如何在Apache上配置端口?

时间:2018-03-15 19:03:34

标签: node.js apache ubuntu server socket.io

我的服务器上有Node JS,但它不起作用。我觉得这是穿着的问题。

使用以下命令:

# curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
# apt-get update
# apt-get install nodejs

就是这样,我没有做任何事情。

我安装了drupal nodejs:

# cd /home/www.mydomaine.com/public_html
# npm install drupal-node.js
# npm install pm2 -g

以下是我服务器的配置:

<IfModule mod_fastcgi.c>
    AddHandler php7-fcgi-www.mydomaine.com .php
    Action php7-fcgi-www.mydomaine.com /php7-fcgi-www.mydomaine.com
    Alias /php7-fcgi-www.mydomaine.com /usr/lib/cgi-bin/php7-fcgi-www.mydomaine.com
    FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-www.mydomaine.com -socket /run/php/php7.1-fpm.www.mydomaine.com.sock -idle-timeout 120 -pass-header Authorization

    <Directory "/usr/lib/cgi-bin">
        Require all granted
    </Directory>
</IfModule>

<VirtualHost 138.74.184.65:80 [2001:21d0:0305:2100:0000:0000:0000:4741]:80>
    ServerAdmin contact@mydomaine.com
    ServerName mydomaine.com
    ServerAlias www.mydomaine.com

    RewriteEngine on
    RewriteCond %{HTTPS} !on
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost 138.74.184.65:443 [2001:21d0:0305:2100:0000:0000:0000:4741]:443>
SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/www.mydomaine.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomaine.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/www.mydomaine.com/chain.pem
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCompression off
    SSLOptions +StrictRequire
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Download-Options "noopen"
    Header always set X-Permitted-Cross-Domain-Policies "none"
    Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"
    Header set Set-Cookie HttpOnly;Secure

    ServerAdmin contact@mydomaine.com
    ServerName mydomaine.com
    ServerAlias www.mydomaine.com
    DocumentRoot /var/www/www.mydomaine.com/public_html/web/

    <Directory /var/www/www.mydomaine.com/public_html/web>
        Options FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>

    <IfModule mod_fastcgi.c>
        <FilesMatch ".+\.ph(p[345]?|t|tml)$">
            SetHandler php7-fcgi-www.mydomaine.com
        </FilesMatch>
    </IfModule>

    ErrorLog /var/www/www.mydomaine.com/logs/error.log
    CustomLog /var/www/www.mydomaine.com/logs/access.log combined
</VirtualHost>
</IfModule>

我的网站位于:

/home/www.mydomaine.com/public_html/web

以下是Drupal nodejs.config.js的NodeJS配置:

settings = {
  scheme: 'http',
  port: 8080,
  host: 'localhost',
  resource: '/socket.io',
  serviceKey: 'hgfjkliutfh',
  backend: {
    port: 443,
    host: 'www.mydomaine.com',
    scheme: 'https',
    basePath: '/web',
    messagePath: '/nodejs/message'
  },
  debug: true,
  sslKeyPath: '/etc/letsencrypt/live/www.mydomaine.com/privkey.pem',
  sslCertPath: '/etc/letsencrypt/live/www.mydomaine.com/cert.pem',
  sslCAPath: '/etc/letsencrypt/live/www.mydomaine.com/chain.pem',
  baseAuthPath: '/nodejs/',
  extensions: [],
  clientsCanWriteToChannels: false,
  clientsCanWriteToClients: false,
  transports: ['websocket', 'polling'],
  jsMinification: true,
  jsEtag: true,
  logLevel: 1
};

enter image description here

以下是我的iptables的内容:

#!/bin/sh 

# Réinitialise les règles
iptables -t filter -F
iptables -t filter -X

# Bloque tout le trafic
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP

# Autorise les connexions déjà établies et localhost
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT

# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT

# SSH
iptables -t filter -A INPUT -p tcp --dport 4829 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 4829 -j ACCEPT

# DNS
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT

# NTP (horloge du serveur)
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT

# NODE JS
iptables -t filter -A OUTPUT -p tcp --dport 8080 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8080 -j ACCEPT

# HTTP
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
# HTTP Caldav
iptables -t filter -A OUTPUT -p tcp --dport 8008 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8008 -j ACCEPT

# HTTPS
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
# HTTPS Caldav
iptables -t filter -A OUTPUT -p tcp --dport 8008 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT

# FTP
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT

# Mail SMTP
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 465 -j ACCEPT

# Mail POP3
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT

# Mail IMAP
iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT

# Anti Flood / Deni de service / scan de port
iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

这是我的/ etc / hosts

的内容 
127.0.0.1       localhost
138.74.184.65   vps000000.ovh.net  vps000000
2001:21d0:0305:2100:0000:0000:0000:4741   vps000000.ovh.net  vps000000
127.0.1.1       myname.fr

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

以下是我的/etc/apache2/ports.conf

的内容 
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

命令netstat -ntpl

的结果 
root@vps000000:~# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2476/master     
tcp        0      0 0.0.0.0:4829            0.0.0.0:*               LISTEN      1423/sshd       
tcp        0      0 127.0.0.1:10023         0.0.0.0:*               LISTEN      1690/postgrey.pid -
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1452/mysqld     
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      24716/drupal    
tcp6       0      0 :::25                   :::*                    LISTEN      2476/master     
tcp6       0      0 :::443                  :::*                    LISTEN      24939/apache2   
tcp6       0      0 :::4829                 :::*                    LISTEN      1423/sshd       
tcp6       0      0 :::7134                 :::*                    LISTEN      1913/java       
tcp6       0      0 :::80                   :::*                    LISTEN      24939/apache2

Drupal显示以下消息:

  

已成功访问Node.js服务器。

在我的网站上,控制台中显示以下错误:

  

无法加载源为«的元素   http://localhost:8080/socket.io/socket.io.js»。

并且:

  

拒绝加载脚本   'http://localhost:8080/socket.io/socket.io.js',因为它违反了   遵循内容安全策略指令:“default-src https:data:   'unsafe-inline''unsafe-eval'“。注意'script-src'不是   显式设置,因此'default-src'用作后备。

在终端我有:     root @ vps000000:/home/www.mydomaine.com/public_html/node_modules/drupal-node.js#node app.js     启动http服务器。     [2018/03/15 16:44:02]路由回调:checkServiceKey     [2018/03/15 16:44:02]路线回调:healthCheck

更新

我已经更新了我的配置如下,drupal似乎找到了/socket.io/socket.io.js我开始绝望了。

以下是Drupal nodejs.config.js的NodeJS配置:

settings = {
  scheme: 'http',
  port: 8080,
  host: 'www.s1biose.com',
  resource: '/socket.io',
  serviceKey: 'hgfjkliutfh',
  backend: {
    port: 443,
    host: 'www.s1biose.com',
    scheme: 'https',
    basePath: '/web',
    messagePath: '/nodejs/message'
  },
  debug: true,
  sslKeyPath: '/etc/letsencrypt/live/www.s1biose.com/privkey.pem',
  sslCertPath: '/etc/letsencrypt/live/www.s1biose.com/cert.pem',
  sslCAPath: '/etc/letsencrypt/live/www.s1biose.com/chain.pem',
  baseAuthPath: '/nodejs/',
  extensions: [],
  clientsCanWriteToChannels: false,
  clientsCanWriteToClients: false,
  transports: ['websocket', 'polling'],
  jsMinification: true,
  jsEtag: true,
  logLevel: 1
};

在Drupal上我的配置如下:

enter image description here

现在控制台显示以下消息:

Refused to connect to 'wss://www.s1biose.com:8080/socket.io/?EIO=3&transport=websocket&sid=8T6_V7vjKg48n731AAAJ' because it violates the following Content Security Policy directive: "default-src https: data: 'unsafe-inline' 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

n.doOpen @ universalModuleDefinition:3

这条消息是什么意思?我是在正确的轨道上吗?在我以前的配置控制台上表明它找不到文件/socket.io/socket.io.js是不是我进步了?

这是什么“wss”而不是“https”这是正常的吗?

1 个答案:

答案 0 :(得分:0)

在Apache上,您可以在/etc/apache2/ports.config中配置端口。

在您的ports.config中,您的服务器正在侦听端口80,但是在您的节点设置文件中,您指向端口8080并且缺少后端端口80。 见第5步: https://www.drupal.org/project/drupalchat/issues/1415624

此外,您的防火墙(iptables)规则反映在端口8080上。 因此,您需要匹配端口80或8080。 然后尝试访问您的站点并检查Apache日志.... / logs / Apache / access.log和 ...... / error.log中

此外,您在Apache和其他设置文件中的主机不匹配localhost或&#39; www.mydomaine.com&#39; ??

此外,您的/ etc / hosts不知道&#39; www.mydomaine.com&#39;因此在您的机器中无法访问,因为它不在DNS中。 

 In /etc/hosts add
 127.0.0.1  mydomaine.com

<强>更新 此外,拒绝消息表示您需要在security.conf文件中的内容安全策略中允许.js文件或在共享主机上的.htaccess文件中:

content =&#34; default-src&#39; self&#39; https:// example.com/js /"

有关该主题的背景,请参阅此示例: https://www.sitepoint.com/improving-web-security-with-the-content-security-policy/

**更新新**

根据您的最新评论和错误,很明显 1 )内容政策未在Apache配置中更改(请参阅上面的详细信息)和 2) 在您的nodejs配置文件中,https和https(443端口)的后端之间存在不匹配。首先,尝试让http工作,然后转移到ssl。 3 )使用真正的DNS而不是localhost。

尝试此更改(**不添加*)

settings = {
  scheme: 'http',
  port: 8080,
  host: 'www.s1biose.com',
  resource: '/socket.io',
  serviceKey: 'hgfjkliutfh',
  backend: {
port: **80**,
host: 'www.s1biose.com',
scheme: '**http**',
basePath: '/web',
messagePath: '/nodejs/message'
相关问题
最新问题