Iis

530 為多個站點設置 IIS 10 時需要有效的主機名

  • July 3, 2020

我已使用此處的說明將 IIS 配置為具有多個 FTP 站點:https ://docs.microsoft.com/en-us/iis/publish/using-the-ftp-service/using-ftp-virtual-host -names-in-iis-7

請參閱下面我最終得到的配置。

在 IIS 中,我配置了基本身份驗證並將使用者 mysite_ftp 用於“連接為”,在測試設置時,我在身份驗證和授權上都得到綠色複選標記。

IIS 設置: 在此處輸入圖像描述

當我使用 Filezilla 嘗試連接時,我得到了以下日誌:

嘗試使用 VPS 主機名:h2746286.stratoserver.net

Status: Resolving address of h2746286.stratoserver.net
Status: Connecting to 85.214.200.30:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.
Error:  Critical error: Could not connect to server

嘗試使用主機名:www.telefonievergelijken.nl

Status: Resolving address of www.telefonievergelijken.nl
Status: Connecting to 85.214.200.30:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.
Error:  Critical error: Could not connect to server

嘗試使用主機名:ftp.telefonievergelijken.nl

Status: Resolving address of ftp.telefonievergelijken.nl
Status: Connecting to 85.214.200.30:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.
Error:  Critical error: Could not connect to server

應用程序主機配置

<sectionGroup name="system.ftpServer">
   <section name="log" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
   <section name="firewallSupport" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
   <section name="caching" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
   <section name="providerDefinitions" overrideModeDefault="Deny" />
   <sectionGroup name="security">
       <section name="ipSecurity" overrideModeDefault="Deny" />
       <section name="requestFiltering" overrideModeDefault="Deny" />
       <section name="authorization" overrideModeDefault="Deny" />
       <section name="authentication" overrideModeDefault="Deny" />
   </sectionGroup>
   <section name="serverRuntime" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
</sectionGroup>

<sites>
   <site name="othersite" id="2">
       <application path="/" applicationPool=".NET v4.5">
           <virtualDirectory path="/" physicalPath="E:\othersite\wwwroot" userName="othersite_web" password="[enc:IISCngProvider:b1dn9+We00KRNWUB6shbPm/hLtBOF2hOG9We5zVgaEmYL5C/fDLxDc3QH9Rnvi79SjeM+Rauk/bQWEBzJnw=:enc]" />
       </application>
       <bindings>
           <binding protocol="http" bindingInformation="*:80:www.othersite.nl" />
           <binding protocol="http" bindingInformation="*:80:othersite.nl" />
       </bindings>
   </site>
   <site name="telefonievergelijken" id="3">
       <application path="/" applicationPool=".NET v4.5">
           <virtualDirectory path="/" physicalPath="E:\telefonievergelijken\wwwroot" userName="tv_web" password="[enc:IISCngProvider:x+PhGwZweUwR53tUgGTdEGui8k4gIJRASehxKVtsPoTtxNIA8aRe8WUwvdLuEdzSQicrJVDwen7e/C6x9qfiFyudqtZYwhXuo=:enc]" />
       </application>
       <bindings>
           <binding protocol="http" bindingInformation="*:80:www.telefonievergelijken.nl" />
           <binding protocol="http" bindingInformation="*:80:telefonievergelijken.nl" />
       </bindings>
       <traceFailedRequestsLogging enabled="true" directory="E:\IISData\LogFiles\FailedReqLogFiles" />
   </site>
   <site name="FTP-othersite" id="1">
       <application path="/">
           <virtualDirectory path="/" physicalPath="E:\othersite\wwwroot" />
       </application>
       <bindings>
           <binding protocol="ftp" bindingInformation="127.0.0.1:21:" />
       </bindings>
       <ftpServer>
           <security>
               <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
               <authentication>
                   <basicAuthentication enabled="true" />
               </authentication>
           </security>
       </ftpServer>
   </site>
   <site name="FTP-TV" id="4">
       <application path="/">
           <virtualDirectory path="/" physicalPath="E:\telefonievergelijken\wwwroot" userName="tv_ftp" password="[enc:IISCngProvider:xYxqamuKq02/xUcvZGTdEGui8gh3w6XT0hEegnCMZbVIxeWIOypRIZ1u8UAOG/AJg=:enc]" />
       </application>
       <bindings>
           <binding protocol="ftp" bindingInformation="127.0.0.1:21:www.telefonievergelijken.nl" />
       </bindings>
       <ftpServer>
           <security>
               <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
               <authentication>
                   <basicAuthentication enabled="true" />
               </authentication>
           </security>
       </ftpServer>
   </site>
   <siteDefaults>
       <logFile logFormat="W3C" directory="E:\IISData\LogFiles" />
       <traceFailedRequestsLogging directory="E:\IISData\LogFiles\FailedReqLogFiles" />
       <ftpServer>
           <logFile directory="E:\IISData\LogFiles\FTPLogs" />
           <security>
               <authentication>
                   <basicAuthentication enabled="false" />
               </authentication>
           </security>
       </ftpServer>
   </siteDefaults>
   <applicationDefaults applicationPool="DefaultAppPool" />
   <virtualDirectoryDefaults allowSubDirConfig="true" />
</sites>        

更新 1

啊,我把127.0.0.1的IP地址改成了我VPS的外網IP地址。當我嘗試連接時ftp.telefonievergelijken.nl|tv_ftp出現日誌記錄錯誤:

Error:  Could not connect to server
Status: Waiting to retry...
Status: Resolving address of ftp.telefonievergelijken.nl|tv_ftp
Status: Connection attempt failed with "EAI_NONAME - Neither nodename nor servname provided, or not known".

更新 2

更改了連接的使用者名設置: 在此處輸入圖像描述

您似乎正在嘗試使用目前未在 IIS 中與 FTP 站點的任何綁定中配置的主機名連接到 FTP 站點。

我僅基於您包含的 Filezilla 的錯誤輸出,因為您已經從輸出中審查了主機名(即使是範例形式),所以沒有更多的事情要做。

您需要在 FTP 站點上配置與您用於連接到 FTP 站點的主機名匹配的綁定(無論是來自 Filezilla 還是任何其他 FTP 客戶端)。

編輯:從您更新的文章資訊中,我注意到您對 FTP 站點的綁定確實配置不正確 - 您目前僅將 FTP 站點綁定到 localhost 環回地址 (127.0.0.1)。您需要將其綁定到一個可外部路由的非環回地址。根據您的環境,這可能是您的外部 IP 地址(如果直接映射到伺服器)或內部 IP 地址(如果您配置了 NAT)。根據目前資訊,我的猜測是您必須配置另一個 FTP 站點,該站點正在攔截這些請求並向您顯示無效的主機名錯誤。正確配置此 FTP 站點後,所有站點都應按預期執行。

此外,@Dre 的回答也很重要(所以你也應該支持它)——如果你有多個 FTP 站點綁定到同一個 IP 地址,你需要在 FTP 客戶端的“使用者”欄位中指定主機名格式hostname|user

引用自:https://serverfault.com/questions/887176