Astaar's questions

我在 Windows（开发机器）上使用 nginx 1.6.2，我有一个问题，它总是会为任何文件的标题返回一个text/plain值。Content-Type这是一个问题，因为浏览器不会渲染 CSS、计算 JS 等。

默认情况下，我没有默认的 nginx.config 文件（与 Linux 不同），所以我必须从头开始构建它，同时保持它的最小化。通常我的问题是通过包含来解决的，etc/nginx/mime.types所以我从我拥有的 CentOS 服务器复制/粘贴了该文件。但它似乎没有任何效果。我试图故意使包含路径错误，这引发了错误，所以我认为当我使它正确时它实际上被正确解析了。

所以我完全不知道为什么 nginx 会为我的每一笔罚款都返回 text/plain。

这是我的 nginx.conf 文件：

events {
  worker_connections  1024;
}

http {
    include     D:/dev/nginx/mime.types;

    expires off;

    default_type application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  D:/dev/nginx/logs/access.log  main;
    error_log  D:/dev/nginx/logs/error.log;


    upstream backend  {
        server localhost:62755;
    }

    server {
        listen      80;
        server_name localhost;

        client_body_temp_path      D:/dev/nginx/client_body_temp;
        proxy_temp_path            D:/dev/nginx/proxy_temp;


        location / {
            root D:/dev/frontend/src;
            index index.html;
        }

        location /api {
            proxy_pass http://backend;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $host;
        }
    }
}

我遇到了一个奇怪的问题，我的服务器现在拒绝进行 DNS 查找（使用绑定）。我使用 CentOS 机器作为 OpenVPN 网关并向客户端提供 DNS 服务。一个月以来，一切都按预期正常工作，而今天 DNS 服务不再工作。没有对配置进行任何更改...

这是 named.conf 文件：

options {
        # Hide bind version
        version "Not shown";
        # Listen only on localhost and VPN gateway IPv4
        listen-on port 53 { 127.0.0.1; 10.44.3.1; };
        listen-on-v6 port 53 { ::1; };

        # Forward requests to Google public DNS
        forwarders { 8.8.8.8; 8.8.4.4; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; crypto; };
        allow-recursion { localhost; crypto; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

acl crypto{
        10.44.3.0/29; // SSL VPN
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

注意 ACL ：服务器必须只为来自 10.44.3.0/29 子网的客户端（10.44.3.1-10.44.3.6 IP 范围，.1 是网关）提供服务。现在，当我让客户端建立 VPN 隧道，然后监控 DNS 解析时，我可以看出它由于 ICMP 错误消息而被拒绝：

    [root@vps50300 ~]# tcpdump -i tun0 host 10.44.3.6
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
    10:10:16.735977 IP 10.44.3.6.61219 > 10.44.3.1.domain: 1+ PTR? 1.3.44.10.in-addr.arpa. (40)
    10:10:16.736038 IP 10.44.3.1 > 10.44.3.6: ICMP host 10.44.3.1 unreachable - admin prohibited, length 76
    10:10:18.736269 IP 10.44.3.6.61220 > 10.44.3.1.domain: 2+ A? www.google.com. (32)
    10:10:18.736330 IP 10.44.3.1 > 10.44.3.6: ICMP host 10.44.3.1 unreachable - admin prohibited, length 68
    10:10:20.737701 IP 10.44.3.6.61221 > 10.44.3.1.domain: 3+ AAAA? www.google.com. (32)
    10:10:20.737758 IP 10.44.3.1 > 10.44.3.6: ICMP host 10.44.3.1 unreachable - admin prohibited, length 68
    10:10:22.738068 IP 10.44.3.6.61222 > 10.44.3.1.domain: 4+ A? www.google.com. (32)
    10:10:22.738154 IP 10.44.3.1 > 10.44.3.6: ICMP host 10.44.3.1 unreachable - admin prohibited, length 68
    10:10:24.737910 IP 10.44.3.6.61223 > 10.44.3.1.domain: 5+ AAAA? www.google.com. (32)
    10:10:24.737965 IP 10.44.3.1 > 10.44.3.6: ICMP host 10.44.3.1 unreachable - admin prohibited, length 68

最后但并非最不重要的一点是，我认为我的 iptable 看起来是正确的（来自 10.44.3.0/29 的所有流量都被接受并转发）：

[root@vps50300 ~]# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
1897K  320M ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
 229K   14M ACCEPT     icmp --  any    any     anywhere             anywhere            
10957  820K ACCEPT     all  --  lo     any     anywhere             anywhere            
 7128  421K ACCEPT     tcp  --  venet0 any     anywhere             anywhere            tcp dpt:http state NEW 
 7166  425K ACCEPT     tcp  --  venet0 any     anywhere             anywhere            tcp dpt:https state NEW 
14457  819K ACCEPT     tcp  --  venet0 any     anywhere             anywhere            tcp dpt:ssh state NEW 
   59  2636 ACCEPT     tcp  --  venet0 any     anywhere             anywhere            tcp dpt:ftp state NEW 
    0     0 ACCEPT     tcp  --  venet0 any     anywhere             anywhere            tcp dpt:45632 state NEW 
    0     0 ACCEPT     tcp  --  venet0 any     anywhere             anywhere            tcp dpt:45633 state NEW 
   16  1120 ACCEPT     udp  --  venet0 any     anywhere             anywhere            udp dpt:openvpn state NEW 
47288 3095K REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
4062K 3220M ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
43961 2562K ACCEPT     all  --  any    any     10.44.3.0/29         anywhere            
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 3107K packets, 3306M bytes)
 pkts bytes target     prot opt in     out     source               destination         

但是自从我收到 ICMP 管理员禁止消息后，我似乎仍然违反了其中一条规则？

我不确定如何解决这个问题，任何建议将不胜感激。

我在这个网站和其他地方查看了很多不同的页面，但我找不到任何解决这个问题的方法，我花了一个下午的时间。

我想在 VPS CentOS 6.5 机器上设置 OpenVPN 服务器。我已经成功地做到了，我能够建立到服务器的隧道，ping 远程网关 IP 地址等。但是我无法从 VPN 访问 Internet。经过大量时间对 OpenVPN 配置进行故障排除后，我认为问题出在 VPS 本身，因为 tun0 接口本身无法访问 Internet（因此它不能很好地路由它！）。

如果我尝试从 tun0 (OpenVPN) 接口访问 Internet，它不起作用：

[root@vps3580 ~]# ping -I tun0 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.44.3.1 tun0: 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5301ms

如果我从默认接口 (venet0:0) ping 它工作正常：

[root@vps3580 ~]# ping -I venet0:0 8.8.8.8
Warning: cannot bind to specified iface, falling back: No such device
PING 8.8.8.8 (8.8.8.8) from 37.187.42.146 venet0:0: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=49 time=10.0 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=49 time=10.0 ms
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1793ms
rtt min/avg/max/mdev = 10.038/10.056/10.074/0.018 ms

这就是我的ifconfig样子（我修改了这篇文章的公共 IP）：

[root@vps3580 ~]# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:5013190 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5013190 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:677461812 (646.0 MiB)  TX bytes:677461812 (646.0 MiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.44.3.1  P-t-P:10.44.3.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:2004 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1287 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:223030 (217.8 KiB)  TX bytes:329848 (322.1 KiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          inet6 addr: 2001:41d0:52:100::e84/56 Scope:Global
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:1027193 errors:0 dropped:0 overruns:0 frame:0
          TX packets:878383 errors:0 dropped:318 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:508829024 (485.2 MiB)  TX bytes:133008265 (126.8 MiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:73.83.42.22  P-t-P:73.83.42.22  Bcast:37.187.43.255  Mask:255.255.252.0
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

还有我的路线：

[root@vps3580~]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.44.3.2       *               255.255.255.255 UH    0      0        0 tun0
10.44.3.0       10.44.3.2       255.255.255.248 UG    0      0        0 tun0
73.83.42.22     *               255.255.252.0   U     0      0        0 venet0
link-local      *               255.255.0.0     U     0      0        0 *
link-local      *               255.255.0.0     U     1002   0        0 venet0
198.18.0.0      *               255.254.0.0     U     0      0        0 *
172.16.0.0      *               255.240.0.0     U     0      0        0 *
default         *               255.0.0.0       U     0      0        0 *
default         *               0.0.0.0         U     0      0        0 venet0

我怀疑其中一条路线有问题，但我不知道是什么。当traceroute我得到这个时：

[root@vps3580~]# traceroute -i tun0 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
 [...]
30  * *

我不熟悉“tun”接口，我已经为此苦苦挣扎了几个小时，真的希望有人能帮我解决这个问题！

编辑：防火墙规则：

[root@vps3580~]# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -i venet0 -p udp -m udp --dport 1194 -m state --state NEW -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.44.3.0/29 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

当试图mysqld在 CentOS 6.5 机器上启动恶魔时，我收到以下错误：

[root@hardin ~]# service mysqld start
Another MySQL daemon already running with the same unix socket.
Starting mysqld:                                           [FAILED]

这很奇怪，因为服务没有启动（它被配置为在默认端口上运行）：

[root@hardin ~]# service mysqld status
mysqld is stopped

我不确定如何找到导致问题的 Unix 套接字：

Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  10     [ ]         DGRAM                    12056  /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     8720   @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     12878  /var/run/mcelog-client
unix  2      [ ]         DGRAM                    9289   @/org/kernel/udev/udevd
unix  2      [ ]         DGRAM                    12440  @/org/freedesktop/hal/udev_event
unix  2      [ ACC ]     STREAM     LISTENING     12275  /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     13128  /var/run/abrt/abrt.socket
unix  2      [ ACC ]     STREAM     LISTENING     12415  @/var/run/hald/dbus-jQMFHN9EAI
unix  2      [ ACC ]     STREAM     LISTENING     12408  @/var/run/hald/dbus-YQIZ9h7s4Q
unix  2      [ ACC ]     STREAM     LISTENING     12371  /var/run/acpid.socket
unix  2      [ ]         DGRAM                    14119
unix  3      [ ]         STREAM     CONNECTED     13579  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     13578
unix  2      [ ]         DGRAM                    13521
unix  3      [ ]         STREAM     CONNECTED     13493
unix  3      [ ]         STREAM     CONNECTED     13492
unix  2      [ ]         DGRAM                    13130
unix  2      [ ]         DGRAM                    13058
unix  2      [ ]         DGRAM                    13023
unix  2      [ ]         DGRAM                    12875
unix  2      [ ]         DGRAM                    12840
unix  3      [ ]         STREAM     CONNECTED     12773  /var/run/acpid.socket
unix  3      [ ]         STREAM     CONNECTED     12772
unix  3      [ ]         STREAM     CONNECTED     12767  @/var/run/hald/dbus-YQIZ9h7s4Q
unix  3      [ ]         STREAM     CONNECTED     12766
unix  3      [ ]         STREAM     CONNECTED     12716  @/var/run/hald/dbus-YQIZ9h7s4Q
unix  3      [ ]         STREAM     CONNECTED     12634
unix  3      [ ]         STREAM     CONNECTED     12714  @/var/run/hald/dbus-YQIZ9h7s4Q
unix  3      [ ]         STREAM     CONNECTED     12534
unix  3      [ ]         STREAM     CONNECTED     12435  @/var/run/hald/dbus-jQMFHN9EAI
unix  3      [ ]         STREAM     CONNECTED     12434
unix  3      [ ]         STREAM     CONNECTED     12410  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     12409
unix  2      [ ]         DGRAM                    12375
unix  3      [ ]         STREAM     CONNECTED     12295  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     12294
unix  3      [ ]         STREAM     CONNECTED     12289
unix  3      [ ]         STREAM     CONNECTED     12288
unix  3      [ ]         DGRAM                    9308
unix  3      [ ]         DGRAM                    9307

我用这个盒子作为一个 Git 服务器，运行 GitLab，它曾经可以工作。冷启动后它不再工作，因为由于unicorn上述原因无法连接到 MySQL：

/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/mysql2-0.3.11/lib/mysql2/client.rb:44:in `connect': Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111) (Mysql2::Error)

我想知道如何解决这个问题并找到 MySQL 端口上正在运行的服务。

我已经在 CentOS 上编译并安装了 Mono 3.0.6、XSP 和 mod_mono，主要遵循这些说明。

我的 VHOST 配置如下：

<VirtualHost *:80>
        ServerAdmin [email protected]
        DocumentRoot /var/www/mvcgui/wwwroot
        ServerName 192.168.40.132
#       ServerAlias example.com
        ErrorLog /var/www/mvcgui/error.log
        CustomLog /var/www/mvcgui/requests.log combined
        MonoServerPath mvcgui "/opt/mono/bin/mod-mono-server4"
        MonoDebug mvcgui true
        MonoSetEnv mvcgui MONO_IOMAP=all
        MonoApplications mvcgui "/:/var/www/mvcgui/wwwroot"
</VirtualHost>

但是，当我尝试启动 httpd 服务时，出现错误：

Invalid command 'MonoServerPath', perhaps misspelled or defined by a module not included in the server configuration

所以我认为我的 mod_mod 没有加载，但我确实有一个 /etc/httpd/conf/mod_mono.conf 配置如下：

[root@dev-server httpd]# cat /etc/httpd/conf/mod_mono.conf
# mod_mono.conf

# Achtung! This file may be overwritten
# Use 'include mod_mono.conf' from other configuration file
# to load mod_mono module.

<IfModule !mod_mono.c>
    LoadModule mono_module /usr/lib/httpd/modules/mod_mono.so
</IfModule>

<IfModule mod_headers.c>
    Header set X-Powered-By "Mono"
</IfModule>

AddType application/x-asp-net .aspx
AddType application/x-asp-net .asmx
AddType application/x-asp-net .ashx
AddType application/x-asp-net .asax
AddType application/x-asp-net .ascx
AddType application/x-asp-net .soap
AddType application/x-asp-net .rem
AddType application/x-asp-net .axd
AddType application/x-asp-net .cs
AddType application/x-asp-net .vb
AddType application/x-asp-net .master
AddType application/x-asp-net .sitemap
AddType application/x-asp-net .resources
AddType application/x-asp-net .skin
AddType application/x-asp-net .browser
AddType application/x-asp-net .webinfo
AddType application/x-asp-net .resx
AddType application/x-asp-net .licx
AddType application/x-asp-net .csproj
AddType application/x-asp-net .vbproj
AddType application/x-asp-net .config
AddType application/x-asp-net .Config
AddType application/x-asp-net .dll
DirectoryIndex index.aspx
DirectoryIndex Default.aspx
DirectoryIndex default.aspx
[root@dev-server httpd]#

我究竟做错了什么？我在这上面花了几个小时，我在这里和网络的其他部分看了很多讨论，但似乎没有什么能解决我的问题。

我正在 CentOS 6.3 下配置 Apache 服务器。我想把我的应用程序放进去

/var/www/html/<myApp>

但该目录归 root 所有。如何正确配置访问权限，以便我可以从 FTP 客户端将文件发布到该目录？

最初我想把我的文件放在 /home/myApp/wwwroot 下，但是这给出了错误消息，因为在 CentOS 下你应该把你的文件放在 /var/www/html 下

配置这个的正确方法是什么？