ubuntu - 我在 Digital Ocean 上有错误安全 apache?
问题描述
我想为我在 Digital Ocean 下的 ubuntu 18 上的主机设置 https,如下所示: https ://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-在 ubuntu-18-04
但是我遇到了 ufw 设置问题:
# sudo ufw status
Status: inactive
root@nsn-do-lamp:/etc/apache2/sites-available# sudo ufw allow 'Apache'
Rules updated
Rules updated (v6)
root@nsn-do-lamp:/etc/apache2/sites-available# sudo ufw status
Status: inactive
root@nsn-do-lamp:/etc/apache2/sites-available# sudo systemctl reload apache2
root@nsn-do-lamp:/etc/apache2/sites-available# sudo ufw status
Status: inactive
root@nsn-do-lamp:/etc/apache2/sites-available# sudo ufw allow 'Apache Full'
Skipping adding existing rule
Skipping adding existing rule (v6)
root@nsn-do-lamp:/etc/apache2/sites-available# sudo ufw delete allow 'Apache'
Rules updated
Rules updated (v6)
root@nsn-do-lamp:/etc/apache2/sites-available# sudo ufw status
Status: inactive
我看到状态是不活动的。
我试着做:
sudo ufw 应用程序列表
Available applications:
Apache
Apache Full
Apache Secure
OpenSSH
root@nsn-do-lamp:/etc/apache2/sites-available# sudo ufw allow 'Apache'
Rules updated
Rules updated (v6)
root@nsn-do-lamp:/etc/apache2/sites-available# sudo ufw status
Status: inactive
我认为这个错误很严重,并且没有继续执行下一个命令。为什么会出错以及如何解决?
修改块#2: 我做了:
# ufw allow 80
Rules updated
Rules updated (v6)
root@nsn-do-lamp:~# sudo ufw app list
Available applications:
Apache
Apache Full
Apache Secure
OpenSSH
root@nsn-do-lamp:~# sudo ufw status
Status: inactive
root@nsn-do-lamp:~# sudo service apache2 restart
root@nsn-do-lamp:~# sudo ufw status
Status: inactive
我也重新启动了操作系统,但状态仍然处于非活动状态。怎么了?使用端口 443 也是如此。我检查我的端口:
# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost.lo:postgresql 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdo:mysql 0.0.0.0:* LISTEN
tcp 0 316 box.example.com:ssh 213.109.234.130:44188 ESTABLISHED
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
udp 7680 0 localhost:domain 0.0.0.0:*
udp 2560 0 localhost.localdo:55370 localhost.localdo:55370 ESTABLISHED
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 133990 /run/user/0/systemd/notify
unix 2 [ ACC ] SEQPACKET LISTENING 11724 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 133993 /run/user/0/systemd/private
unix 2 [ ACC ] STREAM LISTENING 133997 /run/user/0/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 133998 /run/user/0/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 133999 /run/user/0/gnupg/S.dirmngr
unix 2 [ ACC ] STREAM LISTENING 134000 /run/user/0/gnupg/S.gpg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 134001 /run/user/0/gnupg/S.gpg-agent
unix 3 [ ] DGRAM 11678 /run/systemd/notify
unix 2 [ ACC ] STREAM LISTENING 11681 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 11686 /run/systemd/journal/stdout
unix 9 [ ] DGRAM 11688 /run/systemd/journal/socket
unix 2 [ ACC ] STREAM LISTENING 11722 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 11762 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 18480 /var/run/postgresql/.s.PGSQL.5432
unix 2 [ ] DGRAM 11995 /run/systemd/journal/syslog
unix 6 [ ] DGRAM 12052 /run/systemd/journal/dev-log
unix 2 [ ACC ] STREAM LISTENING 18571 /var/run/mysqld/mysqld.sock
unix 2 [ ACC ] STREAM LISTENING 15792 /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 15805 @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 15797 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 15764 /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 15766 /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 15785 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 15817 /run/uuidd/request
unix 2 [ ] DGRAM 12404
unix 3 [ ] DGRAM 14820
unix 2 [ ] DGRAM 12660
unix 3 [ ] STREAM CONNECTED 16768
unix 3 [ ] STREAM CONNECTED 15931 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 15800
unix 3 [ ] STREAM CONNECTED 18050 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 14810
unix 3 [ ] DGRAM 14526
unix 3 [ ] DGRAM 14528
unix 3 [ ] DGRAM 133991
unix 3 [ ] STREAM CONNECTED 16814 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 16811 /var/run/dbus/system_bus_socket
unix 3 [ ] DGRAM 14819
unix 3 [ ] DGRAM 14527
unix 2 [ ] DGRAM 133966
unix 3 [ ] DGRAM 12886
unix 3 [ ] DGRAM 12885
unix 3 [ ] DGRAM 14817
unix 2 [ ] DGRAM 14522
unix 3 [ ] STREAM CONNECTED 16812 /var/run/dbus/system_bus_socket
unix 2 [ ] DGRAM 16802
unix 3 [ ] STREAM CONNECTED 17880
unix 3 [ ] STREAM CONNECTED 16809
unix 3 [ ] STREAM CONNECTED 18049
unix 3 [ ] STREAM CONNECTED 16810
unix 3 [ ] STREAM CONNECTED 15799
unix 3 [ ] STREAM CONNECTED 16815 /var/run/dbus/system_bus_socket
unix 3 [ ] DGRAM 133992
unix 3 [ ] STREAM CONNECTED 14392
unix 3 [ ] STREAM CONNECTED 17140 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 15083
unix 3 [ ] STREAM CONNECTED 14393 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 133964 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 17881 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 16775
unix 3 [ ] STREAM CONNECTED 17138
unix 3 [ ] STREAM CONNECTED 133945
unix 3 [ ] DGRAM 14525
unix 2 [ ] DGRAM 17907
unix 2 [ ] DGRAM 133853
unix 3 [ ] STREAM CONNECTED 15929
unix 3 [ ] STREAM CONNECTED 18536 /var/run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 16247 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 16246
unix 3 [ ] DGRAM 11680
unix 3 [ ] DGRAM 11679
unix 3 [ ] STREAM CONNECTED 16168
unix 3 [ ] STREAM CONNECTED 16169 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 16406 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 16813 /var/run/dbus/system_bus_socket
unix 3 [ ] DGRAM 14314
unix 3 [ ] STREAM CONNECTED 18535
unix 3 [ ] STREAM CONNECTED 16404
unix 3 [ ] DGRAM 14818
unix 3 [ ] STREAM CONNECTED 15007 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 16728
unix 2 [ ] DGRAM 12850
unix 2 [ ] DGRAM 133953
unix 3 [ ] STREAM CONNECTED 17455
unix 3 [ ] STREAM CONNECTED 15005
unix 3 [ ] STREAM CONNECTED 14720 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 12658
unix 3 [ ] STREAM CONNECTED 13014 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 17460 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 12543
unix 3 [ ] STREAM CONNECTED 16727
unix 3 [ ] STREAM CONNECTED 13016 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 16769
unix 3 [ ] STREAM CONNECTED 16731 /run/systemd/journal/stdout
unix 3 [ ] DGRAM 14315
unix 3 [ ] STREAM CONNECTED 14718
root@nsn-do-lamp:~# netstat --listening
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost.lo:postgresql 0.0.0.0:* LISTEN
tcp 0 0 localhost.localdo:mysql 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
udp 8448 0 localhost:domain 0.0.0.0:*
raw6 0 0 [::]:ipv6-icmp [::]:* 7
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] SEQPACKET LISTENING 11724 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 133993 /run/user/0/systemd/private
unix 2 [ ACC ] STREAM LISTENING 133997 /run/user/0/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 133998 /run/user/0/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 133999 /run/user/0/gnupg/S.dirmngr
unix 2 [ ACC ] STREAM LISTENING 134000 /run/user/0/gnupg/S.gpg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 134001 /run/user/0/gnupg/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 11681 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 11686 /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 11722 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 11762 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 18480 /var/run/postgresql/.s.PGSQL.5432
unix 2 [ ACC ] STREAM LISTENING 18571 /var/run/mysqld/mysqld.sock
unix 2 [ ACC ] STREAM LISTENING 15792 /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 15805 @ISCSIADM_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 15797 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 15764 /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 15766 /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 15785 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 15817 /run/uuidd/request
谢谢!
解决方案
您可以尝试使用命令启用 ufw
sudo ufw enable
推荐阅读
- asp.net-core - IIS 动态压缩和 ASP.NET Core
- polymer - 如何将参数传递给 lit-element 中的侦听器?
- python - 使用 lambda 环境变量将参数传递给 cloudwatch api
- odoo-11 - xpath 如何使用 div 的类名进行搜索
- python-3.x - Odoo12 Cron 作业在特定日期执行
- lua - Roblox按键未注册
- asp.net-core - 如何在 ASP.NET Core 中使用 Swashbuckle 为 Swagger UI 进行 OAuth2 授权
- javascript - 如何调用所有者对象的函数
- machine-learning - 正确使用 keras.layers.Concatenate
- python - “密集”类型的对象没有 len()