上周,我的 Ubuntu Server 16.04 文件系统出现只读问题。我重启后不得不执行 fsck,这似乎已经解决了问题,它可以启动,我可以正常登录,但是我再也无法执行“apt update”了。当我尝试时,它出于某种原因尝试连接到我的公共 IP。
奇怪的是,我可以 ping us.archive.ubunutu.com 并 nslookup 它,它可以正确解析。
broy@broyserver:/etc/apt$ ping us.archive.ubuntu.com
PING us.archive.ubuntu.com (91.189.91.26) 56(84) bytes of data.
64 bytes from hanger.canonical.com (91.189.91.26): icmp_seq=1 ttl=57 time=6.11 ms
64 bytes from hanger.canonical.com (91.189.91.26): icmp_seq=2 ttl=57 time=4.02 ms
^C
--- us.archive.ubuntu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 4.023/5.069/6.116/1.048 ms
broy@broyserver:/etc/apt$ nslookup us.archive.ubuntu.com
Server: 10.100.0.203
Address: 10.100.0.203#53
Non-authoritative answer:
Name: us.archive.ubuntu.com
Address: 91.189.91.23
Name: us.archive.ubuntu.com
Address: 91.189.91.26
我用 MYPUBLICIP 替换了下面的实际公共 IP。我的 IP 地址通过 dhcp 分配,并且我使用的是可以正确解析的内部 DNS 服务器。为什么我的服务器会尝试使用我自己的公共 IP 来获取更新?
broy@broyserver:/etc/apt$ sudo apt update
Err:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Could not connect to MYPUBLICIP:80 (MYPUBLICIP), connection timed out
Err:2 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease
Unable to connect to MYPUBLICIP:http:
Err:3 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease
Unable to connect to MYPUBLICIP:http:
Err:4 http://ppa.launchpad.net/mythbuntu/0.28/ubuntu xenial InRelease
Unable to connect to MYPUBLICIP:http:
Err:5 http://security.ubuntu.com/ubuntu xenial-security InRelease
Unable to connect to MYPUBLICIP:http:
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial/InRelease Could not connect to MYPUBLICIP:80 (MYPUBLICIP), connection timed out
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease Unable to connect to MYPUBLICIP:http:
W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/xenial-backports/InRelease Unable to connect to MYPUBLICIP:http:
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Unable to connect to MYPUBLICIP:http:
W: Failed to fetch http://ppa.launchpad.net/mythbuntu/0.28/ubuntu/dists/xenial/InRelease Unable to connect to MYPUBLICIP:http:
W: Some index files failed to download. They have been ignored, or old ones used instead.
我没有 /etc/apt/apt.conf,这可能是问题所在。有人能告诉我应该有什么输出,以便我可以创建它吗?
broy@broyserver:/etc/apt$ cat /etc/apt/apt.conf
cat: /etc/apt/apt.conf: No such file or directory
broy@broyserver:/etc/apt$
/etc/apt/sources.list
broy@broyserver:/etc/apt$ cat /etc/apt/sources.list
#
# deb cdrom:[Ubuntu-Server 15.04 _Vivid Vervet_ - Release amd64 (20150422)]/ vivid main restricted
# deb cdrom:[Ubuntu-Server 15.04 _Vivid Vervet_ - Release amd64 (20150422)]/ vivid main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ xenial main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ xenial universe
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial universe
deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us.archive.ubuntu.com/ubuntu/ xenial multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial multiverse
deb http://us.archive.ubuntu.com/ubuntu/ xenial-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu xenial-security main restricted
deb-src http://security.ubuntu.com/ubuntu xenial-security main restricted
deb http://security.ubuntu.com/ubuntu xenial-security universe
deb-src http://security.ubuntu.com/ubuntu xenial-security universe
deb http://security.ubuntu.com/ubuntu xenial-security multiverse
deb-src http://security.ubuntu.com/ubuntu xenial-security multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu vivid partner
# deb-src http://archive.canonical.com/ubuntu vivid partner
broy@broyserver:/etc/apt$
添加 lsb-release -a
broy@broyserver:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial
添加主机和 resolv.conf
broy@broyserver:~$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 broyserver.broyuken.com broyserver
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
broy@broyserver:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.100.0.203
nameserver 8.8.8.8
nameserver 8.8.4.4
search broyuken.com
broy@broyserver:~$
还添加 $http_proxy 和 $https_proxy 的输出
broy@broyserver:~$ echo $http_proxy
broy@broyserver:~$ echo $https_proxy
broy@broyserver:~$
答案1
继续关闭它,我的安全网关通过应用程序控制阻止了 apt 并重定向到用户检查页面。一旦我允许它,一切又开始正常工作了