaded presentation document.
client_max_body_size 30m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
proxy_request_buffering off;
# Send a sub-request to allow bbb-web to refuse before loading
auth_request /bigbluebutton/presentation/checkPresentation;
}
location /bigbluebutton/presentation/download {
return 404;
}
location ~ "^/bigbluebutton/presentation/download\/[0-9a-f]+-[0-9]+/[0-9a-f]+-[0-9]+$" {
if ($arg_presFilename !~ "^[0-9a-f]+-[0-9]+\.[0-9a-zA-Z]+$") {
return 404;
}
proxy_pass http://127.0.0.1:8090$uri$is_args$args;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
}
location = /bigbluebutton/presentation/checkPresentation {
proxy_pass http://127.0.0.1:8090;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Presentation-Token $prestoken;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Content-Length "";
proxy_set_header X-Original-Content-Length $http_content_length;
# Allow 30M uploaded presentation document.
client_max_body_size 30m;
client_body_buffer_size 128k;
proxy_pass_request_body off;
proxy_request_buffering off;
}
# To check connection authentication, include:
# auth_request /bigbluebutton/connection/checkAuthorization; auth_request_set $auth_status $upstream_status;
#
# and make sure to add sessionToken param in the request URI
location = /bigbluebutton/connection/checkAuthorization {
internal;
proxy_pass http://127.0.0.1:8090;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location ~ "^/bigbluebutton\/textTrack\/(?<textTrackToken>[a-zA-Z0-9]+)\/(?<recordId>[a-zA-Z0-9_-]+)\/(?<textTrack>.+)$" {
# Workaround IE refusal to set cookies in iframe
add_header P3P 'CP="No P3P policy available"';
# Allow 30M uploaded presentation document.
client_max_body_size 30m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
proxy_request_buffering off;
# Send a sub-request to allow bbb-web to refuse before loading
auth_request /bigbluebutton/textTrack/validateAuthToken;
default_type text/plain;
alias /var/bigbluebutton/captions/$recordId/$textTrack;
}
location = /bigbluebutton/textTrack/validateAuthToken {
internal;
proxy_pass http://127.0.0.1:8090;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-textTrack-token $textTrackToken;
proxy_set_header X-textTrack-recordId $recordId;
proxy_set_header X-textTrack-track $textTrack;
proxy_set_header X-Original-URI $request_uri;
}
}
# configuration file /etc/bigbluebutton/nginx/webrtc-sfu.nginx:
location /bbb-webrtc-sfu {
proxy_pass http://127.0.0.1:3008;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
auth_request /bigbluebutton/connection/checkAuthorization;
auth_request_set $auth_status $upstream_status;
}
# configuration file /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding of Nginx configuration files in order to fully unleash the power of
# Nginx. http://wiki.nginx.org/Pitfalls http://wiki.nginx.org/QuickStart http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean file but keep this around for reference. Or just disable in
# sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server; listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic. See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration. See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that to sites-enabled/ to enable it.
#
#server {
# listen 80; listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com; index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
我们使用 BigBlueButton (Ver. 2.2.30) 作为我们的在线课堂平台。似乎在尝试连接端口 8090 时出现“权限被拒绝”就是用户在尝试连接音频桥时收到“ICE 错误 1007”的原因。
继续寻找解决方案,ICE 错误 1007 有两种可能:1) 连接被防火墙阻止(我们的生产服务器上没有活动防火墙),2) 连接被 NAT 阻止。
如果 NAT 是阻塞的根源,我已经包含了当前 NAT iptables 的内容:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE all -- 172.18.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.18.0.2 172.18.0.2 tcp dpt:80
MASQUERADE tcp -- 172.18.0.3 172.18.0.3 tcp dpt:5432
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 127.0.0.1 tcp dpt:5000 to:172.18.0.2:80
DNAT tcp -- 0.0.0.0/0 127.0.0.1 tcp dpt:5432 to:172.18.0.3:5432
我希望这有帮助...