[英]VPS NodeJS server not accessible on public IP Oracle Compute Cloud
I am trying to get my nodejs website up on the Oracle Cloud Compute VPS (forever free) with Ubuntu 18.04.我正在尝试使用 Ubuntu 18.04 在 Oracle 云计算 VPS(永远免费)上启动我的 nodejs 网站。 (That it is an Oracle server seems to be very important in this case). (在这种情况下,它是 Oracle 服务器似乎非常重要)。 I can curl localhost (then it returns the HTML), but I cannot access it via the public ip from my pc.我可以 curl 本地主机(然后它返回 HTML),但我无法通过我的电脑上的公共 ip 访问它。
To work around sudo for port 80, I applied:为了解决端口 80 的 sudo 问题,我申请了:
sudo apt-get install libcap2-bin
sudo setcap 'cap_net_bind_service=+ep' `which node`
It does run internally:它确实在内部运行:
pm2 start bin/www
│ id │ name │ mode │ ↺ │ status │ cpu │ memory │
├────┼────────────────────┼──────────┼──────┼───────────┼──────────┼──────────┤
│ 0 │ www │ fork │ 496 │ online │ 0% │ 15.5mb |
pm2 log
returns no errors. pm2 log
没有返回错误。
sudo netstat -tulpn | grep 80
sudo netstat -tulpn | grep 80
returns: sudo netstat -tulpn | grep 80
返回:
tcp6 0 0 :::80 :::* LISTEN 26444/node /opt/por
In case you're thinking "oh no it runs on ipv6, you should add listen(port, "0.0.0.0") in nodejs", I tried, then it returns this below, and still has the same problem:如果你在想“哦,不,它在 ipv6 上运行,你应该在 nodejs 中添加listen(port, "0.0.0.0")”,我试过了,然后它在下面返回这个,但仍然有同样的问题:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 26487/node /opt/por
curl localhost
returns my homepage html. curl localhost
返回我的主页 html。 Accessing it via the public ip in my computers browser is the problem, so the problem is somewhere in the firewall that Oracle made.通过我的计算机浏览器中的公共 ip 访问它是问题所在,因此问题出在 Oracle 制作的防火墙中。
I have found Oracle has set up some iptables rules.我发现 Oracle 已经设置了一些 iptables 规则。 Some people just say: disable all of them, but I find that a bit risky for security.有些人只是说:禁用所有这些,但我发现这对安全性有点冒险。 Therefore, I want to open just the port I need (port 80).因此,我只想打开我需要的端口(端口 80)。 So I tried almost every command I could find to do that (the ones below and many more I cannot remember).所以我尝试了几乎所有我能找到的命令(下面的命令以及更多我不记得的命令)。
sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT
iptables -I INPUT 5 -i ens3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo netfilter-persistent save
My current iptables are visible at: sudo iptables -L -n -v https://pastebin.com/ibqWUqjA我当前的 iptables 可见于:sudo iptables -L -n -v https://pastebin.com/ibqWUqjA
The NAT iptables are visible at: sudo iptables -t nat -L -n -v https://pastebin.com/QGxdTsJ1 NAT iptables 可见于:sudo iptables -t nat -L -n -v https://pastebin.com/QGxdTsJ1
I must say, I am no expert on networking.我必须说,我不是网络专家。 I just know how to set up a basic NodeJs server on a non Oracle Cloud server (my raspberry pie at home, with configurations in my modem).我只知道如何在非 Oracle 云服务器(我在家的树莓派,在我的调制解调器中配置)上设置基本的 NodeJs 服务器。 So I have not dealt with iptables and advanced cloud environments to such extent.所以我还没有处理到这种程度的 iptables 和高级云环境。 I tried to read in on the iptables topic by watching videos, and the oracle environment on: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingpublicIPs.htm However, I must say it is quite an information overload. I tried to read in on the iptables topic by watching videos, and the oracle environment on: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingpublicIPs.htm However, I must say it是相当的信息过载。 On the link it says:在链接上它说:
One stackoverflow post I found with exactly the same problem says: "I'm using oracle cloud. I'll look into firewall settings outside of the server. ... Thank you. The issue was the firewall setting of the oracle server itself. Issue resolved" ( Nodejs on linux not accessible outside Server ) But he does not say where:(. I searched a lot for it, but cannot find an option.我发现有完全相同的问题的一篇 stackoverflow 帖子说:“我正在使用 oracle 云。我将查看服务器外部的防火墙设置......谢谢。问题是 oracle 服务器本身的防火墙设置。问题已解决”( linux 上的 Nodejs 无法在服务器外部访问)但他没有说在哪里:(。我搜索了很多,但找不到选项。
Can someone point me in the right direction?有人可以指出我正确的方向吗?
There was indeed another spot where the firewall needed to be opened outside of the terminal.确实还有一个地方需要在终端外打开防火墙。
Add the following rules:添加以下规则:
Try to surf to your public IP again while your site is running, and it works!尝试在您的网站运行时再次浏览您的公共 IP,它可以正常工作!
For reading more on this, and to see where I found it, see:要阅读有关此内容的更多信息,并查看我在哪里找到它,请参阅:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm#Default https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm#Default
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm#stateful https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm#stateful
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.