NGINX 崩溃并且 access.log 上出现奇怪的日志

NGINX 崩溃并且 access.log 上出现奇怪的日志

刚才我回到家时,我正在检查我的网络服务器是否仍在运行,然后我注意到我的 NGINX 服务器不再运行了。

我尝试通过运行命令重新启动我的 NGINX 几次 $ NGINX,但出现了以下错误:

2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:01:54 [emerg] 2394#2394: still could not bind()
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: bind() to 0.0.0.0:80 failed (98: Unknown error)
2023/02/11 22:02:19 [emerg] 2454#2454: still could not bind()
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: bind() to 0.0.0.0:443 failed (98: Unknown error)
2023/02/11 22:03:09 [emerg] 2484#2484: still could not bind()

然后我查看了我的 error.log 文件,发现在某个时间左右出现了一些错误:

2023/02/11 20:21:56 [error] 1877#1877: *29 open() "/usr/share/nginx/html/.env" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.env HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *30 open() "/usr/share/nginx/html/.env.prod" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.env.prod HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *31 open() "/usr/share/nginx/html/.env.dev" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.env.dev HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *32 open() "/usr/share/nginx/html/sendgrid.env" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /sendgrid.env HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *33 open() "/usr/share/nginx/html/.aws/credentials" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.aws/credentials HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *34 open() "/usr/share/nginx/html/config.py" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config.py HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *35 open() "/usr/share/nginx/html/docker-compose.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /docker-compose.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *36 open() "/usr/share/nginx/html/docker/docker-compose.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /docker/docker-compose.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *37 open() "/usr/share/nginx/html/config/settings.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config/settings.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:56 [error] 1877#1877: *38 open() "/usr/share/nginx/html/app/config/settings.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /app/config/settings.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *39 open() "/usr/share/nginx/html/config/parameters.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config/parameters.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *40 open() "/usr/share/nginx/html/app/config/parameters.yml" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /app/config/parameters.yml HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *41 open() "/usr/share/nginx/html/config.php-dist" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config.php-dist HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *42 open() "/usr/share/nginx/html/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *43 open() "/usr/share/nginx/html/application/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /application/application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *44 open() "/usr/share/nginx/html/configs/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /configs/application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *45 open() "/usr/share/nginx/html/config/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /config/application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:57 [error] 1877#1877: *46 open() "/usr/share/nginx/html/application/configs/application.ini" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /application/configs/application.ini HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *66 open() "/usr/share/nginx/html/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *67 open() "/usr/share/nginx/html/demo/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /demo/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *68 open() "/usr/share/nginx/html/dev/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /dev/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *69 open() "/usr/share/nginx/html/web/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /web/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *70 open() "/usr/share/nginx/html/api/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /api/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *71 open() "/usr/share/nginx/html/admin/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /admin/.git/config HTTP/1.1", host: "45.132.242.78"
2023/02/11 20:21:58 [error] 1877#1877: *72 open() "/usr/share/nginx/html/app/.git/config" failed (2: No such file or directory), client: 54.91.160.194, server: , request: "GET /app/.git/config HTTP/1.1", host: "45.132.242.78"

奇怪的是,因为服务器还没有提供任何实际服务,所以唯一会发出请求的人就是我,而我当时不在家。所以我查看了我的 access.log 文件,看到了一些奇怪的 Python 请求:

54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /.env HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /.env.prod HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /.env.dev HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /sendgrid.env HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /.aws/credentials HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /config.py HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /docker-compose.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /docker/docker-compose.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /config/settings.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:56 +0000] "GET /app/config/settings.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config/parameters.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /app/config/parameters.yml HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config.php-dist HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application/application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /configs/application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config/application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application/configs/application.ini HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /.env HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /.env.prod HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /.env.dev HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /sendgrid.env HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /.aws/credentials HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config.py HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /docker-compose.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /docker/docker-compose.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config/settings.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /app/config/settings.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config/parameters.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /app/config/parameters.yml HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /config.php-dist HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:57 +0000] "GET /application/application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /configs/application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /config/application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /application/configs/application.ini HTTP/1.1" 400 264 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /demo/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /dev/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /web/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /api/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /admin/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"
54.91.160.194 - - [11/Feb/2023:20:21:58 +0000] "GET /app/.git/config HTTP/1.1" 404 134 "-" "python-requests/2.28.2"

这是有人试图入侵吗?还是机器人或其他什么东西?

这是我的服务器设置:设置好了吗?

server {
    if ($host = www.backstrapp.nl) {
        return 301 https://www.backstr.app$request_uri;
    }

    if ($host = backstrapp.nl) {
        return 301 https://www.backstr.app$request_uri;
    }

     if ($host = backstr.app) {
         return 301 https://www.backstr.app$request_uri;
     }

     if ($host = www.backstr.app) {
         return 301 https://www.backstr.app$request_uri;
     }

     if ($host = api.backstr.app) {
         return 301 https://api.backstr.app$request_uri;
     }
}

server {
    server_name www.backstr.app;
    location / {
        root /var/www/backstrapp/client;
        index  index.html index.htm;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        try_files $uri $uri/ =404;
    }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/backstr.app/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/backstr.app/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    server_name api.backstr.app;
    location / {
        proxy_pass http://localhost:8800;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/backstr.app/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/backstr.app/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
  listen        80 default_server;
  server_name   _;
  return        444; # "Connection closed without response"
}

让我知道!=)

答案1

这是一个机器人吗?

是的。

互联网上的所有公共 IPv4 地址都会被脚本小子扫描。保持补丁!apt upgrade是你的朋友。

尝试重启 NGINX 几次

bind() to 0.0.0.0:80 failed (98: Unknown error)

那是 EADDRINUSE。您有另一个守护进程绑定到端口 80。很可能它是一个尚未完全停止的剩余 nginx。杀死它,或 kill -9,或根据需要重新启动,然后您新配置的 nginx 将很乐意获取该端口。

追踪它$ sudo lsof -i:80


从长远来看,考虑配置数据包过滤器以降低噪音水平:

# apt install fail2ban

答案2

J_H 的回答关于机器人方面是正确的。不过,还有一条补充评论:

这是我的服务器设置:设置好了吗?

最好if尽可能不要使用。因此,您的重定向应按如下方式实现:

server {
    server_name www.backstrapp.nl backstrapp.nl ...;

    listen 80;
    listen 443 ssl http2;

    ssl_certificate /path/to/certificate;
    ssl_certificate_key /path/to/key;

    return 301 https://www.backstr.app$request_uri;
}

相关内容