Ubuntu

nginx 連接被遠端拒絕,但 localhost 連接

  • September 28, 2020

我的 Ubuntu Server 20.04 LTS 有一個奇怪的問題

背景簡介:

我安裝了 nginx 並且在設置letsencrypt時遇到了很多麻煩。嘗試使用靜態提供的文件進行操作,它不斷表示連接被拒絕。我恢復到原來的 nginx 預設配置,從 localhost 我看到 HTML 中的頁面內容“歡迎使用 NGINX”,但是從多個外部來源,我不斷收到連接被拒絕。

配置 預設NGINX配置(直接複製+粘貼)

server {
       listen 80 default_server;
       listen [::]:80 default_server;

       root /var/www/html;
       index index.html index.htm index.nginx-debian.html;

       server_name _;
               try_files $uri $uri/ =404;
               # proxy_pass http://localhost:8080;
               # proxy_http_version 1.1;
               # proxy_set_header Upgrade $http_upgrade;
               # proxy_set_header Connection 'upgrade';
               # proxy_set_header Host $host;
               # proxy_cache_bypass $http_upgrade;
       }
}

使用 curl,我嘗試從遠端站點連接到埠 80:

curl http://my-domain.com

回應

curl: (7) Failed to connect to my-domain.com port 80: Connection refused

其他資訊:

添加到啟用站點的活動 NGINX 配置

blms@my-domain:/etc/nginx/sites-enabled$ ls -la
total 8
drwxr-xr-x 2 root root 4096 Sep 28 03:57 .
drwxr-xr-x 8 root root 4096 Sep 28 03:29 ..
lrwxrwxrwx 1 root root   34 Sep 28 03:57 default -> /etc/nginx/sites-available/default

Nginx 服務狀態:活動(未報告錯誤)

blms@my-domain:~$ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
    Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
    Active: active (running) since Mon 2020-09-28 03:57:26 UTC; 6min ago
      Docs: man:nginx(8)
   Process: 2901 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Process: 2912 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Main PID: 2913 (nginx)
     Tasks: 2 (limit: 1074)
    Memory: 2.6M
    CGroup: /system.slice/nginx.service
            ├─2913 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
            └─2914 nginx: worker process

Sep 28 03:57:25 my-domain.com systemd[1]: Starting A high performance web server and a reverse proxy server...
Sep 28 03:57:26 my-domain.com systemd[1]: Started A high performance web server and a reverse proxy server.

已確認 HTTP Server 在埠 80 上偵聽:

blms@my-domain:~$ sudo ss -tlp | grep http
LISTEN   0        511              0.0.0.0:http                  0.0.0.0:*       users:(("nginx",pid=2914,fd=6),("nginx",pid=2913,fd=6))
LISTEN   0        511                 [::]:http                     [::]:*       users:(("nginx",pid=2914,fd=7),("nginx",pid=2913,fd=7))

iptables 允許所有連接

blms@my-domain:~$ sudo iptables -L -v
Chain INPUT (policy ACCEPT 2936 packets, 238K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2567 packets, 393K bytes)
pkts bytes target     prot opt in     out     source               destination

坦率地說,我很困惑。我也重啟了也沒用。

有什麼建議麼?

更新

使用 IP 地址捲曲

curl x.y.z.a:80
 % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                Dload  Upload   Total   Spent    Left  Speed
 0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0
curl: (7) Failed to connect to x.y.z.a port 80: Connection refused

在伺服器本身上捲曲 localhost

curl localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
   body {
       width: 35em;
       margin: 0 auto;
       font-family: Tahoma, Verdana, Arial, sans-serif;
   }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

問題的原因是我自己的原因之一。

問題是我沒有刷新我的 NAT 表。我使用iptables -F -t nat. 這解決了問題。

我將這個答案留在這裡,希望它可以幫助其他人。

引用自:https://serverfault.com/questions/1035559