似乎无法在 Ubuntu EC2 实例上打开端口 8787 或 3939,但 22 和 80 可以正常打开
Can't seem to open port 8787 or 3939 on an Ubuntu EC2 instance but 22 and 80 opens fine
我已经通读了 this answer,但对于我来说,我无法理解这一点。
我有一个 Ubuntu 18 EC2 实例 运行 RStudio Server 和 RStudio Connect,它们都使用默认配置并分别侦听端口 8787 和 3939。
这是我的配置文件:
ubuntu@EC2:~$ cat /etc/rstudio/rserver.conf
# Server Configuration File
#
#
ubuntu@EC2:~$ sudo cat /etc/rstudio-connect/rstudio-connect.gcfg
; RStudio Connect configuration file
[Server]
; SenderEmail is an email address used by RStudio Connect to send outbound
; email. The system will not be able to send administrative email until this
; setting is configured.
;
; SenderEmail = account@company.com
SenderEmail =
; Address is a public URL for this RStudio Connect server. Must be configured
; to enable features like including links to your content in emails. If
; Connect is deployed behind an HTTP proxy, this should be the URL for Connect
; in terms of that proxy.
;
; Address = https://rstudio-connect.company.com
Address =
[HTTP]
; RStudio Connect will listen on this network address for HTTP connections.
Listen = :3939
[Authentication]
; Specifies the type of user authentication.
Provider = password
这是我尝试过的方法:
为我的安全组中的端口 8787、3939 和所有 TCP 端口创建了入站规则。
检查实例所在子网的网络 ACL
确保 rstudio-server 和 rstudio-connect 运行 并监听所有接口而不仅仅是 localhost
ubuntu@EC2:~$ netstat -ltpn
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8787 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::8787 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::3939 :::* LISTEN -
- 已检查 ufw 是否处于非活动状态
ubuntu@EC2:~$ sudo ufw status
Status: inactive
- 为端口 8787 创建了 iptables 规则
ubuntu@EC2:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:8787
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
我仍然无法从外部访问端口8787 或3939。但是我可以使用 Lynx 在主机上访问它们。
如果我更改 RStudio Server 的配置以让它使用端口 80,我可以从外部访问它,但它不适用于端口 8787 或 3939。
知道为什么以及如何解决这个问题吗?
我自己想出了答案。我的配置绝对没有问题。打开我的安全组中的所有 TCP 端口可能有点矫枉过正,而且完全没有必要,所以不要那样做。
问题是我连接的公司网络阻止了某些非标准端口上到外部主机的出站流量。
如果您和我在同一条船上,需要在同一个 EC2 实例上托管 2 个服务,但不知道您的组织 unavailable/blocked 哪些端口,那么您可以使用 nmap and portquiz.net 搞清楚。
nmap 是一个端口扫描器,portquiz.net 是一个监听所有 TCP 端口连接的服务。您可以在您感兴趣的一系列 TCP 端口上使用 nmap 扫描主机,并查看哪些端口显示为打开
nmap -v -p0-8000 portquiz.net
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-02 16:47 IST
Initiating Ping Scan at 16:47
Scanning portquiz.net (5.196.70.86) [2 ports]
Completed Ping Scan at 16:47, 0.13s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:47
Completed Parallel DNS resolution of 1 host. at 16:47, 0.14s elapsed
Initiating Connect Scan at 16:47
Scanning portquiz.net (5.196.70.86) [8001 ports]
Discovered open port 22/tcp on 5.196.70.86
Discovered open port 80/tcp on 5.196.70.86
Discovered open port 443/tcp on 5.196.70.86
Discovered open port 21/tcp on 5.196.70.86
Discovered open port 4080/tcp on 5.196.70.86
Completed Connect Scan at 16:48, 84.98s elapsed (8001 total ports)
Nmap scan report for portquiz.net (5.196.70.86)
Host is up (0.13s latency).
rDNS record for 5.196.70.86: electron.positon.org
Not shown: 7996 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
443/tcp open https
4080/tcp open lorica-in
在这里,我打开了 4080 和 80,这意味着公司防火墙不会阻止到这些端口的出站流量。配置 RStudio Server 和 RStudio Connect 分别监听 80 和 4080 端口后,我现在可以从外部访问这两个服务了。
我已经通读了 this answer,但对于我来说,我无法理解这一点。
我有一个 Ubuntu 18 EC2 实例 运行 RStudio Server 和 RStudio Connect,它们都使用默认配置并分别侦听端口 8787 和 3939。
这是我的配置文件:
ubuntu@EC2:~$ cat /etc/rstudio/rserver.conf
# Server Configuration File
#
#
ubuntu@EC2:~$ sudo cat /etc/rstudio-connect/rstudio-connect.gcfg
; RStudio Connect configuration file
[Server]
; SenderEmail is an email address used by RStudio Connect to send outbound
; email. The system will not be able to send administrative email until this
; setting is configured.
;
; SenderEmail = account@company.com
SenderEmail =
; Address is a public URL for this RStudio Connect server. Must be configured
; to enable features like including links to your content in emails. If
; Connect is deployed behind an HTTP proxy, this should be the URL for Connect
; in terms of that proxy.
;
; Address = https://rstudio-connect.company.com
Address =
[HTTP]
; RStudio Connect will listen on this network address for HTTP connections.
Listen = :3939
[Authentication]
; Specifies the type of user authentication.
Provider = password
这是我尝试过的方法:
为我的安全组中的端口 8787、3939 和所有 TCP 端口创建了入站规则。
检查实例所在子网的网络 ACL
确保 rstudio-server 和 rstudio-connect 运行 并监听所有接口而不仅仅是 localhost
ubuntu@EC2:~$ netstat -ltpn
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8787 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::8787 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::3939 :::* LISTEN -
- 已检查 ufw 是否处于非活动状态
ubuntu@EC2:~$ sudo ufw status
Status: inactive
- 为端口 8787 创建了 iptables 规则
ubuntu@EC2:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:8787
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
我仍然无法从外部访问端口8787 或3939。但是我可以使用 Lynx 在主机上访问它们。
如果我更改 RStudio Server 的配置以让它使用端口 80,我可以从外部访问它,但它不适用于端口 8787 或 3939。
知道为什么以及如何解决这个问题吗?
我自己想出了答案。我的配置绝对没有问题。打开我的安全组中的所有 TCP 端口可能有点矫枉过正,而且完全没有必要,所以不要那样做。
问题是我连接的公司网络阻止了某些非标准端口上到外部主机的出站流量。
如果您和我在同一条船上,需要在同一个 EC2 实例上托管 2 个服务,但不知道您的组织 unavailable/blocked 哪些端口,那么您可以使用 nmap and portquiz.net 搞清楚。
nmap 是一个端口扫描器,portquiz.net 是一个监听所有 TCP 端口连接的服务。您可以在您感兴趣的一系列 TCP 端口上使用 nmap 扫描主机,并查看哪些端口显示为打开
nmap -v -p0-8000 portquiz.net
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-02 16:47 IST
Initiating Ping Scan at 16:47
Scanning portquiz.net (5.196.70.86) [2 ports]
Completed Ping Scan at 16:47, 0.13s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:47
Completed Parallel DNS resolution of 1 host. at 16:47, 0.14s elapsed
Initiating Connect Scan at 16:47
Scanning portquiz.net (5.196.70.86) [8001 ports]
Discovered open port 22/tcp on 5.196.70.86
Discovered open port 80/tcp on 5.196.70.86
Discovered open port 443/tcp on 5.196.70.86
Discovered open port 21/tcp on 5.196.70.86
Discovered open port 4080/tcp on 5.196.70.86
Completed Connect Scan at 16:48, 84.98s elapsed (8001 total ports)
Nmap scan report for portquiz.net (5.196.70.86)
Host is up (0.13s latency).
rDNS record for 5.196.70.86: electron.positon.org
Not shown: 7996 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
443/tcp open https
4080/tcp open lorica-in
在这里,我打开了 4080 和 80,这意味着公司防火墙不会阻止到这些端口的出站流量。配置 RStudio Server 和 RStudio Connect 分别监听 80 和 4080 端口后,我现在可以从外部访问这两个服务了。