开发者社区> 问答> 正文

nginx+tomcat+iptables,80端口只能访问静态资源,访问不到tomcat,什么原因?

落地花开啦 2016-05-31 10:29:44 2371

centos中nginx+tomcat+iptables,80端口只能访问静态资源,访问不到tomcat, 但单独访问tomcat的端口可以访问到,不知道是为什么,

  1. 如果不加iptables,则可以正常访问nginx,也可以代理到tomcat,加上就不行了。
  2. nginx.conf中proxy_pass http://localhost:8080;修改为127.0.0.1:8080,tomcat中server.xml中Host的localhost修改为127.0.0.1后, nginx也代理不到tomcat。
    Nginx配置:
user  www www;
worker_processes  1;
 events {
    use epoll;
    worker_connections  1024;
}
  http {
    include       mime.types;
    default_type  application/octet-stream;
    server_tokens off; 
    sendfile        on;
    #tcp_nopush     on; 
    keepalive_timeout  65;
    include gzip.conf; 
    server {
        listen       80;
        server_name  localhost; 
        location / {
            deny all;
        } 
        location ~ ^/NginxStatus {
            stub_status on;
            access_log off;
            allow   127.0.0.1;
            deny    all;
        } 
    } 
    server {
        listen 80;
        server_name 115.48.125.155; 
        access_log  logs/tojsp.log; 
    location ~ ^/NginxStatus {
            stub_status on;
            access_log off;
        } 
    location ~ ^/(WEB-INF)/ {
            deny all;
        }
        location ~ \.(htm|html|gif|jpg|jpeg|png|ico|rar|css|js|zip|txt|flv|swf|doc|ppt|xls|pdf)$ {
            root /data/tomcat;
        access_log off;
            expires 24h;
        } 
        location / {
            proxy_pass http://localhost:8080;
            include proxy.conf;
        } 
    error_page 502 503 /502.html;
    error_page 404 /404.html;
    error_page 403 /403.html;
    }
}
proxy_redirect          off;
proxy_set_header        Host $host;
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   300;
proxy_send_timeout      300;
proxy_read_timeout      300;
proxy_buffer_size       4k;
proxy_buffers           4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

iptables配置:

[root@xxx mysh]#iptables -L -n --line-number
Chain INPUT (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     all  --  127.0.0.1            127.0.0.1           
2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080
6    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:31337 
7    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:31335 
 
Chain FORWARD (policy DROP)
num  target     prot opt source               destination         
 
Chain OUTPUT (policy DROP)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          
3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:22 
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:8080 
5    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:31337 
6    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:31335

其中
Chain FORWARD (policy DROP) 修改为 ACCEPT也不行

求有经验朋友帮解决,

网络协议 前端开发 JavaScript 应用服务中间件 Linux 区块链 nginx
分享到
取消 提交回答
全部回答(1)
  • 落地花开啦
    2019-07-17 19:21:28

    添加本地回路 允许
    iptables -A INPUT -i lo -j ACCEPT

    0 0

集结各类场景实战经验,助你开发运维畅行无忧

推荐文章
相似问题
推荐课程