[英]How to configure ports on Apache?
我的服務器上有Node JS,但它不起作用。 我認為這是穿的問題。
使用以下命令:
# curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
# apt-get update
# apt-get install nodejs
僅此而已,我什么也沒做。
我安裝了drupal nodejs:
# cd /home/www.mydomaine.com/public_html
# npm install drupal-node.js
# npm install pm2 -g
這是我的服務器的配置:
<IfModule mod_fastcgi.c>
AddHandler php7-fcgi-www.mydomaine.com .php
Action php7-fcgi-www.mydomaine.com /php7-fcgi-www.mydomaine.com
Alias /php7-fcgi-www.mydomaine.com /usr/lib/cgi-bin/php7-fcgi-www.mydomaine.com
FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-www.mydomaine.com -socket /run/php/php7.1-fpm.www.mydomaine.com.sock -idle-timeout 120 -pass-header Authorization
<Directory "/usr/lib/cgi-bin">
Require all granted
</Directory>
</IfModule>
<VirtualHost 138.74.184.65:80 [2001:21d0:0305:2100:0000:0000:0000:4741]:80>
ServerAdmin contact@mydomaine.com
ServerName mydomaine.com
ServerAlias www.mydomaine.com
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost 138.74.184.65:443 [2001:21d0:0305:2100:0000:0000:0000:4741]:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.mydomaine.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomaine.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.mydomaine.com/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Download-Options "noopen"
Header always set X-Permitted-Cross-Domain-Policies "none"
Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"
Header set Set-Cookie HttpOnly;Secure
ServerAdmin contact@mydomaine.com
ServerName mydomaine.com
ServerAlias www.mydomaine.com
DocumentRoot /var/www/www.mydomaine.com/public_html/web/
<Directory /var/www/www.mydomaine.com/public_html/web>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
<IfModule mod_fastcgi.c>
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler php7-fcgi-www.mydomaine.com
</FilesMatch>
</IfModule>
ErrorLog /var/www/www.mydomaine.com/logs/error.log
CustomLog /var/www/www.mydomaine.com/logs/access.log combined
</VirtualHost>
</IfModule>
我的網站在:
/home/www.mydomaine.com/public_html/web
這是Drupal nodejs.config.js
配置:
settings = {
scheme: 'http',
port: 8080,
host: 'localhost',
resource: '/socket.io',
serviceKey: 'hgfjkliutfh',
backend: {
port: 443,
host: 'www.mydomaine.com',
scheme: 'https',
basePath: '/web',
messagePath: '/nodejs/message'
},
debug: true,
sslKeyPath: '/etc/letsencrypt/live/www.mydomaine.com/privkey.pem',
sslCertPath: '/etc/letsencrypt/live/www.mydomaine.com/cert.pem',
sslCAPath: '/etc/letsencrypt/live/www.mydomaine.com/chain.pem',
baseAuthPath: '/nodejs/',
extensions: [],
clientsCanWriteToChannels: false,
clientsCanWriteToClients: false,
transports: ['websocket', 'polling'],
jsMinification: true,
jsEtag: true,
logLevel: 1
};
這是我的iptables的內容:
#!/bin/sh
# Réinitialise les règles
iptables -t filter -F
iptables -t filter -X
# Bloque tout le trafic
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
# Autorise les connexions déjà établies et localhost
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT
# SSH
iptables -t filter -A INPUT -p tcp --dport 4829 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 4829 -j ACCEPT
# DNS
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
# NTP (horloge du serveur)
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
# NODE JS
iptables -t filter -A OUTPUT -p tcp --dport 8080 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT
# HTTP
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
# HTTP Caldav
iptables -t filter -A OUTPUT -p tcp --dport 8008 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8008 -j ACCEPT
# HTTPS
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
# HTTPS Caldav
iptables -t filter -A OUTPUT -p tcp --dport 8008 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT
# FTP
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
# Mail SMTP
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 465 -j ACCEPT
# Mail POP3
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT
# Mail IMAP
iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
# Anti Flood / Deni de service / scan de port
iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
這是我的/ etc / hosts的內容
127.0.0.1 localhost
138.74.184.65 vps000000.ovh.net vps000000
2001:21d0:0305:2100:0000:0000:0000:4741 vps000000.ovh.net vps000000
127.0.1.1 myname.fr
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
這是我的/etc/apache2/ports.conf的內容
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
命令結果netstat -ntpl
root@vps000000:~# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2476/master
tcp 0 0 0.0.0.0:4829 0.0.0.0:* LISTEN 1423/sshd
tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 1690/postgrey.pid -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1452/mysqld
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 24716/drupal
tcp6 0 0 :::25 :::* LISTEN 2476/master
tcp6 0 0 :::443 :::* LISTEN 24939/apache2
tcp6 0 0 :::4829 :::* LISTEN 1423/sshd
tcp6 0 0 :::7134 :::* LISTEN 1913/java
tcp6 0 0 :::80 :::* LISTEN 24939/apache2
Drupal顯示以下消息:
已成功訪問Node.js服務器。
在我的網站上,控制台中顯示以下錯誤:
無法加載源為« http:// localhost:8080 / socket.io / socket.io.js »的元素。
和:
拒絕加載腳本“ http:// localhost:8080 / socket.io / socket.io.js ”,因為它違反了以下內容安全策略指令:“ default-src https:data:'unsafe-inline''unsafe-評估”。 請注意,未明確設置“ script-src”,因此將“ default-src”用作備用。
在終端中,我有:root @ vps000000:/home/www.mydomaine.com/public_html/node_modules/drupal-node.js# node app.js啟動了HTTP服務器。 [2018/03/15 16:44:02]路由回調:checkServiceKey [2018/03/15 16:44:02]路由回調:healthCheck
更新
我已經更新了我的配置,如下所示,而drupal似乎已經發現/socket.io/socket.io.js
我開始感到絕望。
這是Drupal nodejs.config.js
配置:
settings = {
scheme: 'http',
port: 8080,
host: 'www.s1biose.com',
resource: '/socket.io',
serviceKey: 'hgfjkliutfh',
backend: {
port: 443,
host: 'www.s1biose.com',
scheme: 'https',
basePath: '/web',
messagePath: '/nodejs/message'
},
debug: true,
sslKeyPath: '/etc/letsencrypt/live/www.s1biose.com/privkey.pem',
sslCertPath: '/etc/letsencrypt/live/www.s1biose.com/cert.pem',
sslCAPath: '/etc/letsencrypt/live/www.s1biose.com/chain.pem',
baseAuthPath: '/nodejs/',
extensions: [],
clientsCanWriteToChannels: false,
clientsCanWriteToClients: false,
transports: ['websocket', 'polling'],
jsMinification: true,
jsEtag: true,
logLevel: 1
};
在Drupal上,我的配置如下:
現在,控制台顯示以下消息:
Refused to connect to 'wss://www.s1biose.com:8080/socket.io/?EIO=3&transport=websocket&sid=8T6_V7vjKg48n731AAAJ' because it violates the following Content Security Policy directive: "default-src https: data: 'unsafe-inline' 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
n.doOpen @ universalModuleDefinition:3
此消息是什么意思? 我在正確的軌道上嗎? 在我之前的配置控制台上,它指示找不到文件/socket.io/socket.io.js
是我進步了嗎?
這是正常的“ wss”而不是“ https”是什么?
在Apache上,您可以在/etc/apache2/ports.config中配置端口。
在ports.config中,服務器正在偵聽端口80,但是在節點設置文件上,您指向端口8080並缺少后端端口80。請參閱步驟5: https : //www.drupal.org/project/ drupalchat /問題/ 1415624
而且,您的防火牆(iptables)規則反映在端口8080上。因此,您需要匹配端口80或8080。然后嘗試訪問您的站點並檢查Apache日志.... / logs / Apache / access.log和...... / error.log
此外,您在Apache和其他設置文件中的主機與localhost或“ www.mydomaine.com”不匹配??
此外,您的/ etc / hosts不知道'www.mydomaine.com',因此無法在您的計算機中訪問,因為它不在DNS中。
In /etc/hosts add
127.0.0.1 mydomaine.com
同時更新 ,拒絕消息表明您需要允許內容安全策略中的.js文件位於共享主機示例中的security.conf文件或.htaccess文件中:
content =“ default-src'self'https:// example.com/js/”
有關主題的背景信息,請參見以下示例: https : //www.sitepoint.com/improving-web-security-with-the-content-security-policy/
**更新新**
根據您的最新評論和錯誤,很明顯1 )Apache config中的內容策略未更改(請參見上面的詳細信息); 2)在nodejs配置文件中,https和https的后端(443端口)不匹配。 首先,嘗試使http工作,然后移至ssl。 3 )使用真正的DNS比本地主機。
嘗試此更改(請**不要添加*)
settings = {
scheme: 'http',
port: 8080,
host: 'www.s1biose.com',
resource: '/socket.io',
serviceKey: 'hgfjkliutfh',
backend: {
port: **80**,
host: 'www.s1biose.com',
scheme: '**http**',
basePath: '/web',
messagePath: '/nodejs/message'
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.