linux 81端口不能访问

tomcat的server.xml文件的配置里 <Engine name="Catalina" defaultHost="192.168.0.2"> defaultHost改成你的外网ip。

<Host name="192.168.0.2" appBase="webapps" unpackWARs="true" autoDeploy="true"> 里的name 也改成外网ip

你要改端口，要先找到占用该端口的服务。先用netstat -tunlp | grep 80 找到那个服务程序后，把那个程序的配置文件改成81就可以了。例如：如果是Nginx，就改成linsten 81

1、防火墙？

2、真的打开了 https ？设置 81 端口并不意味着自动打开 ssl 了。

3、重新读取设置了？

下面是我的 Gentoo 自带的 ssl 虚拟服务器的示例设置，你可以参考一下：

需要载入 SSL 模块才行。

<IfDefine SSL>

<IfDefine SSL_DEFAULT_VHOST>

<IfModule ssl_module>

# see bug #178966 why this is in here

# When we also provide SSL we have to listen to the HTTPS port

# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two

# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"

Listen 443

<VirtualHost _default_:443>

ServerName localhost

Include /etc/apache2/vhosts.d/default_vhost.include

ErrorLog /var/log/apache2/ssl_error_log

<IfModule log_config_module>

TransferLog /var/log/apache2/ssl_access_log

</IfModule>

## SSL Engine Switch:

# Enable/Disable SSL for this virtual host.

SSLEngine on

## SSL Cipher Suite:

# List the ciphers that the client is permitted to negotiate.

# See the mod_ssl documentation for a complete list.

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

## Server Certificate:

# Point SSLCertificateFile at a PEM encoded certificate. If the certificate

# is encrypted, then you will be prompted for a pass phrase. Note that a

# kill -HUP will prompt again. Keep in mind that if you have both an RSA

# and a DSA certificate you can configure both in parallel (to also allow

# the use of DSA ciphers, etc.)

SSLCertificateFile /etc/apache2/ssl/server.crt

#SSLCertificateFile /etc/apache2/ssl/server-dsa.crt

## Server Private Key:

# If the key is not combined with the certificate, use this directive to

# point at the key file. Keep in mind that if you've both a RSA and a DSA

# private key you can configure both in parallel (to also allow the use of

# DSA ciphers, etc.)

SSLCertificateKeyFile /etc/apache2/ssl/server.key

#SSLCertificateKeyFile /etc/apache2/ssl/server-dsa.key

## Server Certificate Chain:

# Point SSLCertificateChainFile at a file containing the concatenation of

# PEM encoded CA certificates which form the certificate chain for the

# server certificate. Alternatively the referenced file can be the same as

# SSLCertificateFile when the CA certificates are directly appended to the

# server certificate for convinience.

#SSLCertificateChainFile /etc/apache2/ssl/ca.crt

## Certificate Authority (CA):

# Set the CA certificate verification path where to find CA certificates

# for client authentication or alternatively one huge file containing all

# of them (file must be PEM encoded).

# Note: Inside SSLCACertificatePath you need hash symlinks to point to the

# certificate files. Use the provided Makefile to update the hash symlinks

# after changes.

#SSLCACertificatePath /etc/apache2/ssl/ssl.crt

#SSLCACertificateFile /etc/apache2/ssl/ca-bundle.crt

## Certificate Revocation Lists (CRL):

# Set the CA revocation path where to find CA CRLs for client authentication

# or alternatively one huge file containing all of them (file must be PEM

# encoded).

# Note: Inside SSLCARevocationPath you need hash symlinks to point to the

# certificate files. Use the provided Makefile to update the hash symlinks

# after changes.

#SSLCARevocationPath /etc/apache2/ssl/ssl.crl

#SSLCARevocationFile /etc/apache2/ssl/ca-bundle.crl

## Client Authentication (Type):

# Client certificate verification type and depth. Types are none, optional,

# require and optional_no_ca. Depth is a number which specifies how deeply

# to verify the certificate issuer chain before deciding the certificate is

# not valid.

#SSLVerifyClient require

#SSLVerifyDepth 10

## Access Control:

# With SSLRequire you can do per-directory access control based on arbitrary

# complex boolean expressions containing server variable checks and other

# lookup directives. The syntax is a mixture between C and Perl. See the

# mod_ssl documentation for more details.

#<Location />

# #SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)/ \

# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \

# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \

# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \

# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \

# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/

#</Location>

## SSL Engine Options:

# Set various options for the SSL engine.

## FakeBasicAuth:

# Translate the client X.509 into a Basic Authorisation. This means that the

# standard Auth/DBMAuth methods can be used for access control. The user

# name is the `one line' version of the client's X.509 certificate.

# Note that no password is obtained from the user. Every entry in the user

# file needs this password: `xxj31ZMTZzkVA'.

## ExportCertData:

# This exports two additional environment variables: SSL_CLIENT_CERT and

# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server

# (always existing) and the client (only existing when client

# authentication is used). This can be used to import the certificates into

# CGI scripts.

## StdEnvVars:

# This exports the standard SSL/TLS related `SSL_*' environment variables.

# Per default this exportation is switched off for performance reasons,

# because the extraction step is an expensive operation and is usually

# useless for serving static content. So one usually enables the exportation

# for CGI and SSI requests only.

## StrictRequire:

# This denies access when "SSLRequireSSL" or "SSLRequire" applied even under

# a "Satisfy any" situation, i.e. when it applies access is denied and no

# other module can change it.

## OptRenegotiate:

# This enables optimized SSL connection renegotiation handling when SSL

# directives are used in per-directory context.

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

<FilesMatch "\.(cgi|shtml|phtml|php)$">

SSLOptions +StdEnvVars

</FilesMatch>

<Directory "/var/www/localhost/cgi-bin">

SSLOptions +StdEnvVars

</Directory>

## SSL Protocol Adjustments:

# The safe and default but still SSL/TLS standard compliant shutdown

# approach is that mod_ssl sends the close notify alert but doesn't wait

# for the close notify alert from client. When you need a different

# shutdown approach you can use one of the following variables:

## ssl-unclean-shutdown:

# This forces an unclean shutdown when the connection is closed, i.e. no

# SSL close notify alert is send or allowed to received. This violates the

# SSL/TLS standard but is needed for some brain-dead browsers. Use this when

# you receive I/O errors because of the standard approach where mod_ssl

# sends the close notify alert.

## ssl-accurate-shutdown:

# This forces an accurate shutdown when the connection is closed, i.e. a

# SSL close notify alert is send and mod_ssl waits for the close notify

# alert of the client. This is 100% SSL/TLS standard compliant, but in

# practice often causes hanging connections with brain-dead browsers. Use

# this only for browsers where you know that their SSL implementation works

# correctly.

# Notice: Most problems of broken clients are also related to the HTTP

# keep-alive facility, so you usually additionally want to disable

# keep-alive for those clients, too. Use variable "nokeepalive" for this.

# Similarly, one has to force some clients to use HTTP/1.0 to workaround

# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and

# "force-response-1.0" for this.

<IfModule setenvif_module>

BrowserMatch ".*MSIE.*" \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

</IfModule>

## Per-Server Logging:

# The home of a custom SSL log file. Use this when you want a compact

# non-error SSL logfile on a virtual host basis.

<IfModule log_config_module>

CustomLog /var/log/apache2/ssl_request_log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</IfModule>

</VirtualHost>

</IfModule>

</IfDefine>

</IfDefine>

# vim: ts=4 filetype=apache

---