nginx 无法访问运行FusionPBX的debian上的django服务器

qlvxas9a  于 2022-12-17  发布在  Nginx
关注(0)|答案(1)|浏览(210)

我有一个运行fusionPBX的Debian服务器,我使用this官方脚本安装它。它使用nginx来托管应用程序,我尝试在nginx的配置文件中添加另一个服务器(Django)来支持在同一台机器上运行的另一个服务器。
我尝试使用命令sudo ufw allow 8000打开端口8000
当我使用Nmap从另一台机器到此FusionPBX服务器时,我确实看到了端口。

$ nmap ipaddrress
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-16 20:54 UTC
Nmap scan report for ipaddrress.de-fra1.upcloud.host (ipaddrress)
Host is up (0.00015s latency).
Not shown: 992 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
5060/tcp open  sip
5080/tcp open  onscreen
7443/tcp open  oracleas-https
8000/tcp open  http-alt
8001/tcp open  vcom-tunnel

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

即使我使用常规命令python manage.py runserver 0.0.0.0:8000python manage.py runserver 127.0.0.1:8000启动服务器,它也不工作。
在Ubuntu中,我所要做的就是sudo ufw allow 8000,然后python manage.py runserver 0.0.0.0:8000,它按预期工作。
python manage.py runserver 0.0.0.0:8000这是我们如何启动一个django服务器,其中0.0.0.0是IP,8000是端口。以防有人混淆:)
我的Nginx配置

server {
    listen 127.0.0.1:80;
    server_name 127.0.0.1;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    client_max_body_size 80M;
    client_body_buffer_size 128k;

    location / {
        root /var/www/fusionpbx;
        index index.php;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
    }

    # Allow the upgrade routines to run longer than normal
    location = /core/upgrade/index.php {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_read_timeout 15m;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
    }

    # Disable viewing .htaccess & .htpassword & .db & .git
    location ~ .htaccess {
        deny all;
    }
    location ~ .htpassword {
        deny all;
    }
    location ~^.+.(db)$ {
        deny all;
    }
    location ~ /\.git {
        deny all;
    }
    location ~ /\.lua {
        deny all;
    }
    location ~ /\. {
        deny all;
    }
}

server {
    listen 80;
    server_name fusionpbx;

    #redirect letsencrypt to dehydrated
    location ^~ /.well-known/acme-challenge {
        default_type "text/plain";
        auth_basic "off";
        alias /var/www/dehydrated;
    }

    #rewrite rule - send to https with an exception for provisioning
    if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) {
        rewrite ^(.*) https://$host$1 permanent;
        break;
    }

    #REST api
    if ($uri ~* ^.*/api/.*$) {
        rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
        break;
    }

    #algo
    rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;

    #mitel
    rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
    rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;

    #grandstream
    rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
    rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
    #grandstream-wave softphone by ext because Android doesn't pass MAC.
    rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;

    #aastra
    rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
    #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;

    #yealink
    #rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
    rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;

    #polycom
    rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
    #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
    rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";

    #cisco
    rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
    rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;

    #Escene
    rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
    rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;

    #Vtech
    rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
    rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

    #Digium
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";

    #Snom
    rewrite "^.*/provision/-([A-Fa-f0-9]{12})?$" /app/provision/index.php?mac=$1;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    client_max_body_size 80M;
    client_body_buffer_size 128k;

    location / {
        root /var/www/fusionpbx;
        index index.php;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_read_timeout 15m;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
    }

    # Allow the upgrade routines to run longer than normal
    location = /core/upgrade/index.php {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_read_timeout 15m;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
    }

    # Disable viewing .htaccess & .htpassword & .db & .git
    location ~ .htaccess {
        deny all;
    }
    location ~ .htpassword {
        deny all;
    }
    location ~^.+.(db)$ {
        deny all;
    }
    location ~ /\.git {
        deny all;
    }
    location ~ /\.lua {
        deny all;
    }
    location ~ /\. {
        deny all;
    }
}

server {
    listen 443 ssl;
    #listen 443 ssl http2;
    server_name fusionpbx;

    ssl_certificate         /etc/ssl/certs/nginx.crt;
    ssl_certificate_key     /etc/ssl/private/nginx.key;
    #ssl_protocols           TLSv1.2 TLSv1.3;
    ssl_protocols           TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers             DHE-RSA-AES256-SHA:AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_cache       shared:SSL:40m;
    ssl_session_timeout     2h;
    ssl_session_tickets     off;

    #redirect letsencrypt to dehydrated
    location ^~ /.well-known/acme-challenge {
        default_type "text/plain";
        auth_basic "off";
        alias /var/www/dehydrated;
    }

    #REST api
    if ($uri ~* ^.*/api/.*$) {
        rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
        break;
    }

    #message media
    rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;

    #algo
    rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;

    #mitel
    rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
    rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;

    #grandstream
    rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
    rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
    #grandstream-wave softphone by ext because Android doesn't pass MAC.
    rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;

    #aastra
    rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
    #rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;

    #yealink
    #rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
    rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;

    #polycom
    rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
    #rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
    rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";

    #cisco
    rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
    rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;

    #Escene
    rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$"       "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
    rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$"    "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;

    #Vtech
    rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
    rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;

    #Digium
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
    rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    client_max_body_size 80M;
    client_body_buffer_size 128k;

    location / {
        root /var/www/fusionpbx;
        index index.php;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_read_timeout 15m;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
    }

    # Allow the upgrade routines to run longer than normal
    location = /core/upgrade/index.php {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        fastcgi_read_timeout 15m;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
    }

    # Disable viewing .htaccess & .htpassword & .db & .git
    location ~ .htaccess {
        deny all;
    }
    location ~ .htpassword {
        deny all;
    }
    location ~^.+.(db)$ {
        deny all;
    }
    location ~ /\.git {
        deny all;
    }
    location ~ /\.lua {
        deny all;
    }
    location ~ /\. {
        deny all;
    }
}

server {
    listen 8000;
    server_name 127.0.0.1 0.0.0.0 fusionpbx 94.237.97.9;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /home/freeswitch/freeswitch_api/django_api;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/freeswitch/freeswitch_api/django_api/django_api.sock;
    }
}

我添加的块

server {
    listen 8000;
    server_name (IP OF MY SERVER);

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /home/freeswitch/freeswitch_api/django_api;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/freeswitch/freeswitch_api/django_api/django_api.sock;
    }
}

FusionPBX是否以某种方式阻止了连接?
我不知道我错过了什么,任何帮助都很感激。
最新消息:
所以我尝试使用iptables打开端口,下面是我所做的
sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
sudo iptables-save
sudo service iptables restart
输出

$ sudo iptables-save
sudo: unable to resolve host debian-1cpu-1gb-de-fra1: Name or service not known
# Generated by iptables-save v1.8.7 on Fri Dec 16 22:39:51 2022
*filter
:INPUT DROP [1:44]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [350:25243]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "pplsip" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "system " --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "system " --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "exec." --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "exec." --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5060:5091 -j ACCEPT
-A INPUT -p udp -m udp --dport 5060:5091 -j ACCEPT
-A INPUT -p udp -m udp --dport 16384:32768 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
COMMIT
# Completed on Fri Dec 16 22:39:51 2022
# Generated by iptables-save v1.8.7 on Fri Dec 16 22:39:51 2022
*mangle
:PREROUTING ACCEPT [8231:612573]
:INPUT ACCEPT [8231:612573]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8325:642913]
:POSTROUTING ACCEPT [8325:642913]
-A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 0x2e
-A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 0x1a
-A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 0x1a
COMMIT
# Completed on Fri Dec 16 22:39:51 2022

sudo iptables -L

$ sudo iptables -L
sudo: unable to resolve host debian-1cpu-1gb-de-fra1: Name or service not known
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
DROP       udp  --  anywhere             anywhere             udp dpts:sip:5091 STRING match  "friendly-scanner" ALGO name bm TO 65535 ICASE
DROP       tcp  --  anywhere             anywhere             tcp dpts:sip:5091 STRING match  "friendly-scanner" ALGO name bm TO 65535 ICASE
DROP       udp  --  anywhere             anywhere             udp dpts:sip:5091 STRING match  "sipcli/" ALGO name bm TO 65535 ICASE
DROP       tcp  --  anywhere             anywhere             tcp dpts:sip:5091 STRING match  "sipcli/" ALGO name bm TO 65535 ICASE
DROP       udp  --  anywhere             anywhere             udp dpts:sip:5091 STRING match  "VaxSIPUserAgent/" ALGO name bm TO 65535 ICASE
DROP       tcp  --  anywhere             anywhere             tcp dpts:sip:5091 STRING match  "VaxSIPUserAgent/" ALGO name bm TO 65535 ICASE
DROP       udp  --  anywhere             anywhere             udp dpts:sip:5091 STRING match  "pplsip" ALGO name bm TO 65535 ICASE
DROP       tcp  --  anywhere             anywhere             tcp dpts:sip:5091 STRING match  "pplsip" ALGO name bm TO 65535 ICASE
DROP       udp  --  anywhere             anywhere             udp dpts:sip:5091 STRING match  "system " ALGO name bm TO 65535 ICASE
DROP       tcp  --  anywhere             anywhere             tcp dpts:sip:5091 STRING match  "system " ALGO name bm TO 65535 ICASE
DROP       udp  --  anywhere             anywhere             udp dpts:sip:5091 STRING match  "exec." ALGO name bm TO 65535 ICASE
DROP       tcp  --  anywhere             anywhere             tcp dpts:sip:5091 STRING match  "exec." ALGO name bm TO 65535 ICASE
DROP       udp  --  anywhere             anywhere             udp dpts:sip:5091 STRING match  "multipart/mixed;boundary" ALGO name bm TO 65535 ICASE
DROP       tcp  --  anywhere             anywhere             tcp dpts:sip:5091 STRING match  "multipart/mixed;boundary" ALGO name bm TO 65535 ICASE
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7443
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:sip:5091
ACCEPT     udp  --  anywhere             anywhere             udp dpts:sip:5091
ACCEPT     udp  --  anywhere             anywhere             udp dpts:16384:32768
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp dpt:openvpn

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

x1米10英寸1x

$sudo iptables -S
sudo: unable to resolve host debian-1cpu-1gb-de-fra1: Name or service not known
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "pplsip" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "system " --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "system " --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "exec." --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "exec." --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5060:5091 -j ACCEPT
-A INPUT -p udp -m udp --dport 5060:5091 -j ACCEPT
-A INPUT -p udp -m udp --dport 16384:32768 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT

x1米11米1x

$ netstat -tulpn
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:44653         0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -                   
tcp        0      0 94.237.97.9:7443        0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:8021          0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 94.237.97.9:5080        0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN      8542/python         
tcp        0      0 94.237.97.9:5060        0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:4040          0.0.0.0:*               LISTEN      7759/./ngrok        
tcp        0      0 94.237.97.9:5066        0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:45931         0.0.0.0:*               LISTEN      1346/node           
tcp6       0      0 :::22                   :::*                    LISTEN      -                   
tcp6       0      0 ::1:5432                :::*                    LISTEN      -                   
tcp6       0      0 ::1:25                  :::*                    LISTEN      -                   
tcp6       0      0 2a04:3542:1000:910:5060 :::*                    LISTEN      -                   
udp        0      0 94.237.97.9:5080        0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:68              0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:68              0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:161             0.0.0.0:*                           -                   
udp        0      0 94.237.97.9:5060        0.0.0.0:*                           -                   
udp6       0      0 2a04:3542:1000:910:5060 :::*                                -
sbtkgmzw

sbtkgmzw1#

确保Django服务器正在运行并监听正确的IP地址和端口。您可以通过运行以下命令来检查:netstat -tulpn
检查Django服务器和nginx服务器的日志中是否有任何错误消息或可能导致问题的线索。
验证您为Django服务器添加的nginx配置文件是否正确,确保服务器块被正确配置为将请求代理到Django服务器,并通过将其包含在http块中启用服务器块。
确保没有防火墙规则或其他安全措施阻止对Django服务器的访问。
我希望这些建议能帮助您让Django服务器在FusionPBX上正常运行。如果您仍然遇到问题,请提供更多关于您所采取的具体步骤和遇到的错误信息。

相关问题