Nginx

無法在防火牆中允許 Nginx

  • March 6, 2020

我使用以下命令在我的 Ubuntu 18.04 伺服器上安裝了 Nginx:

$ sudo apt-add-repository ppa:hda-me/nginx-stable

$ sudo apt update

$ ubuntu@www-example-com:~$ sudo apt install brotli nginx nginx-module-brotli
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
 brotli nginx nginx-module-brotli
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,088 kB of archives.
After this operation, 4,340 kB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/hda-me/nginx-stable/ubuntu bionic/main amd64 nginx amd64 1.17.3-2-ppa7~bionic [566 kB]
Get:2 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 brotli amd64 1.0.3-1ubuntu1.2 [266 kB]
Get:3 http://ppa.launchpad.net/hda-me/nginx-stable/ubuntu bionic/main amd64 nginx-module-brotli amd64 1.17.3-2-ppa7~bionic [256 kB]
Fetched 1,088 kB in 0s (10.6 MB/s)       
Selecting previously unselected package brotli.
(Reading database ... 91558 files and directories currently installed.)
Preparing to unpack .../brotli_1.0.3-1ubuntu1.2_amd64.deb ...
Unpacking brotli (1.0.3-1ubuntu1.2) ...
Selecting previously unselected package nginx.
Preparing to unpack .../nginx_1.17.3-2-ppa7~bionic_amd64.deb ...
----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:
* http://nginx.org/en/docs/

You could find nginx-hda-bundle repository here:
* https://github.com/cryptofuture/nginx-hda-bundle

Please consider making a donation:
* https://github.com/cryptofuture/nginx-hda-bundle#donation

----------------------------------------------------------------------
Unpacking nginx (1.17.3-2-ppa7~bionic) ...
Selecting previously unselected package nginx-module-brotli.
Preparing to unpack .../nginx-module-brotli_1.17.3-2-ppa7~bionic_amd64.deb ...
----------------------------------------------------------------------

The Brotli dynamic module for nginx has been installed.
To enable this module, add the following to /etc/nginx/nginx.conf
and reload nginx:
   # ngx_brotli filter module - used to compress responses on-the-fly.
   load_module modules/ngx_http_brotli_filter_module.so;
   # ngx_brotli static module - used to serve pre-compressed files.
   # Both modules could be used separately
   load_module modules/ngx_http_brotli_static_module.so;

Please refer to the module documentation for further details:
https://github.com/google/ngx_brotli

----------------------------------------------------------------------
Unpacking nginx-module-brotli (1.17.3-2-ppa7~bionic) ...
Setting up nginx (1.17.3-2-ppa7~bionic) ...
Setting up brotli (1.0.3-1ubuntu1.2) ...
Setting up nginx-module-brotli (1.17.3-2-ppa7~bionic) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for systemd (237-3ubuntu10.39) ...

我的問題是我不可能使用以下命令將 Nginx 添加到我的防火牆中。我不明白為什麼它不起作用:

$ ubuntu@www-example-com:~$ sudo ufw allow 'Nginx Full'
ERROR: Could not find a profile matching 'Nginx Full'

$ ubuntu@www-example-com:~$ sudo ufw app list
Available applications:
 OpenSSH

更新

ubuntu@www-example-com:~$ sudo ufw allow 80
Rule added
Rule added (v6)
ubuntu@www-example-com:~$ sudo ufw allow 443
Rule added
Rule added (v6)
ubuntu@www-example-com:~$ sudo ufw allow http
Rule added
Rule added (v6)
ubuntu@www-example-com:~$ sudo ufw allow https
Rule added
Rule added (v6)
ubuntu@www-example-com:~$ sudo ufw app list
Available applications:
 OpenSSH

您可以嘗試使用這些命令只允許標準 HTTP/HTTPS 埠

sudo ufw allow 80
sudo ufw allow 443

我想你也可以像這樣指定協議

sudo ufw allow http
sudo ufw allow https

的輸出sudo ufw app list顯示沒有創建 nginx 配置文件。

這篇關於 ubuntu 堆棧交換的文章很好地總結瞭如何創建應用程序配置文件,或者您可以使用@Diego Velez 建議的更簡單的解決方案(這就是我會做的)

引用自:https://serverfault.com/questions/1005910