错误 500,这些 Nginx 和 apache 配置正确吗?

错误 500,这些 Nginx 和 apache 配置正确吗?

希望你能帮忙。

我的设置:ubuntu 20.04 HestiaCP v1.6

从错误日志中:

08:06:30 [error] 1197401#1197401: *11270 connect() failed (111: Connection refused) while connecting to upstream, client: 77.102.184.93, server: gldn.page, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8080/", host: "gldn.page"

我正在尝试让 HestiaCP 使用我为 gldn.page 和 *.gldn.page 提供的 letsencrypt 证书,并更有效地使用服务器。

由于 nginx 和 Apache 都在同一台主机上,并且该主机是安全的,因此在 Nginx 和 Apache 之间使用 HTTPS 加密和解密会浪费资源。我宁愿让 nginx 终止 TLS 并将其反向代理到http://127.0.0.1:8080只使用纯 HTTP。这样我就不需要 apache 的证书了。

这些是我的配置文件

首先,Nginx 监听端口 80 - 执行 301 重定向到 https(来自 include)

server {
    listen      78.110.163.102:80;
    server_name gldn.page *.gldn.page;

    include /home/dave/conf/web/gldn.page/nginx.forcessl.conf*;
          ## return 301 https://$host$request_uri;  

    location / {
        proxy_pass      http://78.110.163.102:8080;
        location ~* ^.+\.(jpg|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
            root           /home/dave/web/gldn.page/public_html;
            access_log     /var/log/apache2/domains/gldn.page.log combined;
            access_log     /var/log/apache2/domains/gldn.page.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
    }

    location /error/ {
        alias   /home/dave/web/gldn.page/document_errors/;
    }

    location @fallback {
        proxy_pass      http://78.110.163.102:8080;
    }

    location ~ /\.(?!well-known\/|file) {
       deny all;
       return 404;
    }

    include /home/dave/conf/web/gldn.page/nginx.conf_*;
}

接下来,Nginx 监听 443 端口,并代理 8080

server {
    listen      78.110.163.102:443 ssl http2;
    server_name gldn.page *.gldn.page;
    ssl_certificate      /etc/letsencrypt/live/gldn.page/cert.pem;
    ssl_certificate_key  /etc/letsencrypt/live/gldn.page/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    error_log  /var/log/apache2/domains/gldn.page.error.log error;

    include /home/dave/conf/web/gldn.page/nginx.hsts.conf*;

    location / {
        proxy_pass      http://127.0.0.1:8080;
        location ~* ^.+\.(jpg|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
            root           /home/dave/web/gldn.page/public_html;
            access_log     /var/log/apache2/domains/gldn.page.log combined;
            access_log     /var/log/apache2/domains/gldn.page.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
    }

    location /error/ {
        alias   /home/dave/web/gldn.page/document_errors/;
    }

    location @fallback {
        proxy_pass      https://78.110.163.102:8443;
    }

    location ~ /\.(?!well-known\/|file) {
       deny all;
       return 404;
    }

    proxy_hide_header Upgrade;

    include /home/dave/conf/web/gldn.page/nginx.ssl.conf_*;
}

现在 apache 端口 8080 的配置

也许 ServerName 应该是 localhost ?

<VirtualHost 127.0.0.1:8080>
    ServerName gldn.page
    ServerAlias *.gldn.page
    ServerAdmin [email protected]
    DocumentRoot /home/dave/web/gldn.page/public_html
    ScriptAlias /cgi-bin/ /home/dave/web/gldn.page/cgi-bin/
    Alias /vstats/ /home/dave/web/gldn.page/stats/
    Alias /error/ /home/dave/web/gldn.page/document_errors/
    #SuexecUserGroup dave dave
    CustomLog /var/log/apache2/domains/gldn.page.bytes bytes
    CustomLog /var/log/apache2/domains/gldn.page.log combined
    ErrorLog /var/log/apache2/domains/gldn.page.error.log

    IncludeOptional /home/dave/conf/web/gldn.page/apache2.forcessl.conf*

    <Directory /home/dave/web/gldn.page/stats>
        AllowOverride All
    </Directory>
    <Directory /home/dave/web/gldn.page/public_html>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
    </Directory>

    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php8.0-fpm-gldn.page.sock|fcgi://localhost"
    </FilesMatch>
    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

    IncludeOptional /home/dave/conf/web/gldn.page/apache2.conf_*
    IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>

我收到 5000 服务器错误,错误日志显示以下内容:

08:06:30 [error] 1197401#1197401: *11270 connect() failed (111: Connection refused) while connecting to upstream, client: 77.102.184.93, server: gldn.page, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8080/", host: "gldn.page"

希望有人可以帮助我实现这个功能。

更新

我尝试将 APACHE 配置更改为此...

<VirtualHost 127.0.0.1:8080>

    ServerName localhost

    DocumentRoot /home/dave/web/gldn.page/public_html
    ScriptAlias /cgi-bin/ /home/dave/web/gldn.page/cgi-bin/
    Alias /vstats/ /home/dave/web/gldn.page/stats/
    Alias /error/ /home/dave/web/gldn.page/document_errors/
    #SuexecUserGroup dave dave
    CustomLog /var/log/apache2/domains/gldn.page.bytes bytes
    CustomLog /var/log/apache2/domains/gldn.page.log combined
    ErrorLog /var/log/apache2/domains/gldn.page.error.log

    IncludeOptional /home/dave/conf/web/gldn.page/apache2.forcessl.conf*

    <Directory /home/dave/web/gldn.page/stats>
        AllowOverride All
    </Directory>
    <Directory /home/dave/web/gldn.page/public_html>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
    </Directory>

    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php8.0-fpm-gldn.page.sock|fcgi://localhost"
    </FilesMatch>
    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

    IncludeOptional /home/dave/conf/web/gldn.page/apache2.conf_*
    IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>

我仍然收到此错误

2022/06/20 13:26:26 [错误] 1317338#1317338:*12028 connect() 连接到上游时失败(111:连接被拒绝),客户端:77.102.184.93,服务器:gldn.page,请求:“GET / HTTP/2.0”,上游:“http://127.0.0.1:8080/”,主机:“gldn.page”

建议的资源说...

如果错误消息表明远程服务位于“127.0.0.1”或“localhost”,则意味着配置文件正在告诉客户端该服务位于本地服务器上。如果您的客户端正在尝试与远程系统通信,那么您的配置已损坏。

检查 /etc/hosts 中没有映射到 127.0.0.1 或 127.0.1.1 的主机名条目(Ubuntu 因这一点而臭名昭著)。

我有这个:

root@expressresponse:/var/log/apache2/domains# cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       no.ukservers.com        no

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.0.1 expressresponse.net

刚刚用 Telnet 检查过

root@expressresponse:/# telnet localhost 8080
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

那么 UFW 阻止了它吗?

root@expressresponse:/# ufw status
Status: inactive

也许 HestaiCP 有自己的防火墙?

Apache 似乎正在运行

root@expressresponse:/# systemctl status apache2
* apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-06-20 03:11:02 BST; 10h ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 1099994 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
    Process: 1317164 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
   Main PID: 1100013 (apache2)
      Tasks: 56 (limit: 19071)
     Memory: 21.4M
     CGroup: /system.slice/apache2.service
             |-1100013 /usr/sbin/apache2 -k start
             |-1317206 /usr/sbin/apache2 -k start
             |-1317207 /usr/sbin/apache2 -k start
             `-1317208 /usr/sbin/apache2 -k start

Jun 20 13:25:10 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:10 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.
Jun 20 13:25:15 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:15 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.
Jun 20 13:25:32 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:32 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.
Jun 20 13:25:33 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:33 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.
Jun 20 13:25:38 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:38 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.

journalctl -xe -u apache2 的结果

 A reload job for unit apache2.service has finished.
--
-- The job identifier is 95031 and the job result is done.

结果来自:root@expressresponse:/# ss -tnlp | grep apache2


LISTEN 0      511                        94.46.186.222:8443        0.0.0.0:*     users:(("apache2",pid=1317208,fd=8),("apache2",pid=1317207,fd=8),("apache2",pid=1317206,fd=8),("apache2",pid=1100013,fd=8))
LISTEN 0      511                       78.157.211.222:8443        0.0.0.0:*     users:(("apache2",pid=1317208,fd=6),("apache2",pid=1317207,fd=6),("apache2",pid=1317206,fd=6),("apache2",pid=1100013,fd=6))
LISTEN 0      511                       78.110.163.102:8443        0.0.0.0:*     users:(("apache2",pid=1317208,fd=4),("apache2",pid=1317207,fd=4),("apache2",pid=1317206,fd=4),("apache2",pid=1100013,fd=4))
LISTEN 0      511                        94.46.186.222:8080        0.0.0.0:*     users:(("apache2",pid=1317208,fd=9),("apache2",pid=1317207,fd=9),("apache2",pid=1317206,fd=9),("apache2",pid=1100013,fd=9))
LISTEN 0      511                       78.157.211.222:8080        0.0.0.0:*     users:(("apache2",pid=1317208,fd=7),("apache2",pid=1317207,fd=7),("apache2",pid=1317206,fd=7),("apache2",pid=1100013,fd=7))
LISTEN 0      511                       78.110.163.102:8080        0.0.0.0:*     users:(("apache2",pid=1317208,fd=5),("apache2",pid=1317207,fd=5),("apache2",pid=1317206,fd=5),("apache2",pid=1100013,fd=5))
LISTEN 0      511                            127.0.0.1:8081        0.0.0.0:*     users:(("apache2",pid=1317208,fd=3),("apache2",pid=1317207,fd=3),("apache2",pid=1317206,fd=3),("apache2",pid=1100013,fd=3))
root@expressresponse:/#

并且,如果它有帮助... ss -tnlp | grep nginx

LISTEN 0      511                        94.46.186.222:443         0.0.0.0:*     users:(("nginx",pid=1317344,fd=83),("nginx",pid=1317343,fd=83),("nginx",pid=1317342,fd=83),("nginx",pid=1317341,fd=83),("nginx",pid=1317340,fd=83),("nginx",pid=1317339,fd=83),("nginx",pid=1317338,fd=83),("nginx",pid=1317337,fd=83),("nginx",pid=314698,fd=83))
LISTEN 0      511                       78.157.211.222:443         0.0.0.0:*     users:(("nginx",pid=1317344,fd=82),("nginx",pid=1317343,fd=82),("nginx",pid=1317342,fd=82),("nginx",pid=1317341,fd=82),("nginx",pid=1317340,fd=82),("nginx",pid=1317339,fd=82),("nginx",pid=1317338,fd=82),("nginx",pid=1317337,fd=82),("nginx",pid=314698,fd=82))
LISTEN 0      511                       78.110.163.102:443         0.0.0.0:*     users:(("nginx",pid=1317344,fd=81),("nginx",pid=1317343,fd=81),("nginx",pid=1317342,fd=81),("nginx",pid=1317341,fd=81),("nginx",pid=1317340,fd=81),("nginx",pid=1317339,fd=81),("nginx",pid=1317338,fd=81),("nginx",pid=1317337,fd=81),("nginx",pid=314698,fd=81))
LISTEN 0      511                        94.46.186.222:80          0.0.0.0:*     users:(("nginx",pid=1317344,fd=80),("nginx",pid=1317343,fd=80),("nginx",pid=1317342,fd=80),("nginx",pid=1317341,fd=80),("nginx",pid=1317340,fd=80),("nginx",pid=1317339,fd=80),("nginx",pid=1317338,fd=80),("nginx",pid=1317337,fd=80),("nginx",pid=314698,fd=80))
LISTEN 0      511                       78.157.211.222:80          0.0.0.0:*     users:(("nginx",pid=1317344,fd=79),("nginx",pid=1317343,fd=79),("nginx",pid=1317342,fd=79),("nginx",pid=1317341,fd=79),("nginx",pid=1317340,fd=79),("nginx",pid=1317339,fd=79),("nginx",pid=1317338,fd=79),("nginx",pid=1317337,fd=79),("nginx",pid=314698,fd=79))
LISTEN 0      511                       78.110.163.102:80          0.0.0.0:*     users:(("nginx",pid=1317344,fd=78),("nginx",pid=1317343,fd=78),("nginx",pid=1317342,fd=78),("nginx",pid=1317341,fd=78),("nginx",pid=1317340,fd=78),("nginx",pid=1317339,fd=78),("nginx",pid=1317338,fd=78),("nginx",pid=1317337,fd=78),("nginx",pid=314698,fd=78))
LISTEN 0      511                              0.0.0.0:8083        0.0.0.0:*     users:(("hestia-nginx",pid=3722039,fd=6),("hestia-nginx",pid=3722037,fd=6))
LISTEN 0      511                            127.0.0.1:8084        0.0.0.0:*     users:(("nginx",pid=1317344,fd=84),("nginx",pid=1317343,fd=84),("nginx",pid=1317342,fd=84),("nginx",pid=1317341,fd=84),("nginx",pid=1317340,fd=84),("nginx",pid=1317339,fd=84),("nginx",pid=1317338,fd=84),("nginx",pid=1317337,fd=84),("nginx",pid=314698,fd=84))
root@expressresponse:~#

顺便说一句,我有一个正在运行的邮件服务器。

显然 HestiaCP 使用 Iptables 作为防火墙。

我在 HestiaCP 中发现了“防火墙”

我已经开放了8085端口

在此处输入图片描述

并重新启动服务 hestia 重新启动服务 apache2

和 cat /home/dave/conf/web/gldn.page/apache2.conf

<VirtualHost 127.0.0.1:8085>

    ServerName localhost

    DocumentRoot /home/dave/web/gldn.page/public_html
    ScriptAlias /cgi-bin/ /home/dave/web/gldn.page/cgi-bin/
    Alias /vstats/ /home/dave/web/gldn.page/stats/
    Alias /error/ /home/dave/web/gldn.page/document_errors/
    #SuexecUserGroup dave dave
    CustomLog /var/log/apache2/domains/gldn.page.bytes bytes
    CustomLog /var/log/apache2/domains/gldn.page.log combined
    ErrorLog /var/log/apache2/domains/gldn.page.error.log

    IncludeOptional /home/dave/conf/web/gldn.page/apache2.forcessl.conf*

    <Directory /home/dave/web/gldn.page/stats>
        AllowOverride All
    </Directory>
    <Directory /home/dave/web/gldn.page/public_html>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
    </Directory>

    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php8.0-fpm-gldn.page.sock|fcgi://localhost"
    </FilesMatch>
    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

    IncludeOptional /home/dave/conf/web/gldn.page/apache2.conf_*
    IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>

但端口仍然没有监听

root@expressresponse:~# ss -tnlp | grep apache2
LISTEN    0         511           94.46.186.222:8080            0.0.0.0:*        users:(("apache2",pid=75104,fd=9),("apache2",pid=75103,fd=9),("apache2",pid=75102,fd=9),("apache2",pid=75101,fd=9))
LISTEN    0         511          78.157.211.222:8080            0.0.0.0:*        users:(("apache2",pid=75104,fd=7),("apache2",pid=75103,fd=7),("apache2",pid=75102,fd=7),("apache2",pid=75101,fd=7))
LISTEN    0         511          78.110.163.102:8080            0.0.0.0:*        users:(("apache2",pid=75104,fd=5),("apache2",pid=75103,fd=5),("apache2",pid=75102,fd=5),("apache2",pid=75101,fd=5))
LISTEN    0         511               127.0.0.1:8081            0.0.0.0:*        users:(("apache2",pid=75104,fd=3),("apache2",pid=75103,fd=3),("apache2",pid=75102,fd=3),("apache2",pid=75101,fd=3))
LISTEN    0         511           94.46.186.222:8443            0.0.0.0:*        users:(("apache2",pid=75104,fd=8),("apache2",pid=75103,fd=8),("apache2",pid=75102,fd=8),("apache2",pid=75101,fd=8))
LISTEN    0         511          78.157.211.222:8443            0.0.0.0:*        users:(("apache2",pid=75104,fd=6),("apache2",pid=75103,fd=6),("apache2",pid=75102,fd=6),("apache2",pid=75101,fd=6))
LISTEN    0         511          78.110.163.102:8443            0.0.0.0:*        users:(("apache2",pid=75104,fd=4),("apache2",pid=75103,fd=4),("apache2",pid=75102,fd=4),("apache2",pid=75101,fd=4))
root@expressresponse:~#
  • 我错过了什么?
root@expressresponse:~# telnet localhost 8085
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

我如何打开并监听 127.0.0.1:8085 ?

谢谢戴夫。

答案1

Apache 未配置为监听接口8080上的端口127.0.0.1。请检查Listen其余 Apache 配置中的指令。

答案2

默认情况下,Apache 不会监听端口 8085,无论服务器防火墙是否允许。您需要Listen 8085在您的/etc/apache2/ports.conf文件或 Apache 读取的任何其他配置文件中指定,以便让 Apache 监听该端口,即使您在 VirtualHost 地址中设置了它。

答案3

Nginx 错误 500 通常是由配置文件有问题或权限问题引起的。本文可能对您有所帮助:https://www.copahost.com/blog/nginx-500-internal-server-error/

相关内容