apache - ERR_CONNECTION_REFUSED 用于 nginx -> apache2 设置
问题描述
我在在线获取我的网站时遇到了一些困难。尽管我在端口 447 (nicer.app) 上有一个类似的站点,但这个 zoned.at 站点不会超过它在浏览器中的 ERR_CONNECTION_REFUSED 状态。
我在 ubuntu 20.04 上使用 nginx 和 apache2。
“netstat -tulpn | grep 448”没有返回任何内容,但是“service apache2 restart”和“service nginx restart”也没有返回任何内容,表明没有错误,并且日志中也没有任何内容(/var/logs/apache2/error.448.日志和 /var/logs/nginx/error.log)
这是我的 apache 配置部分:
<VirtualHost *:448>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName zoned.at
ServerAdmin rene.veerman.netherlands@gmail.com
DocumentRoot /home/rene/data1/htdocs/zoned.at
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
#LogLevel info ssl:warn
LogLevel debug ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.448.log
CustomLog ${APACHE_LOG_DIR}/access.448.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory /home/rene/data1/htdocs/zoned.at>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4"
SSLCertificateFile /etc/letsencrypt/live/zoned.at/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zoned.at/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/zoned.at/fullchain.pem
</VirtualHost>
这是我的 nginx 配置部分:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name zoned.at;
root /home/rene/data1/htdocs/zoned.at;
large_client_header_buffers 4 32k;
ssl_certificate /etc/letsencrypt/live/zoned.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zoned.at/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
location / {
proxy_pass https://192.168.178.21:448/;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_connect_timeout 159s;
proxy_send_timeout 60;
proxy_read_timeout 60;
send_timeout 60;
resolver_timeout 60;
}
}
解决方案
我还必须这样做:
certbot certonly --nginx -d zoned.at
代替
certbot --test-cert certonly --nginx -d zoned.at
或者
certbot --dry-run certonly --nginx -d zoned.at
我必须将以下内容添加到 /etc/nginx/sites-enabled/00-default-ssl.conf :
server {
listen 80;
server_name zoned.at, www.zoned.at;
return 301 https://zoned.at$request_uri;
}
不幸的是,这确实意味着您可以将端口 http 转发到 https 仅用于 1 个站点。但就我而言,这就是我所需要的(目前)。
编辑:而不是编辑 nginx 配置文件以在端口 80 上托管站点,您可以使用 doa2enmod rewrite
并重新启动 apache2service apache2 restart
来完成工作,并在您的 web 文件夹的相对根目录 (/var/www /html 用于默认的 apache2 设置)..
#Stage 0 : initialization of rewrite engine; do not touch without a clue.
RewriteEngine on
RewriteBase /
#site operator must keep these in order:
# must start and end with /
# redirect www.example.com to example.com
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
# redirect http to https
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
推荐阅读
- cuda - CUDA 共享内存效率为 50%?
- javascript - 获取嵌套点击函数的结果
- html - 如何改变调整大小的风格?
- javascript - 如何使用 html 和 css 设置此代码的样式?
- typescript - 如何指定依赖于构造函数参数的类型变量
- pyspark - Pypsark:unix_timestamp 错误
- javascript - render() 中的 React onClick 函数未定义
- excel - VBA used range for specific columns minus the header
- kubernetes - fluentd tag rewrite on kubernetes logs only works when appending original tag
- docker - 有什么方法可以列出运行中的 docker 容器中安装的所有依赖项或库?