服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 尽pipe端口443已打开,但无法访问https
Intereting Posts
用户的AD帐户随机locking问题 .net驱使我疯狂:)(64位操作系统开发的32位HTTP 500) 如何获得CentOS Kernel Source以安装VirtualBox 安装高级日志logging1.0模块后,IIS 7.5 FTP服务崩溃 为什么在IIS 7.5上不共享configuration复制应用程序池标识SID? 如何增加vmware.log文件的数量? 需要从MySQL状态variables中只提取一列的结果 通过haproxy通过HTTPS SSH 在Linux上nonenghlish字符 如何在Windows上testingWindows 2008 Server的性能 在docker中无法连接到MongoDB Nginx – SSL,HSTS和代理请求到不同的CN 如何将主机分配给ISC DHCPD中的类? 在AWS Elastic Beanstalk上启用EPEL存储库 Bash和阻止进程

尽pipe端口443已打开,但无法访问https

这是我第一次build立一个服务器,我刚刚安装了一个SSL证书。 我也对iptable进行了一些更改,以允许访问443.下面是iptables -L的输出 

target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp ACCEPT udp -- anywhere anywhere state NEW udp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:urd REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https

我也通过ssh'ing检查nmap进入服务器,并从服务器本身运行nmap。 

 Starting Nmap 5.51 ( http://nmap.org ) at 2016-04-15 15:31 SGT Nmap scan report for <my.domain.ip> Host is up (0.0000050s latency). Not shown: 994 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 443/tcp open https 3005/tcp open deslogin 3031/tcp open epic

当我远程尝试telnet [my.domain.ip] 443时 

 Trying <my.domain.ip>... telnet: connect to address <my.domain.ip>: Connection refused telnet: Unable to connect to remote host

最后,我不知道nginx.conf是否起作用,但是下面是这个域的ssl代码片段 

 #include /etc/nginx/conf.d/*.conf; server { listen <my.domain.ip>:80; server_name mydomain.com www.mydomain.com; index index.html index.htm index.py; access_log /var/log/nginx/mydomain.com.log; error_log /var/log/nginx/mydomain.log.error; root /home/fr/; charset utf-8; #error_page 500 502 503 504 /custom_50x.html; #location = /custom_50x.html { # internal; #} location / { uwsgi_pass <my.domain.ip>:3031; include uwsgi_params; } location /static { root /home/fr/env/FRuler/fruler/; } } ### for ssl ### server { listen <my.domain.ip>:80; server_name mydomain.com www.mydomain.com; index index.html index.htm index.py; access_log /var/log/nginx/mydomain.com.log; error_log /var/log/nginx/mydomain.log.error; root /home/fr/; charset utf-8; location / { uwsgi_pass <my.domain.ip>:3031; include uwsgi_params; } location /static { root /home/fr/env/FRuler/fruler/; } } server { listen 443 ssl; server_name mydomain.com www.mydomain.com; ssl on; ssl_certificate /etc/ssl/mydomain/ssl.crt; ssl_certificate_key /etc/ssl/mydomain/server.key; server_name mydomain www.mydomain.com; access_log /var/log/nginx/mydomain.com.log; error_log /var/log/nginx/mydomain.log.error; location / { root /home/fr/; index index.html; } } ### end of ssl ###

任何帮助表示赞赏。

在iptables中顺序很重要,顺序遍历规则。 

 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https

拒绝所有后续的规则打开端口443的HTTPS将永远不会达到,并没有任何效果。 你的一般拒绝规则应该是最后的。