兄弟们我又来了,有个问题又搞不懂了,帮帮我这个菜鸟吧 - V2EX
首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
z8596007
V2EX    问与答

兄弟们我又来了,有个问题又搞不懂了,帮帮我这个菜鸟吧

  •   
  •   z8596007 2023-07-26 15:26:02 +08:00 2187 次点击
    这是一个创建于 833 天前的主题,其中的信息可能已经有所发展或是发生改变。
    server { listen 80; listen [::]:80; server_name xxx.xxx.xxx; return 301 $host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name xxx.xxx.xxx; ssl_certificate /etc/nginx/ssl/xxx.xxx.xxx.pem; ssl_certificate_key /etc/nginx/ssl/xxx.xxx.xxx.key; location / { proxy_pass http://172.20.0.7:4000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; add_header X-Cache $upstream_cache_status; proxy_set_header Accept-Encoding ""; sub_filter "http://" "https://"; sub_filter_once off; } }

    nginx 配置如上 现在的问题是 nginx 容器内可以访问 http://172.20.0.7:4000 ,宿主机也可以访问 172.20.0.7:4000,使用服务器 ip:4000 也可以访问这个容器,但是使用域名:https://xxx.xxx.xxx 就提示花了太长时间进行响应 443 端口也映射了。 不知道是什么问题了。。太难了。

    第 1 条附言    2023-07-26 17:41:26 +08:00
    ```
    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;

    server {
    listen 80;
    listen [::]:80;
    server_name www.xxx.xxx;
    return 301 $host$request_uri;
    }
    server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.xxx.xxx;

    ssl_certificate /etc/nginx/ssl/www.xxx.xxx.pem;
    ssl_certificate_key /etc/nginx/ssl/www.xxx.xxx.key;

    location / {
    proxy_pass http://172.20.0.6:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    }

    # api.xxx.xxx
    server {
    listen 80;
    listen [::]:80;
    server_name api.xxx.xxx;
    return 301 https://$host$request_uri;
    }
    server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name api.xxx.xxx;

    ssl_certificate /etc/nginx/ssl/api.xxx.xxx.pem;
    ssl_certificate_key /etc/nginx/ssl/api.xxx.xxx.key;

    location / {
    proxy_pass http://172.20.0.7:4000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;

    add_header X-Cache $upstream_cache_status;

    proxy_set_header Accept-Encoding "";
    sub_filter "http://" "https://";
    sub_filter_once off;
    }
    }
    }
    ```
    我现在 www.xxx.xxx 可以正常访问。api.xxx.xxx 不可以访问
    第 2 条附言    2023-07-26 17:43:18 +08:00 
    user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; # www.xxx.xxx server { listen 80; listen [::]:80; server_name www.xxx.xxx; return 301 $host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.xxx.xxx; ssl_certificate /etc/nginx/ssl/www.xxx.xxx.pem; ssl_certificate_key /etc/nginx/ssl/www.xxx.xxx.key; location / { proxy_pass http://172.20.0.6:3000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; poxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } # api.xxx.xxx server { listen 80; listen [::]:80; server_name api.xxx.xxx; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name api.xxx.xxx; ssl_certificate /etc/nginx/ssl/api.xxx.xxx.pem; ssl_certificate_key /etc/nginx/ssl/api.xxx.xxx.key; location / { proxy_pass http://172.20.0.7:4000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; add_header X-Cache $upstream_cache_status; proxy_set_header Accept-Encoding ""; sub_filter "http://" "https://"; sub_filter_once off; } } }

    我现在 www.xxx.xxx 可以正常访问。api.xxx.xxx 不可以访问

    第 3 条附言    2023-07-26 19:51:10 +08:00
    好像是找到原因了,可能是因为我在解析里增加了 @
  • Nginx
  • SSL
  • listen
  • host
    23 条回复    2023-07-27 08:53:28 +08:00
    linauror
        1
    linauror  
       2023-07-26 15:56:41 +08:00
    先记下 nginx 访问日志,看有没有访问到 nginx ,或许是安全组的 443 端口没开?
    poporange
        2
    poporange  
       2023-07-26 16:11:35 +08:00
    你先看看 你防火墙开 443 端口了么
    vacuitym
        3
    vacuitym  
       2023-07-26 16:12:41 +08:00
    需要查看 ng 日志
    z8596007
        4
    z8596007  
    OP
       2023-07-26 16:37:42 +08:00
    @linauror
    ```
    400 Bad Request
    The plain HTTP request was sent to HTTPS port
    nginx/1.21.5
    ```
    直接访问服务器:443 提示这个。
    z8596007
        5
    z8596007  
    OP
       2023-07-26 16:38:00 +08:00
    @poporange
    400 Bad Request
    The plain HTTP request was sent to HTTPS port
    nginx/1.21.5
    直接访问服务器:443 提示这个。
    z8596007
        6
    z8596007  
    OP
       2023-07-26 16:38:48 +08:00
    @vacuitym
    ng 日志中没有啥东西。。
    2023/07/26 06:11:50 [notice] 47#47: signal process started
    2023/07/26 06:13:55 [notice] 50#50: signal process started
    就启动时的
    cslive
        7
    cslive  
       2023-07-26 16:47:24 +08:00
    return 301 https://$host$request_uri; # 重定向到 https
    Fedxu
        8
    Fedxu  
       2023-07-26 16:58:37 +08:00 via iPhone
    cf 开了小黄云的话,到 ssl 里加蜜方式设置为完全
    Nginx 改配置记得重新加载
    好像遇到过此问题,记不清了,你试试
    kosmgco
        9
    kosmgco  
       2023-07-26 17:01:16 +08:00
    http://xxx.xxx.xxx:443 是这样访问的吗?
    LxnChan
        10
    LxnChan  
       2023-07-26 17:01:57 +08:00
    你 nginx 是怎么装的,也在容器里吗
    brader
        11
    brader  
       2023-07-26 17:02:29 +08:00
    云防火墙开了 443 没
    z8596007
        12
    z8596007  
    OP
       2023-07-26 17:17:01 +08:00
    @LxnChan 是在容器里的
    z8596007
        13
    z8596007  
    OP
       2023-07-26 17:18:59 +08:00
    @cslive 改了 没啥效果
    z8596007
        14
    z8596007  
    OP
       2023-07-26 17:19:41 +08:00
    @brader 开了的
    z8596007
        15
    z8596007  
    OP
       2023-07-26 17:19:59 +08:00
    @xulianbang 不是走的 cf ,
    vacuitym
        16
    vacuitym  
       2023-07-26 17:30:48 +08:00
    @z8596007 error 和 info 日志都没东西吗,要是都没得话说明都没到 ng ,可以看下域名解析之类的
    z8596007
        17
    z8596007  
    OP
       2023-07-26 17:33:26 +08:00
    @vacuitym 没有。域名解析是到这个服务器的
    kokutou
        18
    kokutou  
       2023-07-26 17:43:38 +08:00 via Android
    @z8596007
    域名 http 加 s 了没有。。。
    vacuitym
        19
    vacuitym  
       2023-07-26 17:51:37 +08:00
    @z8596007 不然你直接用服务器的外网 ip:443 请求下试试 ng 能不能收到,如果能的话就说明域名解析问题,如果不能 ng 的监听就有问题
    z8596007
        20
    z8596007  
    OP
       2023-07-26 18:05:29 +08:00
    @vacuitym 可以收到。
    返回的是
    400 Bad Request
    The plain HTTP request was sent to HTTPS port
    vacuitym
        21
    vacuitym  
       2023-07-26 18:07:40 +08:00
    @z8596007 那应该就是域名解析的问题了,你 ping 一下你的解析域名,如果没加防护的话应该可以直接看到解析的 ip
    z8596007
        22
    z8596007  
    OP
       2023-07-26 19:07:55 +08:00
    @vacuitym ping 域名解析 还确实是我设置的 dns 地址
    vacuitym
        23
    vacuitym  
       2023-07-27 08:53:28 +08:00
    @z8596007 没招了,远程是在没办法猜到原因了
    关于     帮助文档     自助推广系统     博客     API     FAQ     Solana     914 人在线   最高记录 6679       Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 29ms UTC 21:31 PVG 05:31 LAX 13:31 JFK 16:31
    Do have faith in what you're doing.
    ubao msn snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86