我对Linux服务器configuration和Microsoft Azure云服务相对较新。
我有一个虚拟机,在Ubuntu 16.04之上,有一个由Nginx,Varnish,PHP7-FPM,MariaDB,FAIL2BAN组成的堆栈。
WordPress的多站点安装。 据我所知,在Nginx和Varnish .conf文件以及Wordpress安装中,所有configuration都是正确的。
港口80和443都打开。 主domaind和联网站点域都parsing为虚拟机的IP。
所有这些都是使用debops-wordpress(Ansible项目的扩展)部署的。
问题是主站点工作正常,但所有networking站点导致ERR_EMPTY_RESPONSE错误。 据我所知,这些请求没有生成日志。 例如, varnishlog会在我请求主域时报告所有预期的清漆活动(批)。 当我请求联网的网站域时,它根本不会产生任何活动。 我从这里得出结论,这个请求甚至从来没有通过清漆。
当我为联网网站(Wordpress多站点)发出http请求时,会将基本条目写入光油访问日志。 (见下文)。 但Nginx日志中没有条目。 并且在Varnish或Nginx错误日志中没有条目。
::ffff:122.57.253.24 - - [17/Jul/2017:01:58:35 +0000] "GET /favicon.ico HTTP/1.1" 204 0 "http://www.sewalunafoundation.nz/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
所以域请求至less要通过堆栈,但是会以空的响应错误中止。
我在想,也许我忽视了Azure方面的一些东西,那就是阻止任何联网站点域的请求实际到达服务器堆栈。 虽然我不太确定,但由于必要的端点(80和443)是开放的,并且对于主要域名工作良好,而且现在我看到次级(WP联网)域名至less足以创build清漆一个日志条目的事实,这是我认为这是不可能的networking相关。
server { listen [::]:80 default_server ipv6only=off; server_name www.primarydomain.nz; server_name primarydomain.nz; server_name www.2nd-domain.org.uk; server_name 2nd-domain.org.uk; server_name www.3rd-domain.org.za; server_name 3rd-domain.org.za; server_name 4th-domain.ca; server_name www.4th-domain.ca; include snippets/acme-challenge.conf; keepalive_timeout 60; access_log /var/log/nginx/varnish.www.primarydomain.nz_access.log; error_log /var/log/nginx/varnish.www.primarydomain.nz_error.log; client_max_body_size 32M; if ($host != $server_name) { return 444; } location = /nginx_status { stub_status on; access_log on; allow 127.0.0.1/32; allow ::1/128; allow 10.0.0.8; deny all; } include /etc/nginx/sites-default.d/*.conf; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 80; proxy_pass http://varnish; } }
server { listen 8080 default_server ipv6only=off; server_name www.primarydomain.nz; server_name primarydomain.nz; server_name www.2nd-domain.org.uk; server_name 2nd-domain.org.uk; server_name www.3rd-domain.org.za; server_name 3rd-domain.org.za; server_name 4th-domain.ca; server_name www.4th-domain.ca; root /var/www/www.primarydomain.nz; keepalive_timeout 60; access_log /var/log/nginx/www.primarydomain.nz_access.log; error_log /var/log/nginx/www.primarydomain.nz_error.log; index index.html index.htm index.php; client_max_body_size 32M; gzip_comp_level 5; gzip_min_length 256; gzip_proxied any; gzip_vary on; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/schema+json application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml font/eot font/opentype image/bmp image/svg+xml image/vnd.microsoft.icon image/x-icon text/cache-manifest text/css text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml; rewrite /wp-admin$ $scheme://$host$uri/ permanent; # Disallow access to hidden files and directories location ~ /\. { return 404; } location = /favicon.ico { try_files /favicon.ico =204; access_log off; log_not_found off; } location = /nginx_status { stub_status on; access_log off; allow 127.0.0.1/32; allow ::1/128; allow 10.0.0.8; deny all; } include /etc/nginx/sites-default.d/*.conf; location ~ /(\.|wp-config.php|readme.html|license.txt|wp-cli.local.yml|wp-cli.yml) { return 404; } location ~* ^.+\.(css|js|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; expires max; add_header Cache-Control "public"; } location = /robots.txt { access_log off; log_not_found off; try_files /robots.txt /index.php; } location / { try_files $uri $uri/ /index.php?$args; } location ~ ^(?!.+\.php/)(?<script_name>.+\.php)$ { limit_except GET HEAD POST { deny all; } try_files $script_name =404; include fastcgi.conf; set $php_https off; if ($http_x_forwarded_proto = "https") { set $php_https on; } fastcgi_param HTTPS $php_https; fastcgi_next_upstream error timeout invalid_header http_500; # Mitigate HTTPOXY attacks (https://httpoxy.org/) fastcgi_param HTTP_PROXY ""; fastcgi_index index.php; fastcgi_pass php-wordpress; } location ~ ^(?<script_name>.+\.php)(?<path_info>/.*)$ { limit_except GET HEAD POST { deny all; } try_files $script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$script_name; fastcgi_param PATH_INFO $path_info; #fastcgi_param PATH_TRANSLATED $document_root$path_info; set $php_https off; if ($http_x_forwarded_proto = "https") { set $php_https on; } fastcgi_param HTTPS $php_https; fastcgi_next_upstream error timeout invalid_header http_500; # Mitigate HTTPOXY attacks (https://httpoxy.org/) fastcgi_param HTTP_PROXY ""; fastcgi_index index.php; fastcgi_pass php-wordpress; } }
/etc/default/varnish (删除了所有评论)
START=yes NFILES=131072 MEMLOCK=82000 DAEMON_OPTS="-a :6081 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -S /etc/varnish/secret \ -s malloc,256m"
/etc/varnish/default.vcl内容 (删除了所有评论)
vcl 4.0; import std; import directors; backend wordpress { .host = "127.0.0.1"; .port = "8080"; .max_connections = 300; .first_byte_timeout = 300s; .connect_timeout = 5s; .between_bytes_timeout = 2s; } acl purge { "10.0.0.8"; "127.0.0.1"; "::1"; } sub vcl_init { new vdir = directors.round_robin(); vdir.add_backend(wordpress); } sub vcl_recv { set req.backend_hint = vdir.backend(); # send all traffic to the vdir director set req.http.Host = regsub(req.http.Host, ":[0-9]+", ""); unset req.http.proxy; if (req.method == "PURGE") { if (!std.ip(req.http.X-Real-IP, "0.0.0.0") ~ purge) { return (synth(405, "This IP is not allowed to send PURGE requests.")); } return (purge); } if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "PATCH" && req.method != "DELETE") { /* Non-RFC2616 or CONNECT which is weird. */ return (pipe); } if (req.http.Upgrade ~ "(?i)websocket") { return (pipe); } if (req.method != "GET" && req.method != "HEAD") { return (pass); } if (req.url ~ "(\?|&)(utm_(campaign|medium|source|term)|gclid|cx|ie|cof|siteurl)=") { set req.url = regsuball(req.url, "&(utm_(campaign|medium|source|term)|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", ""); set req.url = regsuball(req.url, "\?(utm_(campaign|medium|source|term)|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?"); set req.url = regsub(req.url, "\?&", "?"); set req.url = regsub(req.url, "\?$", ""); } if (req.url ~ "\#") { set req.url = regsub(req.url, "\#.*$", ""); } if (req.url ~ "\?$") { set req.url = regsub(req.url, "\?$", ""); } set req.http.Cookie = regsuball(req.http.Cookie, "wordpress-settings-[0-9]+?=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "wordpress-settings-time-[0-9]+?=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "__gads=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "__atuv.=[^;]+(; )?", ""); set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", ""); if (req.http.cookie ~ "^\s*$") { unset req.http.cookie; } if (req.http.Cache-Control ~ "(?i)no-cache") { if (! (req.http.Via || req.http.User-Agent ~ "(?i)bot" || req.http.X-Purge)) { return(purge); # Couple this with restart in vcl_purge and X-Purge header to avoid loops } } if (req.url ~ "^[^?]*\.(7z|avi|bz2|flac|flv|gz|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|rar|tar|tgz|tbz|txz|wav|webm|xz|zip)(\?.*)?$") { unset req.http.Cookie; return (hash); } if (req.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|otf|ogg|ogm|opus|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") { unset req.http.Cookie; return (hash); } if (req.http.Cookie ~ "wordpress_" || req.http.Cookie ~ "comment_") { return (pass); } if (req.url ~ "wp-(admin|cron|login)" || req.url ~ "preview=true" || req.url ~ "xmlrpc.php") { return (pass); } set req.http.Surrogate-Capability = "key=ESI/1.0"; if (req.http.Authorization) { return (pass); } return (hash); } sub vcl_pipe { if (req.http.upgrade) { set bereq.http.upgrade = req.http.upgrade; } return (pipe); } sub vcl_pass { } sub vcl_hash { hash_data(req.url); if (req.http.host) { hash_data(req.http.host); } else { hash_data(server.ip); } if (req.http.Cookie) { hash_data(req.http.Cookie); } } sub vcl_hit { if (obj.ttl >= 0s) { return (deliver); } if (!std.healthy(req.backend_hint) && (obj.ttl + obj.grace > 0s)) { return (deliver); } else { return (fetch); } if (std.healthy(req.backend_hint)) { if (obj.ttl + 10s > 0s) { return (deliver); } else { return(fetch); } } else { if (obj.ttl + obj.grace > 0s) { return (deliver); } else { return (fetch); } } return (fetch); # Dead code, keep as a safeguard } sub vcl_miss { return (fetch); } sub vcl_backend_response { if (beresp.http.Surrogate-Control ~ "ESI/1.0") { unset beresp.http.Surrogate-Control; set beresp.do_esi = true; } if (bereq.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip|webm)(\?.*)?$") { unset beresp.http.set-cookie; } if (bereq.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|gz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av]|webm)(\?.*)?$") { unset beresp.http.set-cookie; set beresp.do_stream = true; # Check memory usage it'll grow in fetch_chunksize blocks (128k by default) if the backend doesn't send a Content-Length header, so only enable it for big objects set beresp.do_gzip = false; # Don't try to compress it for storage } if (beresp.status == 301 || beresp.status == 302) { set beresp.http.Location = regsub(beresp.http.Location, ":[0-9]+", ""); } if (beresp.http.Set-Cookie && bereq.url !~ "wp-(login|admin)") { unset beresp.http.Set-Cookie; } if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120s; set beresp.uncacheable = true; # Flags the response as hit-for-pass return (deliver); } if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) { return (abandon); } set beresp.grace = 6h; return (deliver); } sub vcl_deliver { if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed set resp.http.X-Cache = "HIT"; } else { set resp.http.X-Cache = "MISS"; } set resp.http.X-Cache-Hits = obj.hits; unset resp.http.X-Powered-By; unset resp.http.Server; unset resp.http.X-Drupal-Cache; unset resp.http.X-Varnish; unset resp.http.Via; unset resp.http.Link; unset resp.http.X-Generator; unset resp.http.X-Clacks-Overhead; return (deliver); } sub vcl_purge { if (req.method != "PURGE") { set req.http.X-Purge = "Yes"; return(restart); } } sub vcl_synth { if (resp.status == 720) { set resp.http.Location = resp.reason; set resp.status = 301; return (deliver); } elseif (resp.status == 721) { set resp.http.Location = resp.reason; set resp.status = 302; return (deliver); } return (deliver); } sub vcl_fini { return (ok); }
netstat -ant|grep 80 $ netstat -ant|grep 80 tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN tcp 0 0 10.0.0.8:58972 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58912 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58888 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:44180 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:58948 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58984 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58828 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58998 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58840 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58900 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58924 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58960 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:59014 168.63.129.16:80 TIME_WAIT tcp 1 0 10.0.0.8:58972 169.254.169.254:80 CLOSE_WAIT tcp 0 0 10.0.0.8:58872 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58936 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58816 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58852 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:54180 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:58804 168.63.129.16:80 TIME_WAIT tcp 0 0 10.0.0.8:58874 168.63.129.16:80 TIME_WAIT tcp6 0 0 :::80 :::* LISTEN
netstat -ant|grep 443 tcp 0 0 10.0.0.8:54514 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54622 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54626 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44560 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54480 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:50576 13.66.176.26:443 TIME_WAIT tcp 0 0 10.0.0.8:44576 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54660 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44528 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54504 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44636 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54502 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44478 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:50572 13.66.176.26:443 TIME_WAIT tcp 0 0 10.0.0.8:44468 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54466 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44610 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54482 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54578 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44466 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:44672 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54646 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54454 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54662 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:50570 13.66.176.26:443 TIME_WAIT tcp 0 0 10.0.0.8:54456 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54506 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44624 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:44598 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54636 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54492 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44526 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:50666 13.66.176.26:443 TIME_WAIT tcp 0 0 10.0.0.8:50682 13.66.176.26:443 TIME_WAIT tcp 0 0 10.0.0.8:54648 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44660 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:44492 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54548 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54470 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54650 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44538 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54658 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54610 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44540 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:44658 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54638 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44586 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54562 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54458 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44514 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54574 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44490 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:44562 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54634 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54600 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44504 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54614 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:50660 13.66.176.26:443 TIME_WAIT tcp 0 0 10.0.0.8:54526 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54612 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54550 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:50662 13.66.176.26:443 TIME_WAIT tcp 0 0 10.0.0.8:54490 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54598 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54590 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54602 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54552 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44480 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54468 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54518 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54588 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54528 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44502 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54576 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44622 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:44646 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54564 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44588 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:44612 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54530 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54624 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54478 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:54516 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44600 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:44670 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:44648 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54566 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:50668 13.66.176.26:443 TIME_WAIT tcp 0 0 10.0.0.8:44574 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54494 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44516 52.239.148.164:443 TIME_WAIT tcp 0 0 10.0.0.8:54586 13.77.184.72:443 TIME_WAIT tcp 0 0 10.0.0.8:44634 52.239.148.164:443 TIME_WAIT
该服务器的公共IP为52.183.115.144
我的问题是:
经过这么多天之后,我设法找出了解决办法。
这应该是使用debops-wordpres来部署Wordpress Multisite和其他自定义域名的人。 我不能说云环境是否有所作为(Azure,而不是其他选项)。 开发人员似乎认为我面临的问题是因为他没有经过testing,并调整了Azure。 但是我真的不知道它有什么不同。 一个Ubuntu 16.04虚拟机是相同的,它可能永远托pipe(据我所知)。
我已经把这个解决scheme传达给debops-wordpres项目的开发者,他告诉我实际上我所做的是这样的:
看来你所做的只是通过nginx虚拟主机直接去清漆。
无论出于何种原因,为了使多边定制域可操作,直接上清是必要的。
实质上,需要编辑的所有configuration文件对Nginx和Varnish侦听的端口都有影响。 我采取了以下步骤:
/etc/nginx/sites-enabled/varnish.www.sewalunafoundation.nz.conf 。 你只是删除一个符号链接; 实际文件保留在/sites-available/文件夹中 /etc/nginx/sites-enabled/default以使该行listen [::]:80 default_server; 改为listen 8080; /etc/systemd/system/varnish.service 。 在ExecStart设置上,将-a *:6081更改为-a *:80 。 该设置的最终结果是: ExecStart=/usr/sbin/varnishd -j unix,user=vcache -P /run/varnishd.pid -F -a *:80 -T localhost:6082 -t 120 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,1715.0
/etc/default/varnish ,改变DAEMON_OPTS="-a :6081 \ to DAEMON_OPTS="-a :80 \ 进行这些更改后,运行以下命令:
sudo systemctl daemon-reload sudo service nginx restart sudo service varnish restart sudo service varnish status (check Varnish has loaded okay) sudo netstat -tulnp (check the right ports are being listened to)
最后一个命令应该产生以下内容:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1842/mysqld tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1475/redis-server l tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1325/varnishd tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1517/nginx -g daemo tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1412/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2293/master tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 1325/varnishd tcp6 0 0 :::80 :::* LISTEN 1325/varnishd tcp6 0 0 :::22 :::* LISTEN 1412/sshd tcp6 0 0 :::25 :::* LISTEN 2293/master udp 0 0 0.0.0.0:68 0.0.0.0:* 1006/dhclient
你会看到Varnish听着tcp 80 , tcpv6 80 。 这也是听6082 。 Nginx正在监听tcp 8080 。
您的网站现在应该加载在主域和多站点域上。 您可能需要重新启动Azure虚拟机。 我做了,但我不能说是否有必要让事情工作(在做出上述改变之后)。
我已经被debops-wordpress的开发者告知,在这个修改后的configuration下,SSL将不起作用。 这是不幸的,我将考虑是否有任何方法来解决这个问题。 即使这意味着将所有SSL请求的清除掉,我会这样做,但只需要弄清楚如何。