連接伺服器443埠失敗：連接被拒絕

我在 127.0.0.1:8088 的伺服器上執行了一個 Web 伺服器，我想從 Internet 訪問它。

執行 Web 伺服器的 ss -nplut 的輸出：

tcp LISTEN 0 1024 127.0.0.1:8088 0.0.0.0:* users:(("ctprods",pid=2042,fd=9))

輸出 ss -nplut |grep 443

tcp LISTEN 0 511 *:443 *:*

我創建了一個 apache 虛擬主機（啟用了站點，重新載入了 apache）：

<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
   # the server uses to identify itself. This is used when creating
   # redirection URLs. In the context of virtual hosts, the ServerName
   # specifies what hostname must appear in the request's Host: header to
   # match this virtual host. For the default virtual host (this file) this
   # value is not decisive as it is used as a last resort host regardless.
   # However, you must set it for any further virtual host explicitly.
   ServerName cyprientaque.com
   ServerAlias ctprods.cyprientaque.com

   ServerAdmin cyprien@gmail.com

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
   RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

#       RewriteCond %{SERVER_NAME} =ctprods.cyprientaque.com
#       RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

    <Proxy *>
            Require all granted
    </Proxy>
            ProxyPass / http://127.0.0.1:8088/
            ProxyPassReverse / http://127.0.0.1:8088/

SSLCertificateFile /etc/letsencrypt/live/ctprods.cyprientaque.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/ctprods.cyprientaque.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

我用 let encrypt 創建了一個 ssl 證書：

Certificate Name: ctprods.cyprientaque.com-0001
Serial Number: 39538aec7472a644e8d22887f858de17177
Domains: ctprods.cyprientaque.com
Expiry Date: 2020-11-17 10:59:58+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/ctprods.cyprientaque.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/ctprods.cyprientaque.com-0001/privkey.pem

我的 ctprods.cyprientaque.com 在我的 dns 提供商中有一條 A 記錄，指向我的伺服器 IP

但是當我嘗試使用 curl 訪問我的伺服器時，出現錯誤：

$ curl -X GET https://ctprods.cyprientaque.com/projects
curl: (7) Failed to connect to ctprods.cyprientaque.com port 443: Connection refused 

而且我看不到請求 tcpdump 埠 443 ..

您的 Apache 未在埠 443 上偵聽。您僅將 VirtualHost 配置為 HTTP，而不是 HTTPS。使用埠 443 和您的證書配置第二個 VirtualHost，並確保您Listen 443的 Apache 配置中有一個指令。您的證書不屬於:80VirtualHost。

以上是基於問題中的錯誤資訊。無論您在此期間做了什麼，您的伺服器現在都可以通過 HTTPS 訪問。

$ curl -X GET https://ctprods.cyprientaque.com/projects
"Invalid JWT"

引用自：https://serverfault.com/questions/1030760