HTTPS和http在本地网络上工作,但只有http在本地网络外工作

dauxcl2d  于 2022-09-20  发布在  Nginx
关注(0)|答案(1)|浏览(257)

我正在开发一个网站。一旦我有了Windows 10+XAMPP+Cloudflare-Flexile-SSL,我就可以从外部本地网络访问我的网站,锁图标出现在浏览器中,HTTPS像护身符一样工作(排除了这个解决方案在我的家庭服务器和CloudFlare端之间不安全)。现在我使用的是带有certbot的Ubuntu 20.04+Nginx+自制的SSL证书。它的工作方式就像是来自本地网络的护身符,但当我尝试从本地网络外部访问我的域时,我最终得到了工作正常的HTTP,但HTTPS坚持使用ERR_CONNECTION_TIME_OUT或ERR_CONNECTION_REJECTED,主要是在页面加载非常长而且永远不会结束之后。

  1. sudo netstat -an | grep "LISTEN "
  3. tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
  4. tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
  5. tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
  6. tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
  7. tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     
  8. tcp        0      0 127.0.0.1:46285         0.0.0.0:*               LISTEN     
  9. tcp        0      0 127.0.0.1:33060         0.0.0.0:*               LISTEN     
  10. tcp6       0      0 :::22                   :::*                    LISTEN
  1. nmap -sT mydomain.com
  3. Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-31 19:03 -03
  4. Nmap scan report for mydomain.com (127.0.0.1)
  5. Host is up (0.00014s latency).
  6. rDNS record for 127.0.0.1: localhost
  7. Not shown: 996 closed ports
  8. PORT     STATE SERVICE
  9. 22/tcp   open  ssh
  10. 80/tcp   open  http
  11. 443/tcp  open  https
  12. 3306/tcp open  mysql
  1. nmap -sT my.ipv4.public.ip(192.XX.XXX.XXX)
  3. Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-31 19:11 -03
  4. Nmap scan report for 191-055-235-169.xd-dynamic.algartelecom.com.br (my.ipv4.public.ip)
  5. Host is up (0.0018s latency).
  6. Not shown: 998 filtered ports
  7. PORT    STATE SERVICE
  8. 80/tcp  open  http
  9. 443/tcp open  https
  1. sudo iptables -L -vn
  3. Chain INPUT (policy DROP 153 packets, 25075 bytes)
  4.  pkts bytes target     prot opt in     out     source               destination         
  5.  5282  638K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
  6. 50363 4662K ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  7. 50363 4662K ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  8. 14107 1158K ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  9.   153 25075 ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  10.   153 25075 ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  11.   153 25075 ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  13. Chain FORWARD (policy DROP 0 packets, 0 bytes)
  14.  pkts bytes target     prot opt in     out     source               destination         
  15.     0     0 ufw-before-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  16.     0     0 ufw-before-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  17.     0     0 ufw-after-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  18.     0     0 ufw-after-logging-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  19.     0     0 ufw-reject-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  20.     0     0 ufw-track-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  22. Chain OUTPUT (policy ACCEPT 7 packets, 316 bytes)
  23.  pkts bytes target     prot opt in     out     source               destination         
  24. 24573   61M ufw-before-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  25. 24573   61M ufw-before-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  26.  2315  144K ufw-after-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  27.  2315  144K ufw-after-logging-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  28.  2315  144K ufw-reject-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  29.  2315  144K ufw-track-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  31. Chain f2b-sshd (1 references)
  32.  pkts bytes target     prot opt in     out     source               destination         
  33.    31  1804 REJECT     all  --  *      *       151.63.97.42         0.0.0.0/0            reject-with icmp-port-unreachable
  34.    20  1648 REJECT     all  --  *      *       70.51.16.212         0.0.0.0/0            reject-with icmp-port-unreachable
  35.   211 18552 REJECT     all  --  *      *       110.42.190.60        0.0.0.0/0            reject-with icmp-port-unreachable
  36.  5020  616K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  38. Chain ufw-after-forward (1 references)
  39.  pkts bytes target     prot opt in     out     source               destination         
  41. Chain ufw-after-input (1 references)
  42.  pkts bytes target     prot opt in     out     source               destination         
  43.    70  5460 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:137
  44.    42  9213 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:138
  45.     0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:139
  46.     0     0 ufw-skip-to-policy-input  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
  47.     0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
  48.     0     0 ufw-skip-to-policy-input  udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
  49. 13842 1119K ufw-skip-to-policy-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
  51. Chain ufw-after-logging-forward (1 references)
  52.  pkts bytes target     prot opt in     out     source               destination         
  53.     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
  55. Chain ufw-after-logging-input (1 references)
  56.  pkts bytes target     prot opt in     out     source               destination         
  57.   146 20965 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
  59. Chain ufw-after-logging-output (1 references)
  60.  pkts bytes target     prot opt in     out     source               destination         
  62. Chain ufw-after-output (1 references)
  63.  pkts bytes target     prot opt in     out     source               destination         
  65. Chain ufw-before-forward (1 references)
  66.  pkts bytes target     prot opt in     out     source               destination         
  67.     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  68.     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
  69.     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
  70.     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
  71.     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
  72.     0     0 ufw-user-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  74. Chain ufw-before-input (1 references)
  75.  pkts bytes target     prot opt in     out     source               destination         
  76. 10280 1340K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  77. 24083 2022K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  78.     0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
  79.     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
  80.     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 3
  81.     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 11
  82.     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 12
  83.     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
  84.     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
  85. 16000 1300K ufw-not-local  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  86.  1836  138K ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251          udp dpt:5353
  87.     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            239.255.255.250      udp dpt:1900
  88. 14164 1162K ufw-user-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  90. Chain ufw-before-logging-forward (1 references)
  91.  pkts bytes target     prot opt in     out     source               destination         
  93. Chain ufw-before-logging-input (1 references)
  94.  pkts bytes target     prot opt in     out     source               destination         
  96. Chain ufw-before-logging-output (1 references)
  97.  pkts bytes target     prot opt in     out     source               destination         
  99. Chain ufw-before-output (1 references)
  100.  pkts bytes target     prot opt in     out     source               destination         
  101. 10282 1340K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
  102. 11976   60M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  103.  2315  144K ufw-user-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  105. Chain ufw-logging-allow (0 references)
  106.  pkts bytes target     prot opt in     out     source               destination         
  107.     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
  109. Chain ufw-logging-deny (2 references)
  110.  pkts bytes target     prot opt in     out     source               destination         
  111.     0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID limit: avg 3/min burst 10
  112.     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
  114. Chain ufw-not-local (1 references)
  115.  pkts bytes target     prot opt in     out     source               destination         
  116.   210 28471 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
  117.  1836  138K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type MULTICAST
  118. 13954 1133K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type BROADCAST
  119.     0     0 ufw-logging-deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 10
  120.     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  122. Chain ufw-reject-forward (1 references)
  123.  pkts bytes target     prot opt in     out     source               destination         
  125. Chain ufw-reject-input (1 references)
  126.  pkts bytes target     prot opt in     out     source               destination         
  128. Chain ufw-reject-output (1 references)
  129.  pkts bytes target     prot opt in     out     source               destination         
  131. Chain ufw-skip-to-policy-forward (0 references)
  132.  pkts bytes target     prot opt in     out     source               destination         
  133.     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  135. Chain ufw-skip-to-policy-input (7 references)
  136.  pkts bytes target     prot opt in     out     source               destination         
  137. 13954 1133K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  139. Chain ufw-skip-to-policy-output (0 references)
  140.  pkts bytes target     prot opt in     out     source               destination         
  141.     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  143. Chain ufw-track-forward (1 references)
  144.  pkts bytes target     prot opt in     out     source               destination         
  146. Chain ufw-track-input (1 references)
  147.  pkts bytes target     prot opt in     out     source               destination         
  149. Chain ufw-track-output (1 references)
  150.  pkts bytes target     prot opt in     out     source               destination         
  151.  2112  127K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
  152.   196 16547 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
  154. Chain ufw-user-forward (1 references)
  155.  pkts bytes target     prot opt in     out     source               destination         
  157. Chain ufw-user-input (1 references)
  158.  pkts bytes target     prot opt in     out     source               destination         
  159.    45  2732 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
  160.     9   492 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
  161.     3   172 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
  162.     0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1701
  163.     0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1701
  164.     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
  165.     0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:443
  166.     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443
  167.     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 80,443 /* 'dapp_Nginx%20Full' */
  169. Chain ufw-user-limit (0 references)
  170.  pkts bytes target     prot opt in     out     source               destination         
  171.     0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
  172.     0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
  174. Chain ufw-user-limit-accept (0 references)
  175.  pkts bytes target     prot opt in     out     source               destination         
  176.     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  178. Chain ufw-user-logging-forward (0 references)
  179.  pkts bytes target     prot opt in     out     source               destination         
  181. Chain ufw-user-logging-input (0 references)
  182.  pkts bytes target     prot opt in     out     source               destination         
  184. Chain ufw-user-logging-output (0 references)
  185.  pkts bytes target     prot opt in     out     source               destination         
  187. Chain ufw-user-output (1 references)
  188.  pkts bytes target     prot opt in     out     source               destination
  1. sudo nano /etc/nginx/sites-available/mydomain.com.conf
  3. map $http_origin $allow_origin {
  4.     ~^https?://(.*\.)?lojascolmeia.com.br(:\d+)?$ $http_origin;
  5.     ~^https?://(.*\.)?localhost(:\d+)?$ $http_origin;
  6.     default "";
  7. }
  9. map $http_upgrade $connection_upgrade {
  10.     default upgrade;
  11.     ''      close;
  12. }
  13. upstream wsbackend {
  14.     server localhost:2020;
  15. }
  17. server {
  18.     # gzip Settings
  19.     #should add!!!: gzip_static on;
  20.     gzip on;
  21.     gzip_disable "msie6";
  22.     gzip_vary on;
  23.     gzip_proxied any;
  24.     gzip_comp_level 6;
  25.     gzip_buffers 16 8k;
  26.     gzip_http_version 1.1;
  27.     gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;
  29.     # cache-control
  30.     # Media: images, icons, video, audio, HTC
  31.     location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff|webp|webm|ttf|)$ {
  32.         expires 1M;
  33.         access_log off;
  34.         # max-age must be in seconds
  35.         add_header Cache-Control "max-age=8380800, public";
  36.     }
  37.     # CSS and Javascript
  38.     location ~* \.(?:css|js)$ {
  39.         expires 1y;
  40.         access_log off;
  41.         add_header Cache-Control "max-age=8380800, public";
  42.     }
  44.     server_name _ mydomain.com;
  45.     error_page 500 502 503 504 /50x.html;
  46.     index   index.php;
  47.     root    /var/www/html/mydomain;
  48.     access_log /var/www/html/logs/nginx_access.log;
  49.     error_log /var/www/html/logs/nginx_error.log;
  51.     # HEADERS
  52.     add_header 'Access-Control-Allow-Origin' $allow_origin;
  53.     # content-security-policy
  54.     add_header X-Frame-Options SAMEORIGIN always;
  55.     add_header X-Content-Type-Options nosniff always;
  56.     add_header X-XSS-Protection "1; mode=block" always; 
  58.         location / {
  59.                 # First attempt to serve request as file, then
  60.                 # as directory, then fall back to displaying a 404.
  61.                 try_files $uri $uri/ /index.php?goto=$uri&$args;
  62.     }
  64. client_max_body_size 100M;
  66.         location ~ \.php$ {                 
  67.         include snippets/fastcgi-php.conf;
  68.                 fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
  69.         }
  71.         location /dbadm {
  72.                 auth_basic "Admin Login";
  73.                 auth_basic_user_file /etc/nginx/pma_pass;
  74.         }
  76. # location ~ \.json {
  78. # add_header Content-Type application/json;
  80. # }
  82.     listen 443 ssl http2; # managed by Certbot  
  83.     ssl_certificate /etc/letsencrypt/live/lojascolmeia.com.br/fullchain.pem; # managed by Certbot
  84.     ssl_certificate_key /etc/letsencrypt/live/lojascolmeia.com.br/privkey.pem; # managed by Certbot
  85.     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  86.     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
  88. # proxy_ssl_server_name on;
  90. location /websocket {
  91. proxy_pass http://127.0.0.1:8443;
  92. proxy_http_version 1.1;
  93. proxy_set_header Upgrade $http_upgrade;
  94. proxy_set_header Connection $connection_upgrade;
  95. proxy_redirect off;
  96. proxy_read_timeout 86400s;
  97. proxy_send_timeout 86400s;
  98. keepalive_timeout 86400s;
  100. # prevents 502 bad gateway error
  102. proxy_ignore_client_abort on;
  103. proxy_buffers 8 32k;
  104. proxy_buffer_size 64k;
  105. proxy_set_header X-Real-IP $remote_addr;
  106. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  107. proxy_set_header Host $http_host;
  108. }
  110. }
  111. server {
  112.     if ($host = mydomain.com) {
  113.         return 301 https://$host$request_uri;
  114.     } # managed by Certbot
  116.     server_name _ mydomain.com;
  117.     listen      80;
  118.     return 404; # managed by Certbot
  119. }
  1. sudo nano /etc/nginx/nginx.conf
  3. user www-data;
  4. worker_processes auto;
  5. pid /run/nginx.pid;
  6. include /etc/nginx/modules-enabled/*.conf;
  8. events {
  9.     worker_connections 768;
  10.     # multi_accept on;
  11. }
  13. http {
  15.     ##
  16.     # Basic Settings
  17.     ##
  19.     sendfile on;
  20.     tcp_nopush on;
  21.     types_hash_max_size 2048;
  22.     # server_tokens off;
  24.     server_names_hash_bucket_size 64;
  25.     # server_name_in_redirect off;
  27.     include /etc/nginx/mime.types;
  28.     default_type application/octet-stream;
  30.     ##
  31.     # SSL Settings
  32.     ##
  34.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
  35.     ssl_prefer_server_ciphers on;
  37.     ##
  38.     # Logging Settings
  39.     ##
  41.     access_log /var/log/nginx/access.log;
  42.     error_log /var/log/nginx/error.log;
  44.     ##
  45.     # Gzip Settings
  46.     ##
  48.     gzip on;
  50.     # gzip_vary on;
  51.     # gzip_proxied any;
  52.     # gzip_comp_level 6;
  53.     # gzip_buffers 16 8k;
  54.     # gzip_http_version 1.1;
  55.     # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
  57.     ##
  58.     # Virtual Host Configs
  59.     ##
  61.     include /etc/nginx/conf.d/*.conf;
  62.     include /etc/nginx/sites-enabled/*;
  64.     server_tokens off;      #https://ubiq.co/tech-blog/hide-nginx-server-version-header/
  65. }
  67. # mail {
  69. # # See sample authentication script at:
  71. # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
  73. # 
  75. # # auth_http localhost/auth.php;
  77. # # pop3_capabilities "TOP" "USER";
  79. # # imap_capabilities "IMAP4rev1" "UIDPLUS";
  81. # 
  83. # server {
  85. # listen     localhost:110;
  87. # protocol   pop3;
  89. # proxy      on;
  91. # }
  93. # 
  95. # server {
  97. # listen     localhost:143;
  99. # protocol   imap;
  101. # proxy      on;
  103. # }
  105. # }

tcpump,然后从本地网络加载我的网页

  1. sudo tcpdump -n -i any src or dst 192.XX.XXX.XXX(home-network-ipv4-public-ip-from-another-device-from-local-network-connected-to-my-server-via-ssh)
  3. tcpdump: data link type LINUX_SLL2
  4. tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
  5. listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
  6. 19:35:39.086944 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [S], seq 3186999685, win 64240, options [mss 1412,nop,wscale 8,nop,nop,sackOK], length 0
  7. 19:35:39.087013 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [S.], seq 2236039596, ack 3186999686, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
  8. 19:35:39.091325 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 1, win 512, length 0
  9. 19:35:39.091377 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1:518, ack 1, win 512, length 517
  10. 19:35:39.091399 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 518, win 501, length 0
  11. 19:35:39.092254 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 1:1413, ack 518, win 501, length 1412
  12. 19:35:39.092256 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 1413:2825, ack 518, win 501, length 1412
  13. 19:35:39.092257 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 2825:4097, ack 518, win 501, length 1272
  14. 19:35:39.093381 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 2825, win 512, length 0
  15. 19:35:39.094964 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4097:4580, ack 518, win 501, length 483
  16. 19:35:39.096049 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 4580, win 512, length 0
  17. 19:35:39.102807 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 518:582, ack 4580, win 512, length 64
  18. 19:35:39.102834 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 582:674, ack 4580, win 512, length 92
  19. 19:35:39.102887 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 674, win 501, length 0
  20. 19:35:39.103058 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4580:4659, ack 674, win 501, length 79
  21. 19:35:39.103137 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4659:4738, ack 674, win 501, length 79
  22. 19:35:39.103205 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4738:4809, ack 674, win 501, length 71
  23. 19:35:39.103301 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 674:1365, ack 4580, win 512, length 691
  24. 19:35:39.104771 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 4809, win 512, length 0
  25. 19:35:39.104793 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1365:1396, ack 4809, win 512, length 31
  26. 19:35:39.104812 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 1396, win 501, length 0
  27. 19:35:39.115063 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 4809:6221, ack 1396, win 501, length 1412
  28. 19:35:39.115066 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 6221:7633, ack 1396, win 501, length 1412
  29. 19:35:39.115068 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 7633:9045, ack 1396, win 501, length 1412
  30. 19:35:39.115069 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 9045:10457, ack 1396, win 501, length 1412
  31. 19:35:39.115070 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 10457:11869, ack 1396, win 501, length 1412
  32. 19:35:39.115268 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 11869:13281, ack 1396, win 501, length 1412
  33. 19:35:39.115384 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 13281:14693, ack 1396, win 501, length 1412
  34. 19:35:39.115511 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 14693:16105, ack 1396, win 501, length 1412
  35. 19:35:39.115630 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 16105:17517, ack 1396, win 501, length 1412
  36. 19:35:39.115749 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 17517:18929, ack 1396, win 501, length 1412
  37. 19:35:39.116796 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 7633, win 512, length 0
  38. 19:35:39.116831 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 18929:20341, ack 1396, win 501, length 1412
  39. 19:35:39.116833 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 20341:21753, ack 1396, win 501, length 1412
  40. 19:35:39.116834 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 21753:22031, ack 1396, win 501, length 278
  41. 19:35:39.117833 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 17517, win 512, length 0
  42. 19:35:39.118256 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 22031, win 512, length 0
  43. 19:35:39.391422 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1396:1615, ack 22031, win 512, length 219
  44. 19:35:39.391510 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1615:2081, ack 22031, win 512, length 466
  45. 19:35:39.391551 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 2081, win 501, length 0
  46. 19:35:39.391761 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22031:22066, ack 2081, win 501, length 35
  47. 19:35:39.394267 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22066:22417, ack 2081, win 501, length 351
  48. 19:35:39.395852 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 22417, win 511, length 0
  49. 19:35:39.402034 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 2081:2207, ack 22417, win 511, length 126
  50. 19:35:39.402071 enp2s0 In  IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 2207:2537, ack 22417, win 511, length 330
  51. 19:35:39.402121 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 2537, win 501, length 0
  52. 19:35:39.402303 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22417:22452, ack 2537, win 501, length 35
  53. 19:35:39.404553 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22452:22791, ack 2537, win 501, length 339
  54. ^C
  55. 49 packets captured
  56. 49 packets received by filter
  57. 0 packets dropped by kernel

**tcpump,然后从本地网络外的设备加载我的网页(通过3G)

  1. sudo tcpdump -n -i any src or dst XXX.XXX.XXX.XXX(my-phone-ip-over-3G)
  3. tcpdump: data link type LINUX_SLL2
  4. tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
  5. listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
  6. 19:59:56.882577 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [SEW], seq 1941385008, win 65535, options [mss 1412,nop,wscale 5,nop,nop,TS val 1626285022 ecr 0,sackOK,eol], length 0
  7. 19:59:56.882642 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [S.E], seq 971375185, ack 1941385009, win 65160, options [mss 1460,sackOK,TS val 1104199128 ecr 1626285022,nop,wscale 7], length 0
  8. 19:59:56.905511 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 1, win 4112, options [nop,nop,TS val 1626285045 ecr 1104199128], length 0
  9. 19:59:56.935141 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [P.], seq 1:403, ack 1, win 4112, options [nop,nop,TS val 1626285076 ecr 1104199128], length 402: HTTP: GET / HTTP/1.1
  10. 19:59:56.935175 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [.], ack 403, win 506, options [nop,nop,TS val 1104199180 ecr 1626285076], length 0
  11. 19:59:56.935289 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [P.], seq 1:359, ack 403, win 506, options [nop,nop,TS val 1104199180 ecr 1626285076], length 358: HTTP: HTTP/1.1 301 Moved Permanently
  12. 19:59:56.966260 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 359, win 4101, options [nop,nop,TS val 1626285105 ecr 1104199180], length 0
  13. 19:59:57.087070 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 359, win 4101, length 0
  14. 19:59:57.087096 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [.], ack 403, win 506, options [nop,nop,TS val 1104199332 ecr 1626285105], length 0
  15. 20:00:05.684479 enp2s0 In  IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [R], seq 1941385411, win 0, length 0
  16. 10 packets captured
  17. 10 packets received by filter
  18. 0 packets dropped by kernel

我的调制解调器(诺基亚G-240W-G)端口转发配置enter image description here

我所做的是:

1.已尝试禁用UFW(Ubuntu防火墙),但仍无法在本地网络外工作。
1.给我的运营商打了10多次电话。他们总是说这一定是本地网络问题。他们发誓所有的港口都是开放的,可以自由使用。

我正在考虑退回到Cloudflare灵活的SSL,并在80端口上工作,或者支付额外的互联网接入费用或其他什么……

nginx

1条答案

按热度按时间
rqqzpn5f

rqqzpn5f1#

我把我的应用程序上传到一个远程VPS上,就像它在我的本地网络上设置的那样,一切都很正常。所以问题出在我的互联网服务提供商封锁了端口。

赞(0)分享  回复(0)举报  2022-09-20
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com