VPS侦探论坛

标题: 求助 lnmp ssl http正常https 无法访问此网站 [打印本页]
作者: 超级无敌大帅哥    时间: 2020-3-19 23:10
标题: 求助 lnmp ssl http正常https 无法访问此网站
lnmp lnmp vhost add 自动生成 ssl Letsencrypt 显示成功http可以 https显示
443端口似乎开启了 请大神帮忙看看 那里的问题?

Reload nginx...  done
[2020年 03月 19日 星期四 22:32:28 CST] Reload success
Let's Encrypt SSL Certificate create successfully.
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
================================================
Virtualhost infomation:
Your domain: 隐藏了
Home Directory: /home/wwwroot/default/test
Rewrite: none
Enable log: yes
Create database: no
Create ftp account: no
Enable SSL: yes
  =>Let's Encrypt
================================================

[root@localhost default]# ss -ntl
State      Recv-Q Send-Q                    Local Addressort                                   Peer Addressort              
LISTEN     0      50                                    *:3306                                              *:*                  
LISTEN     0      128                                   *:80                                                *:*                  
LISTEN     0      128                                   *:80                                                *:*                  
LISTEN     0      128                                   *:22                                                *:*                  
LISTEN     0      128                                   *:443                                               *:*                  
LISTEN     0      128                                  :::22                                               :::*   
=====================================================================



=============================================================
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*nat
REROUTING ACCEPT [224:21736]
:INPUT ACCEPT [21:1166]
:OUTPUT ACCEPT [387:24048]
OSTROUTING ACCEPT [387:24048]
:OUTPUT_direct - [0:0]
OSTROUTING_ZONES - [0:0]
OSTROUTING_ZONES_SOURCE - [0:0]
OSTROUTING_direct - [0:0]
OST_public - [0:0]
OST_public_allow - [0:0]
OST_public_deny - [0:0]
:POST_public_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o eno16780032 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i eno16780032 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Wed Mar 18 13:58:44 2020
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*mangle
:PREROUTING ACCEPT [183919:214886581]
:INPUT ACCEPT [183919:214886581]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [138279:11824843]
:POSTROUTING ACCEPT [138279:11824843]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i eno16780032 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Wed Mar 18 13:58:44 2020
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*security
:INPUT ACCEPT [183716:214866011]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [138279:11824843]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Wed Mar 18 13:58:44 2020
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*raw
:PREROUTING ACCEPT [183919:214886581]
:OUTPUT ACCEPT [138279:11824843]
:OUTPUT_direct - [0:0]
:PREROUTING_direct - [0:0]
-A PREROUTING -j PREROUTING_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Wed Mar 18 13:58:44 2020
# Generated by iptables-save v1.4.21 on Wed Mar 18 13:58:44 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [406:30708]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_IN_ZONES_SOURCE - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_OUT_ZONES_SOURCE - [0:0]
:FORWARD_direct - [0:0]
:FWDI_public - [0:0]
:FWDI_public_allow - [0:0]
:FWDI_public_deny - [0:0]
:FWDI_public_log - [0:0]
:FWDO_public - [0:0]
:FWDO_public_allow - [0:0]
:FWDO_public_deny - [0:0]
:FWDO_public_log - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_ZONES_SOURCE - [0:0]
:INPUT_direct - [0:0]
:IN_public - [0:0]
:IN_public_allow - [0:0]
:IN_public_deny - [0:0]
:IN_public_log - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -p icmp -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eno16780032 -g FWDI_public
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o eno16780032 -g FWDO_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -i eno16780032 -g IN_public
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
作者: licess    时间: 2020-3-20 08:59
https://www.vpser.net/manage/aliyun-securitygroup-setting.html
作者: 超级无敌大帅哥    时间: 2020-3-20 13:28
licess 发表于 2020-3-20 08:59
https://www.vpser.net/manage/aliyun-securitygroup-setting.html

十分感谢 的确是服务器“防火墙安全规则”方面的问题  报机房申请开443端口后问题解决。



欢迎光临 VPS侦探论坛 (https://bbs.lnmp.com/) Powered by Discuz! X3.4