Хабр Курсы для админов
РЕКЛАМА
Практикум, Хекслет, SkyPro, авторские курсы — собрали всех и попросили скидки. Осталось выбрать!
Поток Администрирование доступен 24/7 благодаря поддержке друзей Хабра
Комментарии 27
Буду признателен за ваши отзывы и предложения в комментариях!
На мой взгляд, это статья может служить (помимо своего целевого назначения) образцом для написания аналогичных статей по настройке того или иного функционала.
Огромное спасибо!
На свежем debian всё шло идеально до момента:
Посмотрите логи Angie для диагностики
tail -20 /var/log/angie/error.log
У меня вывод такой:
root# tail -20 /var/log/angie/error.log
2026/01/12 11:35:17 [error] 2586#2586: *143 open() "/usr/share/angie/html/server-status" failed (2: No such file or directory), client: client_ip, server: localhost, request: "GET /server-status HTTP/1.1", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:18 [error] 2585#2585: *146 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /login.action HTTP/1.1", upstream: "https://127.0.0.1:8443/login.action", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:18 [error] 2586#2586: *148 open() "/usr/share/angie/html/login.action" failed (2: No such file or directory), client: client_ip, server: localhost, request: "GET /login.action HTTP/1.1", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:19 [error] 2585#2585: *151 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /_all_dbs HTTP/1.1", upstream: "https://127.0.0.1:8443/_all_dbs", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:19 [error] 2586#2586: *153 open() "/usr/share/angie/html/_all_dbs" failed (2: No such file or directory), client: client_ip, server: localhost, request: "GET /_all_dbs HTTP/1.1", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:20 [error] 2585#2585: *156 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /.env HTTP/1.1", upstream: "https://127.0.0.1:8443/.env", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:20 [error] 2586#2586: *158 open() "/usr/share/angie/html/.env" failed (2: No such file or directory), client: client_ip, server: localhost, request: "GET /.env HTTP/1.1", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:22 [error] 2585#2585: *161 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /s/234323e29333e27383e2439313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1", upstream: "https://127.0.0.1:8443/s/234323e29333e27383e2439313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:22 [error] 2586#2586: *163 open() "/usr/share/angie/html/s/234323e29333e27383e2439313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties" failed (2: No such file or directory), client: client_ip, server: localhost, request: "GET /s/234323e29333e27383e2439313/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:23 [error] 2585#2585: *166 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /config.json HTTP/1.1", upstream: "https://127.0.0.1:8443/config.json", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:23 [error] 2586#2586: *168 open() "/usr/share/angie/html/config.json" failed (2: No such file or directory), client: client_ip, server: localhost, request: "GET /config.json HTTP/1.1", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:24 [error] 2585#2585: *171 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /telescope/requests HTTP/1.1", upstream: "https://127.0.0.1:8443/telescope/requests", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:24 [error] 2586#2586: *173 open() "/usr/share/angie/html/telescope/requests" failed (2: No such file or directory), client: client_ip, server: localhost, request: "GET /telescope/requests HTTP/1.1", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:25 [error] 2585#2585: *176 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /info.php HTTP/1.1", upstream: "https://127.0.0.1:8443/info.php", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:25 [error] 2585#2585: *178 open() "/usr/share/angie/html/info.php" failed (2: No such file or directory), client: client_ip, server: localhost, request: "GET /info.php HTTP/1.1", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:35:26 [error] 2586#2586: *181 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /?rest_route=/wp/v2/users/ HTTP/1.1", upstream: "https://127.0.0.1:8443/?rest_route=/wp/v2/users/", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:36:36 [error] 2585#2585: *187 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8443/", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:36:36 [error] 2585#2585: *187 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8443/favicon.ico", host: "dns.myamazingsubdomain.myamazingdomain.com", referrer: "https://dns.myamazingsubdomain.myamazingdomain.com/"
2026/01/12 11:36:52 [error] 2586#2586: *193 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8443/", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 11:36:52 [error] 2586#2586: *193 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:8443/favicon.ico", host: "dns.myamazingsubdomain.myamazingdomain.com", referrer: "https://dns.myamazingsubdomain.myamazingdomain.com/"
Порты открыты. Далее при попытке проверить dns неудача:
root# kdig @dns.myamazingsubdomain.myamazingdomain.com -p 853 +tls chatgpt.com
;; WARNING: can't connect to server_ip@853(TCP)
;; ERROR: failed to query server dns.myamazingsubdomain.myamazingdomain.com@853(TCP)
Единственное, что сделано не по вашей инструкции — заранее настроен файерволл вот так:
table inet filter {
chain input {
type filter hook input priority filter; policy drop;
ct state established,related accept
iif "lo" accept
ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
tcp dport { 80, 443, 572, 853 } accept
}
chain forward {
type filter hook forward priority filter; policy drop;
}
chain output {
type filter hook output priority filter; policy accept;
}
}```
Что пишетss -tlnp | grep 8443
Я Джиру точно не ставил и готов снести, буду выяснять как :)
P.S. Вообще, непохоже, что там есть Джира, поскольку проверка порта ss -tuln | grep 8443 ничего не выводит.
да, это я неправильно лог прочитал) если команда ничего не выводит, то, похоже, blocky не запущен. Должно быть так:root@vm3805765:/tmp# ss -tulpn | grep 8443
tcp LISTEN 0 4096 *:8443 : users:(("blocky",pid=7464,fd=6))
Тогда пробуем запустить blocky: systemctl start blocky
Смотрим статус, запустился ли: systemctl status blocky
Если там написано, что сервис неактивен, то смотрим логи: journalctl -u blocky
Запуск привёл к тому, что blocky запустился, статус был acitve, но kdig так и не начал отрабатывать. Более того, если раньше dig @127.0.0.1 chatgpt.com +short выдавал ожидаемый в вашей статье результат, то теперь и стал выдавать ошибку.
Решил перезагрузиться, но blocky теперь не запускается даже вручную:
root# systemctl status blocky
× blocky.service - Blocky DNS Proxy
Loaded: loaded (/lib/systemd/system/blocky.service; enabled; preset: enabled)
Active: failed (Result: exit-code) since Mon 2026-01-12 12:31:41 UTC; 4s ago
Duration: 42ms
Docs: https://0xerr0r.github.io/blocky/
Process: 600 ExecStart=/usr/bin/blocky --config /etc/blocky/config.yml (code=exited, status=1/FAILURE)
Main PID: 600 (code=exited, status=1/FAILURE)
CPU: 43ms
Jan 12 12:31:41 root systemd[1]: Started blocky.service - Blocky DNS Proxy.
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/ _/ _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/_/_/ _/ _/_/ _/_/_/ _/ _/ _/ _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/_/_/ _/ _/_/ _/_/_/ _/ _/ _/_/_/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/_/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ Version: v0.28.2 Build time: 20260110-1935 _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/ _/
Jan 12 12:31:41 root blocky[600]: [2026-01-12 12:31:41] INFO _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Jan 12 12:31:41 root blocky[600]: Error: can't start server: failed to create TLS configuration: can't retrieve cert: can't load certificate files: open /var/lib/angie/acme/acm>
Jan 12 12:31:41 root systemd[1]: blocky.service: Main process exited, code=exited, status=1/FAILURE
Jan 12 12:31:41 root systemd[1]: blocky.service: Failed with result 'exit-code'.
Jan 12 12:31:41 root systemd[1]: blocky.service: Scheduled restart job, restart counter is at 5.
Jan 12 12:31:41 root systemd[1]: Stopped blocky.service - Blocky DNS Proxy.
Jan 12 12:31:41 root systemd[1]: blocky.service: Start request repeated too quickly.
Jan 12 12:31:41 root systemd[1]: blocky.service: Failed with result 'exit-code'.
Jan 12 12:31:41 root systemd[1]: Failed to start blocky.service - Blocky DNS Proxy.
dig неуспешен:
root# dig @127.0.0.1 chatgpt.com +short
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
; <<>> DiG 9.18.41-1~deb12u1-Debian <<>> @127.0.0.1 chatgpt.com +short
; (1 server found)
;; global options: +cmd
;; no servers could be reached
При этом папка с сертификатом acme есть, внутри неё три файла, выглядят в порядке
flowgate свежий? Ошибка указывает на то, что у blocky нет доступа к сертификатам, сгенерированным angie, из-за чего он падает. В последнем flowgate я добавил назначение прав при синхронизации файлов конфигурации.
Обновил vps и всё копипастил из вашей инструкции, так что, полагаю, свежайший 🙂
Посмотрите в своём логе первую строчку под логотипом blocky, куда он ломится за сертификатом. Надо посмотреть через ls -la, права на папку и файлы в ней. Flowgate должен вешать на папку права 750 и группу angie, аналогично и на файлы 640 с той же группой. Пользователя blocky flowgate добавляет в группу angie.
Не исключаю, что что-то могло пойти не так, и он это не делает, тогда надо назначить права:
# Проверяем права на директорию с сертификатами
ls -la /var/lib/angie/acme/
# Проверяем права на файлы внутри конкретной директории
# (замените на вашу директорию из логов)
ls -la /var/lib/angie/acme/acme_dns_example_com/
# Проверяем, что blocky в группе angie
id blocky
# В выводе должно быть: groups=...,angie
# Если права выставлены неправильно, исправляем вручную:
# Добавляем blocky в группу angie (если не добавлен)
usermod -a -G angie blocky
# Устанавливаем правильные права на директорию
chgrp -R angie /var/lib/angie/acme/acme_dns_example_com/
chmod 750 /var/lib/angie/acme/acme_dns_example_com/
# Устанавливаем права на файлы сертификатов
chmod 640 /var/lib/angie/acme/acme_dns_example_com/certificate.pem
chmod 640 /var/lib/angie/acme/acme_dns_example_com/private.key
# Перезапускаем blocky для применения изменений
systemctl restart blocky
# Проверяем логи на наличие ошибок
journalctl -u blocky -fВсё выполнил, но не помогло:
root# ls -la /var/lib/angie/acme/
total 12
drwx------ 3 root root 4096 Jan 12 11:34 .
drwxr-xr-x 3 root root 4096 Jan 12 11:28 ..
drwxr-x--- 2 root angie 4096 Jan 12 11:34 acme_dns_myamazingsubdomain_myamazingdomain_com
root# ls -la /var/lib/angie/acme/acme_dns_myamazingsubdomain_myamazingdomain_com
total 20
drwxr-x--- 2 root angie 4096 Jan 12 11:34 .
drwx------ 3 root root 4096 Jan 12 11:34 ..
-rw------- 1 root angie 1704 Jan 12 11:34 account.key
-rw-r----- 1 root angie 2873 Jan 12 11:34 certificate.pem
-rw-r----- 1 root angie 241 Jan 12 11:34 private.key
root# journalctl -u blocky -f
Jan 12 13:17:38 root blocky[744]: [2026-01-12 13:17:38] INFO _/ _/
Jan 12 13:17:38 root blocky[744]: [2026-01-12 13:17:38] INFO _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Jan 12 13:17:38 root blocky[744]: Error: can't start server: failed to create TLS configuration: can't retrieve cert: can't load certificate files: open /var/lib/angie/acme/acme_dns_myamazingsubdomain_myamazingdomain_com/certificate.pem: permission denied
Jan 12 13:17:38 root systemd[1]: blocky.service: Main process exited, code=exited, status=1/FAILURE
Jan 12 13:17:38 root systemd[1]: blocky.service: Failed with result 'exit-code'.
Jan 12 13:17:38 root systemd[1]: blocky.service: Scheduled restart job, restart counter is at 5.
Jan 12 13:17:38 root systemd[1]: Stopped blocky.service - Blocky DNS Proxy.
Jan 12 13:17:38 root systemd[1]: blocky.service: Start request repeated too quickly.
Jan 12 13:17:38 root systemd[1]: blocky.service: Failed with result 'exit-code'.
Jan 12 13:17:38 root systemd[1]: Failed to start blocky.service - Blocky DNS Proxy.
А пользователь blocky точно в группе angie? Очень похоже, что нет.
Переустановил систему на VPS, на этот раз ubuntu 24.
Сделал всё копипастой из вашей статьи.
Сервисы blocky и angie запущены.
На этот раз tail -20 /var/log/angie/error.log ошибок не выдаёт, но kdig выдаёт:
;; WARNING: can't connect to server_ip@853(TLS)
;; ERROR: failed to query server dns.myamazingsubdomain.myamazingdomain.com@853(TCP)
root# id blocky
uid=109(blocky) gid=112(blocky) groups=112(blocky),988(angie)
Настораживает следующее:
root# systemctl status flowgate
○ flowgate.service - Flowgate Network Flow Controller - Initial Sync
Loaded: loaded (/usr/lib/systemd/system/flowgate.service; enabled; preset: enabled)
Active: inactive (dead) since Mon 2026-01-12 13:54:21 UTC; 9min ago
Docs: https://github.com/crim50n/flowgate
Main PID: 2505 (code=exited, status=0/SUCCESS)
CPU: 1.565s
Jan 12 13:54:21 root flowgate[2505]: ℹ Updated proxy_ip to: server_ip
Jan 12 13:54:21 root flowgate[2505]: ℹ Running: systemctl restart blocky
Jan 12 13:54:21 root flowgate[2505]: ✔ Blocky restarted
Jan 12 13:54:21 root flowgate[2505]: ℹ Syncing Angie...
Jan 12 13:54:21 root flowgate[2505]: ℹ Running: systemctl reload angie
Jan 12 13:54:21 root flowgate[2505]: ✔ Angie reloaded with separate ACME certificates per domain
Jan 12 13:54:21 root flowgate[2505]: :: Sync Completed Successfully
Jan 12 13:54:21 root systemd[1]: flowgate.service: Deactivated successfully.
Jan 12 13:54:21 root systemd[1]: Finished flowgate.service - Flowgate Network Flow Controller - Initial Sync.
Jan 12 13:54:21 root systemd[1]: flowgate.service: Consumed 1.565s CPU time.
Повторная проверка логов angie выдала ошибку:
root# tail -10 /var/log/angie/error.log
2026/01/12 13:58:18 [notice] 2909#2909: exit
2026/01/12 13:58:18 [notice] 1764#1764: signal 17 (SIGCHLD) received from 2909
2026/01/12 13:58:18 [notice] 1764#1764: worker process 2909 exited with code 0
2026/01/12 13:58:18 [notice] 1764#1764: signal 29 (SIGIO) received
2026/01/12 13:58:20 [notice] 2918#2918: ACME account ID: "https://acme-v02.api.letsencrypt.org/acme/acct/id", ACME client: acme_dns_myamazingsubdomain_myamazingdomain_com
2026/01/12 13:58:28 [notice] 2918#2918: certificate renewed, next renewal date: Fri Mar 13 12:59:54 2026, ACME client: acme_dns_myamazingsubdomain_myamazingdomain_com
2026/01/12 14:01:49 [error] 2919#2919: *40 no host in upstream ":443", client: client_ip, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 14:02:24 [error] 2918#2918: *41 no host in upstream ":443", client: client_ip, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 14:03:06 [error] 2919#2919: *42 open() "/usr/share/angie/html/_next" failed (2: No such file or directory), client: some_ip, server: localhost, request: "HEAD /_next HTTP/1.1", host: "dns.myamazingsubdomain.myamazingdomain.com"
2026/01/12 14:08:18 [error] 2918#2918: *48 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.myamazingsubdomain.myamazingdomain.com, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:8443/", host: "dns.myamazingsubdomain.myamazingdomain.com"
судя по логам, проблема с blocky
Вы правы:
root# blocky
[2026-01-12 15:25:01] INFO _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
[2026-01-12 15:25:01] INFO _/ _/
[2026-01-12 15:25:01] INFO _/ _/
[2026-01-12 15:25:01] INFO _/ _/ _/ _/ _/
[2026-01-12 15:25:01] INFO _/ _/_/_/ _/ _/_/ _/_/_/ _/ _/ _/ _/ _/
[2026-01-12 15:25:01] INFO _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/
[2026-01-12 15:25:01] INFO _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/
[2026-01-12 15:25:01] INFO _/ _/_/_/ _/ _/_/ _/_/_/ _/ _/ _/_/_/ _/
[2026-01-12 15:25:01] INFO _/ _/ _/
[2026-01-12 15:25:01] INFO _/ _/_/ _/
[2026-01-12 15:25:01] INFO _/ _/
[2026-01-12 15:25:01] INFO _/ _/
[2026-01-12 15:25:01] INFO _/ Version: v0.28.2 Build time: 20260110-1935 _/
[2026-01-12 15:25:01] INFO _/ _/
[2026-01-12 15:25:01] INFO _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Error: can't start server: failed to create HTTP/HTTPS listeners: failed to create HTTP listeners: start http listener on :4000 failed: listen tcp :4000: bind: address already in use
и вот:
root# ss -tlnp | grep -E ':80|:443|:4000'
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("angie",pid=2919,fd=6),("angie",pid=2918,fd=6),("angie",pid=1764,fd=6))
LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("angie",pid=2919,fd=12),("angie",pid=2918,fd=12),("angie",pid=1764,fd=12))
LISTEN 0 511 0.0.0.0:44301 0.0.0.0:* users:(("angie",pid=2919,fd=17),("angie",pid=2918,fd=17),("angie",pid=1764,fd=17))
LISTEN 0 511 [::]:443 [::]:* users:(("angie",pid=2919,fd=13),("angie",pid=2918,fd=13),("angie",pid=1764,fd=13))
LISTEN 0 4096 *:4000 *:* users:(("blocky",pid=2885,fd=3))
а хостинг DNS настроен на то, чтобы резолвить dns.myamazingsubdomain.myamazingdomain.com в IP вашего сервера? Что выдаёт nslookup dns.myamazingsubdomain.myamazingdomain.com при запуске не на VPS?
ss -tlnp | grep 8443 не выводит вообще ничего
У меня тоже:
;; WARNING: can't connect to ip@853(TLS)
;; ERROR: failed to query server dns@853(TCP)
Можно немного подробнее?
Спасибо за обратную связь!
Вывод команды tail -10 /var/log/angie/error.log
2026/01/12 15:07:15 [error] 5637#5637: 369 no host in upstream ":443", client: 167.94.138.49, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 15:07:21 [error] 5637#5637: 370 no host in upstream ":443", client: 162.142.125.126, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 15:07:22 [error] 5637#5637: 371 no host in upstream ":443", client: 162.142.125.126, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 15:07:23 [error] 5637#5637: 372 no host in upstream ":443", client: 162.142.125.126, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 15:07:24 [error] 5637#5637: 373 no host in upstream ":443", client: 162.142.125.126, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 15:07:31 [error] 5637#5637: 374 no host in upstream ":443", client: 66.132.153.118, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 15:07:31 [error] 5637#5637: 375 no host in upstream ":443", client: 66.132.153.118, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 15:07:32 [error] 5637#5637: 376 no host in upstream ":443", client: 66.132.153.118, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 15:07:34 [error] 5637#5637: 377 no host in upstream ":443", client: 66.132.153.118, server: 0.0.0.0:443, bytes from/to client:0/0, bytes from/to upstream:0/0
2026/01/12 15:09:02 [error] 5637#5637: 386 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: dns.chickenkiller.com, request: "GET /robots.txt HTTP/1.1", upstream: "https://127.0.0.1:8443/robots.txt", host: "dns.chickenkiller.com"
Что пишетss -tlnp | grep 8443 ?
В итоге, если делать прям на сервере root@ruvds-n1bsh:~# kdig @127.0.0.1 -p 853 +tls chatgpt.com +short
138.xx.xx.xx
а если на клиенте из вне
ikozlov@D16Huavwei:~$ kdig dns.chickenkiller.com -p 853 +tls chatgpt.com +short
;; WARNING: TLS, peer took too long to respond
;; ERROR: failed to query server dns.chickenkiller.com@853(TC
Возможно, записи DNS на всех серверах ещё не обновились, нужно подождать. Я тестировал для статьи на бесплатном домене, полученном на duckdns.org, у меня заработало минут через 20.
Можно подробнее?
Зарегистрируйтесь на Хабре, чтобы оставить комментарий
Свой луна-парк с блэкджеком и нейронками: Автоматизация с Flowgate. Часть 2