求助 lnmp ssl http正常https 无法访问此网站
lnmp lnmp vhost add 自动生成 ssl Letsencrypt 显示成功http可以 https显示443端口似乎开启了 请大神帮忙看看 那里的问题?
Reload nginx...done
Reload success
Let's Encrypt SSL Certificate create successfully.
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
================================================
Virtualhost infomation:
Your domain: 隐藏了
Home Directory: /home/wwwroot/default/test
Rewrite: none
Enable log: yes
Create database: no
Create ftp account: no
Enable SSL: yes
=>Let's Encrypt
================================================
# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 :::22 :::*
=====================================================================
=============================================================
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*nat
:PREROUTING ACCEPT
:INPUT ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
:OUTPUT_direct -
:POSTROUTING_ZONES -
:POSTROUTING_ZONES_SOURCE -
:POSTROUTING_direct -
:POST_public -
:POST_public_allow -
:POST_public_deny -
:POST_public_log -
:PREROUTING_ZONES -
:PREROUTING_ZONES_SOURCE -
:PREROUTING_direct -
:PRE_public -
:PRE_public_allow -
:PRE_public_deny -
:PRE_public_log -
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o eno16780032 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i eno16780032 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Wed Mar 18 13:58:44 2020
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*mangle
:PREROUTING ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
:FORWARD_direct -
:INPUT_direct -
:OUTPUT_direct -
:POSTROUTING_direct -
:PREROUTING_ZONES -
:PREROUTING_ZONES_SOURCE -
:PREROUTING_direct -
:PRE_public -
:PRE_public_allow -
:PRE_public_deny -
:PRE_public_log -
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i eno16780032 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Wed Mar 18 13:58:44 2020
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*security
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:FORWARD_direct -
:INPUT_direct -
:OUTPUT_direct -
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Wed Mar 18 13:58:44 2020
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*raw
:PREROUTING ACCEPT
:OUTPUT ACCEPT
:OUTPUT_direct -
:PREROUTING_direct -
-A PREROUTING -j PREROUTING_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Wed Mar 18 13:58:44 2020
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
:FORWARD_IN_ZONES -
:FORWARD_IN_ZONES_SOURCE -
:FORWARD_OUT_ZONES -
:FORWARD_OUT_ZONES_SOURCE -
:FORWARD_direct -
:FWDI_public -
:FWDI_public_allow -
:FWDI_public_deny -
:FWDI_public_log -
:FWDO_public -
:FWDO_public_allow -
:FWDO_public_deny -
:FWDO_public_log -
:INPUT_ZONES -
:INPUT_ZONES_SOURCE -
:INPUT_direct -
:IN_public -
:IN_public_allow -
:IN_public_deny -
:IN_public_log -
:OUTPUT_direct -
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -p icmp -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eno16780032 -g FWDI_public
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o eno16780032 -g FWDO_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -i eno16780032 -g IN_public
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
https://www.vpser.net/manage/aliyun-securitygroup-setting.html licess 发表于 2020-3-20 08:59
https://www.vpser.net/manage/aliyun-securitygroup-setting.html
十分感谢 的确是服务器“防火墙安全规则”方面的问题报机房申请开443端口后问题解决。
页:
[1]