python - nginx 小白， nginx 启动后 80 端口无法访问

Question

环境：阿里云 centos7

flask web 应用， gunicorn 已经启动，访问ip:8888正常访问

nginx 正常启动，无法直接访问 ip ，浏览器显示： This site can ’ t be reached

我有两个配置文件conf/nginx.conf, site-enable/kaoshixing.conf,内容分别如下：

user  root;

worker_processes        auto;
# worker_cpu_affinity     auto;

error_log   /home/admin/kaoshixing/nginx/logs/error.log;
pid         /home/admin/kaoshixing/nginx/logs/nginx.pid;

worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  20480;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    fastcgi_intercept_errors on;

    log_format milog '$server_addr\t$hostname\t$remote_addr\t$http_x_forwarded_for\t$time_local\t$request_uri\t$request_length\t$bytes_sent\t$request_time\t$status\t$upstream_addr\t$upstream_cache_status\t$upstream_response_time\t$http_user_agent\t';

    ####full-format log for debug
    log_format debug_log '$remote_addr\t$server_addr\t$hostname\t$time_local\t$host\t$request\t$status\t$body_bytes_sent\t$http_referer\t$http_user_agent\t$http_x_forwarded_for\t$request_uri\t$request_length\t$bytes_sent\t$request_body\t$request_time\t$upstream_response_time\t$upstream_addr\t$upstream_cache_status';

    access_log  /home/admin/kaoshixing/log/nginx/access.log  milog;

    sendfile        on;
    keepalive_timeout  65;

    client_max_body_size 120m;
    server_names_hash_bucket_size 128;

    proxy_headers_hash_bucket_size 128;
    proxy_headers_hash_max_size 8192;

    proxy_connect_timeout    10;
    proxy_read_timeout       120;
    proxy_send_timeout       120;
    proxy_buffer_size        16k;
    proxy_buffers            4 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;

    gzip on;
    gzip_types application/json application/x-json text/plain application/x-javascript text/css text/javascript application/xml text/xml  image/jpeg image/gif image/png;
    gzip_proxied     expired no-cache no-store private auth;
    gzip_min_length 1k;
    gzip_buffers 16 64k;
    gzip_http_version 1.1;
    gzip_comp_level 6;
    gzip_vary on;

    limit_req_zone $server_port zone=tp:500m rate=1700r/s;
    limit_req_zone $server_port zone=tps:500m rate=1100r/s;
    limit_req_zone $binary_remote_addr zone=tip:500m rate=100r/s;

    include /home/admin/kaoshixing/nginx/site-enable/*.conf;
}

*

upstream kaoshixing.com_backend{
       server 0.0.0.0:8888 weight=1 max_fails=2 fail_timeout=30s;
}


server {
   listen 80;
   server_name  www.kaoshixing.com;

   access_log /home/admin/kaoshixing/nginx/logs/ksxing.com.log milog;

   location / {
       proxy_set_header Host $host;
       proxy_set_header X-Forwarded-For $remote_addr;
       proxy_pass http://kaoshixing.com_backend;
   }

}

server {
       listen 443 ssl;
       server_name www.kaoshixing.com;
       access_log /home/admin/kaoshixing/nginx/logs/ksxing.com.log milog;

       ssl on;
       ssl_certificate         ssl/kaoshixing.com.crt;
       ssl_certificate_key     ssl/kaoshixing.com.key;

       ssl_session_cache  shared:SSL:80m;
       ssl_session_timeout  5m;
       ssl_protocols  SSLv2 SSLv3 TLSv1;
       ssl_ciphers RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
       ssl_prefer_server_ciphers   on;

       location / {
               proxy_set_header Host $host;
               proxy_set_header X-Forwarded-For $remote_addr;
               proxy_pass http://kaoshixing.com_backend;
               proxy_redirect http://www.kaoshixing.com https://www.kaoshixing.com;
       }

}

server {
   listen 80;
   server_name  kaoshixing.com;

   access_log /home/admin/kaoshixing/nginx/logs/ksxing.com.log milog;

   location / {
       rewrite ^(.*) http://www.$host$1 redirect;
   }

}

Answer 1

Have you tried nginx -t to check whether the configuration file is correct?

Answer 2

See that both http and https are configured with the same server_name. Try configuring port 80 into https and see if it works
server {
listen 80;
listen 443 ssl;
...
}

Answer 3

Because you set it up server_name ，所以nginx只监听域名，不监听ip。换句话说，nginx不知道自己的外网ip，它会从配置文件中获得信息。
简单的解决办法是删除 server_name 。
也可以这样 server_name 1.1.1.1 www.kaoshixing.com; just so that pan-domain name resolution cannot be performed.

Answer 4

Because you have set server_name in all server blocks, when the browser accesses it, nginx will match the server_name one by one. If none of them match (access using IP), nginx will use default_server, but you have not set default_server. The problem may be What's wrong with this? Try changing a server block to this?

server {
   listen 80 default_server;
   server_name  www.kaoshixing.com;

(Also, port 80 may be occupied by other programs)

Answer 5

Consider Alibaba Cloud’s security policy and CentOS7’s firewall policy.
CentOS7 does not open port 80 by default.

Answer 6

Confirm whether it is a configuration problem that causes nginx to fail to start, or whether the external network telnet 80 is blocked. What I encounter is usually due to firewall settings or 80 being occupied by apache installed in the default vps.

Answer 7

Port 80 of domestic cloud vendors needs to be registered before they can be released.
Also check the security group policy and VPC firewall separately.