希望你能帮忙。
我的设置:ubuntu 20.04 HestiaCP v1.6
从错误日志中:
08:06:30 [error] 1197401#1197401: *11270 connect() failed (111: Connection refused) while connecting to upstream, client: 77.102.184.93, server: gldn.page, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8080/", host: "gldn.page"
我正在尝试让 HestiaCP 使用我为 gldn.page 和 *.gldn.page 提供的 letsencrypt 证书,并更有效地使用服务器。
由于 nginx 和 Apache 都在同一台主机上,并且该主机是安全的,因此在 Nginx 和 Apache 之间使用 HTTPS 加密和解密会浪费资源。我宁愿让 nginx 终止 TLS 并将其反向代理到http://127.0.0.1:8080只使用纯 HTTP。这样我就不需要 apache 的证书了。
这些是我的配置文件
首先,Nginx 监听端口 80 - 执行 301 重定向到 https(来自 include)
server {
listen 78.110.163.102:80;
server_name gldn.page *.gldn.page;
include /home/dave/conf/web/gldn.page/nginx.forcessl.conf*;
## return 301 https://$host$request_uri;
location / {
proxy_pass http://78.110.163.102:8080;
location ~* ^.+\.(jpg|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
root /home/dave/web/gldn.page/public_html;
access_log /var/log/apache2/domains/gldn.page.log combined;
access_log /var/log/apache2/domains/gldn.page.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/dave/web/gldn.page/document_errors/;
}
location @fallback {
proxy_pass http://78.110.163.102:8080;
}
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
include /home/dave/conf/web/gldn.page/nginx.conf_*;
}
接下来,Nginx 监听 443 端口,并代理 8080
server {
listen 78.110.163.102:443 ssl http2;
server_name gldn.page *.gldn.page;
ssl_certificate /etc/letsencrypt/live/gldn.page/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/gldn.page/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
error_log /var/log/apache2/domains/gldn.page.error.log error;
include /home/dave/conf/web/gldn.page/nginx.hsts.conf*;
location / {
proxy_pass http://127.0.0.1:8080;
location ~* ^.+\.(jpg|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
root /home/dave/web/gldn.page/public_html;
access_log /var/log/apache2/domains/gldn.page.log combined;
access_log /var/log/apache2/domains/gldn.page.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/dave/web/gldn.page/document_errors/;
}
location @fallback {
proxy_pass https://78.110.163.102:8443;
}
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
proxy_hide_header Upgrade;
include /home/dave/conf/web/gldn.page/nginx.ssl.conf_*;
}
现在 apache 端口 8080 的配置
也许 ServerName 应该是 localhost ?
<VirtualHost 127.0.0.1:8080>
ServerName gldn.page
ServerAlias *.gldn.page
ServerAdmin [email protected]
DocumentRoot /home/dave/web/gldn.page/public_html
ScriptAlias /cgi-bin/ /home/dave/web/gldn.page/cgi-bin/
Alias /vstats/ /home/dave/web/gldn.page/stats/
Alias /error/ /home/dave/web/gldn.page/document_errors/
#SuexecUserGroup dave dave
CustomLog /var/log/apache2/domains/gldn.page.bytes bytes
CustomLog /var/log/apache2/domains/gldn.page.log combined
ErrorLog /var/log/apache2/domains/gldn.page.error.log
IncludeOptional /home/dave/conf/web/gldn.page/apache2.forcessl.conf*
<Directory /home/dave/web/gldn.page/stats>
AllowOverride All
</Directory>
<Directory /home/dave/web/gldn.page/public_html>
AllowOverride All
Options +Includes -Indexes +ExecCGI
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php8.0-fpm-gldn.page.sock|fcgi://localhost"
</FilesMatch>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
IncludeOptional /home/dave/conf/web/gldn.page/apache2.conf_*
IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>
我收到 5000 服务器错误,错误日志显示以下内容:
08:06:30 [error] 1197401#1197401: *11270 connect() failed (111: Connection refused) while connecting to upstream, client: 77.102.184.93, server: gldn.page, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8080/", host: "gldn.page"
希望有人可以帮助我实现这个功能。
更新
我尝试将 APACHE 配置更改为此...
<VirtualHost 127.0.0.1:8080>
ServerName localhost
DocumentRoot /home/dave/web/gldn.page/public_html
ScriptAlias /cgi-bin/ /home/dave/web/gldn.page/cgi-bin/
Alias /vstats/ /home/dave/web/gldn.page/stats/
Alias /error/ /home/dave/web/gldn.page/document_errors/
#SuexecUserGroup dave dave
CustomLog /var/log/apache2/domains/gldn.page.bytes bytes
CustomLog /var/log/apache2/domains/gldn.page.log combined
ErrorLog /var/log/apache2/domains/gldn.page.error.log
IncludeOptional /home/dave/conf/web/gldn.page/apache2.forcessl.conf*
<Directory /home/dave/web/gldn.page/stats>
AllowOverride All
</Directory>
<Directory /home/dave/web/gldn.page/public_html>
AllowOverride All
Options +Includes -Indexes +ExecCGI
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php8.0-fpm-gldn.page.sock|fcgi://localhost"
</FilesMatch>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
IncludeOptional /home/dave/conf/web/gldn.page/apache2.conf_*
IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>
我仍然收到此错误
2022/06/20 13:26:26 [错误] 1317338#1317338:*12028 connect() 连接到上游时失败(111:连接被拒绝),客户端:77.102.184.93,服务器:gldn.page,请求:“GET / HTTP/2.0”,上游:“http://127.0.0.1:8080/”,主机:“gldn.page”
建议的资源说...
如果错误消息表明远程服务位于“127.0.0.1”或“localhost”,则意味着配置文件正在告诉客户端该服务位于本地服务器上。如果您的客户端正在尝试与远程系统通信,那么您的配置已损坏。
检查 /etc/hosts 中没有映射到 127.0.0.1 或 127.0.1.1 的主机名条目(Ubuntu 因这一点而臭名昭著)。
我有这个:
root@expressresponse:/var/log/apache2/domains# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 no.ukservers.com no
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.0.1 expressresponse.net
刚刚用 Telnet 检查过
root@expressresponse:/# telnet localhost 8080
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
那么 UFW 阻止了它吗?
root@expressresponse:/# ufw status
Status: inactive
也许 HestaiCP 有自己的防火墙?
Apache 似乎正在运行
root@expressresponse:/# systemctl status apache2
* apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-06-20 03:11:02 BST; 10h ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 1099994 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Process: 1317164 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Main PID: 1100013 (apache2)
Tasks: 56 (limit: 19071)
Memory: 21.4M
CGroup: /system.slice/apache2.service
|-1100013 /usr/sbin/apache2 -k start
|-1317206 /usr/sbin/apache2 -k start
|-1317207 /usr/sbin/apache2 -k start
`-1317208 /usr/sbin/apache2 -k start
Jun 20 13:25:10 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:10 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.
Jun 20 13:25:15 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:15 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.
Jun 20 13:25:32 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:32 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.
Jun 20 13:25:33 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:33 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.
Jun 20 13:25:38 expressresponse.net systemd[1]: Reloading The Apache HTTP Server.
Jun 20 13:25:38 expressresponse.net systemd[1]: Reloaded The Apache HTTP Server.
journalctl -xe -u apache2 的结果
A reload job for unit apache2.service has finished.
--
-- The job identifier is 95031 and the job result is done.
结果来自:root@expressresponse:/# ss -tnlp | grep apache2
LISTEN 0 511 94.46.186.222:8443 0.0.0.0:* users:(("apache2",pid=1317208,fd=8),("apache2",pid=1317207,fd=8),("apache2",pid=1317206,fd=8),("apache2",pid=1100013,fd=8))
LISTEN 0 511 78.157.211.222:8443 0.0.0.0:* users:(("apache2",pid=1317208,fd=6),("apache2",pid=1317207,fd=6),("apache2",pid=1317206,fd=6),("apache2",pid=1100013,fd=6))
LISTEN 0 511 78.110.163.102:8443 0.0.0.0:* users:(("apache2",pid=1317208,fd=4),("apache2",pid=1317207,fd=4),("apache2",pid=1317206,fd=4),("apache2",pid=1100013,fd=4))
LISTEN 0 511 94.46.186.222:8080 0.0.0.0:* users:(("apache2",pid=1317208,fd=9),("apache2",pid=1317207,fd=9),("apache2",pid=1317206,fd=9),("apache2",pid=1100013,fd=9))
LISTEN 0 511 78.157.211.222:8080 0.0.0.0:* users:(("apache2",pid=1317208,fd=7),("apache2",pid=1317207,fd=7),("apache2",pid=1317206,fd=7),("apache2",pid=1100013,fd=7))
LISTEN 0 511 78.110.163.102:8080 0.0.0.0:* users:(("apache2",pid=1317208,fd=5),("apache2",pid=1317207,fd=5),("apache2",pid=1317206,fd=5),("apache2",pid=1100013,fd=5))
LISTEN 0 511 127.0.0.1:8081 0.0.0.0:* users:(("apache2",pid=1317208,fd=3),("apache2",pid=1317207,fd=3),("apache2",pid=1317206,fd=3),("apache2",pid=1100013,fd=3))
root@expressresponse:/#
并且,如果它有帮助... ss -tnlp | grep nginx
LISTEN 0 511 94.46.186.222:443 0.0.0.0:* users:(("nginx",pid=1317344,fd=83),("nginx",pid=1317343,fd=83),("nginx",pid=1317342,fd=83),("nginx",pid=1317341,fd=83),("nginx",pid=1317340,fd=83),("nginx",pid=1317339,fd=83),("nginx",pid=1317338,fd=83),("nginx",pid=1317337,fd=83),("nginx",pid=314698,fd=83))
LISTEN 0 511 78.157.211.222:443 0.0.0.0:* users:(("nginx",pid=1317344,fd=82),("nginx",pid=1317343,fd=82),("nginx",pid=1317342,fd=82),("nginx",pid=1317341,fd=82),("nginx",pid=1317340,fd=82),("nginx",pid=1317339,fd=82),("nginx",pid=1317338,fd=82),("nginx",pid=1317337,fd=82),("nginx",pid=314698,fd=82))
LISTEN 0 511 78.110.163.102:443 0.0.0.0:* users:(("nginx",pid=1317344,fd=81),("nginx",pid=1317343,fd=81),("nginx",pid=1317342,fd=81),("nginx",pid=1317341,fd=81),("nginx",pid=1317340,fd=81),("nginx",pid=1317339,fd=81),("nginx",pid=1317338,fd=81),("nginx",pid=1317337,fd=81),("nginx",pid=314698,fd=81))
LISTEN 0 511 94.46.186.222:80 0.0.0.0:* users:(("nginx",pid=1317344,fd=80),("nginx",pid=1317343,fd=80),("nginx",pid=1317342,fd=80),("nginx",pid=1317341,fd=80),("nginx",pid=1317340,fd=80),("nginx",pid=1317339,fd=80),("nginx",pid=1317338,fd=80),("nginx",pid=1317337,fd=80),("nginx",pid=314698,fd=80))
LISTEN 0 511 78.157.211.222:80 0.0.0.0:* users:(("nginx",pid=1317344,fd=79),("nginx",pid=1317343,fd=79),("nginx",pid=1317342,fd=79),("nginx",pid=1317341,fd=79),("nginx",pid=1317340,fd=79),("nginx",pid=1317339,fd=79),("nginx",pid=1317338,fd=79),("nginx",pid=1317337,fd=79),("nginx",pid=314698,fd=79))
LISTEN 0 511 78.110.163.102:80 0.0.0.0:* users:(("nginx",pid=1317344,fd=78),("nginx",pid=1317343,fd=78),("nginx",pid=1317342,fd=78),("nginx",pid=1317341,fd=78),("nginx",pid=1317340,fd=78),("nginx",pid=1317339,fd=78),("nginx",pid=1317338,fd=78),("nginx",pid=1317337,fd=78),("nginx",pid=314698,fd=78))
LISTEN 0 511 0.0.0.0:8083 0.0.0.0:* users:(("hestia-nginx",pid=3722039,fd=6),("hestia-nginx",pid=3722037,fd=6))
LISTEN 0 511 127.0.0.1:8084 0.0.0.0:* users:(("nginx",pid=1317344,fd=84),("nginx",pid=1317343,fd=84),("nginx",pid=1317342,fd=84),("nginx",pid=1317341,fd=84),("nginx",pid=1317340,fd=84),("nginx",pid=1317339,fd=84),("nginx",pid=1317338,fd=84),("nginx",pid=1317337,fd=84),("nginx",pid=314698,fd=84))
root@expressresponse:~#
顺便说一句,我有一个正在运行的邮件服务器。
显然 HestiaCP 使用 Iptables 作为防火墙。
我在 HestiaCP 中发现了“防火墙”
我已经开放了8085端口
并重新启动服务 hestia 重新启动服务 apache2
和 cat /home/dave/conf/web/gldn.page/apache2.conf
<VirtualHost 127.0.0.1:8085>
ServerName localhost
DocumentRoot /home/dave/web/gldn.page/public_html
ScriptAlias /cgi-bin/ /home/dave/web/gldn.page/cgi-bin/
Alias /vstats/ /home/dave/web/gldn.page/stats/
Alias /error/ /home/dave/web/gldn.page/document_errors/
#SuexecUserGroup dave dave
CustomLog /var/log/apache2/domains/gldn.page.bytes bytes
CustomLog /var/log/apache2/domains/gldn.page.log combined
ErrorLog /var/log/apache2/domains/gldn.page.error.log
IncludeOptional /home/dave/conf/web/gldn.page/apache2.forcessl.conf*
<Directory /home/dave/web/gldn.page/stats>
AllowOverride All
</Directory>
<Directory /home/dave/web/gldn.page/public_html>
AllowOverride All
Options +Includes -Indexes +ExecCGI
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php8.0-fpm-gldn.page.sock|fcgi://localhost"
</FilesMatch>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
IncludeOptional /home/dave/conf/web/gldn.page/apache2.conf_*
IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>
但端口仍然没有监听
root@expressresponse:~# ss -tnlp | grep apache2
LISTEN 0 511 94.46.186.222:8080 0.0.0.0:* users:(("apache2",pid=75104,fd=9),("apache2",pid=75103,fd=9),("apache2",pid=75102,fd=9),("apache2",pid=75101,fd=9))
LISTEN 0 511 78.157.211.222:8080 0.0.0.0:* users:(("apache2",pid=75104,fd=7),("apache2",pid=75103,fd=7),("apache2",pid=75102,fd=7),("apache2",pid=75101,fd=7))
LISTEN 0 511 78.110.163.102:8080 0.0.0.0:* users:(("apache2",pid=75104,fd=5),("apache2",pid=75103,fd=5),("apache2",pid=75102,fd=5),("apache2",pid=75101,fd=5))
LISTEN 0 511 127.0.0.1:8081 0.0.0.0:* users:(("apache2",pid=75104,fd=3),("apache2",pid=75103,fd=3),("apache2",pid=75102,fd=3),("apache2",pid=75101,fd=3))
LISTEN 0 511 94.46.186.222:8443 0.0.0.0:* users:(("apache2",pid=75104,fd=8),("apache2",pid=75103,fd=8),("apache2",pid=75102,fd=8),("apache2",pid=75101,fd=8))
LISTEN 0 511 78.157.211.222:8443 0.0.0.0:* users:(("apache2",pid=75104,fd=6),("apache2",pid=75103,fd=6),("apache2",pid=75102,fd=6),("apache2",pid=75101,fd=6))
LISTEN 0 511 78.110.163.102:8443 0.0.0.0:* users:(("apache2",pid=75104,fd=4),("apache2",pid=75103,fd=4),("apache2",pid=75102,fd=4),("apache2",pid=75101,fd=4))
root@expressresponse:~#
- 我错过了什么?
root@expressresponse:~# telnet localhost 8085
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
我如何打开并监听 127.0.0.1:8085 ?
谢谢戴夫。
答案1
Apache 未配置为监听接口8080上的端口127.0.0.1。请检查Listen其余 Apache 配置中的指令。
答案2
默认情况下,Apache 不会监听端口 8085,无论服务器防火墙是否允许。您需要Listen 8085在您的/etc/apache2/ports.conf文件或 Apache 读取的任何其他配置文件中指定,以便让 Apache 监听该端口,即使您在 VirtualHost 地址中设置了它。
答案3
Nginx 错误 500 通常是由配置文件有问题或权限问题引起的。本文可能对您有所帮助:https://www.copahost.com/blog/nginx-500-internal-server-error/