[英]Lost access to ec2 instance after running this script I made
我只是创建一个新实例来在 ec2 上部署 NextJS 项目,但每次运行以下脚本时,我都无法访问 ec2 实例。 任何人都可以帮我调试脚本有什么问题吗? 我收到以下错误:
ubuntu@x.x.x.x: Permission denied (publickey).
这是脚本:
#!/bin/bash
# Shell Arguments
# 1. Domain name without "www" in front of it.
# 2. Path to the zip file in s3.
# 3. Name of the folder in which the website files is to be stored.
# 4. Email address that is used by certbot to create SSL certificate.
# 5. S3 Bucket name from which the zip file should be pulled from.
DOMAIN_NAME=$1
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME=$2
DIR_NAME=$3
DIR=/home/ubuntu/$DIR_NAME
EMAIL=$4
AWS_S3_BUCKET=$5
cd /home/ubuntu/
echo "Updating Packages"
sudo apt -y update && sudo apt -y upgrade
echo "Installing Zip Unzip to extract the website content later"
sudo apt install zip unzip
echo "Installing AWS CLI"
sudo apt-get install awscli -y
echo "Installing Node"
curl -sL https://deb.nodesource.com/setup_14.x | sudo bash -
sudo apt-get install -y nodejs
echo "Installing Nginx"
sudo apt-get install -y nginx
echo "Installing certbot"
sudo snap install --classic certbot
echo "Installing pm2 and yarn"
sudo npm i -g yarn
sudo npm i -g pm2
echo "Creating nginx config file"
sudo curl --silent https://gist.githubusercontent.com/utkarshk384/4fb1fc782351fbf2038560e9380fdd7c/raw/4bd1ede2f2d83134edc0c885c9d56cac75b8a391/nextjs-http > nextjs-http
sed -i "10s/SERVER_NAME/$DOMAIN_NAME $DOMAIN_NAME_WWW/" ./nextjs-http
echo "Moving ngnix config file"
sudo mv nextjs-http /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-available/default
echo "Changing few settings in nginx.conf"
LINE_NUMBER=`sed -n "/sites-enabled/=" /etc/nginx/nginx.conf`
sudo sed -i "s$LINE_NUMBERs|#||" /etc/nginx/nginx.conf
sudo sed -i "s$LINE_NUMBERs|sites-enabled\/\*|sites-enabled\/nextjs-http|" /etc/nginx/nginx.conf
sudo systemctl restart nginx
echo "Setting up server for ssl certificate"
sudo ufw allow ssh
sudo ufw --force enable
sudo ufw allow 'Nginx Full'
sudo ufw status
echo "Acquiring SSL Certificate"
sudo certbot --nginx -d $DOMAIN_NAME -d $DOMAIN_NAME_WWW --agree-tos -m $EMAIL --noninteractive
echo "Preflight installation completed. Starting to build website"
echo "Creating our website folder"
if [ -d "$DIR" ]; then
echo "${DIR} is already present"
else
echo "Creating new directory at ${DIR}"
mkdir $DIR
fi
echo "Downloading Website files from S3"
aws s3 cp s3://$AWS_S3_BUCKET/$ZIP_FILE_NAME $DIR/$ZIP_FILE_NAME
unzip -o /$DIR/$ZIP_FILE_NAME -d /$DIR
rm $DIR/$ZIP_FILE_NAME
# Set it to 777 so that the folder isn't write protected.
sudo chmod -R 666 $DIR
echo "Installing packages"
cd $DIR
sudo yarn
echo "Copying .env to website folder"
sudo cp ../.env.production ./
echo "Creating build"
yarn build
echo "Starting the website"
{
pm2 stop site
pm2 start site
} || {
pm2 start yarn --name site -- start 4000
pm2 save
}
echo "Started the site and is running"
pm2 status
# echo "Freeing Port 80 if occupied by apache"
# sudo systemctl disable apache2 && sudo systemctl stop apache2
我也尝试了以下方法解决,但没有成功:
user-data
思想来禁用 UFW,这可能是这里的问题。 然而,令我惊讶的是,这仍然不是问题。我传递给实例的用户数据如下:
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [scripts-user, always]
--//
Content-Type:
text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="userdata.txt"
#!/bin/bash
iptables -F
sudo ufw disable
service sshd restart
--//
编辑:我确实有 SSH Host KEY Fingerprints 和 SSH HOST KEY 我是从系统日志中得到的。 如果可能的话,我想在同一个实例中恢复它。
编辑 2:我在另一个脚本上一个一个地运行所有脚本命令,但没有发现任何问题。 现在,我很困惑。
建议用set -x
和set +x
调试,找到攻击性命令。 并将 output 重定向/存储到日志文件中。
建议替换以下行(为了安全起见,没有令人反感的空格):
DOMAIN_NAME=$1
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME=$2
DIR_NAME=$3
DIR=/home/ubuntu/$DIR_NAME
EMAIL=$4
AWS_S3_BUCKET=$5
和
DOMAIN_NAME="$1"
DOMAIN_NAME_WWW="www.$1"
ZIP_FILE_NAME="$2"
DIR_NAME="$3"
DIR="/home/ubuntu/$DIR_NAME"
EMAIL="$4"
AWS_S3_BUCKET="$5"
建议检查ufw
命令。 如果有任何通信重置使您断开连接。 确保您当前的连接是端口 22 上的ssh
如果不是,请确保当前端口在ufw
中也已打开
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.