Linux

nginx 不接受來自外部 IP 的連接

  • August 23, 2021

我有 Ubuntu 伺服器並安裝了 nginx,但它不接受來自外部 IP 的連接(我在嘗試從瀏覽器發出請求時看到 ERR_CONNECTION_REFUSED)

Nginx 正在執行,當我發出本地請求或通過 ssh 埠轉發時它會響應。

80 aslo 已開啟:sudo tcpdump port 80

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
21:43:22.336738 IP instance-20210822-2338.subnet07230103.vcn07230103.oraclevcn.com.54174 > 169.254.169.254.http: Flags [.], ack 470550867, win 472, options [nop,nop,TS val 2352881356 ecr 1049088181], length 0
21:43:22.336873 IP 169.254.169.254.http > instance-20210822-2338.subnet07230103.vcn07230103.oraclevcn.com.54174: Flags [.], ack 1, win 38, options [nop,nop,TS val 1049103285 ecr 2352836022], length 0
21:43:29.002266 IP instance-20210822-2338.subnet07230103.vcn07230103.oraclevcn.com.54176 > 169.254.169.254.http: Flags [S], seq 1921592569, win 62720, options [mss 8960,sackOK,TS val 2352888022 ecr 0,nop,wscale 7], length 0
21:43:29.002425 IP 169.254.169.254.http > instance-20210822-2338.subnet07230103.vcn07230103.oraclevcn.com.54176: Flags [S.], seq 1203946486, ack 1921592570, win 18096, options [mss 9060,nop,nop,TS val 1049109950 ecr 2352888022,nop,wscale 9], length 0

如何調試為什麼 nginx 沒有收到請求?

UPDnginx -T輸出

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
   worker_connections 768;
   # multi_accept on;
}

http {

   ##
   # Basic Settings
   ##

   sendfile on;
   tcp_nopush on;
   tcp_nodelay on;
   keepalive_timeout 65;
   types_hash_max_size 2048;
   # server_tokens off;

   # server_names_hash_bucket_size 64;
   # server_name_in_redirect off;

   include /etc/nginx/mime.types;
   default_type application/octet-stream;

   ##
   # SSL Settings
   ##

   ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
   ssl_prefer_server_ciphers on;

   ##
   # Logging Settings
   ##

   access_log /var/log/nginx/access.log;
   error_log /var/log/nginx/error.log;

   ##
   # Gzip Settings
   ##

   gzip on;

   # gzip_vary on;
   # gzip_proxied any;
   # gzip_comp_level 6;
   # gzip_buffers 16 8k;
   # gzip_http_version 1.1;
   # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

   ##
   # Virtual Host Configs
   ##

   include /etc/nginx/conf.d/*.conf;
   include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
#
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;

# configuration file /etc/nginx/mime.types:

types {
   text/html                             html htm shtml;
   text/css                              css;
   text/xml                              xml;
   image/gif                             gif;
   image/jpeg                            jpeg jpg;
   application/javascript                js;
   application/atom+xml                  atom;
   application/rss+xml                   rss;

   text/mathml                           mml;
   text/plain                            txt;
   text/vnd.sun.j2me.app-descriptor      jad;
   text/vnd.wap.wml                      wml;
   text/x-component                      htc;

   image/png                             png;
   image/tiff                            tif tiff;
   image/vnd.wap.wbmp                    wbmp;
   image/x-icon                          ico;
   image/x-jng                           jng;
   image/x-ms-bmp                        bmp;
   image/svg+xml                         svg svgz;
   image/webp                            webp;

   application/font-woff                 woff;
   application/java-archive              jar war ear;
   application/json                      json;
   application/mac-binhex40              hqx;
   application/msword                    doc;
   application/pdf                       pdf;
   application/postscript                ps eps ai;
   application/rtf                       rtf;
   application/vnd.apple.mpegurl         m3u8;
   application/vnd.ms-excel              xls;
   application/vnd.ms-fontobject         eot;
   application/vnd.ms-powerpoint         ppt;
   application/vnd.wap.wmlc              wmlc;
   application/vnd.google-earth.kml+xml  kml;
   application/vnd.google-earth.kmz      kmz;
   application/x-7z-compressed           7z;
   application/x-cocoa                   cco;
   application/x-java-archive-diff       jardiff;
   application/x-java-jnlp-file          jnlp;
   application/x-makeself                run;
   application/x-perl                    pl pm;
   application/x-pilot                   prc pdb;
   application/x-rar-compressed          rar;
   application/x-redhat-package-manager  rpm;
   application/x-sea                     sea;
   application/x-shockwave-flash         swf;
   application/x-stuffit                 sit;
   application/x-tcl                     tcl tk;
   application/x-x509-ca-cert            der pem crt;
   application/x-xpinstall               xpi;
   application/xhtml+xml                 xhtml;
   application/xspf+xml                  xspf;
   application/zip                       zip;

   application/octet-stream              bin exe dll;
   application/octet-stream              deb;
   application/octet-stream              dmg;
   application/octet-stream              iso img;
   application/octet-stream              msi msp msm;

   application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
   application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
   application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

   audio/midi                            mid midi kar;
   audio/mpeg                            mp3;
   audio/ogg                             ogg;
   audio/x-m4a                           m4a;
   audio/x-realaudio                     ra;

   video/3gpp                            3gpp 3gp;
   video/mp2t                            ts;
   video/mp4                             mp4;
   video/mpeg                            mpeg mpg;
   video/quicktime                       mov;
   video/webm                            webm;
   video/x-flv                           flv;
   video/x-m4v                           m4v;
   video/x-mng                           mng;
   video/x-ms-asf                        asx asf;
   video/x-ms-wmv                        wmv;
   video/x-msvideo                       avi;
}

# configuration file /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
   listen 80 default_server;

   # SSL configuration
   #
   # listen 443 ssl default_server;
   # listen [::]:443 ssl default_server;
   #
   # Note: You should disable gzip for SSL traffic.
   # See: https://bugs.debian.org/773332
   #
   # Read up on ssl_ciphers to ensure a secure configuration.
   # See: https://bugs.debian.org/765782
   #
   # Self signed certs generated by the ssl-cert package
   # Don't use them in a production server!
   #
   # include snippets/snakeoil.conf;

   root /var/www/html;

   # Add index.php to the list if you are using PHP
   index index.html index.htm index.nginx-debian.html;

   server_name _;

   location / {
       # First attempt to serve request as file, then
       # as directory, then fall back to displaying a 404.
       try_files $uri $uri/ =404;
   }

   # pass PHP scripts to FastCGI server
   #
   #location ~ \.php$ {
   #   include snippets/fastcgi-php.conf;
   #
   #   # With php-fpm (or other unix sockets):
   #   fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
   #   # With php-cgi (or other tcp sockets):
   #   fastcgi_pass 127.0.0.1:9000;
   #}

   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
   #
   #location ~ /\.ht {
   #   deny all;
   #}
}

netstat -putan輸出

(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
tcp        0     36 10.0.0.61:22            176.115.102.236:47199   ESTABLISHED -
tcp        0      0 10.0.0.61:37594         91.189.91.121:80        TIME_WAIT   -
tcp6       0      0 :::22                   :::*                    LISTEN      -
tcp6       0      0 :::111                  :::*                    LISTEN      -
udp        0      0 127.0.0.53:53           0.0.0.0:*                           -
udp        0      0 10.0.0.61:68            0.0.0.0:*                           -
udp        0      0 0.0.0.0:111             0.0.0.0:*                           -
udp6       0      0 :::111                  :::*                                -

如果有人用Google搜尋這個,添加這個以提高意識。這可能是由於防火牆正在執行。刷新 iptables/firewalld/ufw 並查看問題是否仍然存在。

引用自:https://serverfault.com/questions/1075345