無法在 Ubuntu Server 14.04 上訪問 LAMP Web 伺服器

**更新：**所以看來我可以從區域網路外的電腦訪問該網站，當我嘗試從與伺服器位於同一區域網路上的任何電腦上啟動時，我遇到了問題。從我讀過的內容來看，這似乎是一個 NAT 問題。我不完全理解這個問題，但我知道它與路由器如何處理試圖訪問實際上託管在連接到路由器的伺服器上的公共域的流量有關。我的路由器有一個 IP 觸發功能，據我記得它的用途可能是我需要配置的。

我正在嘗試通過在 VirtualBox 中設置測試伺服器 VM 並託管我自己的 WordPress 部落格來自學一些伺服器基礎知識。這主要是為我完成論文做準備，其中將包括一個我希望能夠自己主持的數字/網路版本。一切都很順利。我安裝了一個 LAMP，創建了幾個測試虛擬主機，安裝了 WordPress，並且能夠從我的 LAN 中訪問所有虛擬主機，包括帶有我的 WordPress 部落格的虛擬主機。我遇到麻煩的地方是嘗試將伺服器打開到 Internet。我使用本指南購買了一個域名並設置了動態 DNS（我使用的是 Comcast 住宅帳戶），這似乎可行，但對於我的生活來說，我似乎無法讓它正常工作，而且我已經離開了故障排除構想。

設置細節：

• 虛擬機所在的桌面執行的是 Windows 7，不確定您是否都需要硬體細節，但它是一款功能強大的遊戲機。
• 我正在為 VM 使用 VirtualBox，並設置了橋接連接。
• Ubuntu Server 14.04 是 VM 上的作業系統
• 使用 LAMP 設置，我將文件根目錄更改為 /srv，這對我來說更有意義。
• 使用 Namecheap.com 進行動態 DNS。我使用上面的指南進行了設置，並收到了成功消息。它還更新了 namecheap.com 主機設置中的 IP，所有這些都讓我相信我的動態 DNS 可能配置正確。
• 在我的路由器上，我轉發了埠 80、443 甚至 8080，以防萬一。我也將我的伺服器放在 DMZ 中，甚至嘗試將防火牆全部關閉。
• 我正在使用 Comcast 的調製解調器和路由器 2 合 1。它正在執行“eMTA 和 DOCSIS 軟體版本：7.6.116”。

不確定所有日誌/配置資訊會有所幫助，所以希望這不是矯枉過正……

Apache2.conf

# Global configuration
#

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"

# Trying to fix internet acessability issue...
# ServerName anarchoanthro.com <-- this got rid of that startup error, but              otherwise didn't work.

#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}

#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5


# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log

#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
       Options FollowSymLinks
       AllowOverride None
       Require all denied
</Directory>

<Directory /usr/share>
       AllowOverride None
       Require all granted
</Directory>

<Directory /var/www/>
       Options FollowSymLinks
       AllowOverride None
       Require all granted
</Directory>


<Directory /srv/>
       Options FollowSymLinks IncludesNOEXEC
       XBitHack on
       AllowOverride None
       Require all granted
</Directory>

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
       Require all denied
</FilesMatch>

#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

UserDir disabled root

埠.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 80
Listen 8080

<IfModule ssl_module>
       Listen 443
</IfModule>

<IfModule mod_gnutls.c>
       Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

my-wpsite.conf <– 這是唯一啟用的站點，我只是複制了 default.conf 並對其進行了編輯。

<VirtualHost *:80>
   # The ServerName directive sets the request scheme, hostname and port that
   # the server uses to identify itself. This is used when creating
   # redirection URLs. In the context of virtual hosts, the ServerName
   # specifies what hostname must appear in the request's Host: header to
   # match this virtual host. For the default virtual host (this file) this
   # value is not decisive as it is used as a last resort host regardless.
   # However, you must set it for any further virtual host explicitly.
   #ServerName www.example.com

   ServerAdmin johnbltz@gmail.com
   ServerName www.anarchoanthro.com
   ServerAlias anarchoanthro.com
   DocumentRoot /srv/wp-anarchoanthro

   # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
   # error, crit, alert, emerg.
   # It is also possible to configure the loglevel for particular
   # modules, e.g.
   #LogLevel info ssl:warn

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined

   # For most configuration files from conf-available/, which are
   # enabled or disabled at a global level, it is possible to
   # include a line for only one particular virtual host. For example the
   # following line enables the CGI configuration for this host only
   # after it has been globally disabled with "a2disconf".
   #Include conf-available/serve-cgi-bin.conf

   # Set /srv/testsite1/cgibin/ as CGI script directory.

   ScriptAlias "/cgi-bin/" "/srv/wp-anarchoanthro/cgi-bin/"

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

這是我的日誌。在抓住這些之前，我試圖載入我的部落格 anarchoanthro.com。另外我只包括今天的日誌，希望這會縮小範圍。

訪問日誌

95.134.193.184 - - [01/Aug/2015:04:17:41 -0500] "\x0fK\x17\xaf$W\xff'" 200 28811 "-" "-"
199.30.228.129 - - [01/Aug/2015:05:07:30 -0500] "GET / HTTP/1.1" 200 7795 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 GTB7.1"
38.105.109.12 - - [01/Aug/2015:05:12:36 -0500] "GET / HTTP/1.1" 200 29152 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:38 -0500] "GET / HTTP/1.1" 200 29151 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-content/themes/arcade-basic/library/js/html5.js HTTP/1.1" 200 2734 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.3 HTTP/1.1" 200 14953 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:39 -0500] "GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1" 200 96260 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1" 200 7506 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/bootstrap.min.js?ver=3.0.3 HTTP/1.1" 200 6980 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/fillsize.js?ver=4.2.3 HTTP/1.1" 200 2576 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/jquery.arctext.js?ver=4.2.3 HTTP/1.1" 200 10612 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
38.105.109.12 - - [01/Aug/2015:05:12:40 -0500] "GET /wp-content/themes/arcade-basic/library/js/theme.js?ver=4.2.3 HTTP/1.1" 200 3052 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
64.69.91.210 - - [01/Aug/2015:06:02:54 -0500] "GET / HTTP/1.1" 200 29128 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"
192.187.110.98 - - [01/Aug/2015:06:54:53 -0500] "GET http://testp2.czar.bielawa.pl/testproxy.php HTTP/1.1" 404 356 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
141.212.122.59 - - [01/Aug/2015:07:56:56 -0500] "CONNECT proxytest.zmap.io:80 HTTP/1.1" 200 27778 "-" "Mozilla/5.0 zgrab/0.x"
141.212.122.59 - - [01/Aug/2015:07:56:57 -0500] "GET / HTTP/1.1" 200 30504 "-" "Mozilla/5.0 zgrab/0.x"
104.238.194.164 - - [01/Aug/2015:09:32:09 -0500] "GET / HTTP/1.1" 200 29153 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"
46.172.71.251 - - [01/Aug/2015:12:12:51 -0500] "GET /rom-0 HTTP/1.1" 404 367 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

錯誤日誌

[Sat Aug 01 06:54:53.947240 2015] [:error] [pid 4035] [client 192.187.110.98:56439] script '/srv/wp-anarchoanthro/testproxy.php' not found or unable to stat
[Sat Aug 01 11:23:56.393436 2015] [mpm_prefork:notice] [pid 3918] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 11:23:57.476298 2015] [mpm_prefork:notice] [pid 4943] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 11:23:57.476333 2015] [core:notice] [pid 4943] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 01 12:30:02.492747 2015] [mpm_prefork:notice] [pid 4943] AH00169: caught SIGTERM, shutting down
[Sat Aug 01 12:30:03.513348 2015] [mpm_prefork:notice] [pid 5037] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Aug 01 12:30:03.513384 2015] [core:notice] [pid 5037] AH00094: Command line: '/usr/sbin/apache2'

other_vhosts_access.log

127.0.1.1:80 216.218.206.68 - - [01/Aug/2015:01:31:36 -0500] "\x16\x03\x01" 400 0 "-" "-"
127.0.1.1:80 141.212.122.42 - - [01/Aug/2015:03:15:26 -0500] "\x16\x03\x01" 400 0 "-" "-"
127.0.1.1:80 65.31.172.201 - - [01/Aug/2015:06:20:06 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"
127.0.1.1:80 50.77.106.104 - - [01/Aug/2015:06:44:22 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"
127.0.1.1:80 71.174.188.128 - - [01/Aug/2015:07:29:10 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"
127.0.1.1:80 98.251.14.214 - - [01/Aug/2015:09:31:43 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"
127.0.1.1:80 89.248.171.137 - - [01/Aug/2015:10:22:04 -0500] "\x16\x03\x01" 400 0 "-" "-"
anarchoanthro.com:80 177.206.182.186 - - [01/Aug/2015:12:08:54 -0500] "\x80F\x01\x03\x01" 400 0 "-" "-"

route命令的結果

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.0.0.1        0.0.0.0         UG    0      0        0 eth0
10.0.0.0        *               255.255.255.0   U     0      0        0 eth0

首先，我會檢查我是否可以從您 LAN 上的第二台 PC 訪問 Web 伺服器。您可能需要在hosts文件中添加一個條目來將域名映射到內部地址。這將確認伺服器已正確橋接並且沒有防火牆，並且可以路由到 LAN。

然後我會檢查伺服器是否有指向您的網關的預設路由。沒有它，它就無法回复——甚至無法確認——入站請求。

最後，我會在伺服器上執行一個網路嗅探器，例如 Wireshark，並監視來自 LAN 外部的受控連接。這將確認流量已正確路由。

一些 ISP，尤其是美國的 ISP，會阻止到埠 80 的流量。如果它適合您的情況，您也需要檢查一下。

http 需要 80 埠，https 需要 443 埠。您不需要 8080。您可能希望轉發或至少讓您的路由器響應 ping。

許多家庭路由器無法處理對其外部 IP 地址的內部請求，然後我們在內部轉發該請求。從您的測試中排除這種情況，至少在最初是這樣。

引用自：https://unix.stackexchange.com/questions/219654