刚才我回到家时,我正在检查我的网络服务器是否仍在运行,然后我注意到我的 NGINX 服务器不再运行了。
我尝试通过运行命令重新启动我的 NGINX 几次
$ NGINX
,但出现了以下错误:
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: still could not bind()
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: still could not bind()
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: still could not bind()
然后我查看了我的 error.log 文件,发现在某个时间左右出现了一些错误:
2023/02/11 20:21:56 [error] 1877#1877: *29 open() "/usr/share/nginx/html/.env" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.env HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *30 open() "/usr/share/nginx/html/.env.prod" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.env.prod HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *31 open() "/usr/share/nginx/html/.env.dev" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.env.dev HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *32 open() "/usr/share/nginx/html/sendgrid.env" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /sendgrid.env HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *33 open() "/usr/share/nginx/html/.aws/credentials" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.aws/credentials HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *34 open() "/usr/share/nginx/html/config.py" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config.py HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *35 open() "/usr/share/nginx/html/docker-compose.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /docker-compose.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *36 open() "/usr/share/nginx/html/docker/docker-compose.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /docker/docker-compose.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *37 open() "/usr/share/nginx/html/config/settings.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config/settings.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *38 open() "/usr/share/nginx/html/app/config/settings.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /app/config/settings.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *39 open() "/usr/share/nginx/html/config/parameters.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config/parameters.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *40 open() "/usr/share/nginx/html/app/config/parameters.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /app/config/parameters.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *41 open() "/usr/share/nginx/html/config.php-dist" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config.php-dist HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *42 open() "/usr/share/nginx/html/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *43 open() "/usr/share/nginx/html/application/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /application/application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *44 open() "/usr/share/nginx/html/configs/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /configs/application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *45 open() "/usr/share/nginx/html/config/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config/application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *46 open() "/usr/share/nginx/html/application/configs/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /application/configs/application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *66 open() "/usr/share/nginx/html/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *67 open() "/usr/share/nginx/html/demo/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /demo/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *68 open() "/usr/share/nginx/html/dev/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /dev/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *69 open() "/usr/share/nginx/html/web/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /web/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *70 open() "/usr/share/nginx/html/api/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /api/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *71 open() "/usr/share/nginx/html/admin/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /admin/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *72 open() "/usr/share/nginx/html/app/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /app/.git/config HTTP/1.1", host: "45.132.242.78"
奇怪的是,因为服务器还没有提供任何实际服务,所以唯一会发出请求的人就是我,而我当时不在家。所以我查看了我的 access.log 文件,看到了一些奇怪的 Python 请求:
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /.env HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /.env.prod HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /.env.dev HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /sendgrid.env HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /.aws/credentials HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /config.py HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /docker-compose.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /docker/docker-compose.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /config/settings.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /app/config/settings.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config/parameters.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /app/config/parameters.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config.php-dist HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application/application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /configs/application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config/application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application/configs/application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /.env HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /.env.prod HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /.env.dev HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /sendgrid.env HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /.aws/credentials HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config.py HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /docker-compose.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /docker/docker-compose.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config/settings.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /app/config/settings.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config/parameters.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /app/config/parameters.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config.php-dist HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application/application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /configs/application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /config/application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /application/configs/application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /demo/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /dev/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /web/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /api/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /admin/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /app/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
这是有人试图入侵吗?还是机器人或其他什么东西?
这是我的服务器设置:设置好了吗?
server {
if ($host = www.backstrapp.nl) {
return 301 https://www.backstr.app$request_uri;
}
if ($host = backstrapp.nl) {
return 301 https://www.backstr.app$request_uri;
}
if ($host = backstr.app) {
return 301 https://www.backstr.app$request_uri;
}
if ($host = www.backstr.app) {
return 301 https://www.backstr.app$request_uri;
}
if ($host = api.backstr.app) {
return 301 https://api.backstr.app$request_uri;
}
}
server {
server_name www.backstr.app;
location / {
root /var/www/backstrapp/client;
index index.html index.htm;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
try_files $uri $uri/ =404;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/backstr.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/backstr.app/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name api.backstr.app;
location / {
proxy_pass http://localhost:8800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/backstr.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/backstr.app/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80 default_server;
server_name _;
return 444; # "Connection closed without response"
}
让我知道!=)
答案1
这是一个机器人吗?
是的。
互联网上的所有公共 IPv4 地址都会被脚本小子扫描。保持补丁!apt upgrade
是你的朋友。
尝试重启 NGINX 几次
bind() to 0.0.0.0:80 failed (98: Unknown error)
那是 EADDRINUSE。您有另一个守护进程绑定到端口 80。很可能它是一个尚未完全停止的剩余 nginx。杀死它,或 kill -9,或根据需要重新启动,然后您新配置的 nginx 将很乐意获取该端口。
追踪它$ sudo lsof -i:80
从长远来看,考虑配置数据包过滤器以降低噪音水平:
# apt install fail2ban
答案2
J_H 的回答关于机器人方面是正确的。不过,还有一条补充评论:
这是我的服务器设置:设置好了吗?
最好if
尽可能不要使用。因此,您的重定向应按如下方式实现:
server {
server_name www.backstrapp.nl backstrapp.nl ...;
listen 80;
listen 443 ssl http2;
ssl_certificate /path/to/certificate;
ssl_certificate_key /path/to/key;
return 301 https://www.backstr.app$request_uri;
}