fedora更新后，Pound停止工作

Question

我正在使用Fedora 20，最近做了一次yum更新。现在我再也不能让庞德去工作了。没有真正的错误，只是拒绝连接：

下面的输出是来自不同时间的复制和粘贴，但除了pid和时间外，输出总是相同的。

[root@mymachine me]#  wget --no-check-certificate --debug --verbose https://localhost
Setting --verbose (verbose) to 1
DEBUG output created by Wget 1.14 on linux-gnu.

URI encoding = ‘UTF-8’
--2014-11-06 11:59:53--  https://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Caching localhost => ::1 127.0.0.1
Connecting to localhost (localhost)|::1|:443... Closed fd 3
failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:443... Closed fd 3
failed: Connection refused.
Releasing 0x0000000001f33280 (new refcount 1).
[root@mymachine me]# service pound status
Redirecting to /bin/systemctl status  pound.service
pound.service - Pound Reverse Proxy And Load-balancer
   Loaded: loaded (/usr/lib/systemd/system/pound.service; enabled)
   Active: active (running) since Thu 2014-11-06 11:30:12 EST; 6min ago
  Process: 3019 ExecStart=/usr/sbin/pound (code=exited, status=0/SUCCESS)
 Main PID: 3020 (pound)
   CGroup: /system.slice/pound.service
           ├─3020 /usr/sbin/pound
           └─3021 /usr/sbin/pound

Nov 06 11:30:12 mymachine systemd[1]: Starting Pound Reverse Proxy And Load-balancer...
Nov 06 11:30:12 mymachine pound[3019]: starting...
Nov 06 11:30:12 mymachine systemd[1]: PID file /var/run/pound.pid not readable (yet?) after start.
Nov 06 11:30:12 mymachine systemd[1]: Started Pound Reverse Proxy And Load-balancer.
[root@mymachine me]# 

[root@mymachine me]# netstat -tulpn | grep pound
tcp        0      0 myip:443      0.0.0.0:*               LISTEN      1379/pound          

我可以wget http:stack关于链接的抱怨// localhost :80 (varnish)和wget http:stack关于链接的抱怨//localhost:8080 (apache)我使用的是一个可以找到的自签名pem文件(那里没有错误)，在我从浏览器上得到"get me out here“和”我知道我在做什么“之前，它甚至不能连接到localhost上的wget。

这是/etc/pound.cfg：

User "pound"
Group "pound"
Control "/var/lib/pound/pound.cfg"


ListenHTTPS
    Address 128.199.217.77
    Port    443
    Cert    "/var/www/html/test.pem"
        Service
            BackEnd
                Address localhost
                Port    80
            End
        End
End

Answer 1

这是一个iptables问题。添加了使用iptables命令打开端口443的规则，执行此操作时不会以任何方式保存规则。改为使用firewall-cmd：

firewall-cmd --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --list-services

当使用wget时，你不能使用localhost，因为井号没有监听那里，命令应该是：

[root@mymachine me]#  wget --no-check-certificate --debug --verbose https://my.ip.address