服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Ubuntu / apache2:无法打开端口443
Intereting Posts
nginxconfiguration安全资产服务 如何检查两台服务器是否安装了相同的function和更新? 嵌套的Drupal网站清理url 域名注册商转让 在Ubuntu < – > CISCO路由器上使用OpenSwan的IPSEC隧道 使用nginx,我想重写一个.aspx扩展名的URL 为NIC添加额外的IP会导致主IP的连接问题(Win Server 2012 / IIS) Apache通过负载均衡器访问时出现错误的证书 我怎样才能让/ var / log / messages使用FQDN而不是短主机名? 计算机configuration和GPO中的用户configuration之间的区别 为多个系统的多个用户pipe理SSH密钥(例如github,如ssh密钥ui) 硬件状态与ESXi显示不完整的硬件信息; 错误的BMC细节 在Hyper-V中启动Xen虚拟机出现问题 不能SSH隧道与PuTTY(Windows Vista)连接到MySQL的Linux机箱 通过ssh使用bash脚本获取远程linux服务器的IP地址

Ubuntu / apache2:无法打开端口443

我正尝试在我的Ubuntu 14服务器上安装一个SSL证书(使用apache 2)。 出于某种原因,端口443似乎被closures

我安装并启用ssl

/etc/apache2/ports.conf如下: 

 Listen 80 #<IfModule ssl_module> # Listen 443 #</IfModule> <IfModule mod_ssl.c> Listen 443 NameVirtualHost 92.243.16.14:443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> root@server01:/home/admin# netstat -ntlp | grep LISTEN tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 1317/amavisd-new (m tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1184/mysqld tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1116/sshd tcp6 0 0 :::80 :::* LISTEN 2037/apache2 tcp6 0 0 :::22 :::* LISTEN 1116/sshd tcp6 0 0 :::443 :::* LISTEN 2037/apache2 root@server01:/home/admin# ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22 ALLOW IN Anywhere 22/tcp ALLOW IN Anywhere 80/tcp ALLOW IN Anywhere 21/tcp ALLOW IN Anywhere 443/tcp ALLOW IN Anywhere 22 (v6) ALLOW IN Anywhere (v6) 22/tcp (v6) ALLOW IN Anywhere (v6) 80/tcp (v6) ALLOW IN Anywhere (v6) 21/tcp (v6) ALLOW IN Anywhere (v6) 443/tcp (v6) ALLOW IN Anywhere (v6)

我错过了什么吗? 任何帮助将不胜感激。

编辑 

 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 9 1256 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 5874 654K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 247 14772 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 31 1780 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 120 7143 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ufw-track-forward all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 5937 1698K ufw-before-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0 5937 1698K ufw-before-output all -- * * 0.0.0.0/0 0.0.0.0/0 627 47626 ufw-after-output all -- * * 0.0.0.0/0 0.0.0.0/0 627 47626 ufw-after-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0 627 47626 ufw-reject-output all -- * * 0.0.0.0/0 0.0.0.0/0 627 47626 ufw-track-output all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ufw-after-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw-after-input (1 references) pkts bytes target prot opt in out source destination 0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68 0 0 ufw-skip-to-policy-input all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) pkts bytes target prot opt in out source destination Chain ufw-after-output (1 references) pkts bytes target prot opt in out source destination Chain ufw-before-forward (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 0 0 ufw-user-forward all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ufw-before-input (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 0 0 ufw-not-local all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 0 0 ACCEPT udp -- * * 0.0.0.0/0 239.255.255.250 udp dpt:1900 0 0 ufw-user-input all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ufw-before-logging-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw-before-logging-input (1 references) pkts bytes target prot opt in out source destination Chain ufw-before-logging-output (1 references) pkts bytes target prot opt in out source destination Chain ufw-before-output (1 references) pkts bytes target prot opt in out source destination 9 1256 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 5301 1649K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 627 47626 ufw-user-output all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ufw-logging-allow (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST 0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ufw-reject-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw-reject-input (1 references) pkts bytes target prot opt in out source destination Chain ufw-reject-output (1 references) pkts bytes target prot opt in out source destination Chain ufw-skip-to-policy-forward (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ufw-skip-to-policy-input (7 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ufw-skip-to-policy-output (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ufw-track-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw-track-input (1 references) pkts bytes target prot opt in out source destination Chain ufw-track-output (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW 627 47626 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW Chain ufw-user-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw-user-input (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 Chain ufw-user-limit (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ufw-user-logging-forward (0 references) pkts bytes target prot opt in out source destination Chain ufw-user-logging-input (0 references) pkts bytes target prot opt in out source destination Chain ufw-user-logging-output (0 references) pkts bytes target prot opt in out source destination Chain ufw-user-output (1 references) pkts bytes target prot opt in out source destination

我对ufw ,但是在这种情况下,我认为这对INPUTstream量来说是完全无效的,因为实现它的规则是 DROPINPUT链中的第五条规则)之后进行的。 你可以从INPUT链中后面的规则的数据包中看到,没有数据包达到任何应该向ufw ufw-发送stream量的规则(我认为这是打算实现ufw策略的) 。

如果你这样做 

 iptables -I INPUT 5 -p tcp --dport 443 -j ACCEPT

这应该打开你的HTTPS端口。 在重新启动时保持持久性,我留给你,因为它是依赖于实现的。