V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
kmdd33
V2EX  ›  问与答

正在配置 https,出现 https 访问 PHP 文件 403forbidden, http 访问站点正常

  •  
  •   kmdd33 · 2018-07-12 18:35:05 +08:00 · 1824 次点击
    这是一个创建于 2332 天前的主题,其中的信息可能已经有所发展或是发生改变。

    站点环境:centos7+php+mysql+openresty ( nginx )

    用的是腾讯云的一年免费证书,配置好后,目前网站用 https://www.mydomain.com/50x.html ,https://www.mydomain.com/info.php 测试都可以正常显示 https,但是访问首页和其他 webpage 页面却都是 403forbidden。http 访问全部网页显示正常。为什么出现这种情况?请问同学们如何解决?

    cosole 里面的错误提示:fail to load resource

    error.log :

    2018/07/11 07:55:22 [emerg] 5550#5550: bind() to [::]:80 failed (98: Address already in use)

    2018/07/11 07:55:22 [emerg] 5550#5550: bind() to 0.0.0.0:443 failed (98: Address already in use)

    贴出自己的 nginx.conf:

    user root;

    worker_processes 1;

    #error_log logs/error.log;

    error_log logs/error.log debug;

    #error_log logs/error.log info;

    pid logs/nginx.pid;

    #error_log /var/log/nginx/error.log debug;

    #pid /var/run/nginx/nginx.pid;

    events {

    worker_connections  1024;
    

    }

    http {

    include       mime.types;
    default_type  application/octet-stream;
    
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    
    #access_log  logs/access.log  main;
    
    sendfile        on;
    #tcp_nopush     on;
    
    #keepalive_timeout  0;
    keepalive_timeout  65;
    
    client_max_body_size 8m;    #允许客户端请求的最大单文件字节数
    client_body_buffer_size 2m;  #缓冲区代理缓冲用户端请求的最大字节
    
    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    
    gzip  on;
    
    #WAF
    lua_shared_dict limit 50m;
    lua_shared_dict guard_dict 100m;
    lua_shared_dict dict_captcha 70m;
    lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
    init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
    access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
    
    server {
        listen       80;
        listen       [::]:80 ipv6only=on default_server;
        
        server_name  my.server.ip.here;
    
        #charset koi8-r;
    
        #access_log  logs/host.access.log  main;
    
        location / {
            root   html;
            index  index.php index.html index.htm;
        }
    
        #error_page  404              /404.html;
    
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}
    
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        
        location ~ \.php$ {
            
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }
    
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
    
    
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;
    
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
    
    
    # HTTPS server
    
    server {
        listen  443 ssl http2;
        
        server_name  www.mydomainname.com;
        charset  utf-8;
        ssl on;
        default_type  text/plain;
        
       ssl_certificate       1_www.mydomainname.com_bundle.crt;
       ssl_certificate_key   2_www.mydomainname.com.key;
       
    
       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m;
       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
       ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
       ssl_prefer_server_ciphers  on;
    
        location / {
            root   html;
            index  index.html index.htm index.php;
        }
    
    
         location ~ /phpmyadmin/.+\.php$ {
            if ($fastcgi_script_name ~ /phpmyadmin/(.+\.php.*)$) {
             set $valid_fastcgi_script_name $1;
            }
             include fastcgi_params;
             fastcgi_pass 127.0.0.1:9000;
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME /usr/share/phpMyAdmin/$valid_fastcgi_script_name;
         }
    
        location ~ \.php$ {
            # 设置监听端口
            fastcgi_pass   127.0.0.1:9000;
            # 设置 nginx 的默认首页文件(上面已经设置过了,可以删除)
            fastcgi_index  index.php;
            # 设置脚本文件请求的路径
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            # 引入 fastcgi 的配置文件
            include        fastcgi_params;
        }
    
    
    
    }
    

    }

    chrisyunhua
        1
    chrisyunhua  
       2018-07-12 19:53:38 +08:00
    应该看一看端口占用吧
    kmdd33
        2
    kmdd33  
    OP
       2018-07-12 20:46:57 +08:00
    @chrisyunhua


    # sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5974/nginx: worker
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5974/nginx: worker
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 730/sshd
    tcp6 0 0 :::9000 :::* LISTEN 4961/php-fpm: pool
    tcp6 0 0 :::3306 :::* LISTEN 3299/mysqld
    tcp6 0 0 :::80 :::* LISTEN 5974/nginx: worker
    tcp6 0 0 :::22 :::* LISTEN 730/sshd
    kmdd33
        3
    kmdd33  
    OP
       2018-07-12 20:50:16 +08:00
    # ps ax | grep nginx
    5974 ? S 0:03 nginx: worker process
    32605 pts/0 S+ 0:00 grep --color=auto nginx
    kmdd33
        4
    kmdd33  
    OP
       2018-07-12 21:41:37 +08:00
    刚解决掉,贴出解决步骤:

    # service openresty stop

    Stopping openresty (via systemctl): [ OK ]

    [root@li1165-57 ~]# ps ax |grep nginx

    648 pts/1 S+ 0:00 grep --color=auto nginx
    5974 ? S 0:04 nginx: worker process

    [root@li1165-57 ~]# ps ax | grep nginx
    651 pts/1 S+ 0:00 grep --color=auto nginx
    5974 ? S 0:04 nginx: worker process

    [root@li1165-57 ~]# ps ax | grep nginx

    653 pts/1 S+ 0:00 grep --color=auto nginx
    5974 ? S 0:04 nginx: worker process

    [root@li1165-57 ~]# sudo kill -2 5974 (最终要的命令,杀死正在进行中的 nginx 进程)

    [root@li1165-57 ~]# sudo kill -2 5974

    kill: sending signal to 5974 failed: No such process

    [root@li1165-57 ~]# ps ax | grep nginx

    694 pts/1 S+ 0:00 grep --color=auto nginx

    [root@li1165-57 ~]# service openresty restart

    Restarting openresty (via systemctl): [ OK ]

    [root@li1165-57 ~]# systemctl status openresty

    ● openresty.service - SYSV: OpenResty is a scalable web platform by extending
    Loaded: loaded (/etc/rc.d/init.d/openresty; bad; vendor preset: disabled)
    Active: active (running) since Thu 2018-07-12 13:21:32 UTC; 31s ago
    Docs: man:systemd-sysv-generator(8)
    Process: 9983 ExecStop=/etc/rc.d/init.d/openresty stop (code=exited, status=0/SUCCESS)
    Process: 721 ExecStart=/etc/rc.d/init.d/openresty start (code=exited, status=0/SUCCESS)
    Main PID: 737 (nginx)
    CGroup: /system.slice/openresty.service
    ├─737 nginx: master process /usr/local/openresty/nginx/sbin/nginx -c /usr/local/ope...
    └─739 nginx: worker process

    Jul 12 13:21:32 li1165-57.members.vultr.com systemd[1]: Starting SYSV: OpenResty is a scalab....
    Jul 12 13:21:32 li1165-57.members.vultr.com openresty[721]: Starting nginx: [ OK ]
    Jul 12 13:21:32 li1165-57.members.vultr.com systemd[1]: PID file /usr/local/openresty/nginx/....
    Jul 12 13:21:32 li1165-57.members.vultr.com systemd[1]: Started SYSV: OpenResty is a scalabl....
    Hint: Some lines were ellipsized, use -l to show in full.
    [root@li1165-57 ~]#
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2589 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 30ms · UTC 01:34 · PVG 09:34 · LAX 17:34 · JFK 20:34
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.