HTTPS和http在本地网络上工作,但只有http在本地网络外工作

dauxcl2d  于 2022-09-20  发布在  Nginx
关注(0)|答案(1)|浏览(245)

我正在开发一个网站。一旦我有了Windows 10+XAMPP+Cloudflare-Flexile-SSL,我就可以从外部本地网络访问我的网站,锁图标出现在浏览器中,HTTPS像护身符一样工作(排除了这个解决方案在我的家庭服务器和CloudFlare端之间不安全)。现在我使用的是带有certbot的Ubuntu 20.04+Nginx+自制的SSL证书。它的工作方式就像是来自本地网络的护身符,但当我尝试从本地网络外部访问我的域时,我最终得到了工作正常的HTTP,但HTTPS坚持使用ERR_CONNECTION_TIME_OUT或ERR_CONNECTION_REJECTED,主要是在页面加载非常长而且永远不会结束之后。

sudo netstat -an | grep "LISTEN "

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:46285         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:33060         0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN
nmap -sT mydomain.com

Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-31 19:03 -03
Nmap scan report for mydomain.com (127.0.0.1)
Host is up (0.00014s latency).
rDNS record for 127.0.0.1: localhost
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql
nmap -sT my.ipv4.public.ip(192.XX.XXX.XXX)

Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-31 19:11 -03
Nmap scan report for 191-055-235-169.xd-dynamic.algartelecom.com.br (my.ipv4.public.ip)
Host is up (0.0018s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
sudo iptables -L -vn

Chain INPUT (policy DROP 153 packets, 25075 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5282  638K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
50363 4662K ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
50363 4662K ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
14107 1158K ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  153 25075 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  153 25075 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  153 25075 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 7 packets, 316 bytes)
 pkts bytes target     prot opt in     out     source               destination         
24573   61M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
24573   61M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 2315  144K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 2315  144K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 2315  144K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 2315  144K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain f2b-sshd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   31  1804 REJECT     all  --  *      *       151.63.97.42         0.0.0.0/0            reject-with icmp-port-unreachable
   20  1648 REJECT     all  --  *      *       70.51.16.212         0.0.0.0/0            reject-with icmp-port-unreachable
  211 18552 REJECT     all  --  *      *       110.42.190.60        0.0.0.0/0            reject-with icmp-port-unreachable
 5020  616K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-after-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   70  5460 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
   42  9213 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
    0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
13842 1119K ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  146 20965 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ufw-user-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
10280 1340K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
24083 2022K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
16000 1300K ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1836  138K ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251          udp dpt:5353
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            239.255.255.250      udp dpt:1900
14164 1162K ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-before-logging-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
10282 1340K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
11976   60M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 2315  144K ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  210 28471 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
 1836  138K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
13954 1133K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
    0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-reject-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-input (7 references)
 pkts bytes target     prot opt in     out     source               destination         
13954 1133K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-track-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 2112  127K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
  196 16547 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW

Chain ufw-user-forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   45  2732 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    9   492 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    3   172 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1701
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1701
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443 /* 'dapp_Nginx%20Full' */

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (1 references)
 pkts bytes target     prot opt in     out     source               destination
sudo nano /etc/nginx/sites-available/mydomain.com.conf

map $http_origin $allow_origin {
    ~^https?://(.*\.)?lojascolmeia.com.br(:\d+)?$ $http_origin;
    ~^https?://(.*\.)?localhost(:\d+)?$ $http_origin;
    default "";
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}
upstream wsbackend {
    server localhost:2020;
}

server {
    # gzip Settings
    #should add!!!: gzip_static on;
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;

    # cache-control
    # Media: images, icons, video, audio, HTC
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff|webp|webm|ttf|)$ {
        expires 1M;
        access_log off;
        # max-age must be in seconds
        add_header Cache-Control "max-age=8380800, public";
    }
    # CSS and Javascript
    location ~* \.(?:css|js)$ {
        expires 1y;
        access_log off;
        add_header Cache-Control "max-age=8380800, public";
    }

    server_name _ mydomain.com;
    error_page 500 502 503 504 /50x.html;
    index   index.php;
    root    /var/www/html/mydomain;
    access_log /var/www/html/logs/nginx_access.log;
    error_log /var/www/html/logs/nginx_error.log;

    # HEADERS
    add_header 'Access-Control-Allow-Origin' $allow_origin;
    # content-security-policy
    add_header X-Frame-Options SAMEORIGIN always;
    add_header X-Content-Type-Options nosniff always;
    add_header X-XSS-Protection "1; mode=block" always; 

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.php?goto=$uri&$args;
    }

client_max_body_size 100M;

        location ~ \.php$ {                 
        include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        }

        location /dbadm {
                auth_basic "Admin Login";
                auth_basic_user_file /etc/nginx/pma_pass;
        }

# location ~ \.json {

# add_header Content-Type application/json;

# }

    listen 443 ssl http2; # managed by Certbot  
    ssl_certificate /etc/letsencrypt/live/lojascolmeia.com.br/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/lojascolmeia.com.br/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

# proxy_ssl_server_name on;

location /websocket {
proxy_pass http://127.0.0.1:8443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
keepalive_timeout 86400s;

# prevents 502 bad gateway error

proxy_ignore_client_abort on;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}

}
server {
    if ($host = mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name _ mydomain.com;
    listen      80;
    return 404; # managed by Certbot
}
sudo nano /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    # server_tokens off;

    server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    server_tokens off;      #https://ubiq.co/tech-blog/hide-nginx-server-version-header/
}

# mail {

# # See sample authentication script at:

# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# 

# # auth_http localhost/auth.php;

# # pop3_capabilities "TOP" "USER";

# # imap_capabilities "IMAP4rev1" "UIDPLUS";

# 

# server {

# listen     localhost:110;

# protocol   pop3;

# proxy      on;

# }

# 

# server {

# listen     localhost:143;

# protocol   imap;

# proxy      on;

# }

# }

tcpump,然后从本地网络加载我的网页

sudo tcpdump -n -i any src or dst 192.XX.XXX.XXX(home-network-ipv4-public-ip-from-another-device-from-local-network-connected-to-my-server-via-ssh)

tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:35:39.086944 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [S], seq 3186999685, win 64240, options [mss 1412,nop,wscale 8,nop,nop,sackOK], length 0
19:35:39.087013 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [S.], seq 2236039596, ack 3186999686, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
19:35:39.091325 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 1, win 512, length 0
19:35:39.091377 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1:518, ack 1, win 512, length 517
19:35:39.091399 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 518, win 501, length 0
19:35:39.092254 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 1:1413, ack 518, win 501, length 1412
19:35:39.092256 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 1413:2825, ack 518, win 501, length 1412
19:35:39.092257 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 2825:4097, ack 518, win 501, length 1272
19:35:39.093381 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 2825, win 512, length 0
19:35:39.094964 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4097:4580, ack 518, win 501, length 483
19:35:39.096049 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 4580, win 512, length 0
19:35:39.102807 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 518:582, ack 4580, win 512, length 64
19:35:39.102834 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 582:674, ack 4580, win 512, length 92
19:35:39.102887 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 674, win 501, length 0
19:35:39.103058 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4580:4659, ack 674, win 501, length 79
19:35:39.103137 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4659:4738, ack 674, win 501, length 79
19:35:39.103205 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4738:4809, ack 674, win 501, length 71
19:35:39.103301 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 674:1365, ack 4580, win 512, length 691
19:35:39.104771 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 4809, win 512, length 0
19:35:39.104793 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1365:1396, ack 4809, win 512, length 31
19:35:39.104812 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 1396, win 501, length 0
19:35:39.115063 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 4809:6221, ack 1396, win 501, length 1412
19:35:39.115066 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 6221:7633, ack 1396, win 501, length 1412
19:35:39.115068 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 7633:9045, ack 1396, win 501, length 1412
19:35:39.115069 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 9045:10457, ack 1396, win 501, length 1412
19:35:39.115070 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 10457:11869, ack 1396, win 501, length 1412
19:35:39.115268 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 11869:13281, ack 1396, win 501, length 1412
19:35:39.115384 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 13281:14693, ack 1396, win 501, length 1412
19:35:39.115511 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 14693:16105, ack 1396, win 501, length 1412
19:35:39.115630 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 16105:17517, ack 1396, win 501, length 1412
19:35:39.115749 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 17517:18929, ack 1396, win 501, length 1412
19:35:39.116796 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 7633, win 512, length 0
19:35:39.116831 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 18929:20341, ack 1396, win 501, length 1412
19:35:39.116833 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 20341:21753, ack 1396, win 501, length 1412
19:35:39.116834 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 21753:22031, ack 1396, win 501, length 278
19:35:39.117833 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 17517, win 512, length 0
19:35:39.118256 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 22031, win 512, length 0
19:35:39.391422 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1396:1615, ack 22031, win 512, length 219
19:35:39.391510 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1615:2081, ack 22031, win 512, length 466
19:35:39.391551 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 2081, win 501, length 0
19:35:39.391761 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22031:22066, ack 2081, win 501, length 35
19:35:39.394267 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22066:22417, ack 2081, win 501, length 351
19:35:39.395852 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 22417, win 511, length 0
19:35:39.402034 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 2081:2207, ack 22417, win 511, length 126
19:35:39.402071 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 2207:2537, ack 22417, win 511, length 330
19:35:39.402121 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 2537, win 501, length 0
19:35:39.402303 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22417:22452, ack 2537, win 501, length 35
19:35:39.404553 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22452:22791, ack 2537, win 501, length 339
^C
49 packets captured
49 packets received by filter
0 packets dropped by kernel

**tcpump,然后从本地网络外的设备加载我的网页(通过3G)

sudo tcpdump -n -i any src or dst XXX.XXX.XXX.XXX(my-phone-ip-over-3G)

tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:59:56.882577 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [SEW], seq 1941385008, win 65535, options [mss 1412,nop,wscale 5,nop,nop,TS val 1626285022 ecr 0,sackOK,eol], length 0
19:59:56.882642 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [S.E], seq 971375185, ack 1941385009, win 65160, options [mss 1460,sackOK,TS val 1104199128 ecr 1626285022,nop,wscale 7], length 0
19:59:56.905511 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 1, win 4112, options [nop,nop,TS val 1626285045 ecr 1104199128], length 0
19:59:56.935141 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [P.], seq 1:403, ack 1, win 4112, options [nop,nop,TS val 1626285076 ecr 1104199128], length 402: HTTP: GET / HTTP/1.1
19:59:56.935175 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [.], ack 403, win 506, options [nop,nop,TS val 1104199180 ecr 1626285076], length 0
19:59:56.935289 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [P.], seq 1:359, ack 403, win 506, options [nop,nop,TS val 1104199180 ecr 1626285076], length 358: HTTP: HTTP/1.1 301 Moved Permanently
19:59:56.966260 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 359, win 4101, options [nop,nop,TS val 1626285105 ecr 1104199180], length 0
19:59:57.087070 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 359, win 4101, length 0
19:59:57.087096 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [.], ack 403, win 506, options [nop,nop,TS val 1104199332 ecr 1626285105], length 0
20:00:05.684479 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [R], seq 1941385411, win 0, length 0
10 packets captured
10 packets received by filter
0 packets dropped by kernel

我的调制解调器(诺基亚G-240W-G)端口转发配置enter image description here

我所做的是:

1.已尝试禁用UFW(Ubuntu防火墙),但仍无法在本地网络外工作。
1.给我的运营商打了10多次电话。他们总是说这一定是本地网络问题。他们发誓所有的港口都是开放的,可以自由使用。

我正在考虑退回到Cloudflare灵活的SSL,并在80端口上工作,或者支付额外的互联网接入费用或其他什么……

nginx

1条答案

按热度按时间
rqqzpn5f

rqqzpn5f1#

我把我的应用程序上传到一个远程VPS上,就像它在我的本地网络上设置的那样,一切都很正常。所以问题出在我的互联网服务提供商封锁了端口。

赞(0)分享  回复(0)举报  2022-09-20
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com