Linux Nginx是否可以根据某些请求随机停止工作?
我的网站目前有问题。有时,在重新启动nginx服务后,我的网站的url在浏览器中工作正常,它会成功重定向到Kestrel上运行的.NET Core webapp。如果我键入vps的IP,它也工作正常。但nginx突然随机停止为网站提供服务,浏览器只显示err_connection_closed 一些技术信息: Kestrel在本地主机5000上运行,Nginx TCP端口由ufw管理,并为80和443打开 我使用的是:Ubuntu 16.04、nginx和.NET Core 3.1 web应用程序。以下步骤作为下一个url 我在syslog文件中注意到,一些IP被ufw阻止,但我不确定为什么它们来自中国、蒙古甚至波兰,因为最初的营销活动目前针对的是墨西哥 我搜索的另一个日志文件是/var/log/nginx/access.log。在这里,一些IP试图请求我的网站中的随机URL,比如GET/Telerik.Web.UI.WebResource.axd?type=rau HTTP/1.1“404 0”-”或者甚至像“GET/phpmyadmin/HTTP/1.1”301 178-“这绝对不是我,因为我使用的是PostgreSQL。虽然,我不得不说,我已经看到,在这个请求被随机提出后,nginx停止工作,但我不能100%确定这是否准确,正如标题中所示,这是非常随机的 nginx的一些配置文件: /etc/nginx/sites available/defaultLinux Nginx是否可以根据某些请求随机停止工作?,linux,nginx,.net-core,Linux,Nginx,.net Core,我的网站目前有问题。有时,在重新启动nginx服务后,我的网站的url在浏览器中工作正常,它会成功重定向到Kestrel上运行的.NET Core webapp。如果我键入vps的IP,它也工作正常。但nginx突然随机停止为网站提供服务,浏览器只显示err_connection_closed 一些技术信息: Kestrel在本地主机5000上运行,Nginx TCP端口由ufw管理,并为80和443打开 我使用的是:Ubuntu 16.04、nginx和.NET Core 3.1 web应用程
# Default server configuration
#
server {
listen 80;
server_name keecheeapp.com *.keecheeapp.com;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
/etc/nginx/proxy_conf
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
#other directives
events {
worker_connections 768;
# multi_accept on;
}
http {
include /etc/nginx/proxy.conf;
limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
server_tokens off;
sendfile on;
keepalive_timeout 29; # Adjust to the lowest possible value that makes sense for your use case.
client_body_timeout 10; client_header_timeout 10; send_timeout 10;
upstream keecheeapp{
server localhost:5000;
}
server {
listen *:80;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$host$request_uri;
}
server {
listen *:443 ssl;
server_name keecheeapp.com;
ssl_certificate /etc/ssl/certs/keecheeapp.com-concat-certs.crt;
ssl_certificate_key /etc/ssl/certs/private_new.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
#Redirects all traffic
location / {
proxy_pass http://www.keecheeapp.com;
limit_req zone=one burst=10 nodelay;
}
}
}
/etc/nginx/nginx.conf
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
#other directives
events {
worker_connections 768;
# multi_accept on;
}
http {
include /etc/nginx/proxy.conf;
limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
server_tokens off;
sendfile on;
keepalive_timeout 29; # Adjust to the lowest possible value that makes sense for your use case.
client_body_timeout 10; client_header_timeout 10; send_timeout 10;
upstream keecheeapp{
server localhost:5000;
}
server {
listen *:80;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$host$request_uri;
}
server {
listen *:443 ssl;
server_name keecheeapp.com;
ssl_certificate /etc/ssl/certs/keecheeapp.com-concat-certs.crt;
ssl_certificate_key /etc/ssl/certs/private_new.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
#Redirects all traffic
location / {
proxy_pass http://www.keecheeapp.com;
limit_req zone=one burst=10 nodelay;
}
}
}
server {
listen *:80;
add_header Strict-Transport-Security max-age=15768000;
return 301 https://$host$request_uri;
}
您的Nginx配置存在几个问题:
- 在文件/etc/nginx/nginx.conf中
proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffers 32 4k;
#other directives events { worker_connections 768; # multi_accept on; } http { include /etc/nginx/proxy.conf; limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s; server_tokens off; sendfile on; keepalive_timeout 29; # Adjust to the lowest possible value that makes sense for your use case. client_body_timeout 10; client_header_timeout 10; send_timeout 10; upstream keecheeapp{ server localhost:5000; } server { listen *:80; add_header Strict-Transport-Security max-age=15768000; return 301 https://$host$request_uri; } server { listen *:443 ssl; server_name keecheeapp.com; ssl_certificate /etc/ssl/certs/keecheeapp.com-concat-certs.crt; ssl_certificate_key /etc/ssl/certs/private_new.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; #Redirects all traffic location / { proxy_pass http://www.keecheeapp.com; limit_req zone=one burst=10 nodelay; } } }
server { listen *:80; add_header Strict-Transport-Security max-age=15768000; return 301 https://$host$request_uri; }
limit\u req\u zone$binary\u remote\u addr zone=one:10m速率=5r/s代码>和
限制请求区=一个突发=10节点延迟代码>将每个客户端的请求处理速率限制为每秒5个请求。如果每秒发送的请求太多,则会从Nginx收到错误消息。因此,如果要保留限制功能,请尝试将现有值增加到,例如,
和rate=50r/s
。如果要禁用此功能,请删除或注释掉这些行。您可以了解有关此功能的更多信息burst=100
- 值
块定义。因此,更改http://www.keecheeapp.com
指令错误。正确的值是代理通行证的
,由上游keecheapp{…}keecheapp
proxy\u passhttp://www.keecheeapp.com;代码>至
代理\u通行证http://keecheeapp;代码>
- 文件/etc/nginx/sites available/default中的服务器块指示nginx使用HTTP为您的网站提供服务
文件/etc/nginx/nginx.conf中的以下服务器块指示nginx使用HTTPS为您的网站提供服务
server { listen *:443 ssl; server_name keecheeapp.com; ... }
因此,您的网站可以通过HTTP和HTTPS访问。这不是个好主意。您应该将所有HTTP请求重定向到HTTPS,如下所示:server { listen *:80; add_header Strict-Transport-Security max-age=15768000; return 301 https://$host$request_uri; }
- 删除或注释掉文件/etc/nginx/sites available/default中的服务器块
- 在文件/etc/nginx/nginx.conf中修改以下服务器块
致:server { listen *:80; add_header Strict-Transport-Security max-age=15768000; return 301 https://$host$request_uri; }
- 使用给定的配置,Nginx将所有请求传递给Kestrel,包括静态文件请求(image、JS、CSS等)。这是不现实的。让Nginx处理静态文件,Kestrel处理动态请求。请更改以下配置块:
致: 将#Redirects all traffic location / { proxy_pass http://www.keecheeapp.com; limit_req zone=one burst=10 nodelay; }
更改为服务器上的实际文件夹/path/to/your/static/folder
编辑后,别忘了用
sudo Nginx-t
测试Nginx配置,然后用sudo systemctl reload Nginx.service
重新加载Nginx。我按照您的说明进行了操作,汤姆,谢谢您的建议。但问题肯定还在发生。我的意思是,它正常工作了大约10分钟,在syslog文件中没有出现任何错误。我没有做任何其他事情,我甚至没有手动重新启动nginx,但突然它又开始工作了。运行systemctl status nginx时,它始终显示active(正在运行),并且在日志中未发现任何错误消息。但是,当尝试打开站点时,由于在syslog中找不到消息,所以感觉来自的请求甚至没有到达服务器。这可能是DNS记录的问题?虽然我有必需的类型,例如:Type:A host:@和Value:my ip address,还有另一个类型:CNAME host:www和Value:@。所以我不确定到底发生了什么。您的DNS设置正确。要暂时绕过DNS问题,可以直接使用主机文件设置IP。如果你不知道怎么做,使用搜索引擎搜索类似“如何编辑主机文件”的内容。编辑后,您的计算机将不再对域执行DNS查询。它将使用您放入主机文件中的任何IP。您必须在主机文件中添加以下两行:11.22.33.44 keecheapp.com
和11.22.33.44 www.keecheapp.com
。请用服务器IP替换11.22.33.44
。要绕过浏览器缓存引起的问题,请清除缓存,然后在测试之前重新打开浏览器。再次确保没有proxy\u passhttp://www.keecheeapp.com;代码>在Nginx配置中。我做了一个错误,因为复制/粘贴了我的答案。因此位置块location@kestrel{…}
确实包含proxy\u passhttp://www.keecheeapp.com;代码>。我编辑了我的答案,将其更改为proxy\u passhttp://keecheeapp;代码>。常见提示:如果出现错误,请立即打开终端并ping您的域,查看错误是否由DNS引起。