問題描述

環(huán)境：阿里云 centos7

flask web 應(yīng)用， gunicorn 已經(jīng)啟動(dòng)，訪問ip:8888正常訪問

nginx 正常啟動(dòng)，無法直接訪問 ip ，瀏覽器顯示： This site can ’ t be reached

我有兩個(gè)配置文件conf/nginx.conf, site-enable/kaoshixing.conf,內(nèi)容分別如下：

user root;worker_processesauto;# worker_cpu_affinity auto;error_log /home/admin/kaoshixing/nginx/logs/error.log;pid /home/admin/kaoshixing/nginx/logs/nginx.pid;worker_rlimit_nofile 65535;events { use epoll; worker_connections 20480;}http { include mime.types; default_type application/octet-stream; fastcgi_intercept_errors on; log_format milog ’$server_addrt$hostnamet$remote_addrt$http_x_forwarded_fort$time_localt$request_urit$request_lengtht$bytes_sentt$request_timet$statust$upstream_addrt$upstream_cache_statust$upstream_response_timet$http_user_agentt’; ####full-format log for debug log_format debug_log ’$remote_addrt$server_addrt$hostnamet$time_localt$hostt$requestt$statust$body_bytes_sentt$http_referert$http_user_agentt$http_x_forwarded_fort$request_urit$request_lengtht$bytes_sentt$request_bodyt$request_timet$upstream_response_timet$upstream_addrt$upstream_cache_status’; access_log /home/admin/kaoshixing/log/nginx/access.log milog; sendfileon; keepalive_timeout 65; client_max_body_size 120m; server_names_hash_bucket_size 128; proxy_headers_hash_bucket_size 128; proxy_headers_hash_max_size 8192; proxy_connect_timeout 10; proxy_read_timeout 120; proxy_send_timeout 120; proxy_buffer_size16k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; gzip on; gzip_types application/json application/x-json text/plain application/x-javascript text/css text/javascript application/xml text/xml image/jpeg image/gif image/png; gzip_proxied expired no-cache no-store private auth; gzip_min_length 1k; gzip_buffers 16 64k; gzip_http_version 1.1; gzip_comp_level 6; gzip_vary on; limit_req_zone $server_port zone=tp:500m rate=1700r/s; limit_req_zone $server_port zone=tps:500m rate=1100r/s; limit_req_zone $binary_remote_addr zone=tip:500m rate=100r/s; include /home/admin/kaoshixing/nginx/site-enable/*.conf;}

*

upstream kaoshixing.com_backend{ server 0.0.0.0:8888 weight=1 max_fails=2 fail_timeout=30s;}server { listen 80; server_name www.kaoshixing.com; access_log /home/admin/kaoshixing/nginx/logs/ksxing.com.log milog; location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://kaoshixing.com_backend; }}server { listen 443 ssl; server_name www.kaoshixing.com; access_log /home/admin/kaoshixing/nginx/logs/ksxing.com.log milog; ssl on; ssl_certificate ssl/kaoshixing.com.crt; ssl_certificate_key ssl/kaoshixing.com.key; ssl_session_cache shared:SSL:80m; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://kaoshixing.com_backend; proxy_redirect http://www.kaoshixing.com https://www.kaoshixing.com; }}server { listen 80; server_name kaoshixing.com; access_log /home/admin/kaoshixing/nginx/logs/ksxing.com.log milog; location / { rewrite ^(.*) http://www.$host$1 redirect; }}

問題解答

有試過nginx -t檢查配置文件是否正確么

看你這http和https都配置了相同的server_name。 試試看將80端口也配置到https中,看看行不行server {listen 80;listen 443 ssl;......}

因?yàn)槟阍O(shè)置了 server_name ，所以nginx只監(jiān)聽域名，不監(jiān)聽ip。換句話說，nginx不知道自己的外網(wǎng)ip，它會(huì)從配置文件中獲得信息。簡(jiǎn)單的解決辦法是刪除 server_name 。也可以這樣 server_name 1.1.1.1 www.kaoshixing.com; 只是這樣就不能泛域名解析了。

因?yàn)槟阍谒衧erver塊都設(shè)置了server_name，當(dāng)瀏覽器訪問時(shí)，nginx會(huì)一個(gè)個(gè)匹配server_name，如果都不匹配（用ip訪問），nginx就會(huì)使用default_server，但你沒設(shè)置default_server，問題可能就出在這，把一個(gè)server塊改成這樣試試？

server { listen 80 default_server; server_name www.kaoshixing.com;

（還有就是80端口可能被其他程序占用著）

考慮阿里云的安全策略以及CentOS7的防火墻策略.CentOS7默認(rèn)是不開放80端口的.

確認(rèn)下是配置問題導(dǎo)致nginx起不來 還是外網(wǎng)telnet 80不通。我遇到的一般是防火墻設(shè)置的或者80被默認(rèn)vps裝的apache占用。

國內(nèi)云廠商的80端口都需要備案才能放通的。另外單獨(dú)檢查一下安全組策略和VPC的防火墻什么的。