项目需要访问单点认证的网址 单点认证那边是没问题的,防火墙也是开的,其他地方没有做限制的了
# curl -v https://login.XXX.com/XXX/login -4
* About to connect() to login.jxcia.com port 443 (#0)
* Trying 117.XX.XX.X...
* Connection refused
* Failed connect to login.XXX.com:443; Connection refused
* Closing connection 0
curl: (7) Failed connect to login.XXX.com:443; Connection refused
ip addr 输出了很多的虚拟网卡,有没有可能跟这个有关
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
91906: vethbcb7517@if91905: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP group default
link/ether fa:0f:2e:xx:xx:xx brd ff:ff:ff:ff:ff:ff link-netnsid 17
inet6 fe80::f80f:2eff:fe14:85c8/64 scope link
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fe:fc:fe:52:0c:be brd ff:ff:ff:ff:ff:ff
inet 10.10.2.13/24 brd 10.10.2.255 scope global noprefixroute ens18
valid_lft forever preferred_lft forever
inet 172.198.0.11/20 brd 172.198.15.255 scope global noprefixroute ens18
valid_lft forever preferred_lft forever
inet6 fe80::3307:1b7b:406a:9543/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:15:da:c4 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
94980: veth32e54a5@if94979: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP group default
link/ether 02:69:2a:b4:aa:77 brd ff:ff:ff:ff:ff:ff link-netnsid 28
inet6 fe80::69:2aff:feb4:aa77/64 scope link
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:15:da:c4 brd ff:ff:ff:ff:ff:ff
5: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:60:58:c0:c2 brd ff:ff:ff:ff:ff:ff
inet 172.200.0.1/16 brd 172.200.255.255 scope global docker_gwbridge
valid_lft forever preferred_lft forever
inet6 fe80::42:60ff:fe58:c0c2/64 scope link
valid_lft forever preferred_lft forever
94982: veth03890d9@if94981: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP group default
link/ether b2:6b:9c:5d:5a:79 brd ff:ff:ff:ff:ff:ff link-netnsid 27
inet6 fe80::b06b:9cff:fe5d:5a79/64 scope link
valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:2a:8a:be:13 brd ff:ff:ff:ff:ff:ff
inet 172.199.0.1/16 brd 172.199.255.255 scope global docker0
valid_lft forever preferred_lft forever
91916: vethd710460@if91915: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP group default
link/ether 5e:b0:64:db:8e:c4 brd ff:ff:ff:ff:ff:ff link-netnsid 18
inet6 fe80::5cb0:64ff:fedb:8ec4/64 scope link
valid_lft forever preferred_lft forever
1
tomemi 2022-12-19 17:16:46 +08:00
看看路由和防火墙
|
3
newaccount 2022-12-19 17:22:32 +08:00
这里试了下,不加路径的二级域名是可以的。看返回头,隐藏了 nginx 版本,考虑是不是人家在服务器配置了 UA 检测?你改个浏览器的 UA 试试呢?
|
5
aaa5838769 2022-12-19 17:30:05 +08:00
telnet 看下端口通么。
|
6
twofox OP |
7
twofox OP @aaa5838769 不通,就这一个地址不通,要是换成其他的域名。例如百度啥的,都是通的
|
8
cnit 2022-12-19 17:33:48 +08:00
你直接用 ip 加端口不走 nginx 试试
|
9
fengci 2022-12-19 17:34:41 +08:00
你是不是本地 hosts 了
|
10
Routeros 2022-12-19 17:35:03 +08:00
http_proxy?
|
11
cnit 2022-12-19 17:35:08 +08:00
# 拒绝 User-Agent
if ($http_user_agent ~* LWP::Simple|BBBike|wget|curl) { return 444; } 反正我们这有这个 |
13
cnit 2022-12-19 17:39:08 +08:00
你怕不是在命令行里面加了代理
|
15
motherfaka 2022-12-19 17:42:17 +08:00
telnet 不通,curl 其他网站通,大概率是服务端口的问题
|
16
cnit 2022-12-19 17:43:32 +08:00
额 我反正之前闹过这样的乌龙,其他的我想不到了 ,你可以试试在命令行里面能不能 curl google 或者 youtube 确认下
|
17
motherfaka 2022-12-19 17:45:35 +08:00
拿自己电脑测了一下,telnet 是通的,curl 也是通的,那还是客户端网络的问题……
|
18
julyclyde 2022-12-19 17:50:58 +08:00
refuse 不可能是 nginx 的功能
nginx 开始处理的时候都已经 accept 完毕了 |
19
lhbc 2022-12-19 17:53:49 +08:00 via Android
1. 云厂商的防火墙
2. 域名备案 |
21
lhbc 2022-12-19 18:01:09 +08:00 via Android
别人 block 了你的 IP 呗,我都能连上
|
22
guanzhangzhang 2022-12-19 18:10:20 +08:00
先在你服务上的同一个二层(也就是同一个网段)的机器上 curl 下看看能通不,再上一层路径,以此类推,看看哪个路径被封了
|
23
mansurx 2022-12-19 18:48:47 +08:00
curl -vvvv https://xxxxxxxx
看看卡在哪一步,refused 原因是啥 |
24
balabalaXMX 2023-01-04 20:31:18 +08:00
其实我一直不理解 curl https 的话,客户端证书哪里来的啊?
|
25
linuxgo 2023-01-10 12:10:01 +08:00
@balabalaXMX #24 https 可以自签生成
|