Question

我正在使用django创建站点，所以我遵循了this tutorial，但是当我在浏览器中输入域名（502错误的网关）时，/var/log/nginx/error.log出现了错误：

2019/05/15 11:13:05 [error] 1860#1860: *12 connect() to unix:/home/username/MYPROJECT/myproject.sock failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: myproject.net, request: "GET / HTTP/1.1", upstream: "http://unix:/home/username/MYPROJECT/myproject.sock:/", host: "myproject.net"

我认为问题是因为我的iptables规则阻止了nginx。所以我的问题是：什么是ufw allow 'Nginx Full'的IPTABLES？

Answer 1

对于NGINX，您需要打开端口80（HTTP请求）和/或端口443（HTTPS请求）。因此，使用以下命令：

HTTP

namespace Microsoft.Azure.WebJobs.Script.Description
{
    /// <summary>
    /// Establishes an assembly load context for a extensions, functions and their dependencies.
    /// </summary>
    public partial class FunctionAssemblyLoadContext : AssemblyLoadContext
....
protected static string ResolveFunctionBaseProbingPath()
{
    string basePath = null;

    if (ScriptSettingsManager.Instance.IsAppServiceEnvironment)
    {
        string home = Environment.GetEnvironmentVariable(EnvironmentSettingNames.AzureWebsiteHomePath);
        basePath = Path.Combine(home, "site", "wwwroot"); // <-- HOME IS NULL and it throws ArgumentNullException
    }
    else
    {
        basePath = Environment.GetEnvironmentVariable(EnvironmentSettingNames.AzureWebJobsScriptRoot) ?? AppContext.BaseDirectory;
    }

    return Path.Combine(basePath, "bin");
}

HTTPS

sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT

如果您想打开更多内容，我建议this article了解如何从iptables后面访问大多数常用服务，例如MySQL等。

如何允许Nginx与iptables（django）

1 个答案: