[英]Unable to access django server on debian running FusionPBX
我有一个运行 fusionPBX 的 Debian 服务器,我使用这个官方脚本安装了它。 它使用 nginx 来托管应用程序,我尝试在 nginx 的配置文件中添加另一个服务器(Django)以支持在同一台机器上运行的另一个服务器。 尽管如此,我还是无法访问 Django 服务器。
我尝试使用命令sudo ufw allow 8000
当我从另一台机器使用 Nmap 到这台 FusionPBX 服务器时,我确实看到了端口。
$ nmap ipaddrress
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-16 20:54 UTC
Nmap scan report for ipaddrress.de-fra1.upcloud.host (ipaddrress)
Host is up (0.00015s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
5060/tcp open sip
5080/tcp open onscreen
7443/tcp open oracleas-https
8000/tcp open http-alt
8001/tcp open vcom-tunnel
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
即使我使用普通命令python manage.py runserver 0.0.0.0:8000或python manage.py runserver 127.0.0.1:8000启动服务器它也不起作用。
在 Ubuntu 中,我所要做的就是sudo ufw allow 8000然后python manage.py runserver 0.0.0.0:8000它按预期工作。
python manage.py runserver 0.0.0.0:8000这就是我们启动 django 服务器的方式,其中 0.0.0.0 是 IP,8000 是端口。 以防万一有人感到困惑:)
我的 Nginx 配置
server {
listen 127.0.0.1:80;
server_name 127.0.0.1;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Allow the upgrade routines to run longer than normal
location = /core/upgrade/index.php {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Disable viewing .htaccess & .htpassword & .db & .git
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}
server {
listen 80;
server_name fusionpbx;
#redirect letsencrypt to dehydrated
location ^~ /.well-known/acme-challenge {
default_type "text/plain";
auth_basic "off";
alias /var/www/dehydrated;
}
#rewrite rule - send to https with an exception for provisioning
if ($uri !~* ^.*(provision|xml_cdr|firmware).*$) {
rewrite ^(.*) https://$host$1 permanent;
break;
}
#REST api
if ($uri ~* ^.*/api/.*$) {
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
break;
}
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
#grandstream
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
#grandstream-wave softphone by ext because Android doesn't pass MAC.
rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
#aastra
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
#yealink
#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
#polycom
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
#cisco
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
#Escene
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
#Vtech
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
#Digium
rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
#Snom
rewrite "^.*/provision/-([A-Fa-f0-9]{12})?$" /app/provision/index.php?mac=$1;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Allow the upgrade routines to run longer than normal
location = /core/upgrade/index.php {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Disable viewing .htaccess & .htpassword & .db & .git
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}
server {
listen 443 ssl;
#listen 443 ssl http2;
server_name fusionpbx;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
#ssl_protocols TLSv1.2 TLSv1.3;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers DHE-RSA-AES256-SHA:AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:40m;
ssl_session_timeout 2h;
ssl_session_tickets off;
#redirect letsencrypt to dehydrated
location ^~ /.well-known/acme-challenge {
default_type "text/plain";
auth_basic "off";
alias /var/www/dehydrated;
}
#REST api
if ($uri ~* ^.*/api/.*$) {
rewrite ^(.*)/api/(.*)$ $1/api/index.php?rewrite_uri=$2 last;
break;
}
#message media
rewrite "^/app/messages/media/(.*)/(.*)" /app/messages/message_media.php?id=$1&action=download last;
#algo
rewrite "^.*/provision/algom([A-Fa-f0-9]{12})\.conf" /app/provision/?mac=$1&file=algom%7b%24mac%7d.conf last;
#mitel
rewrite "^.*/provision/MN_([A-Fa-f0-9]{12})\.cfg" /app/provision/index.php?mac=$1&file=MN_%7b%24mac%7d.cfg last;
rewrite "^.*/provision/MN_Generic.cfg" /app/provision/index.php?mac=08000f000000&file=MN_Generic.cfg last;
#grandstream
rewrite "^.*/provision/cfg([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})/phonebook\.xml$" /app/provision/?mac=$1&file=phonebook.xml;
rewrite "^.*/provision/(phonebook\.xml)?$" /app/provision/index.php?file=$1 last;
#grandstream-wave softphone by ext because Android doesn't pass MAC.
rewrite "^.*/provision/([0-9]{5})/cfg([A-Fa-f0-9]{12}).xml$" /app/provision/?ext=$1;
#aastra
rewrite "^.*/provision/aastra.cfg$" /app/provision/?mac=$1&file=aastra.cfg;
#rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(cfg))?$" /app/provision/?mac=$1 last;
#yealink
#rewrite "^.*/provision/(y[0-9]{12})(\.cfg|\.boot)?$" /app/provision/index.php?file=$1$2;
rewrite "^.*/provision/(y[0-9]{12})(\.cfg)?$" /app/provision/index.php?file=$1.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})(\.(xml|cfg))?$" /app/provision/index.php?mac=$1 last;
#polycom
rewrite "^.*/provision/000000000000.cfg$" "/app/provision/?mac=$1&file={%24mac}.cfg";
#rewrite "^.*/provision/sip_330(\.(ld))$" /includes/firmware/sip_330.$2;
rewrite "^.*/provision/features.cfg$" /app/provision/?mac=$1&file=features.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-sip.cfg$" /app/provision/?mac=$1&file=sip.cfg;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-phone.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/([A-Fa-f0-9]{12})-registration.cfg$" "/app/provision/?mac=$1&file={%24mac}-registration.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-directory.xml$" "/app/provision/?mac=$1&file={%24mac}-directory.xml";
#cisco
rewrite "^.*/provision/file/(.*\.(xml|cfg))" /app/provision/?file=$1 last;
rewrite "^.*/provision/directory\.xml$" /app/provision/?file=directory.xml;
#Escene
rewrite "^.*/provision/([0-9]{1,11})_Extern.xml$" "/app/provision/?ext=$1&file={%24mac}_extern.xml" last;
rewrite "^.*/provision/([0-9]{1,11})_Phonebook.xml$" "/app/provision/?ext=$1&file={%24mac}_phonebook.xml" last;
#Vtech
rewrite "^.*/provision/VCS754_([A-Fa-f0-9]{12})\.cfg$" /app/provision/?mac=$1;
rewrite "^.*/provision/pb([A-Fa-f0-9-]{12,17})/directory\.xml$" /app/provision/?mac=$1&file=directory.xml;
#Digium
rewrite "^.*/provision/([A-Fa-f0-9]{12})-contacts\.cfg$" "/app/provision/?mac=$1&file={%24mac}-contacts.cfg";
rewrite "^.*/provision/([A-Fa-f0-9]{12})-smartblf\.cfg$" "/app/provision/?mac=$1&file={%24mac}-smartblf.cfg";
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 80M;
client_body_buffer_size 128k;
location / {
root /var/www/fusionpbx;
index index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Allow the upgrade routines to run longer than normal
location = /core/upgrade/index.php {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_read_timeout 15m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/fusionpbx$fastcgi_script_name;
}
# Disable viewing .htaccess & .htpassword & .db & .git
location ~ .htaccess {
deny all;
}
location ~ .htpassword {
deny all;
}
location ~^.+.(db)$ {
deny all;
}
location ~ /\.git {
deny all;
}
location ~ /\.lua {
deny all;
}
location ~ /\. {
deny all;
}
}
server {
listen 8000;
server_name 127.0.0.1 0.0.0.0 fusionpbx 94.237.97.9;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/freeswitch/freeswitch_api/django_api;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/freeswitch/freeswitch_api/django_api/django_api.sock;
}
}
我添加的块
server {
listen 8000;
server_name (IP OF MY SERVER);
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/freeswitch/freeswitch_api/django_api;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/freeswitch/freeswitch_api/django_api/django_api.sock;
}
}
FusionPBX 是否以某种方式阻止了连接?
我不知道我错过了什么,任何帮助表示赞赏。
更新:
所以我尝试使用 iptables 打开端口,这就是我所做的
sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
sudo iptables-save
sudo service iptables restart
产出
$ sudo iptables-save
sudo: unable to resolve host debian-1cpu-1gb-de-fra1: Name or service not known
# Generated by iptables-save v1.8.7 on Fri Dec 16 22:39:51 2022
*filter
:INPUT DROP [1:44]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [350:25243]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "pplsip" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "system " --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "system " --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "exec." --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "exec." --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5060:5091 -j ACCEPT
-A INPUT -p udp -m udp --dport 5060:5091 -j ACCEPT
-A INPUT -p udp -m udp --dport 16384:32768 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
COMMIT
# Completed on Fri Dec 16 22:39:51 2022
# Generated by iptables-save v1.8.7 on Fri Dec 16 22:39:51 2022
*mangle
:PREROUTING ACCEPT [8231:612573]
:INPUT ACCEPT [8231:612573]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8325:642913]
:POSTROUTING ACCEPT [8325:642913]
-A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 0x2e
-A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 0x1a
-A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 0x1a
COMMIT
# Completed on Fri Dec 16 22:39:51 2022
sudo iptables -L
$ sudo iptables -L
sudo: unable to resolve host debian-1cpu-1gb-de-fra1: Name or service not known
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "friendly-scanner" ALGO name bm TO 65535 ICASE
DROP tcp -- anywhere anywhere tcp dpts:sip:5091 STRING match "friendly-scanner" ALGO name bm TO 65535 ICASE
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "sipcli/" ALGO name bm TO 65535 ICASE
DROP tcp -- anywhere anywhere tcp dpts:sip:5091 STRING match "sipcli/" ALGO name bm TO 65535 ICASE
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "VaxSIPUserAgent/" ALGO name bm TO 65535 ICASE
DROP tcp -- anywhere anywhere tcp dpts:sip:5091 STRING match "VaxSIPUserAgent/" ALGO name bm TO 65535 ICASE
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "pplsip" ALGO name bm TO 65535 ICASE
DROP tcp -- anywhere anywhere tcp dpts:sip:5091 STRING match "pplsip" ALGO name bm TO 65535 ICASE
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "system " ALGO name bm TO 65535 ICASE
DROP tcp -- anywhere anywhere tcp dpts:sip:5091 STRING match "system " ALGO name bm TO 65535 ICASE
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "exec." ALGO name bm TO 65535 ICASE
DROP tcp -- anywhere anywhere tcp dpts:sip:5091 STRING match "exec." ALGO name bm TO 65535 ICASE
DROP udp -- anywhere anywhere udp dpts:sip:5091 STRING match "multipart/mixed;boundary" ALGO name bm TO 65535 ICASE
DROP tcp -- anywhere anywhere tcp dpts:sip:5091 STRING match "multipart/mixed;boundary" ALGO name bm TO 65535 ICASE
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:7443
ACCEPT tcp -- anywhere anywhere tcp dpts:sip:5091
ACCEPT udp -- anywhere anywhere udp dpts:sip:5091
ACCEPT udp -- anywhere anywhere udp dpts:16384:32768
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
sudo iptables -S
$sudo iptables -S
sudo: unable to resolve host debian-1cpu-1gb-de-fra1: Name or service not known
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "pplsip" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "system " --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "system " --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "exec." --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "exec." --algo bm --to 65535 --icase -j DROP
-A INPUT -p udp -m udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --to 65535 --icase -j DROP
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5060:5091 -j ACCEPT
-A INPUT -p udp -m udp --dport 5060:5091 -j ACCEPT
-A INPUT -p udp -m udp --dport 16384:32768 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
netstat
$ netstat -tulpn
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:44653 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 94.237.97.9:7443 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:8021 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 94.237.97.9:5080 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 8542/python
tcp 0 0 94.237.97.9:5060 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:4040 0.0.0.0:* LISTEN 7759/./ngrok
tcp 0 0 94.237.97.9:5066 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:45931 0.0.0.0:* LISTEN 1346/node
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 ::1:5432 :::* LISTEN -
tcp6 0 0 ::1:25 :::* LISTEN -
tcp6 0 0 2a04:3542:1000:910:5060 :::* LISTEN -
udp 0 0 94.237.97.9:5080 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:161 0.0.0.0:* -
udp 0 0 94.237.97.9:5060 0.0.0.0:* -
udp6 0 0 2a04:3542:1000:910:5060 :::* -
确保 Django 服务器正在运行并侦听正确的 IP 地址和端口。 您可以通过运行以下命令来检查这一点: netstat -tulpn
检查 Django 服务器和 nginx 服务器的日志中是否有任何错误消息或有关可能导致问题的线索。
验证您为 Django 服务器添加的 nginx 配置文件是否正确。 确保服务器块已正确配置为将请求代理到 Django 服务器,并且通过将服务器块包含在 http 块中来启用服务器块。
确保没有防火墙规则或其他可能阻止访问 Django 服务器的安全措施。
我希望这些建议能帮助您使 Django 服务器与您的 FusionPBX 安装一起工作。 如果问题仍然存在,提供有关您已采取的特定步骤和遇到的任何错误消息的更多信息可能会有所帮助。
我解决了这个问题。 我会把解决方案留给可能遇到同样情况的任何人。 其实很简单。 我检查了 FsuionPBX 是如何安装的以及它们是如何配置 iptables 的。 这是脚本。
#!/bin/sh
#move to script directory so all relative paths work
cd "$(dirname "$0")"
#add the includes
. ./config.sh
. ./colors.sh
. ./environment.sh
#send a message
verbose "Configuring IPTables"
#defaults to nftables by default this enables iptables
if [ ."$os_codename" = ."buster" ]; then
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
fi
if [ ."$os_codename" = ."bullseye" ]; then
apt-get install -y iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
fi
#remove ufw
ufw reset
ufw disable
apt-get remove -y ufw
#apt-get purge ufw
#run iptables commands
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "friendly-scanner" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "sipcli/" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "VaxSIPUserAgent/" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "pplsip" --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "system " --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "system " --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "exec." --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "exec." --algo bm --icase
iptables -A INPUT -j DROP -p udp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
iptables -A INPUT -j DROP -p tcp --dport 5060:5091 -m string --string "multipart/mixed;boundary" --algo bm --icase
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 7443 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060:5091 -j ACCEPT
iptables -A INPUT -p udp --dport 5060:5091 -j ACCEPT
iptables -A INPUT -p udp --dport 16384:32768 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t mangle -A OUTPUT -p udp -m udp --sport 16384:32768 -j DSCP --set-dscp 46
iptables -t mangle -A OUTPUT -p udp -m udp --sport 5060:5091 -j DSCP --set-dscp 26
iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 5060:5091 -j DSCP --set-dscp 26
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#answer the questions for iptables persistent
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get install -y iptables-persistent
现在要打开另一个端口,我所要做的就是运行 iptable 命令
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
并使用保存规则
sudo /sbin/iptables-save > /etc/iptables/rules.v4
确保以 root 身份运行它,否则您将收到权限被拒绝的错误。
如果您遇到权限错误,您可能需要运行sudo su -在保存规则之前。
路由问题,带有通过FusionPBX运行Debian Jessie的LAN和WAN端口的服务器
[英]Routing issue, server with LAN & WAN ports running Debian Jessie with FusionPBX
为什么外部NIC无法在我的服务器上运行(在Debian 7上运行)?
[英]Why are external NICs not working on my server (running on Debian 7)?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.