今天发生一件奇怪的事情,首先是阿里云的数字DV证书中pgj.bw580.com和acc.bw580.com无缘无故的消失了,
接着查看https://pgj.bw580.com/css/chunk-ceb11154.aefc15d8.css,在跳板机中可以访问到该资源,但是通过外网能够访问。
通过防火墙,设置端口映射,将服务映射出来,静态资源可以访问,看来访问不了应该跟域名有关系。
css等静态资源不能下载,一直处于pengding状态,请求无法到后台。
使用get请求,https://pgj.bw580.com/?userId=sss&token=xxx,可以获取到资源,
说明域名解析没有问题,但是静态资源却无法下载,难道是nginx哪里有限制了,但这个很久没有动了。
域名的问题,经过排查,发现是因为DV证书归属到公司不同的阿里云账号,因此阿里云是没有问题的。剩下的问题是自己需要解决的
从笔记本上抓包没有啥用
通过haproxy登录进去,执行命令tcpdump -i eth0 -nn -X tcp port 443 and src host 171.43.235.23
请求进来了,但是静态资源无法访问,问题还是在nginx中。
同样的配置,在内网,通过域名pgj.bw580.com可以很快访问
在内网可以访问的时候,查看nginx的日志
{"@timestamp":"2023-06-17T11:13:09+08:00","@source":"10.101.10.yy","hostname":"server-10-163","ip":"10.101.10.zz","client":"10.101.10.zz","request_method":"GET","scheme":"https","domain":"pgj.bw580.com","referer":"-","request":"/css/index.69fccc1f.css","args":"-","size":0,"status": 304,"responsetime":0.008,"upstreamtime":"0.008","upstreamaddr":"10.101.10.xx:31005","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36","https":"on","@version":"1","http_host":"pgj.bw580.com","url":"/css/index.69fccc1f.css"}
公网中,其他的地址(例如acc.bw580.com)都很快能否访问
检查nginx配置,应该是没有问题,这样的问题确实苦恼
server {
listen 80;
server_name pgj.bw580.com;
return 301 https://$server_name$request_uri;
}
server {
#listen 80;
listen 443 ssl http2;
client_max_body_size 100M;
charset utf-8;
#ssl on;
#ssl off;
limit_req zone=allips burst=50 nodelay;
limit_conn perip 2000 ;
limit_conn perserver 3000 ;
limit_rate 300k;
server_name pgj.bw580.com;
ssl_certificate /app/nginx/nginx/conf/bw580.com/crt/pgj.bw580.com.pem;
ssl_certificate_key /app/nginx/nginx/conf/bw580.com/crt/pgj.bw580.com.key;
ssl_session_cache shared:SSL:10m;
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
index index.jsp default.jsp index.do default.do index.html index.htm index.php forum.php;
#nginx日志
#access_log logs/access.log main;
#access_log logs/pgj.bw580.com.log main;
#json日志
access_log jsonlogs/pgj.bw580.com.log logstash_json;
location / {
proxy_pass http://pgj.bw580.com_pssl;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico|svg|flv|xml)(.*)$
{
expires 15d;
proxy_pass http://pgj.bw580.com_pssl;
}
location ~ .*\.(js|css|gzcss|gzjs)(.*)$
{
expires 1d;
proxy_pass http://pgj.bw580.com_pssl;
}
location /(WEB-INF)/ {
deny all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico|svg|flv|js|css|gzcss|gzjs)?$
{
if (-f $request_filename) {
expires 1d;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
