Ubuntu 服务器不允许域访问 laravel 项目

tag-icon tag-icon nginx ubuntu azure domain ufw
Ubuntu 服务器不允许域访问 laravel 项目

我遇到一个问题,我的 laravel 项目可以通过 Azure 上的静态 IP 访问,但不能通过我链接到的域访问:

我使用 nginx 和 ufw

这是我的 Nginx 的 error.log:

nginx configuration 
server {
    listen 80;
    listen [::]:80;
    server_name domain;
    root /var/www/app/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.php;

    charset utf-8;

    location / {
        try_files $uri /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

我该怎么办?我应该添加什么规则?

2022/05/19 11:25:42 [error] 586486#586486: *1562 access forbidden by rule, client: 51.79.29.48, server: domain, request: "GET /.env HTTP/1.1", host: "ip"
2022/05/19 11:32:22 [error] 586486#586486: *1563 access forbidden by rule, client: 69.162.243.124, server: domain, request: "GET /.env HTTP/1.1", host: "ip"
2022/05/19 11:45:07 [error] 586486#586486: *1604 access forbidden by rule, client: 185.254.196.223, server: domain, request: "GET /.env HTTP/1.1", host: "ip"
2022/05/19 12:38:43 [notice] 600838#600838: signal process started```

To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere                  
80/tcp (Nginx HTTP)        ALLOW IN    Anywhere                  
80                         ALLOW IN    Anywhere                  
443                        ALLOW IN    Anywhere                  
22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)             
80/tcp (Nginx HTTP (v6))   ALLOW IN    Anywhere (v6)             
80 (v6)                    ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)

答案1

您应该在配置中添加所有索引文件,

sudo nano etc/nginx/sites-enabled

index index.php index.html index.hml;

配置应该是这样的:

server {
listen 80;
server_name server_domain_or_IP;
root /var/www/app/public;

add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";

index index.html index.htm index.php;

charset utf-8;

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt  { access_log off; log_not_found off; }

error_page 404 /index.php;

location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
}

location ~ /\.(?!well-known).* {
    deny all;
}
}

要确认您的配置不包含任何语法错误,请使用

sudo nginx -t

注意:如果您从控制台维护防火墙,则不要使用 ufw 来允许端口。

相关内容