标签 nginx 下的文章

hestiacp 面板的 文件管理器 报错 - Unknown Error - PubkeyAuthentication

问题:在 debian 11 里安装 hestiacp 1.8.12 面板后,点击 文件管理器 图标,然后前端提示出错 Unknown Error ,无法显示文件列表

尝试:/var/log/hestia/nginx-error.log 的相应错误信息是:

[error] 608#0: *367 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught League\Flysystem\Sftp\Connectio    nErrorException: Could not login with username: tester, host: 127.0.0.1 in /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/Sftp    Adapter.php:244
Stack trace:
#0 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(207): League\Flysystem\Sftp\SftpAdapter->login()
#1 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(650): League\Flysystem\Sftp\SftpAdapter->connect(    )
#2 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(360): League\Flysystem\Adapter\AbstractFtpAdapter->getConne    ction()
#3 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(338): League\Flysystem\Sftp\SftpAdapter->listDire    ctoryContents()
#4 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Filesystem.php(272): League\Flysystem\Adapter\AbstractFtpAdapter->listContents()
#5 /usr/local/hestia/web/fm/backend/Services/Storage/Filesystem.php(266): League\Flysys" while reading response header from upstream, cl    ient: 113.75.31.223, server: _, request: "POST /fm/?r=/getdir HTTP/2.0", upstream: "fastcgi://unix:/run/hestia-php.sock:", host: 

详细检查 /etc/ssh/sshd_config 的文件内容。其中,PubkeyAuthentication no 如果有这一行,需要注释或删除掉,因为 文件管理器 是需要使用 key 来验证登录的。

参考:https://hestiacp.com/docs/server-administration/file-manager.html

安装 magento 2.4.6-p1

当前,magento 官方商城使用的程序版本是 magento 2.4.6-p1 。尝试安装一下,记录遇到的问题。

问题一:debian 12系统里,默认安装的mariadb版本是10.11.3,但 magento 要求是10.6。数据库的版本过高,magento安装程序不认。

出错信息:Current version of RDBMS is not supported. Used Version: 10.11.3-MariaDB-1. Supported versions: MySQL-8, MySQL-5.7, MariaDB-(10.2-10.6)

或:

Warning: preg_match(): Compilation failed: range out of order in character class at offset 25 in magento/vendor/magento/framework/DB/Adapter/SqlVersionProvider.php on line 101

尝试:

对于第一个报错,按照网上的例子,修改 magento/app/etc/di.xml 文件内容,如:
<item name="MariaDB-(10.2-10.11)" xsi:type="string">^10\.[2-11]\.</item> 直接修改版本号。

第二个报错,修改 magento/vendor/magento/framework/DB/Adapter/SqlVersionProvider.php 文件内容,如:

        $pattern = sprintf('/(%s)/', implode('|', $this->supportedVersionPatterns));
        $pattern = '/10.11/';
        $sqlVersionOutput = '10.11.3-MariaDB-1';
        preg_match($pattern, $sqlVersionOutput, $match);

问题二:magento 安装程序,连接不上刚刚安装的 opensearch ,提示:Could not validate a connection to the opensearch, no alive nodes found in your cluster

尝试:在 /etc/opensearch/opensearch.yml 文件中,添加一行 plugins.security.disabled: true ,即将opensearch的https和用户访问的安全设置禁用。

问题三:使用 nginx 的反向代理 apache 上的 magento 站点后,https 访问异常,如不断地循环跳转。

magento 的站点网址设置等,和平时的差不多,如下例:

catalog/search/engine - opensearch
catalog/search/opensearch_server_hostname - localhost
catalog/search/opensearch_server_port - 9200
catalog/search/opensearch_index_prefix - magento2
catalog/search/opensearch_server_timeout - 15
catalog/category/root_id - 2
web/seo/use_rewrites - 1
web/unsecure/base_url - http://magento.anqun.org/
web/unsecure/base_static_url -
web/unsecure/base_media_url -
web/secure/base_url - https://magento.anqun.org/
web/secure/base_static_url -
web/secure/base_media_url -
web/secure/enable_hsts - 0
web/secure/enable_upgrade_insecure - 0
web/secure/use_in_frontend - 1
web/secure/use_in_adminhtml - 1
web/secure/offloader_header -
web/default_layouts/default_product_layout - product-full-width
web/default_layouts/default_category_layout - category-full-width
web/default_layouts/default_cms_layout - cms-full-width
web/cookie/cookie_path -
web/cookie/cookie_domain -
web/cookie/cookie_httponly - 1
general/locale/code - zh_Hans_CN
general/locale/timezone - Asia/Shanghai
general/region/display_all - 1
general/region/state_required - AL,AR,AU,BG,BO,BR,BY,CA,CH,CL,CN,CO,CZ,DK,EC,EE,ES,GR,GY,HR,IN,IS,IT,LT,LV,MX,PE,PL,PT,PY,RO,SE,SR,US,UY,VE
currency/options/base - CNY
currency/options/default - CNY
currency/options/allow - CNY
analytics/subscription/enabled - 1
crontab/default/jobs/analytics_subscribe/schedule/cron_expr - 0 * * * *
crontab/default/jobs/analytics_collect_data/schedule/cron_expr - 00 02 * * *

关键应该是设置 https 的环境参数,如通过 .htaccess 添加以下内容:

setenv HTTPS on
SetEnv HTTP_X_FORWARDED_PROTO "https"

如果nginx反代配置中使用了 X-Real-IP 头,那么 apache 中的访问日志,可以使用 LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Real-IP}i\"" proxycombined 来记录访客IP。

nginx站点例子:

server {
        listen       443 ssl;  
        server_name  magento.anqun.org; 

        ssl_certificate          fullchain.cer;
        ssl_certificate_key      magento.anqun.org.key;

        proxy_buffer_size   128k;
        proxy_buffers   4 256k;
        proxy_busy_buffers_size   256k;

        location / {
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_pass         http://192.168.1.9:8001;
        }
}

参考:

wordpress的php执行超时 - connect_timeout - nginx - php7.4

问题: debian 11默认安装的nginx和php7.4-fpm,在wordpress扫描经sftp上传的图片导到媒体库时,经常提示Ajax错误。nginx错误日志为:upstream timed out (110: Connection timed out) while reading response header from upstream。

尝试:在站点的php配置内容中,适当加大超时时间,如:

fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_connect_timeout 600;

参考:https://stackoverflow.com/questions/59713432/nginx-php-fpm-fastcgi-upstream-timed-out

用电脑摄像头照人像,OBS Studio 推流, nginx 作流服务端,直播

需求:想让别人看到我在电脑上的操作界面。

步骤:

  1. apt install libnginx-mod-rtmp # 在debian 11里安装nginx的rtmp模块
  2. 在合适的位置,如nginx.conf文件中,添加以下内容,目的是启用rtmp直播及hls

    rtmp {
    server {
        listen 1935;
        application live {
            live on;
            interleave on;
    
            hls on;
            hls_path /var/www/hls;
            hls_fragment 15s;
        }
    }
    }
  3. 添加相关的站点设置内容,如:

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl;
    
        ssl_certificate           /etc/nginx/ssl/fullchain.cer;
        ssl_certificate_key       /etc/nginx/ssl/anqun.org.key;
    
        server_name hls.anqun.org;
        root /var/www/hls;
    }
    
    server {
        listen 80;
        listen [::]:80;
    
        server_name hls.anqun.org;
        return 301 https://$server_name$request_uri;
    }
  4. 下载ckplayer,放到站点目录中,添加 index.html 文件,内容如下。其中kf.m3u8是obs直播时推送的串流密钥

    <html>
    <head>
        <link rel="stylesheet" type="text/css" href="ckplayer/css/ckplayer.css">
        <script type="text/javascript" charset="utf-8" src="ckplayer/js/ckplayer.js"></script>
    </head>
    <body>
        <div class="video" ></div>
        <script type="text/javascript">
            //定义一个变量:videoObject,用来做为视频初始化配置
    var videoObject = {
    container: '.video', //容器的ID或className
    live:true,//指定为直播
    plug:'hls.js',//使用hls.js插件播放m3u8
    video:'/kf.m3u8'//视频地址
    }
    new ckplayer(videoObject);
        </script>
    </body>
    </html>
  5. obs的“推流”设置:服务器为“rtmp://hls.anqun.org/live”;串流密钥为“kf”(这里是测试,所以密钥设置得很简单)
  6. 如果顺利,用vlc播放器可以直接播放rtmp://hls.anqun.org/live/kf 的网络地址;其它端可以通过浏览器访问https://hls.anqun.org 播放
  7. 本地测试,浏览器播放约有1分钟的延迟

dn_obs-live_1.png

dn_obs-live_2.png

参考:

nginx - 添加 apple-app-site-association 的 application/json

问题:苹果对 apple-app-site-association 的文件要求是不能添加后缀,如不能添加 .json 。nginx默认的设置,如果没有后缀的,当作 octet-stream,浏览器访问时,会弹出下载对话框,而不是直接显示内容。

尝试:可在nginx的站点配置文件里,添加相应的MIME类型,记得重新测试时先清除浏览器的缓存。

location = /.well-known/apple-app-site-association {
  default_type application/json;
}

参考: